1. General provisions

This policy of personal data processing is drawn up taking into account the requirements of the Constitution of the Russian Federation and in accordance with the requirements of the Federal Law of 27.07.2006. No. 152-FZ “On Personal Data” (hereinafter – the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data taken by JSC “CAT” (hereinafter – the Operator).

1.1 The Operator sets as its most important goal and condition of its activities the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the rights to privacy, personal and family secrecy.

1.2 The provision by the Site visitor of his/her personal data via the Site and/or independent application of the person and provision of his/her data by telephone, fax, e-mail numbers specified on the Site, confirms his/her (hereinafter – the user) consent to their processing and transfer to the Operator. The use of the Site by the user in any way means his/her full consent to the Privacy Policy, terms of processing, use and protection of personal and non-personalised user data.

1.3 The provisions of the Privacy Policy do not apply to, and the Operator does not control, regulate and is not responsible for other sites, including those to which the user can go through the links available on the Site.

1.4 This Operator’s policy on personal data processing (hereinafter referred to as the Policy) applies to all information that the Operator may obtain about visitors to the website https://rt-3d.ru/.

2. Basic terms and definitions used in the local regulatory acts of JSC “ATC” regulating the processing of personal data

Personal data – any information relating to a directly or indirectly defined or identifiable natural person (subject of personal data).

Personal data authorised by the subject of personal data for dissemination – personal data, access to which is provided by the subject of personal data to an unlimited number of persons by giving consent to the processing of personal data authorised by the subject of personal data for dissemination in accordance with the procedure stipulated by the current legislation of the Russian Federation.

Information – information (messages, data) irrespective of the form of its presentation.

Operator – a state authority, municipal authority, legal entity or individual, independently or jointly with other persons organising and (or) carrying out processing of personal data, as well as determining the purposes of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data.

Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematisation, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalisation, blocking, deletion, destruction of personal data.

Automated processing of personal data – processing of personal data with the help of computer equipment.

Provision of personal data – actions aimed at disclosure of personal data to a certain person or a certain circle of persons.

Dissemination of personal data – actions aimed at disclosure of personal data to an indefinite number of persons.

Blocking of personal data – temporary cessation of personal data processing (except for cases when processing is necessary to clarify personal data).

Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.

Personal data depersonalisation – actions as a result of which it becomes impossible to determine the belonging of personal data to a particular subject of personal data without using additional information.

Personal data information system – a set of personal data contained in databases and information technologies and technical means ensuring their processing.

3. Principles and purposes of personal data processing

3.1 As an operator of personal data, JSC “TSPC” processes personal data of employees of JSC “TSPC” and other subjects of personal data who do not have labour relations with JSC “TSPC”.

3.2 The processing of personal data in JSC “CAT” is carried out taking into account the need to ensure the protection of the rights and freedoms of employees of JSC “CAT” and other subjects of personal data, including the protection of the right to privacy, personal and family secrecy, based on the following principles:

the processing of personal data is carried out at CAT JSC on a lawful and fair basis;

processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes;

processing of personal data incompatible with the purposes of personal data collection is not permitted;

databases containing personal data processed for incompatible purposes may not be merged;

only personal data that meet the purposes of their processing shall be processed;

the content and scope of processed personal data corresponds to the stated processing purposes. The redundancy of processed personal data in relation to the stated purposes of their processing is not allowed;

when processing personal data, the accuracy of personal data, their sufficiency and, where necessary, relevance in relation to the purposes of personal data processing are ensured. JSC “CAT” takes the necessary measures or ensures that they are taken to delete or clarify incomplete or inaccurate personal data;

storage of personal data is carried out in a form that allows to identify the subject of personal data, no longer than required by the purposes of personal data processing, unless the period of storage of personal data is established by federal law, the contract to which the subject of personal data is a party, beneficiary or guarantor;

processed personal data shall be destroyed or anonymised upon achievement of the processing purposes or in case of loss of necessity to achieve these purposes, unless otherwise provided for by the federal law.

4. Data processed by the Operator, purposes of their processing.

4.1 The Operator processes personal and non-personalised data.

4.1.1 The personal data of users processed by the Operator is transferred by them voluntarily.

4.1.2 Personal data of users includes any information relating directly or indirectly to a certain or definable natural person (subject of personal data).

4.2 Personal data is processed by the Operator for the following purposes:

4.2.1 Feedback from the subjects of personal data, including the processing of their requests and appeals created on the Website;

4.2.2 Control and improve the quality of the Operator’s services and facilities, including those offered on the Website;

4.2.3. Formation of statistical reporting;

4.2.4. Carrying out business activities;

4.2.5. Carrying out other functions, powers and duties assigned to the Operator by the legislation of the Russian Federation.

5. Main rights and obligations of the Operator

5.1 The Operator shall:

5.1.1 Process personal data in accordance with the procedure established by the current legislation of the Russian Federation;

5.1.2. Consider appeals of the personal data subject (his/her legal representative) on the issues of personal data processing and provide motivated answers;

5.1.3 Provide the subject of personal data (his/her legal representative) with the opportunity to access his/her personal data free of charge;

5.1.4 Take measures to clarify, destroy personal data of the subject of personal data in connection with his/her (his/her legal representative’s) application with legitimate and justified demands;

5.1.5 Organise the protection of personal data in accordance with the requirements of the legislation of the Russian Federation.

5.2 The Operator has the right:

5.2.1 Receive from the subject of personal data reliable information and/or documents containing personal data;

5.2.2 Require from the subject of personal data timely clarification of the provided personal data.

6. Basic rights and obligations of personal data subjects

6.1 The subjects of personal data have the right:

6.1.1 To full information about their personal data processed by the Operator;

6.1.2. To access their personal data, including the right to receive a copy of any record containing their personal data, except in cases provided for by federal law;

6.1.3. To have their personal data clarified, blocked or destroyed if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;

6.1.4. To withdraw consent to the processing of personal data;

6.1.5. To take measures provided for by law to protect his/her rights;

6.1.6. To exercise other rights provided for by the legislation of the Russian Federation.

6.2 Personal data subjects are obliged to:

6.2.1 Provide the Operator with only reliable data about themselves;

6.2.2 Notify the Operator about the clarification (update, change) of their personal data.

7. The legal grounds for the processing of personal data by the operator are:

7.1.1. the Civil Code of the Russian Federation;

7.1.2. the Federal Law of 27 July 2006 N 149-FZ “On Information, Information Technologies and Information Protection”;

7.1.3. Law of the Russian Federation dated 27 December 1991 N 2124-1 “On Mass Media”;

7.1.4. Federal Law N 294-FZ of 26 December 2008 “On Protection of the Rights of Legal Entities and Individual Entrepreneurs in the Course of State Control (Supervision) and Municipal Control”;

7.1.5. Decree of the President of the Russian Federation dated 6 March 1997 N 188 “On Approval of the List of Confidential Information”;

7.1.6. Decree of the Government of the Russian Federation dated 06 July 2008 N 512 “On Approval of Requirements for Material Carriers of Biometric Personal Data and Technologies for Storage of Such Data Outside Personal Data Information Systems”;

7.1.7. Resolution of the Government of the Russian Federation dated 15 September 2008 N 687 “On Approval of the Regulation on the Peculiarities of Personal Data Processing Performed Without the Use of Means of Automation”;

7.1.8. Resolution of the Government of the Russian Federation dated 1 November 2012 N 1119 “On Approval of the Requirements for the Protection of Personal Data when Processing in Personal Data Information Systems”;

7.1.9. Roskomnadzor Order N 996 dated 5 September 2013 “On Approval of the Requirements and Methods of Personal Data Depersonalisation”;

7.1.10. Order of the Federal Service for Technical and Export Control of Russia dated 18 February 2013 N 21 “On Approval of the Composition and Content of Organisational and Technical Measures to Ensure the Security of Personal Data when Processing in Personal Data Information Systems”.

7.2 The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection is not allowed.

7.3 Only personal data that fulfil the purposes for which they are processed shall be processed.

7.4 Personal data shall be stored in a form that allows identification of the subject of personal data for no longer than required by the purposes of personal data processing, unless the period of personal data storage is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. Processed personal data shall be destroyed or anonymised when the purposes of processing have been achieved or when it is no longer necessary to achieve these purposes, unless otherwise provided for by federal law.

7.5 Access to the personal data processed in JSC “ATC” is allowed only to employees of JSC “ATC” who hold positions included in the list of positions of structural subdivisions of the administration of JSC “ATC”, in the course of which personal data is processed.

8. Conditions of personal data processing

8.1 Processing of personal data is carried out with the consent of the subject of personal data to the processing of his/her personal data.

8.2 The list of actions performed by the Operator with personal data: collection, systematisation, accumulation, storage, clarification (update, change), use, distribution (including transfer), depersonalisation, blocking, destruction, as well as any other actions in accordance with the current legislation of the Russian Federation.

8.3 The Personal Data Subject decides to provide his/her personal data and gives his/her Consent freely, of his/her own free will and in his/her own interest.

8.4 When processing personal data, the Operator takes or ensures that the necessary legal, organisational and technical measures are taken to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions in relation to personal data.

8.5 When storing personal data, the Operator uses databases located in the territory of the Russian Federation.

9. Procedure for collection, storage, transfer and other types of personal data processing

9.1 The security of personal data processed by the Operator shall be ensured by implementing legal, organisational and technical measures necessary for full compliance with the requirements of the applicable legislation in the field of personal data protection.

9.2 The Operator shall ensure safety of personal data and take all possible measures to exclude access to personal data by unauthorised persons.

9.3 The Subject’s personal data will never, under no circumstances, be transferred to third parties, except in cases related to the execution of the current legislation or if the subject of personal data has given his/her consent to the Operator to transfer the data to a third party for the fulfilment of obligations under a civil law contract.

9.4 The term of personal data processing is determined by the achievement of the purposes for which the personal data were collected, unless another term is stipulated by the contract or applicable law.

9.5 The Operator shall ensure confidentiality of personal data when processing personal data.

9.6 The Operator and other persons who have access to personal data shall be obliged not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided for by federal law.

10. List of actions performed by the Operator with the received personal data

10.1 The Operator shall collect, record, systematise, accumulate, store, clarify (update, change), extract, use, transfer (disseminate, provide, access), depersonalise, block, delete and destroy personal data.

10.2 The Operator carries out automated processing of personal data with or without receiving and/or transmitting the received information via information and telecommunication networks.

11. Measures taken by CAT JSC to ensure fulfilment of the operator’s obligations in the processing of personal data

11.1 Measures necessary and sufficient to ensure the fulfilment by JSC ATC of the operator’s obligations under the legislation of the Russian Federation in the field of personal data include:

appointment of a person responsible for organising the processing of personal data at JSC ATC;

adoption of local regulations and other documents in the field of processing and protection of personal data;

organisation of training and methodological work with employees of structural subdivisions of the administration of JSC “CAT”, its branches and representative offices, who hold positions included in the list of positions of structural subdivisions of the administration of JSC “CAT”, in which personal data is processed;

obtaining the consent of subjects of personal data to the processing of their personal data, except in cases stipulated by the legislation of the Russian Federation;

segregation of personal data processed without the use of automation means from other information, in particular by means of their recording on separate material carriers of personal data in special sections;

ensuring separate storage of personal data and their material carriers, the processing of which is carried out for different purposes and which contain different categories of personal data;

ensuring the security of personal data during their transmission via open communication channels;

storage of material carriers of personal data in compliance with the conditions ensuring the safety of personal data and excluding unauthorised access to them;

internal control of compliance of personal data processing with the Federal Law “On Personal Data” and regulatory legal acts adopted in accordance with it, requirements to the protection of personal data, this Policy, and local regulations of JSC ATC;

other measures stipulated by the legislation of the Russian Federation in the field of personal data.

11.2 Measures to ensure the security of personal data during their processing in the information systems of personal data are established in accordance with local regulatory acts of JSC “TSPC” regulating the issues of ensuring the security of personal data during their processing in the information systems of personal data of JSC ATC.

12. Final provisions

12.1 All relations concerning the processing of personal data not covered by this Policy shall be regulated in accordance with the provisions of the legislation of the Russian Federation.

12.2 The current version of the Policy is freely available on the Internet at (page address).