"Business-Consult" LLC (hereinafter referred to as "the Companies") within execution of its main activity performs processing of the personal data of various categories of the personal data subjects: workers, applicants, Companies' services users, representatives of contract partners and other subjects of personal data, and in compliance with the legislation of the Russian Federation in force is the personal data operator with the corresponding rights and obligations. In order to support good will and ensure the execution of norms of the legislation the Companies consider the following tasks the most important: providing validity of the personal data processing in business-processes of the Companies and providing the corresponding degree of the security of personal data, processed in the Companies. While organizing and performing personal data processing, the Companies follow the requirements of the Federal Law No. 152-FZ "On personal data" dd. 27.07.2006 and regulatory legal acts, adopted in compliance with it (hereinafter referred to "the legislation of the Russian Federation on the issues of personal data processing). Personal data processing in the Companies is done on the legal and just basis and is limited to the achievement of specific, previously established and legal goals. Only the personal data, complying with the goal of their processing, are subject to processing. Content and volume of the personal data, processed in the Companies, complies with the announced goals of processing, the redundancy of the processed data is not allowed. The accuracy of the personal data, their sufficiency and in necessary cases their actuality in relation to the goals of the personal data processing are ensured during the personal data processing in the Companies. The Companies take the necessary measures (ensures their acceptance) on deleting or specification of incomplete or inaccurate personal data. The storage of the personal data in the Companies is done in the form, which allows determination of the personal data subject, for not longer, than this is required by the goals of personal data processing, if the personal data storage period is not established by the federal law, contract, to which the personal data subject is a party, a beneficiary or a warrantor. The processed personal data are subject to deletion or depersonalization upon achievement of the processing goals or in case the need to reach these goals is lost, unless otherwise envisaged by the federal law. The goals of the personal data processing, composition and content of the personal data, as well as categories of the personal data subjects, whose data is processed in the Companies, comply with the activity of the Companies and legislation of the Russian Federation. This being said, the Companies does not process special categories of the personal data and biometric personal data. Within its activity the Companies can provide and (or) commission the personal data processing to the third party upon the consent of the personal data subject, unless otherwise envisaged by the federal law. With being said the binding condition of providing and (or) commissioning of the personal data processing to the third party is the obligation of the parties on observance of confidentiality and personal data safety provision during their processing. The Companies do not locate the personal data of the personal data subject in public sources without their previous consent. While performing its activity, the Companies can perform transborder transfer of the personal data to the territory of foreign states to the public authorities of the foreign state, natural and legal entities. In this case the issues of providing the relevant protection of the rights of personal data subjects and their personal data safety provision during transborder transfer are of the highest priority for the Companies, the solution of which is implemented in compliance with the legislation of the Russian Federation on the issues of the personal data processing. The transborder transfer of the personal data to the territory of the foreign states, which do not ensure the relevant protection of the rights of the personal data subjects, is done only in cases of written consent from the personal data subject for the transborder transfer of their personal data; performance of the contract, to which the personal data subject is a party, as well as other cases, envisaged by the legislation. In order to ensure the personal data security during the processing, the Companies take necessary and sufficiently legal organizational and technical measures to protect the personal data from unauthorized or accidental access to them, their destruction, modification, blocking, copying, delivering, distribution of the personal data, as well as other illegal actions in relation to the personal data. The Companies strive, that all the measures on organizational and technical protection of the personal data, taken by the Companies, were performed on the legal basis, including the compliance with the requirements of the legislation of the Russian Federation on the issues of the personal data processing. In order to ensure the relevant protection of the personal data, the Companies perform the evaluation of harm, which can be caused to the personal data subjects in case of violation of their personal data security, as well as determines the actual threats to the personal data security during their processing in the information systems of personal data. Based on the identified actual threats, the Companies take necessary and sufficiently legal, organizational and technical measures to ensure the personal data security, which include the use of the information protection means, which have passed the established evaluation procedure, identification of unauthorized access to the personal data and taking measures, recovery of the personal data, restriction of the access to the personal data, registration and record of the actions with the personal data, as well as control and assessment of the efficient of the taken measures on provision of the personal data security. The management of the Companies realize the importance and necessity of ensuring the personal data security and encourages continuous enhancement of the personal data protection system, processed within the performance of the main activity of the Companies. Each new employee of the Companies, who directly processes the personal data, shall become familiar with the requirements of the legislation of the Russian Federation on the personal data processing and security provision, with this Policy and other local acts of the Companies on the issues of the personal data processing and security provision, and undertake to comply with them. Last review – 02 September 2021