1.1. OOO «RUSSIAN CAPITAL» Personal Data Processing Policy (hereinafter the Policy) has been developed in line with Article 18.1 of Federal Law No. 152-FZ “On Personal Data” as of July 27, 2006 (hereinafter the Federal Law) and contains information on the applicable requirements to personal data processing and protection.
1.2. The purpose of this document is to inform the personal data owners and other persons engaged in personal data processing of OOO «RUSSIAN CAPITAL» (hereinafter - the Company or the Operator) adherence to the fundamental principles of legitimacy, justice, non-redundancy, correlation of the content and scope of the personal data processed to the declared processing purposes.
1.3. Protection of rights and freedoms of an individual as part of personal data processing, including protection of rights to privacy, personal and family secrets is one of the Company’s priorities.
1.4. The Policy covers all personal data processed in the Company and constitutes a public document.

2.1. Personal data - any information relating directly or indirectly to a specific or identifiable subject of personal data (Operator's employees, Operator's clients and contractors, representatives/employees of the Operator's clients and contractors and other persons);
2.2. Operator - a state agency, municipal agency, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, the actions (operations) performed with personal data;
2.3. Processing of personal data - any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use transfer (distribution, provision, access), depersonalization, blocking, removal, destruction of personal data;
2.4. Provision of personal data - actions aimed at disclosing personal data to a specific person or a specific circle of persons;
2.5. Dissemination of personal data - actions aimed at disclosing personal data to an indefinite circle of persons.
2.6. Automated processing of personal data - processing of personal data using computer technology;
2.7. Personal data information system - a set of available personal data and information technologies and technical means that ensure their processing;

3.1. Personal data are processed in the Company either with application of automation technologies, including information personal data systems, or without them (mixed personal data processing).
3.2. Should the automated data processing method be used, personal data are transmitted via the Operator’s internal network and via Internet, i. e., information and telecommunication network.
3.3. Personal data are processed for the following purposes:
3.3.1. Rendering assistance to the employees and candidates in employment, training and career development, quantity and quality control of the work performed, compliance with the labor legislation and other regulations containing the norms of labor legislation;
3.3.2. Provision of social benefits and guarantees, personal safety or protection of other vital interests of the Company’s employees;
3.3.3. Conclusion and execution of civil law contracts, including service contracts;
3.3.4. Compliance with the RF laws on joint-stock companies, information disclosure;
3.3.5. Compliance with antitrust legislation;
3.3.6. Protection of rights and legal interests of the Company and those of their officers in court, dispute settlement and administrative authorities;
3.3.7. Preparation of statements or requests, notifications, etc. provided for by the legislation to be submitted to the Pension Fund of the Russian Federation, Social Insurance Fund of the Russian Federation, Federal Compulsory Medical Insurance Fund, Federal Tax Service and other state bodies and services;
3.3.8. Organizing access and on-site control in the administrative buildings of the Company, property protection;
3.3.9. Fulfillment of other obligations as part of the legal grounds specified in cl. 2.1 hereof.

4.1. Personal data are handed over to the Operator immediately by the personal data owner or his/her representative, unless a different personal data submission procedure is provided for by the Federal law.
4.2. The personal data can be accepted from a person other than the personal data owner, provided that the personal data owner agrees to submit his/her personal data to the Company for processing, unless a different personal data submission procedure is stipulated by the Federal law.
4.3. The Company shall process personal data owned by:
4.4.1. The Company’s employees, their relatives;
4.4.2. Candidates considered for labor contract execution;
4.4.3. Persons, whose personal data processing is related to the fulfillment of the agreements concluded;
4.4.4. Parties to the labor contracts or civil law contracts concluded with the OOO «RUSSIAN CAPITAL»;
4.4.5. Persons who were previously Parties to labor relations with the Company;
4.4.6. Potential contractors (private individuals);
4.4.7. Founders (private individuals) of potential contractors;
4.4.8. Other personal data owners (for the purposes of personal data processing outlined in cl. 3.3 hereof).

5.1. Personal data shall not be processed until the legal grounds for personal data processing outlined in cl. 3 hereof arise.
5.2. Personal data processing shall be suspended as soon as processing purposes are achieved, legal grounds for data processing cease to exist, and the document storage period, provided for by the legislation on archive-keeping in the Russian Federation and the local regulations of OOO «RUSSIAN CAPITAL», expires.
5.3. Upon processing period expiration the personal data are either destroyed or depersonalized to be used for statistical or other research purposes.

6.1. The personal data owner shall be entitled to be informed of his/her personal data processing within the time period and according to the procedure provided for by the Federal law.
6.2. The personal data owner shall be entitled to require adjustment of his/her personal data from the Operator, their blocking or destruction, provided that the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the declared processing purpose; the data owner shall have the right to take the measures provided for by the Federal law to protect his/her rights.
6.3. The access rights of the personal data owner to his/her personal data can be limited in accordance with the Federal law.
6.4. The decisions based solely on the automated personal data processing, which either leads to origination of the legal consequences towards the personal data owner or otherwise affects his/her rights and legal interests, shall be made, provided that the data owner granted his/her written consent.
6.5. The personal data owner shall be entitled to challenge the actions or failure to act on the part of the Operator by filing a petition to the authorized body for protection of personal data owner rights or by legal means.
6.6.  The personal data owner shall be entitled to protect his/her rights and legal interests, including reimbursement of expenses and (or) compensation for moral injury by legal means.

7.1. In the course of personal data processing the Operator shall take required legal, organizational and technical measures to protect the personal data from unlawful or accidental access, destruction, adjustment, blocking, copying, submission, sharing or other unlawful actions with regard to the personal data.
7.2. The personal data shall be protected by means of the following:
7.2.1. Appointment of persons responsible for organizing personal data processing and personal data safety;
7.2.2. Issuance of local regulations on personal data processing and protection focused on prevention and tracing violations of the RF laws, elimination of respective consequences;
7.2.3. Making a list of positions that require personal data processing of the persons filling such positions;
7.2.4. Conduct of trainings, rendering methodological support, informing, against signature, the employees engaged in personal data processing of the fact of their participation in personal data processing, as well as of the rules for personal data processing and protection set by the regulatory legal acts of the executive bodies and the local regulations of OOO «RUSSIAN CAPITAL»;
7.2.5. Registration and recording of operations with personal data;
7.2.6. Registration of physical personal data storage media and control over their use in order to exclude cases of their loss, theft, substitution, unauthorized copying or destruction;
7.2.7. Keeping records of personal data owners’ appeals and their execution;
7.2.8. Transmission of personal data within the Company solely among the persons holding the positions included into the list of positions that require personal data processing of the persons filling such positions;
7.2.9. Implementation of the personal data processing procedure within the protected area, as well as organizing physical protection of the personal data storage media, locations and tools for their processing;
7.2.10. Granting access to the premises utilized for personal data processing and/or storage of physical data storage media;
7.2.11. Identifying threats to personal data safety while they are processed within the information personal data systems, development, if appropriate, a personal data protection system while they are processed within the information personal data systems and setting access rules to personal data;
7.2.12. Tracing cases of unauthorized access to personal data and taking relevant measures;
7.2.13. Making standard forms for personal data collection so that each personal data owner could review his/her personal data without infringing on the rights and legal interests of other personal data owners;
7.2.14. Inclusion into the standard forms providing for indication of personal data, of special columns, in which the personal data owner could express his/her consent to personal data processing without automation means (in case written consent to personal data processing is required) by putting a mark;
7.2.15. Regular control over compliance of the personal data protection measures taken with the RF legislation on personal data and applicable local regulatory acts adopted in pursuance of the said legislation.

8.1. Other rights and obligations of the Company as a personal data operator shall be determined by the legislation of the Russian Federation on personal data.
8.2. Control of performance of the requirements of this Policy shall be carried out by the Employee in charge of ensuring the security of personal data.
8.3. The Employees guilty of violating the norms regulating the processing and protection of personal data shall bear material, disciplinary, administrative, civil or criminal liability in accordance with the procedure prescribed by the law.
8.4. The personal data subjects shall be informed of any changes to this Policy in advance.