Position about personal data processing

1.General provisions

1.1.The present Regulations establish the procedure for processing personal data of users on the site https://credinform.ru/en-GB, the data contained on the site https://globas.credinform.ru/en-GB in the Information and Analysis System Globas (hereinafter - the Company), and compliance with the requirements for the protection of rights citizens when processing personal data.

1.2.Activities in the collection and processing of personal data are carried out on the basis and in accordance with the requirements of the current legislation of the Russian Federation.

1.3.This Regulation is approved by the order of the General Director of the Company and is valid until canceled or until replaced by another similar internal document.This Regulation is mandatory for all employees of the Company who have access to personal data.

2.Basic concepts used in the present position

2.1.For the purposes of this Regulation, the following basic concepts are used:site - a set of software and hardware for computers, providing the publication of data on the Internet for everyone to see. The site is accessible by a unique electronic address or by its letter designation. It can contain graphic, text, audio, video, as well as other information reproduced with the help of a computer;personal data - any information related to a particular individual (subject of personal data) defined or determined on the basis of such information, including his surname, name, patronymic, year, month, date and place of birth, address, family, social, property status, education, profession, income, other information;subjects of personal data in the context of this provision:
- an individual who is a client - a user of the site https://credinform.ru/en-GB;- an individual, information about which is available on the site https://globas.credinform.ru/en-GB in the Information and Analytical System Globas;
- an individual who is an employee of the Company.
processing of personal data - actions (operations) with personal data, including collection, systematization, accumulation, storage, updating (updating, modification), use, distribution (including transfer), depersonalization, blocking, destruction of personal data;confidentiality of personal data - a requirement for the Company or other persons who have access to a personal data to comply with the requirement not to allow their distribution without the consent of the subject of personal data or other legal grounds;dissemination of personal data - actions aimed at the transfer of personal data to a certain range of persons or for acquaintance with personal data of an unlimited number of persons, including the publication of personal data in the mass media, placement in information and telecommunications networks or provision of access to personal data by any in a different way;use of personal data - actions (operations) with personal data made by the operator for the purpose of making decisions or performing other actions that generate legal consequences with respect to the subject of personal data or other persons or otherwise affecting the rights and freedoms of the subject of personal data or other persons;destruction of personal data - actions, as a result of which it is impossible to restore the contents of personal data in the information system of personal data or as a result of which material carriers of personal data of employees are destroyed;depersonalization of personal data - actions, as a result of which it is impossible to determine the belonging of personal data to a specific subject of personal data;blocking of personal data - temporary suspension of collection, systematization, accumulation, use, dissemination of personal data, including their transfer;publicly available personal data - personal data, access of an unlimited circle of persons to which is provided with the consent of the personal data subject or for which the requirement of confidentiality does not apply in accordance with federal laws.

3.Composition of personal data

3.1.Composition of personal data, independently provided by the subject of personal data, by the user of the site
https://credinform.ru/en-GB:
- Full Name;- contact information, including phone numbers, e-mail;- INN.Automatically collected data:- IP address, cookie data;- information about the user's browser, technical characteristics of the equipment and software used by the User;- the date and time of access to the site, the addresses of the requested pages and other similar information.

3.2.The personal data specified in clause 3.1 of the Regulations shall be processed for the purpose of identifying users, enforcing the user agreement, providing personalized services and content, improving the quality of the site and providing services

3.3.Processing of personal data of users is carried out with their consent. A user registering on the site https://credinform.ru/en-GB in order to gain access to the Company's services, thereby expresses its full consent in accordance with Article 9 of the Federal Law of July 27, 2006 No. 152-FZ «On Personal Data» for automated , as well as without the use of automation, processing and use of their personal data.

3.4.The composition of personal data obtained from open sources and placed on the site https://globas.credinform.ru/en-GB in the Information and Analytical System Globas:- Full Name;- contact information, including phone numbers, e-mail;- passport data of a citizen of the Russian Federation;- Taxpayer Identification Number;- place of work;- information on the ownership of shares in the authorized capital of legal entities.

3.5.The personal data specified in clause 3.4 of the Regulations shall be processed in order to update the information on legal entities whose managers or owners of shares are the subjects of personal data

3.6.Processing of personal data of subjects of personal data specified in clause 3.4. Of the Regulations is made by the Company on the basis of updated information on personal data of said personal data subjects obtained from open sources.

4.Confidentiality of personal data

4.1.The information listed in Article 3 of these Regulations is confidential. The company ensures the confidentiality of personal data and is obliged not to allow their distribution without the consent of customers, or the presence of other legal grounds.

4.2.All measures of confidentiality in the collection, processing and storage of personal data are distributed to both paper and electronic (automated) media.

4.3.The mode of confidentiality of personal data is removed in cases of depersonalization or publication in publicly available sources (media, Internet, USRLE, EGRIP and other public registries).

5.Rights and obligations of the personal data operator

5.1.The processing of personal data is carried out by the Company with the consent of the subjects of personal data, with the exception of cases provided for in paragraph 5.2 of this Regulation. Obligation to provide evidence of obtaining consent to the processing of personal data on the grounds of this paragraph in accordance with the law is vested in the Company.

5.2.The company has the right, without the consent of the personal data subject, to process its personal data in the following cases:- processing of personal data is carried out on the basis of the federal law establishing its purpose, conditions for obtaining personal data and the circle of entities whose personal data are subject to processing, as well as determining the powers of the Company;- the processing of personal data is carried out for the purpose of executing a contract, one of the parties to which is the subject of personal data;- processing of personal data subject to publication in accordance with federal laws, including personal data of persons who replace public office, state civil service, personal data of candidates for elected state or municipal positions.

5.3.In order to ensure the rights and freedoms of a person and a citizen, the operator and his employees have to observe the following general requirements when processing personal data

5.3.1.When determining the scope and content of personal data to be processed, the Company's employees are guided by the Federal Law «On Personal Data», legislation regulating the activities of the media, regulations on the processing of personal data. The company receives personal data only to the extent necessary to achieve legitimate purposes of collecting and processing personal data.

5.3.2.Employees of the Company should not process non-public personal data of subjects of personal data about their criminal record, political, religious and other convictions and private life.

5.4.The Company provides protection of personal data from misuse or loss at its own expense in accordance with the procedure established by federal law.

5.5.In the event that the Company, on the basis of an agreement, entrusts the processing of personal data to another person, the essential condition of the contract is the obligation to provide the specified person with the confidentiality of personal data and the safety of personal data when processing them.

6.Rights of the personal data subject

6.1.The subject of personal data has the right to receive information about the Company, the location of its location, the presence of the Company's personal data relating to the relevant personal data subject, as well as to familiarize with such personal data. The subject of personal data is entitled to require the Company to verify its personal data, blocking or destroying it in the event that personal data are incomplete, obsolete, unreliable, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.

6.2.Information on the availability of personal data must be provided to the personal data subject by the Company in an accessible form, and they should not contain personal data relating to other personal data subjects.

6.3.Access to your personal data is provided to the personal data subject or his legal representative at the request or upon receipt of a request from the personal data subject or his legal representative. The request shall contain the number of the main document certifying the identity of the personal data subject or its legal representative, information about the date of issue of the specified document and the issuing body and the personal signature of the personal data subject or its legal representative. The request can be sent in electronic form and signed by an electronic digital signature in accordance with the legislation of the Russian Federation.

6.4The subject of personal data has the right to receive, upon request or upon receipt of a request, information regarding the processing of his personal data, including:1) confirmation of the fact of the processing of personal data by the Company, and also the purpose of such processing;2) methods of processing personal data used by the operator;3) information about persons who have access to or have access to personal data;4) the list of processed personal data and the source of their receipt;5) terms of processing of personal data, including the terms of their storage;6) information about what legal consequences for the subject of personal data may entail the processing of his personal data.

6.5.The subject of personal data has the right to withdraw consent to the processing of personal data, to limit the ways and forms of processing personal data, to prohibit the dissemination of personal data without his consent.

6.6.The subject of personal data has the right to appeal against actions or inaction of the Company to the authorized body for the protection of the rights of subjects of personal data or in court.

6.7.The subject of personal data has the right to protect their rights and legitimate interests, including compensation for damages and compensation for moral harm in the courts.

7.Processing of personal data

7.1.The processing of personal data is carried out by the Company solely for the achievement of the purposes defined by these Regulations.

7.2.Processing of personal data consists in receiving, systematizing, accumulating, storing, updating (updating, changing), using, distributing, depersonalizing, blocking, destroying and protecting against unauthorized access

7.3.Processing of personal data is carried out by the method of mixed (including automated) processing.

7.4Personal data processing can be accessed only by employees of the Company, whose job duties are directly related to access and work with personal data.

7.5.In the event that the personal data subject is properly addressed, the Company is obliged to make the necessary changes, destroy or block the relevant personal data for the provision of personal data by the subject or his legal representative of information that confirms that the personal data relating to the relevant entity and processed by the Company are incomplete , obsolete, unreliable, illegally obtained or not necessary for the stated purpose of the treatment. On the changes made and measures taken, the Company is obliged to notify the subject of personal data or its legal representative and third parties to whom the personal data of this subject have been transferred.

8.Transfer of personal data

8.1.The transfer of personal data is carried out by the Company solely in accordance with the requirements of the current legislation of the Russian Federation.

8.2.The transfer of personal data to third parties is carried out by the Company only on the basis of a relevant agreement, the essential condition of which is the obligation to provide third-party confidentiality of personal data and the safety of personal data when processing them. This provision does not apply to the de-identification of personal data and to publicly available personal data.

8.3.The transfer of personal data to public authorities is carried out within their authority in accordance with applicable law.

9.Storage of personal data

9.1.Personal data can be stored electronically in the territory of Russia.

9.2.The operator of personal data carries out separate storage of personal data received in accordance with clauses 3.1, 3.4 of the Regulations.

10.Access to personal data

10.1.The right of access to personal data is available to: the Company's CEO, employees of the Company.

10.2.The access of the personal data subject to their personal data is provided in the personal account of the user.

11.Protection of personal data of users

11.1.Protection is subject to information containing personal data, placed on electronic and paper carriers.

11.2.The company is obliged to take necessary organizational and technical measures when processing personal data to protect personal data from unauthorized or accidental access to it, destruction, modification, blocking, copying, distribution of personal data, as well as from other illegal actions.

11.3.The general organization of protection of personal data is carried out by the General Director of the Company.

11.4.Protection of personal data stored in electronic databases, from unauthorized access, distortion and destruction of information, as well as from other illegal actions, is provided by the Director of the Company.

11.5.Employee of the Company who has access to personal data in connection with the performance of labor duties:- provides storage of information containing personal data, excluding access to them by third parties;- in the absence of an employee at his workplace there should be no documents containing personal data;- when leaving for vacation, during a business trip and other cases of prolonged absence of an employee at his workplace, he is obliged to transfer media containing personal data to a person who will be entrusted with execution of his labor duties by a local act of the Company (order, order). In the event that such person is not appointed, the above documents and other media are transferred to another employee who has access to personal data.

11.6.When an employee who has access to personal data is dismissed, media containing personal data is transferred to another employee who has access to personal data.

11.7.Protection of access to electronic databases containing personal data is provided by:use of anti-virus and other software and hardware to protect the perimeter of the internal network that do not allow unauthorized entry into the operator's local network;delineation of access rights using an account;

11.8.All electronic applications containing personal data, including information systems for personal data, folders and files containing personal data, are password protected.

11.9.Protection of access to paper medium containing personal data is carried out:- use of safes and lockable cabinets;- the use of video surveillance systems.

11.10.Copy personal data is allowed only for business purposes with the written permission of the Company's CEO.

11.11.Answers to written requests of authorized state bodies, other organizations and institutions on personal data are given only with the written consent of the subjects of personal data, unless otherwise provided by law. Responses are made in writing, on the Company's letterhead, and to the extent that it allows not to disclose excessive amounts of personal data.

12.Responsibility for disclosure of information containing personal data

12.1.Employees of the Company who are guilty of violating the rules governing the receipt, processing and protection of personal data bear disciplinary, administrative, civil or criminal liability in accordance with federal laws of the Russian Federation.

13.Feedback

Our address:Central office: 190000 St. Petersburg, Spassky per., 5Phone: +7 (812) 406-8414Representation: 127015 Moscow, ul. Novodmitrovskaya, 2/1, BC «Savelovsky City»Phone: +7 (495) 640-4116Mailing address: 190900 St. Petersburg, PO Box 1009E-mail: office@credinform.ru