5.19. Personal data shall be annihilated upon the attainment of the purposes of processing, in the event of the processing purposes becoming irrelevant, upon the expiration of the retention period, upon detection of an instance of unlawful processing or at the request of the person having commissioned the processing of the personal data, within no more than thirty days of the date when the purpose of personal data processing is fulfilled, or in the event of the processing instruction being revoked. The annihilation shall be administered in the presence of a panel of witnesses. The fact of annihilation shall be documented with a memorandum.
6. Protection of Personal Data
6.1. The Operator shall procure the protection of personal data from unauthorized or accidental access, loss, modification, blocking, copying, dissemination, and any other unlawful manipulations.
6.2. The Operator shall procure the protection of personal data in the manner contemplated by the applicable Russian laws and the Operator's internal statutes, and namely by implementing a suite of organizational and technical facilities to ensure data security.
6.3. All protection measures deployed in the collection, processing, storage and transmission of the subject's personal data shall apply to both paper and electronic (automated) media.
7. Updating, Correction, Deletion and Annihilation of Personal Data
7.1. The operator may in its discretion enter, supplement, modify, block or delete personal data, subject to the provisions of Russian federal law.
7.2. At the request of the personal data subject, the Operator shall:
- reveal whether the Operator is in possession of the subject's personal data;
- give the subject an opportunity to review their personal data (exception as per Art. 14, Part 5, FZ-152);
- update the personal data if it is found inaccurate or has changed;
- block or destroy personal data if it is found to have been obtained illegally or is deemed redundant for the stated purpose of processing or the subject's consent has been withdrawn.
7.3. The personal data subject shall submit its request to the Operator in paper form, indicating the number of the personal data subject's or their legal representative's main ID, the date of issue and issuing authority of the said ID, and the handwritten signature of the personal data subject or their legal representative. A recommended specimen request form is provided in Annex 1 to this Policy.
7.4. Under the laws of the Russian Federation, the request may be submitted electronically and signed with an electronic digital signature, and is to be sent to mailto:Natalia.firstname.lastname@example.org email@example.com
7.5. Upon the receipt of a subject's request, the Operator's officer responsible shall record the request in the log of data subject requests.
7.6. The Operator shall reply, to the effect of acceptance or reasonable denial of the request, within ten (10) days of the date of receipt of the personal data subject's request. The response lead time may be extended by no more than five business days with the giving of a reasonable notice by the Operator to the request initiator. The reply shall contain specific and comprehensive information pertinent to the essence of the question.
7.7. In the event of an instance of unlawful or accidental transfer (divulgation, dissemination or access) of personal data being established, entailing impairment of the rights of personal data subjects, it is the duty of the Operator to inform Roskomnadzor of such incident, the alleged circumstances having led to the impairment of the rights of personal data subjects, the estimated extent of detriment to the rights of the personal data subjects, and the measures taken to trouble-shoot the consequences of the incident, appending the appropriate contact information, within 24 hours of the time when the incident first becomes known to the Operator, to Roskomnadzor or another party concerned, and further to inform Roskomnadzor about the findings of the Operator's internal investigation of the incident and the persons whose acts had occasioned the incident in question, if applicable, within three days.
8. Modification of this Policy
8.1. The Operator is at liberty to make changes to this Policy. Every time that changes are made, the date of the latest revision shall appear in the header of this Policy. The new edition of this Policy takes effect as of the date when the Operator's CEO approves it. This Policy shall be posted on the Operator's website no later than 3 days following the date of its approval.
8.2. The current edition hereof shall be kept at the location of the Operator's executive body, namely at 18, 3rd Rybinskaya Street, building 22, 4th floor, suite 8, room 46, Moscow 107113, Russian Federation, the electronic version of this Policy can be found on the Operator's website at http://ifcmgroup.ru/
8.3. This Policy and the relations between personal data subjects and the Operator shall be governed by the laws of the Russian Federation.
9. Contact Us
9.1. Email: mailto:Natalia.firstname.lastname@example.org [TN1] email@example.com
9.2. Postal address: 18, 3rd Rybinskaya Street, building 22, 4th floor, suite 8, room 46, Moscow 107113, Russian Federation
Contact phone No.: +7 (495) 246-01 [TN1]