1 GENERAL INFORMATION

1.1 General

1.1.1 This standard for the processing and protection of personal data of the Abinsk Electric Steel Works Limited Liability Company (hereinafter referred to as AESW LTD) defines the basic principles, objectives, functions, conditions, methods of processing PD, the operator of which is AESW LTD (hereinafter referred to as PD) and the main measures implemented to protect the rights of PD subjects (hereinafter referred to as the subject), including privacy, personal and family secrets.

1.1.2 This standard defines the policy of AESW LTD regarding the processing personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, and eliminating the consequences of such violations.

1.1.3 This standard is a public document and is subject to posting on the official website of AESW LTD.

1.1.4 All employees of AESW LTD who have gained access to PD are obliged not to disclose to third parties and not to distribute PD without the consent of the subject, unless otherwise provided by the current legislation.

1.1.5 Employees get access to PD only to the extent necessary to perform their job duties.

1.1.6 By order of the General Director, or a person authorized to sign documents on behalf of AESW LTD, a person responsible for organizing the processing and protection of personal data must be appointed, a list of categories of positions with access to personal data has been approved.

1.1.7 The person responsible for organizing the processing of personal data is obliged to: - bring to the attention of the employees of AESW LTD the provisions of the legislation of the Russian Federation on PD, local acts on the processing of PD, requirements for the protection of PD; - organize the reception and processing of appeals and requests from PD subjects or their representatives and (or) exercise control over the acceptance and processing of such appeals and requests.

1.1.8 The person responsible for organizing the protection of personal data is obliged to: - to carry out internal control over the compliance of AESW LTD and its employees with the legislation of the Russian Federation on PD, including the requirements for the protection of PD.

1.1.9 Access of employees to personal data is provided only after such employee signs in the prescribed manner the non-disclosure obligation and familiarizes such employee with the list of PD processed by AESW LTD.

1.1.10 Employees' access to PD is terminated by decision of the head of the relevant department in case of violation of his obligations to ensure the security of such information and in case of termination of the employment contract with the employee.

1.1.11 In case of violation of the undertaken obligations to ensure the security of PD, access is terminated in the form of a memo addressed to the General Director of AESW LTD and brought to the employee against signature, while all media with personal data that were at the disposal of the employee are transferred direct supervisor.

1.2 Scope

1.2.1 The requirements of this standard apply to all structural subdivisions of AESW LTD that process PD.

1.2.2 The handling of documents transferred for storage in accordance with the archival legislation of the Russian Federation is not regulated by this standard.

1.2.3 In all cases not regulated by this standard, it is necessary to be guided by the current regulatory legal acts of the federal executive authorities.

1.3 Validity and amendment procedure

1.3.1 This standard is a local normative document of permanent action.

1.3.2 This standard is approved and put into effect by order of the General Director, or a person authorized to sign documents on behalf of AESW LTD.

1.3.3 This standard is recognized as invalid on the basis of the order of the General Director, or a person authorized to sign documents on behalf of AESW LTD.

1.3.4 Changes to this standard are made by adopting it in a new edition.

1.3.5 The initiator of making changes to this standard is any employee of AESW LTD who is interested in improving the processing and protection of personal data.

2 ABBREVIATIONS AND DEFINITIONS

2.1 Abbreviations

PD - personal data;
RF - Russian Federation;
"AESW" LTD - Limited Liability Company "Abinsk Electric Steel Works";
Full name - last name, first name, patronymic.

2.2 Definitions

Information security - the state of information security, characterized by the ability of the personnel of technical means and information technologies to ensure the availability, confidentiality and integrity of information when it is processed by technical means; Personal data - any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data);

Personal data permitted by the subject of personal data for distribution - personal data, access to which an unlimited number of persons is provided by the subject of personal data by giving consent to the processing of personal data permitted by the subject of personal data for distribution in the manner prescribed by this Federal Law;

Personal data operator (operator) - AESW LTD, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data; Information system of personal data - a set of personal data contained in databases and information technologies and technical means that ensure their processing;

Dissemination of personal data - actions aimed at to disclose personal data to an indefinite circle of persons;

Provision of personal data - actions aimed at to disclose personal data to a specific person or circle of persons;

Processing of personal data - any action (operation) or a set of actions (operations) with personal data performed with or without automation.

The subject of personal data (subject) is an individual who is directly or indirectly determined or determined using personal data.

Threat to the security of personal data - a set of conditions and factors that create the danger of unauthorized, including accidental, access to personal data, which may result in the destruction, modification, blocking, copying, provision, distribution of personal data, as well as other illegal actions during their processing in the personal data information system.

The level of protection of personal data is a complex indicator that characterizes the requirements, the fulfillment of which ensures the neutralization of certain threats to the security of personal data during their processing in personal data information systems.

COLLECTION, SCOPE AND CATEGORIES OF PERSONAL DATA

3.1 Principles of personal data processing

3.1.1 The processing of PD must be carried out on a lawful and fair basis.

3.1.2 The processing of PD should be limited to the achievement of specific, predetermined and legitimate purposes. It is not allowed to process PD that is incompatible with the purposes of collecting PD.

3.1.3 It is not allowed to combine databases containing PD, the processing of which is carried out for purposes that are incompatible with each other.

3.1.4 The content and scope of the processed PD must correspond to the stated purposes of processing. Processed PD should not be excessive in relation to the stated purposes of their processing.

3.1.5 When processing PD, their accuracy and sufficiency, and, if necessary, their relevance in relation to the purposes of PD processing, must be ensured. It is required to take the necessary measures or ensure their adoption to remove or clarify incomplete or inaccurate data.

3.1.6 Storage of PD should be carried out in a form that allows to determine the subject of PD, no longer than required by the purposes of processing PD, if the period of storage of PD is not established by federal law, an agreement to which the beneficiary or guarantor is a party, to which the PD subject is. Processed PD are subject to destruction or depersonalization upon reaching the goals of processing or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

3.2 Purposes of processing

3.2.1 The purposes of PD processing are:

  • ensuring labor processes and compliance with the requirements of the current legislation related to labor relations, social, tax and other obligations in relation to employees of AESW LTD, including, but not limited to, payroll, pension insurance, preparation of award documents, business trips / trips, training, participation in competitions, promotions, research, provision of medical care, medical examinations, medical examinations, provision of mobile communications, holding sports, cultural events, including congratulations, New Year's gifts, differentiation of access rights, control of violations of labor discipline of employees , conducting polygraph testing, etc.);
  • processing of personal data of individuals who are in contractual or other civil law relations in order to fulfill obligations by the parties (including the fulfillment of contractual obligations to counterparties);
  • identification of applicants as candidates for a vacant position, including a preliminary interview, possible employment, requesting additional information about the applicant, reviewing resumes and filling out questionnaires for vacant positions;
  • accounting and registration of visitors of AESW LTD, including, but not limited to, protection against unauthorized access by unauthorized persons.

3.3 Scope and categories of personal data

3.3.1 The volume, content and terms of PD processing are determined by the purposes of their processing.

3.3.2 AESW LTD processes PD of the following categories of subjects: employees of AESW LTD and individuals with whom employment relations have been terminated, contractors, visitors and job seekers.

3.3.3 The formation of the list of personal data is carried out by the head of the information security department together with the heads of other departments and the management of AESW LTD.

3.3.4 The generated draft list must be considered at a meeting of the information protection commission and approved by order of the General Director, or a person authorized to sign documents on behalf of AESW LTD.

3.3.5 The approved list must be published in the corporate information storage system, as well as on the official website of AESW LTD for free access.

3.3.6 The list is reviewed at least once a year, in case of changes in the purposes of PD processing, including the emergence of new ones, in which the list loses its relevance (suitability, adequacy, efficiency) - unscheduled.

4 PROCESSING AND PROTECTION OF PERSONAL DATA

4.1 Order of processing

4.1.1 AESW LTD performs processing, including collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution, depersonalization, blocking, destruction, recording on machine media and their storage, as well as transferring PD to third parties subjects.

4.1.2 AESW LTD reserves the right to verify the completeness and accuracy of the provided PD. In case of detection of erroneous or incomplete PD, AESW LTD has the right to terminate all relations with the subject.

4.1.3 AESW LTD does not transfer the PD of subjects to third parties without the consent of the subject, unless otherwise provided by the legislation of the Russian Federation.

4.1.4 The conditions for terminating PD processing at AESW LTD are: achievement of the goals of PD processing, expiration of the consent or withdrawal of the consent of the subject to the processing of his PD, identification of illegal processing of PD.

4.1.5 When operating personal data information systems, AESW LTD takes legal, organizational and technical measures to ensure the security of PD in order to fulfill the requirements established by the Government of the Russian Federation for the protection of PD when processing them in accordance with the established levels of PD security.

4.1.6 When processing PD carried out without the use of automation tools, AESW LTD complies with the requirements established by Decree of the Government of the Russian Federation dated September 15, 2008 No. 687 "On Approval of the Regulations on the Specifics of Personal Data Processing Carried Out Without the Use of Automation Tools".

4.1.7 Non-automated processing of PD should be carried out in such a way that PD is separated from other information, in particular by fixing them on separate tangible media, in special sections or on the fields of forms (forms) and in another way.

4.1.8 Automated processing of PD is carried out in personal data information systems (hereinafter referred to as PDIS) in strict accordance with the local acts of AESW LTD governing the processing and protection of PD.

4.1.9 Features of processing special categories of PD, as well as biometric PD, are established by the requirements of the current legislation.

4.1.10 AESW LTD prohibits the adoption, based solely on automated processing of PD, of decisions that give rise to legal consequences in relation to the subject or otherwise affect his rights and legitimate interests, except as provided by the legislation of the Russian Federation.

4.1.11 A decision that gives rise to legal consequences in relation to the PD subject or otherwise affects his rights and legitimate interests can be made on the basis of exclusively automated processing of his PD only if there is a written consent of the PD subject or in cases provided for by federal laws establishing as well as measures to ensure the observance of the rights and legitimate interests of the PD subject.

4.1.12 AESW LTD explains to the PD subject the procedure for making a decision based solely on automated processing of his PD and the possible legal consequences of such a decision, provide an opportunity to raise an objection to such decision, as well as explain the procedure for protecting the rights and legitimate interests of the PD subject.

4.1.13 Persons processing PD without using automation tools (employees of AESW LTD and other persons processing PD on behalf of AESW LTD) must be informed of the fact that they process PD, the processing of which is carried out by AESW LTD without the use of automation tools, the categories of processed PD, as well as the features and rules for the implementation of such processing, established by regulatory legal acts of federal executive authorities, executive authorities of the constituent entities of the Russian Federation, as well as local regulatory documents of AESW LTD.

4.1.14 In case of non-automated processing of PD, which involves the use of standard forms of documents, the nature of the information in which implies or allows the inclusion of PD in them, the following conditions must be met (the specified conditions are not exhaustive):

  • the standard form or related documents must contain: information about the purpose of PD processing carried out without the use of automation tools, details of AESW LTD (name and address), last name, first name, patronymic and address of the subject, source of obtaining PD, terms of PD processing, a list of actions with PD that will be performed in the process of their processing, a general description of the methods used by the operator for processing PD;
  • the standard form should include a field in which the subject can put a mark on his consent to the processing of PD, carried out without the use of automation tools, if it is necessary to obtain written consent to the processing of PD;
  • the standard form should be drawn up in such a way that each of the subjects contained in the document has the opportunity to get acquainted with their personal data contained in the document without violating the rights and legitimate interests of other subjects;
  • the standard form should exclude the combination of fields intended for entering PD, the processing purposes of which are obviously incompatible.

4.1.15 Standard forms intended for processing PD are approved by order of the General Director, or a person authorized to perform such actions on behalf of AESW LTD.

4.1.16 AESW LTD familiarizes its employees directly involved in PD processing with the provisions of the Russian Federation legislation on PD (including the requirements for PD protection), local regulatory documents on PD processing issues and, if necessary, organizes training for these workers.

4.1.17 As a confirmation of familiarization with the documents regulating the processing and protection of PD, it is envisaged to check the knowledge of users in the form of obtaining successful test results using the corporate system for training.

4.1.18 Instructions governing the processing and protection of PD must be placed in the corporate information storage system for unimpeded familiarization of the employees of AESW LTD.

4.2 Collection of personal data

4.2.1 The PD subject decides to provide his PD and agrees to their processing freely, by his own will and in his own interest. Consent to the processing of personal data must be specific, informed and conscious. Consent to the processing of PD may be given by the PD subject or his representative in any form that allows confirming the fact of its receipt, unless otherwise provided by federal law. In case of obtaining consent to the processing of PD from a representative of the PD subject, the authority of this representative to give consent on behalf of the PD subject is checked.

4.2.2 Consent to the processing of PD may be withdrawn by the PD subject. If the PD subject revokes consent to PD processing, AESW LTD has the right to continue processing PD without the consent of the PD subject if there are grounds specified in the requirements of the current legislation of the Russian Federation.

4.2.3 The obligation to provide proof of obtaining the consent of the PD subject to the processing of his PD or proof of the existence of grounds rests with AESW LTD.

4.2.4 In cases provided for by federal law, PD processing is carried out only with the written consent of the PD subject. The consent in the form of an electronic document signed in accordance with federal law with an electronic signature is equivalent to a consent in writing on paper containing a handwritten signature of the PD subject.

4.2.5 PD can be received by AESW LTD from a person who is not a PD subject, provided that AESW LTD provides confirmation of the existence of the grounds specified in the requirements of the current legislation of the Russian Federation.

4.2.6 Requirements for the content of the consent to the processing of PD, permitted by the PD subject for distribution, are established by the authorized body for the protection of the rights of PD subjects.

4.3 Clarification of personal data

4.3.1 If the fact of PD inaccuracy is confirmed, AESW LTD, based on the information provided by the PD subject or his representative or the authorized body for the protection of the rights of PD subjects, or other necessary documents, ensures their clarification (including if the PD is processed by another person acting on behalf) within seven working days from the date of submission of such information and removes the blocking of PD.

4.3.2 Clarification of PD when processing them without the use of automation tools should be carried out by updating or changing data on a tangible medium, and if this is not allowed by the technical features of the tangible medium, then by fixing on the same tangible medium information about the changes made to them or by production of a new material carrier with updated PD.

4.4 Provision and transfer of personal data

4.4.1 When providing PD to a third party, the following conditions must be met:

  • transfer (provision of access) of PD to a third party is carried out on the basis of an agreement, the essential condition of which is that the third party ensures the confidentiality of PD and the security of PD during their processing;
  • transfer (provision of access) of PD to a third party is carried out on the basis of the current legislation of the Russian Federation;
  • availability of a written consent of the subject to the transfer of his PD to a third party, with the exception of cases provided for by law.

4.4.2 Consent to the processing of PD permitted by the PD subject for distribution is issued separately from other consents of the PD subject to the processing of his PD. Consent to the processing of PD authorized by the PD subject for distribution can be provided:

  • directly;
  • using the information system of the authorized body for the protection of the rights of PD subjects.

4.4.3 AESW LTD provides the PD subject with the opportunity to determine the list of PD for each category of PD specified in the consent to the processing of PD allowed by the PD subject for distribution.

4.4.4 Silence or inaction of the PD subject under no circumstances can be considered as consent to the processing of PD authorized by the PD subject for distribution.

4.4.5 No later than three working days from the date of receipt of the consent of the PD subject, permitted distribution, AESW LTD publishes information on the processing conditions and the existence of prohibitions and conditions on the processing by an unlimited number of persons of PD permitted by the PD subject for distribution.

4.4.6 The transfer (distribution, provision, access) of PD permitted by the PD subject for distribution is terminated at any time at the request of the PD subject. The consent of the PD subject to the processing of PD permitted by the PD subject for distribution is terminated from the moment such a request is received.

4.4.7 AESW LTD does not carry out cross-border transfer of PD (transfer of PD to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity).

4.4.8 For the purpose of information support, AESW LTD may create publicly available sources of PD (including directories, address books) containing PD, to which, with the written consent of the subject, access can be provided to an unlimited number of persons.

4.4.9 Information about the subject must be excluded from publicly available PD sources at any time at the request of the PD subject or by decision of a court or other authorized state bodies.

4.5 Blocking of personal data

4.5.1 In the event that illegal processing of PD is detected upon application by the PD subject or his representative, or at the request of the PD subject or his representative or an authorized body for protecting the rights of PD subjects, AESW LTD blocks the illegally processed PD related to this PD subject, or ensures their blocking (if PD processing is carried out by another person acting on behalf of) from the moment of such request or receipt of the specified request for the verification period.

4.5.2 If inaccurate PD is detected when the PD subject or his representative applies, or at their request or at the request of the authorized body for the protection of the rights of PD subjects, AESW LTD blocks the PD related to this PD subject, or ensures their blocking (if processing PD is carried out by another person acting on behalf) from the moment of such application or receipt of the specified request for the period of verification, if the blocking of PD does not violate the rights and legitimate interests of the PD subject or third parties.

4.5.3 Unblocking of PD is organized by AESW LTD after clarification of the data of inaccurate PD.

4.6 Erasure of personal data

4.6.1 In the event that illegal processing of PD is detected, AESW LTD, within a period not exceeding three working days from the date of this detection, stops the illegal processing of PD or ensures that the illegal processing of PD is terminated by a person acting on behalf. If it is impossible to ensure the legality of PD processing, AESW LTD, within a period not exceeding ten working days from the date of detection of illegal PD processing, destroys such PD or ensures their destruction. AESW LTD notifies the PD subject or his representative about the elimination of the committed violations or about the destruction of PD, and if the appeal of the PD subject or his representative or the request of the authorized body for the protection of the rights of PD subjects were sent by the authorized body for the protection of the rights of PD subjects, also said authority.

4.6.2 If the goal of PD processing is achieved, AESW LTD stops PD processing or ensures its termination (if PD processing is carried out by another person acting on behalf) and destroys PD or ensures their destruction (if PD processing is carried out by another person acting on behalf of ) within a period not exceeding thirty days from the date of achievement of the purpose of processing the PD, unless otherwise provided by the agreement, to which the PD subject is a party, beneficiary or guarantor, another agreement between AESW LTD and the PD subject, or if AESW LTD does not has the right to process PD without the consent of the PD subject on the grounds provided for by applicable law.

4.6.3 If the PD subject revokes consent to the processing of his PD, AESW LTD terminates their processing or ensures the termination of such processing (if the PD processing is carried out by another person acting on behalf of) and if the PD storage is no longer required for the purposes of processing PD, destroys PD or ensure their destruction (if PD processing is carried out by another person acting on behalf) within a period not exceeding thirty days from the date of receipt of the said withdrawal, unless otherwise provided by the agreement to which the PD subject is a party, beneficiary or guarantor, another agreement between the operator and the PD subject, or if AESW LTD is not entitled to process PD without the consent of the PD subject on the grounds provided for by applicable law.

4.6.4 If it is not possible to destroy the PD within the specified period, AESW LTD blocks such PD or ensures their blocking (if the PD is processed by another person acting on behalf) and ensures the destruction of the PD within a period of not more than six months, unless a different period is established by federal laws.

4.6.5 In case of incompatibility of the purposes of processing PD recorded on one material medium, if the material medium does not allow processing of PD separately from other PD recorded on the same medium, and if it is necessary to destroy or block part of the PD, the material medium is destroyed or blocked with preliminary copying of information, not subject to destruction or blocking, in a manner excluding simultaneous copying of PD, subject to destruction or blocking.

4.6.6 Destruction of a part of the PD, if it is allowed by the material medium, can be carried out in a way that excludes further processing of these PD while maintaining the possibility of processing other data recorded on the material medium (deletion, erasing).

4.7 Safety precautions

4.7.1 When processing PD, AESW LTD takes the necessary legal, organizational and technical measures or ensures that they are taken to protect PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions in relation to PD.

4.7.2 Ensuring the security of PD is achieved by:

  • determination of threats to the security of PD during their processing in ISPD;
  • application of organizational and technical measures to ensure the security of PD during their processing in ISPD, necessary to fulfill the requirements for the protection of PD, the fulfillment of which ensures the levels of PD security established by the Government of the Russian Federation;
  • the use of information security tools that have passed the procedure for assessing conformity in the prescribed manner;
  • assessment of the effectiveness of the measures taken to ensure the security of PD prior to the commissioning of the ISPD;
  • taking into account machine carriers of PD;
  • detection of facts of unauthorized access to PD and taking measures, including measures to detect, prevent and eliminate the consequences of computer attacks on ISPD and to respond to computer incidents in them;
  • restoration of PD modified or destroyed due to unauthorized access to them;
  • establishing rules for access to PD processed in ISPD, as well as ensuring registration and accounting of all actions performed with PD in ISPD;
  • control over the measures taken to ensure the security of PD and the level of PD security in ISPD.

4.7.3 The levels of PD security during their processing in ISPD, the requirements for the protection of PD providing levels of PD security, the requirements for material carriers of biometric PD and technologies for their storage outside PDIS are determined depending on the security threats to personal data, taking into account possible harm to the subject, volume and the content of the processed PD, the type of activity during which the PD is processed, the relevance (level) of threats to the security of the PD in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data", Decrees of the Government of the Russian Federation, other regulatory legal acts, as well as agreements between AESW LTD, PD operators and entities.

4.7.4 The use and storage of biometric PD outside the ISPD can only be carried out on such material media and using such a storage technology that ensures the protection of these data from unauthorized or accidental access to them, their destruction, modification, blocking, copying, provision, distribution.

4.8 Subject rights

4.8.1 The PD subject has the right to receive information regarding the processing of his PD, except as provided by applicable law. The PD subject has the right to demand clarification of his PD, their blocking or destruction if the PD is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.

4.8.2 Information relating to the processing of PD of a PD subject must be provided to the PD subject in an accessible form, and it should not contain PD related to other PD subjects, unless there are legal grounds for disclosing such PD.

4.8.3 Information is provided to the PD subject or his representative when applying or upon receipt of a request from the PD subject or his representative. The request must contain the number of the main document proving the identity of the PD subject or its representative, information on the date of issue of the specified document and the authority that issued it, information confirming the participation of the PD subject in relations with AESW LTD (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the fact of PD processing, the signature of the PD subject or his representative. The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

4.8.4 The PD subject has the right to reapply or send a second request in order to obtain information related to the processing of PD and to become familiar with such PD not earlier than thirty days after the initial request or the initial request, unless a shorter period is established by federal law adopted by in accordance with it, a regulatory legal act or an agreement to which the PD subject is a party or beneficiary or guarantor.

4.8.5 The PD subject has the right to apply again to the operator or send him a second request in order to obtain information regarding the processing of his PD, as well as to familiarize himself with the processed PD before the expiration date if such information and (or) the processed PD were not provided to him for review in full based on the results of consideration of the initial appeal. A repeated request, along with information, must contain the rationale for sending a repeated request.

4.8.6 AESW LTD has the right to refuse a PD subject to fulfill a repeated request that does not meet the conditions stipulated by the current legislation. Such refusal must be motivated. The obligation to provide evidence of the validity of the refusal to fulfill the repeated request lies with AESW LTD.

4.8.7 The right of a PD subject to access his PD may be restricted in accordance with federal laws, including if:

  • processing of personal data, including personal data obtained as a result of operational-investigative, counterintelligence and intelligence activities, is carried out for the purposes of national defense, state security and law enforcement;
  • PD processing is carried out by the authorities that detained the PD subject on suspicion of committing a crime, or charged the PD subject in a criminal case, or applied a measure of restraint to the PD subject prior to bringing charges, except for cases provided for by the criminal procedure legislation of the Russian Federation, if familiarization is allowed a suspect or accused person with such PD;
  • PD processing is carried out in accordance with the legislation on combating the legalization (laundering) of proceeds from crime and the financing of terrorism;
  • access of the PD subject to his PD violates the rights and legitimate interests of third parties;
  • PD processing is carried out in cases stipulated by the legislation of the Russian Federation on transport security, in order to ensure the sustainable and safe functioning of the transport complex, protect the interests of the individual, society and the state in the field of the transport complex from acts of unlawful interference.

4.8.8 Processing of PD for the purpose of promoting goods, works, services on the market by making direct contacts with a potential consumer using means of communication, as well as for the purposes of political campaigning is allowed only with the prior consent of the PD subject. The specified processing of PD is recognized as being carried out without the prior consent of the PD subject, unless AESW LTD proves that such consent has been obtained.

4.8.9 AESW LTD immediately stops, at the request of the PD subject, the processing of his PD in order to promote goods, works, services.

4.8.10 AESW LTD considers the objection of the PD subject within thirty days from the date of its receipt and notifies the PD subject of the results of consideration of such an objection.

4.8.11 If the PD subject believes that AESW LTD is processing his PD in violation of the requirements of the current legislation or the PD subject has the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court.

4.8.12 The PD subject has the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court.

4.9 Obligations of the operator

4.9.1 When collecting PD, AESW LTD undertakes to provide the PD subject, at his request, with information regarding the processing of his PD.

4.9.2 If the provision of PD is mandatory in accordance with federal law, AESW LTD undertakes to explain to the PD subject the legal consequences of a refusal to provide his PD.

4.9.3 AESW LTD is released from the obligation to provide the PD subject with information regarding the processing of his PD in cases where:

  • the PD subject is notified of the processing of his PD by the relevant operator;
  • PD obtained on the basis of a federal law or in connection with the execution of an agreement to which the party is either a beneficiary or a guarantor under which the PD subject is;
  • processing of PD allowed by the PD subject for distribution is carried out in compliance with the prohibitions and conditions provided for by the current legislation;
  • AESW LTD processes PD for statistical or other research purposes, for the professional activities of a journalist or for scientific, literary or other creative activities, if the rights and legitimate interests of the PD subject are not violated;
  • provision of information to the PD subject violates the rights and legitimate interests of third parties.

4.9.4 When collecting PD, including through the Internet information and telecommunications network, AESW LTD undertakes to ensure the recording, systematization, accumulation, storage, clarification (updating, change), retrieval of PD of citizens of the Russian Federation using databases, located on the territory of the Russian Federation, with the exception of cases provided for by the current legislation.

4.9.5 AESW LTD, in accordance with the procedure provided for by applicable law, informs the PD subject or its representative of information about the presence of PD related to the relevant PD subject, and also provides the opportunity to familiarize themselves with these PD upon contacting the PD subject or his representative or within thirty days from the date of receipt of the request of the PD subject or his representative.

4.9.6 In case of refusal to provide information on the availability of PD on the relevant PD or PD subject, the PD subject or its representative, upon their request or upon receipt of a request from the PD subject or its representative, AESW LTD shall give a reasoned response in writing containing a link to the provision of the current legislation, which is the basis for such a refusal, within a period not exceeding thirty days from the date of the request of the PD subject or his representative, or from the date of receipt of the request of the PD subject or his representative.

4.9.7 AESW LTD provides free of charge to the PD subject or his representative the opportunity to familiarize himself with the PD related to this PD subject. Within a period not exceeding seven working days from the date the PD subject or his representative provides information confirming that the PD are incomplete, inaccurate or out of date, AESW LTD makes the necessary changes to them. Within a period not exceeding seven working days from the date of submission by the PD subject or his representative of information confirming that such PD are illegally obtained or are not necessary for the stated purpose of processing, AESW LTD destroys such PD. AESW LTD notifies the PD subject or his representative of the changes made and the measures taken and take reasonable measures to notify third parties to whom the PD of this subject was transferred.

4.9.8 AESW LTD informs the authorized body for the protection of the rights of PD subjects, at the request of this body, the necessary information within thirty days from the date of receipt of such a request.

4.10 Responsibility

4.10.1 AESW LTD and/or employees of AESW LTD guilty of violating the requirements of the legislation of the Russian Federation on PD, the provisions of this standard and other local acts regulating activities in the field of information security, bear the responsibility provided for by the legislation of the Russian Federation.

4.10.2 Moral damage caused to the subject as a result of violation of his rights, violation of the rules for processing PD, as well as requirements for the protection of PD, is subject to compensation in accordance with the legislation of the Russian Federation.