Personal Data Processing Policy

1.1 This personal data processing policy (hereinafter referred to as the Policy) is drafted in accordance with article 18.1 of Federal Law No. 152-FZ, dated July 27, 2006, “On the Personal Data” and applies to all personal data, which the administration of the website sterngoff.com “Sterngoff Audit”, LLC (hereinafter referred to as the Administration) may receive from the personal data owners.

1.2 The Policy applies to the personal data received before or after signing of this Policy.

2.1 The information constituting the personal data is defined by the Administration as any information that is attributable to a directly or indirectly identified or identifiable individual (a personal data owner).

2.2 The personal data mean the following data received from personal data owners:

• Name, patronymic and surname of a personal data owner.
• Address of a personal data owner.
• Phone number(s) of a personal data owner.
• Other personal data.

3.1 The Administration processes the personal data of personal data owners in compliance with: the Constitution of the Russian Federation; articles 86 to 90 of the Employment Code of the Russian Federation; article 6 (paragraph 2 part 1) of Federal Law No. 152-FZ, dated July 27, 2006, “On the Personal Data”.

4.1 The Administration processes the personal data of personal data owners for the following purposes:

• Fulfilment of the obligations that are imposed to the Administration and associated with fulfilment of any requests submitted by personal data owners via online forms of the website sterngoff.com.
• Ensuring of notification of a personal data owner of any measures carried out by the Administration.

5.1 Rights and Obligations of the Administration.

5.1.1 The Administration as a personal data operator shall be entitled to:

• Defend its interests in court.
• Submit the personal data of personal data owners if it is required by the applicable legislation (to tax, law enforcement and other authorities).
• Deny submitting of the personal data in the events provided for by the legislation.
• Use the personal data of a personal data owner without their consent if it is required by the
  legislation.

5.1.2 The Administration as a personal data operator shall be obliged to:

• Take any measures that are required and sufficient to ensure fulfillment of the obligations provided for by Federal Law No. 152-FZ, dated July 27, 2006, “On the Personal Data” and any further regulatory acts introduced in compliance with the latter.

5.2 Rights of a Personal Data Owner.

5.2.1 A personal data owner shall be entitled to:

• Require update, locking or destruction of their personal data if such personal data are incomplete, obsolete, unreliable, illegally received or not required for the requested processing purpose, as well as enforce any legal actions to protect their rights.
• Request the list of their personal data being processed by the Administration and their source.
• Receipt information on the period of processing of their personal data including their storage period.
• Request notification of all persons, who have previously received their incorrect or incomplete personal data, of any removals, amendments of or additions to their personal data.
• Challenge any illegal actions or omissions, which are committed in the course of processing of their personal data, in an authority responsible for protection of the rights of personal data owners or to a court.
• Protect their rights and legal interests, including claim indemnification and (or) compensation for immaterial damage in a court.

6.1 The Administration processes the personal data based on the following principles:

• • Legitimacy and fairness of the purposes and means of the personal data processing, compliance of the personal data processing with the purposes, which have been determined and announced in the course of the personal data collection, as well as with the powers of the Administration.
  • Compliance of the scope and nature of the personal data subject to processing, and means of thepersonal data processing with the personal data processing purposes.
  • Reliability of the personal data, their sufficiency for the processing purposes, impermissibility of the personal data collection in the scope exceeding the purposes, which have been announced in the course of the personal data collection.
  • Impermissibility of aggregation of the data bases that contain the personal data and have been developed for incompatible purposes.
  • Personal data storage in a form that allows determination of a personal data owner not longer than the period required for the processing purpose
  • Destruction upon achievement of the purposes of the personal data collection and in the event of a loss of feasibility of their achievement.

6.2 The personal data are processed in compliance with the terms and conditions provided for by the legislation of the Russian Federation.

7.1 In the course of the personal data processing, the Administration undertakes any required legal, organizational and technical measures and ensures their fulfillment in order to protect the personal data from an unauthorized or accidental access, destruction, amendment, locking, copying, submission, personal data propagation as well as any other illegal actions associated with the personal data.

8.1 This Policy is an internal document of the Administration, publicly available and subject to publication at the official website of the Administration.

8.2 This Policy is subject to amendment, adjustment in the event of introduction of any new legal acts and special regulatory acts associated with the personal data processing and protection.

8.3 The Administration undertakes control over compliance with the requirements of this Policy.