Personal data processing policy

1. General

• This Policy defines the procedure for personal data processing and measures to ensure the security of personal data in LLC aaoala (hereinafter referred to as the Company) in order to protect the rights and freedoms of a person and citizen while processing his personal data.
• The personal data processing policy in the Company is developed in accordance with Federal Law No. 152-FZ of July 27, 2006 «On Personal Data».
• This Policy is a public document reflecting the Company’s views on the processing of information containing personal data of citizens. The policy is published on the corporate website of the Company in accordance with Part 2 of Article 18.1 of the Federal Law of July 27, 2006 No. 152-FZ «On Personal Data»).
• The policy is mandatory for all employees of the Company who have access to information containing personal data, as well as for persons working with information owned by the Company, in accordance with concluded agreements and contracts.
• The Policy applies to all personal data of entities processed in the Company’s information system using automation tools.
• The company and other persons who have access to personal data are required to comply with the confidentiality conditions in respect to them, namely, not to disclose (provide) to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.

2. Principles and conditions for personal data processing

• Personal data processing in the Company is carried out on the basis of following principles:
  1. legality and fair basis;
  2. restrictions on personal data processing by the achievement of specific, predefined and legitimate purposes;
  3. preventing the personal data processing incompatible with the collection purposes of personal data.
  4. preventing the personal data containing databases integration, processing of which is carried out for purposes incompatible with each other;
  5. processing only those personal data that meet the purposes of their processing;
  6. conformity of the content and amount of processed personal data to the stated processing purposes;
  7. preventing the processing of redundant personal data in relation to stated purposes of their processing;
  8. ensuring the accuracy, adequacy and relevance of personal data in relation to purposes of personal data processing;
  9. destruction or depersonalization of personal data upon the achievement of their processing purposes or in the event of no further need to achieve these purposes, if the Company cannot eliminate the admitted violations of personal data, unless otherwise provided by federal law.
• The Company processes personal data only with the consent of personal data subject to the processing of his personal data;
• The Company does not process special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health or intimate life.
• The Company has the right to entrust personal data processing to another person with the consent of personal data subject, unless otherwise provided by federal law, on the basis of a contract concluded with that person. A person engaged in the personal data processing on behalf of the Company is required to comply with the principles and rules for personal data processing provided by FZ-152.

3. Rights of personal data subject

• The personal data subject makes a decision to provide his personal data and agrees to their processing freely, by his own will and in his interest. The consent to personal data processing may be given by personal data subject or by his representative in any form that allows to confirm the fact of its receipt, unless otherwise provided by federal law.
• The personal data subject has the right to receive information concerning the processing of his personal data, if such right is not restricted in accordance with federal laws. The personal data subject has the right to demand from the Company the qualification of his personal data, their blocking or destruction in the event that personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect his rights.
• Personal data processing in order to promote goods, works, and services on the market by making direct contacts with a potential consumer by means of communication means, and for the purposes of political agitation is allowed only with the prior consent of personal data subject. The said personal data processing is recognized to be carried out without the prior consent of personal data subject, unless the Company proves that such consent was obtained.
• The Company is obliged to immediately stop, at the request of personal data subject, the processing of his personal data for the above purposes.

4. Ensuring personal data security

• The purposes of information security are to minimize the damage from the implementation of information security threats and to improve the business reputation and corporate culture of the Company.
• Information is an important asset of the Company and its protection is the responsibility of each employee admitted to processing it.
• The protection of information containing personal data means the preservation of its confidentiality, integrity and accessibility.
• The security of personal data processed by the Company is provided by the implementation of legal, organizational, technical and software measures necessary and sufficient to meet the requirements of federal legislation in the field of personal data protection.
• Access to information containing personal data is provided only to persons who need it to perform official or contractual obligations in the minimum required amount.
• For each information resource, a responsible person is designated responsible for providing access to it and effective operation of information protection measures.
• The Company has developed and approved a package of documents on personal data protection.
• The Company annually carries out the analysis of measures taken to protect personal data.

5. Final Provisions

• Other rights and obligations of the Company as personal data operator are determined by the legislation of the USA in the field of personal data.
• Company officials who are guilty of violating the rules governing personal data processing and protection are personally liable in accordance with the procedure established by federal laws.