1.1. This Policy of SIBUR LLC (hereinafter referred to as the Controller) regarding the processing of personal data (hereinafter referred to as the Policy) defines the main goals, procedure and conditions for the processing of personal data by the Controller, as well as measures to ensure the security of personal data.
1.2. This Policy is a public document and is subject to publication on the official website of the Controller on the Internet.
1.3. All employees of the Controller, as well as [to write down for whom the Policy is intended]are guided by the provisions of this Policy.
2.1. ‘Personaldata’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.2. ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
2.3. ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2.4. Dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons.
2.5. Provision of personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons.
2.6. Blocking of personal data is a temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).
2.7. Destruction of personal data – actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
3.1. The operator has the right to defend his interests in the judicial authorities;
with the consent of the subject of personal data, to entrust the processing of his personal data to another person, unless otherwise provided by the legislation of the European Union on personal data, federal law, on the basis of an agreement concluded with this person;
to provide personal data of subjects to third parties, if it is provided for by the current legislation of the European Union, the Russian Federation (transfer personal data to authorized bodies on the grounds provided for by the current legislation of the European Union, the Russian Federation);
to refuse to provide personal data in cases stipulated by the legislation of the European Union, the Russian Federation;
to use the personal data of the subject without his consent, in the cases provided for by the legislation of the European Union, the Russian Federation.
3.2. The operator is obliged
to inform the subject of personal data or his representative information about the availability of personal data relating to the respective subject of personal data, as well as provide the opportunity to familiarize himself with these personal data when the subject of personal data or his representative applies, or within 30 days from the date of receipt of the request of the subject of personal data or its representative;
to take measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the legislation of the European Union on personal data, the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it.