This Policy of JSC AK Transneft regarding the processing of personal data has been developed in pursuance of the requirements of Federal Law No. 152-FZ of 26.07.2006 “On Personal Data”.
The purpose of this Policy is to ensure the constitutional rights of employees of JSC AK Transneft and organisations of the Transneft system (hereinafter referred to as the Companies), and other individuals whose personal data processing is necessary for JSC AK Transneft and organisations of the Transneft system to carry out its activities.
To achieve this goal, the Companies are guided by the norms of international law, the Council of Europe Convention of January 28, 1981 on the protection of individuals with regard to automated processing of personal data, the Constitution of the Russian Federation and federal legislation.
Companies organise and carry out activities to ensure the security of processed personal data.
The processing of personal data in the Companies is carried out in accordance with the following basic principles:
- the legality of the purposes and methods of processing personal data and the good faith of the Companies;
- limiting the processing of personal data to the achievement of specific, predetermined and legitimate purposes;
- compliance of the content and scope of the processed personal data with the purposes of processing;
- accuracy, sufficiency and relevance of personal data in relation to the purposes of processing;
- compliance of the terms of storage of personal data with the purposes of processing;
- prevention of leakage of personal data;
- prevention of unauthorized access to personal data, their destruction, distortion, disruption, blocking and unauthorized copying in personal data information systems.
To ensure the security of personal data, the Companies develop and implement:
- local regulations in the field of personal data protection;
- model of personal data security threats;
- the procedure for accessing personal data processed in personal data information systems;
- the procedure for accounting, processing, storage, use and transfer of personal data;
- the procedure for user access to the premises where the technical means of information systems are located, in which personal data is processed, as well as information media are stored;
- a set of organisational and technical measures for the protection of personal data processed in personal data information systems;
- other measures aimed to ensure compliance with the requirements as provided by regulatory legal acts regulating public relations in the field of personal data protection.
For each category of personal data processed without the use of automation tools:
- the places of storage of material carriers of personal data are determined;
- when storing material media, conditions are observed that ensure the safety of personal data and exclude unauthorized access to them.
A list of persons processing personal data or having access to them is established, with the distribution of responsibility for ensuring the security of personal data.
Employees of the Companies directly involved in the processing of personal data are familiarized with the provisions of the legislation of the Russian Federation and local regulations of the Companies on the processing of personal data, training of these employees.
Internal control and audit of compliance of personal data processing with the legislation of the Russian Federation, this Policy and local acts of the Companies are carried out.
The requirements of this Policy are mandatory for all structural divisions and all employees of the Companies admitted to the processing of personal data.
Approved by Order No. 43 dated April 9, 2012 of JSC AK Transneft.