PERSONAL DATA PROCESSING POLICY

1. GENERAL PROVISIONS

1.1. The personal data processing policy adopted by Interfax – Dun and Bradstreet Limited Liability Company (hereinafter, the “Operator”) lays down the main principles and rules for personal data processing by the Operator; determines purposes, legal grounds, conditions and methods of such processing, categories of subjects of the personal data to be processed by the Operator; contains the information on compliance by the Operator with the requirements imposed by the legislation of the Russian Federation as well as the information on implementation by the Operator of the measures for protection of the processed personal data.

1.2. The policy is adopted in consistence with the requirements of the Constitution of the Russian Federation and other laws and regulations of the Russian Federation in the field of personal data.

1.3. The policy is a publicly available document which declares the principles of activities of the Operator in relation to personal data processing and is subject to publication on the following web-site of the Operator: https://dnb.ua/en/confidential/

2. ADOPTED TERMS:

2.1. Operator shall mean Interfax – Dun and Bradstreet Limited Liability Company.

2.2. Personal data shall mean any information directly or indirectly relating to an identified or an identifiable individual (subject of personal data).

2.3. Personal data processing shall mean any action (operation) or set of actions (operations) performed in respect of personal data with or without the use of tools of automation including collection, recording, systematization, accumulation, storage, specification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, removal, destruction of personal data.

2.4. Personal data information system shall mean all the personal data stored in databases as well as the information technologies and technical tools enabling personal data processing;

3. INFORMATION ON OPERATOR, LEGAL GROUNDS AND PURPOSES OF PERSONAL DATA PROCESSING

3.1. In accordance with the requirements of the current legislation of the Russian Federation the Operator determines purposes of personal data processing, content of the personal data to be processed, actions (operations) to be performed in relation to personal data; organizes and performs personal data processing, organizes and ensures protection of the processed personal data.

3.2. Information on the Operator:

Full legal name: Interfax – Dun & Bradstreet Limited Liability Company

Abbreviated name: Interfax – D&B OOO

OGRN 1087746421223, INN 7710712238, KPP 771001001,

Legal address and location: build. 1, 2 Pervaya Tverskaya-Yamskaya Ul., Moscow 127006.

3.3. Legal grounds of personal data processing:

3.3.1. The Operator performs the activity on personal data processing on the basis of and in accordance with the requirements of the current legislation of the Russian Federation, including without limitation:

The Constitution of the Russian Federation;

Federal Law dated December 19, 2005 No. 160-ФЗ “ On Ratification of the Convention for the Protection of Individuals with regard to Automatic Personal data processing”;

The Tax Code of the Russian Federation;

The Labor Code of the Russian Federation;

Federal Law dated July 27, 2006 No. 152-ФЗ “On Personal Data”;

Federal Law dated July 27, 2006 No. 149-ФЗ “On Information, Information Technology, and Protection of Information” ;

Federal Law dated August 08, 2001 No. 129-ФЗ “On State Registration of Legal Entities and Individual Entrepreneurs”;

Federal Law dated February 08, 1998 No. 14-ФЗ “On Limited Liability Companies”;

Federal Law dated July 26, 2006 No. 135-ФЗ “On Protection of Competition”;

Federal Law dated April 05, 2013 No. 44-ФЗ “On Contract System in Sphere of Procurement of Goods, Works, Services for State and Municipal Needs”;

3.3.2. The Operator performs personal data processing upon consent to process personal data provided by subject of personal data in accordance with Federal Law dated July 27, 2006 No. 152-ФЗ “On Personal Data”.

3.3.3. The Operator is entitled to perform personal data processing without consent of subject of personal data in the following cases:

personal data processing is required for achievement of the purposes stipulated by international treaty of the Russian Federation or by law;

personal data processing is required for realization of functions, rights and obligations of the Operator as provided for by laws of the Russian Federation;

processing of the personal data which are subject to publication or compulsory disclosure in accordance with a federal law;

personal data processing is required for realization of the rights and legitimate interests of the Operator or third parties or for the attainment of socially significant objectives, provided that this does not violate rights and freedoms of subject of personal data;

processing of the personal data the public access to which has been granted by or at the request of subject of personal data (hereinafter referred to as the “personal data made public by subject of personal data”);

personal data processing is required for performance of an agreement, the subject of personal data is a party to or beneficiary or surety, (including when the Operator exercises its right to assignment under such agreement) or for entering into an agreement on the initiative of the subject of personal data or for entering into an agreement under which the subject of personal data shall be beneficiary or surety;

in the other cases expressly provided for in Federal Law dated July 27, 2006 No. 152-ФЗ “On Personal Data”.

3.4. Purposes of processing of personal data

The Operator processes personal data for the following purposes:

achievement of the purposes stipulated by international treaty of the Russian Federation or by law;

performance of the obligations stipulated by the current legislation of the Russian Federation;

realization of rights and legitimate interests of the Operator or third parties;

carrying out business activity of the Operator, performance of contractual obligations;

4. CATEGORIES OF PERSONAL DATA BEING PROCESSED AND SOURCES OF PERSONAL DATA

4.1. The Operator processes personal data of the following categories of subjects of personal data:

- employees of the Operator working for the Operator under an employment agreement;

- individuals who are contractors or representatives, employees of contractors of the Operator;

- individuals whose personal data are publicly available and are subject to compulsory disclosure or publication, inclusion in the Unified Federal Register of Legally Significant Information on Activities of Legal Entities, Individual Entrepreneurs and Subjects of Economic Activity as well as in the Unified Federal Register of Bankruptcy Information and Other Publicly Available State Registers or Information Systems pursuant to the provisions of a federal law;

- individuals who are entitled or are obliged to provide information to the Unified Federal Register of Legally Significant Information on Activities of Legal Entities, Individual Entrepreneurs and Subjects of Economic Activity as well as to the Unified Federal Register of Bankruptcy Information and Other Publicly Available State Registers or Information Systems pursuant to provisions of a federal law;

- individuals who have given the Operator the consent to transfer the data from their credit histories to the corresponding interested parties.

- individuals who are participants, shareholders, members of management bodies, supervisory bodies of legal entities belonging to the Operator’s group including the Operator.

4.2. The sources of personal data processed by the Operator shall be as follows:

- subjects of personal data (including employees of the Operator, applicants for vacant positions, members of management bodies and supervisory bodies of the Operator, clients, contractors);

- the Federal Tax Service of the Russian Federation, other state authorities and authorized organizations specified in the current laws of the Russian Federation;

- individuals who are entitled or are obliged to provide information to the Unified Federal Register of Legally Significant Information on Activities of Legal Entities, Individual Entrepreneurs and Subjects of Economic Activities Entities as well as to the Unified Federal Register of Bankruptcy Information and Other Publicly Available State Registers or Information Systems pursuant to provisions of a federal law;

- contractors of the Operator;

- entities belonging to the Operator’s group;

- other subjects of personal data (for the purposes of processing of personal data in accordance with section 3.4. hereof);

- other persons, provided that the Operator has confirmation of existence of the grounds specified in clauses 2 to 11 of part 1 of Article 6, part 2 of Article 10 and part 2 of Article 11 of Federal law dated July 27, 2006 No. 152 –ФЗ “On Personal Data”.

4.3. Contents and amount of the processed personal data of the subjects of personal data falling within the categories set out in subclause 4.1. of the Policy shall be determined pursuant to the purposes of personal data processing provided for by clause 4.3. of the Policy. The Operator does not process personal data which are excessive in respect of the specified purposes of personal data processing or which are inconsistent with such purposes.

5. BASIC PRINCIPLES OF PROCESSING, TRANSFER AND STORAGE OF PERSONAL DATA

5.1. At performing its activity the Operator shall ensure compliance with the principles of personal data processing specified in Clause 5 of Federal Law dated July 27, 2006 No. 152-ФЗ “On Personal Data”.

5.2. The Operator performs action (operation) or set of actions (operations) in respect of personal data with or without the use of tools of automation including without limitation collection, recording, systematization, accumulation, storage, specification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, removal and destruction of personal data.

5.3. The Operator uses the mixed method of personal data processing (with or without the use of tools of automation) and transfers the information by means of internal local network of the Operator and telecommunication information network “Internet”.

5.4. The Operator ensures recording, systematization, accumulation, storage, specification (updating, modification), extraction of personal data of the citizens of the Russian Federation with the use of the databases located in the territory of the Russian Federation unless otherwise provided for by law.

5.5. The conditions of personal data processing are determined by local acts of the Operator regulating the corresponding activities of the Operator.

5.6. The Operator discloses the processed personal data if such disclosure is required by the legislation of the Russian Federation.

5.7. The Operator ceases to process personal data in the following cases:

achievement of purpose of personal data processing;

amendment or abrogation of the regulations setting legal grounds for personal data processing;

reveal of illegal processing of personal data by the Operator;

revocation of consent to process personal data by subject of personal data provided that processing of these personal data requires consent of subject of personal data in accordance with Federal Law dated July 27, 2006 No. 152-ФЗ “On Personal Data”.

5.8. The Operator shall destroy personal data in accordance with Federal Law dated July 27, 2006 No. 152-ФЗ “On Personal Data”.

6. INFORMATION ON IMPLEMENTED REQUIREMENTS FOR PROTECTION OF PERSONAL DATA

6.1. The Operator takes all necessary legal, organizational, technical, physical, cryptographical measures to protect personal data against illegal or accidental access thereto, destruction, modification, blocking, copying, making available, distribution of personal data as well as against any illegal actions in respect of personal data and takes other measures aimed at ensuring of the performance of obligations provided for by Federal law dated July 27, 2006 No. 152 –ФЗ “On Personal Data” and regulations adopted pursuant thereto.

7. RIGHTS OF SUBJECTS OF PERSONAL DATA

7.1. Subject of personal data is entitled to receive information on processing by the Operator of his/her personal data unless otherwise provided for by federal laws.

7.2. Subject of personal data is entitled to request the Operator to rectify, block or destroy his/her personal data if the personal data is incomplete, out-of-date, inaccurate or unlawfully obtained or are not required for the stated purposes of the processing, as well as to take measures provided for by law to protect his/her rights.

7.3. Subject of personal data is entitled to revoke his/her consent to process personal data pursuant to Article 9 of Federal law dated July 27, 2006 No. 152 –ФЗ “On Personal Data” if the Operator processes personal data on the basis of consent of subject of personal data.

7.4. For the purposes of realization of rights and protection of legal interests subject of personal data is entitled to file applications with the Operator. The Operator shall consider the applications filed by subject of personal data, respond to them, thoroughly investigate violations and take all necessary measures to eliminate such violations immediately, to bring perpetrators to justice and to settle disputes and conflicts through prejudicial procedure.

7.5. If subject of personal data believes that the Operator processes his/her personal data in violation of federal laws or otherwise violates his/her rights and freedoms he/she is entitled to file a complaint against actions or failures to act of the Operator by requesting the authorized body for protection of rights of subjects of personal data or through judicial procedure.

7.6. Subject of personal data has the right to protect his/her rights and legal interests including the right to compensate losses and (or) compensate moral injury through judicial procedure.

D-U-N-S® Registered™
Profile Seal