Personal Data Processing Policy

1. GENERAL PROVISIONS

1.1. This Personal Data Processing Policy (hereinafter referred to as the "Policy") is drawn up in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" and defines the procedure for processing personal data and measures to ensure the security of personal data taken by LLC "ATALIAN GLOBAL SERVICES" (hereinafter referred to as the "Operator").

2. BASIC CONCEPTS

• Personal data - any information relating to directly or indirectly identified or identifiable natural person (personal data subject);
• Processing of personal data - any action (operation) or set of actions (operations) performed with personal data using automation tools or without using such tools, including collection, recording, systematization, accumulation, storage, clarification (update, change), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
• Operator - a state body, municipal body, legal entity or individual that independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
• Personal data subject - a natural person to whom personal data relates;

3. PURPOSES OF PERSONAL DATA PROCESSING

Limited Liability Company "ATALIAN GLOBAL SERVICES" 3. PURPOSES OF PERSONAL DATA PROCESSING:

• processing of applications and requests from clients and partners;
• conclusion and execution of contracts;
• provision of services to clients;
• informing about new services and special offers;
• consideration of candidates for vacant positions;
• compliance with the requirements of the legislation of the Russian Federation;
• improving the quality of services provided;
• conducting marketing research.

4. LEGAL BASIS FOR PROCESSING PERSONAL DATA

4.1. The legal grounds for processing personal data by the Operator are:
• Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data";
• Charter documents of the Operator;
• Contracts concluded between the Operator and the personal data subject;
• Consent of personal data subjects to the processing of their personal data.

5. CATEGORIES OF PERSONAL DATA PROCESSED

For clients and partners:

• Last name, first name, patronymic;
• Contact details (phone, email address);
• Passport data (when concluding contracts);
• Organization details;
• Bank details;
• History of appeals and orders.

For job applicants:

• Last name, first name, patronymic;
• Contact details;
• Education information;
• Professional experience information;
• Other information contained in the resume.

For website visitors:

• IP address;
• Cookie data;
• Browser and device information;
• Website visit history.

6. PRINCIPLES OF PERSONAL DATA PROCESSING

• legality and fairness;
• limitation of processing to the achievement of specific, predetermined and legitimate purposes;
• inadmissibility of processing personal data incompatible with the purposes of collecting personal data;
• inadmissibility of combining databases containing personal data processed for incompatible purposes;
• processing only those personal data that correspond to the purposes of their processing;
• compliance of the content and volume of processed personal data with the stated processing purposes;
• inadmissibility of processing excessive personal data in relation to the stated purposes of their processing;
• ensuring accuracy, sufficiency and relevance of personal data in relation to the purposes of processing personal data;
• storage of personal data in a form that allows identification of the personal data subject no longer than required by the purposes of processing personal data;
• destruction or depersonalization of personal data upon achievement of processing purposes or in case of loss of the need to achieve these purposes.

7. CONDITIONS FOR PROCESSING PERSONAL DATA

• consent of the personal data subject to the processing of his personal data has been obtained;
• processing of personal data is necessary to achieve the goals provided for by an international treaty of the Russian Federation or the law, to implement and fulfill the functions, powers and duties assigned to the operator by the legislation of the Russian Federation;
• processing of personal data is necessary for the administration of justice, execution of a judicial act, act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
• processing of personal data is necessary for the execution of a contract to which the personal data subject is a party, beneficiary or guarantor, as well as for concluding a contract on the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor;
• processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated.

8. PERSONAL DATA RETENTION PERIODS

8.1. Personal data retention periods are determined in accordance with the following criteria:
• For clients — within 5 years from the termination of contractual relations, but not less than the periods established by accounting and tax legislation;
• For applicants — within 3 years from the receipt of the resume;
• For website visitors — within 1 year from the last visit;
• If there are separate consents of the subjects — within the validity period of the consent.

8.2. Upon expiration of the specified periods, personal data are subject to destruction or depersonalization.

9. MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA

• appointment of responsible persons for organizing personal data processing;
• restriction of access to personal data;
• keeping records of personal data carriers;
• detection of facts of unauthorized access to personal data and taking measures;
• restoration of personal data modified or destroyed as a result of unauthorized access to them;
• establishing rules for access to personal data processed in the information system;
• monitoring of measures taken to ensure the security of personal data;
• use of certified information security tools.

10. RIGHTS OF PERSONAL DATA SUBJECTS

• receive information regarding the processing of his personal data, except in cases provided for by federal laws;
• require the operator to clarify his personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated processing purpose;
• withdraw his consent to the processing of personal data;
• require the elimination of illegal actions of the operator regarding his personal data;
• appeal against the actions or inaction of the operator to the authorized body for the protection of the rights of personal data subjects (Roskomnadzor) or in court;
• protect his rights and legitimate interests, including compensation for damages and compensation for moral harm in court.

11. INTERNATIONAL TRANSFER OF PERSONAL DATA

11.1. Before starting the cross-border transfer of personal data, the Operator is obliged to ensure that the foreign state to whose territory it is intended to transfer personal data provides adequate protection of the rights of personal data subjects.
11.2. Cross-border transfer of personal data to the territories of foreign states that do not provide adequate protection of the rights of personal data subjects can be carried out only if there is written consent of the personal data subject to the cross-border transfer of his personal data.

12. FINAL PROVISIONS

12.1. This Policy is a publicly available document and must be posted on the official website of the Operator.
12.2. The Operator has the right to make changes to this Policy. When changes are made, the date of the last update is indicated in the current version.
12.3. The new version of the Policy comes into force from the moment it is posted on the website, unless otherwise provided by the new version of the Policy.
12.4. All suggestions or questions regarding this Policy should be sent to the email address: info@atalian.ru.
12.5. The current version of the Policy is available on the website at: http://atalian.ru/policy.