Policy of personal data processing

General Provisions

Policy of personal data processing of HDS (hereinafter – Policy) defines the basic principles, objectives, conditions and methods of the processing of personal data, lists of subjects and processed personal data in the HDS, the HDS function when processing personal data, the rights of subjects of personal data, as well as implemented requirements to the protection of personal data in HDS.

Policy provisions are the basis for the development of local regulations governing HDS questions processing of personal data of the HDS and other subjects of personal data.

Principles and objectives of the processing of personal data

HDS, being the operator of personal data, processes the personal data of employees of the HDS and other personal data subjects who are not with the HDS in labor relations.

Processing of personal data carried out in the HDS with the need to protect the rights and freedoms of HDS personnel and other subjects of personal data, including the protection of the right of privacy, personal and family secrets, based on the following principles:

• Legally and equitably processing of personal data carried out in the HDS;

• The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes;

• Processing of personal data is not allowed when incompatible with the purpose of gathering personal data;

• Integration databases containing personal data is not allowed when being processed for purposes incompatible with each other;

• To be treated only personal data that meet the objectives of the processing;

• The nature and scope of the personal data processing are not against its targets. Redundancy is not allowed personal data processed in relation to the stated objectives of the processing;

• Processing of personal data is providing the accuracy of the personal data, their sufficiency and where necessary – the relevance to the objectives of personal data processing. HDS necessary measures are taken or provided by their commitment to remove or clarify incomplete or inaccurate personal data;

• Storage of personal data is carried out in a form that define the data subject for no longer than is required by the purpose of processing personal data if the storage period of personal data is not set by law, treaty to which a beneficiary or a guarantor for that is the subject of personal data;

• Processed personal data is destroyed or depersonalized by achieving treatment in case of loss or the need to achieve these goals, unless otherwise provided by federal law.

List of personal data processed in the HDS

List of personal data processed in the HDS is determined in accordance with the legislation taking into account the purposes of processing personal data.

Processing of special categories of personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual life, is not carried out in the HDS.

HDS functions in the implementation of the processing of personal data

HDS in the implementation of the processing of personal data:

• Take the measures necessary and sufficient to ensure compliance with legal requirements and local regulations of HDS on personal data;

• Take the legal, organizational and technical measures to protect personal data against unauthorized or accidental access , destruction, modification , blocking, copying , supply, distribution of personal data , as well as other illegal actions in relation to personal data;

• Appoint a person responsible for the organization of the processing of personal data in the HDS;

• Issuing local regulations defining policies and issues of handling and protection of personal data in the HDS;

• Employees HDS directly involved in the processing of personal data shall familiarize the process;

• Publish or otherwise provides unrestricted access to this Policy;

• According to the established procedure to personal data subjects or their representatives information about the availability of personal data relating to the relevant stakeholders, provides the opportunity to examine these personal data handling and (or) receipt of requests specified data subjects or their representatives;

• Stops processing and destroys personal data;

Terms of the processing of personal data in the HDS

Processing of personal data is carried out with the consent of the HDS personal data subject to the processing of his personal data.

HDS without the consent of the subject of personal data to third parties does not disclose or distribute personal information, unless otherwise provided by law.

HDS may entrust the processing of personal data to another person with the consent of the subject of personal data based on the concluded contract with that person. The agreement must contain a list of actions with personal data, which will be operated by a person engaged in the processing of personal data, the purpose of processing, and the duty of such person to comply with the confidentiality of personal data and to ensure the security of personal data during their processing.

Access to the processed personal data in the HDS permitted only HDS employees occupying positions included in the list of posts structural units HDS administration.

The list of actions with personal data and methods for their treatment

HDS collects recording, classification, accumulation, storage, updating, modification, retrieval, use, transfer, depersonalization, blocking, deletion and destruction of personal data.

Processing of personal data in HDS is as follow:

• Non-automated processing of personal data;

• Automated processing of personal data with the transmission of information received by information and telecommunication networks or without it;

• Mixed processing of personal data.

Rights of subjects of personal data

Personal data subjects have the right to:

• Complete information on their personal data processed in the HDS;

• Access to their personal data, including the right to receive a copy of any record containing their personal information, except as provided by law;

• Clarification of their personal data;

• Withdrawal of consent to the processing of personal data;

• Adoption of statutory measures to protect their rights;

Measures to ensuring compliance

Measures to ensure compliance with the HDS operator responsibilities include:

• Appointment of a person responsible for organizing the processing of personal data in the HDS;

• Adoption of local regulations and other documents in the field of processing and protection of personal data;

• Providing training and conducting methodical work with employees of the HDS;

• Obtaining the consent of data subjects to the processing of their personal data, except in cases prescribed by law;

• Separation of personal data processed without the use of automation, from other information, in particular by fixing them on separate physical media of personal data in special sections;

• Providing separate storage of personal data and their material carriers whose processing is carried out for different purposes and contain different categories of personal data;

• A ban on the transfer of personal data through open communication, computer networks outside the controlled area;

• Storage of material carriers of personal data complies with the conditions to ensure the safety of personal data and exclude unauthorized access to them;

• Internal controls;

Measures to ensure the security of personal data during their processing in the information systems of personal data shall be in accordance with local regulatory acts of HDS, governing the issues of security of personal data during their processing in personal data information systems of HDS.