8.1 The Operator shall collect, record, systematize, accumulate, store, refine (update, modify), retrieve, use, transfer (space, grant, access), depersonalize, block, delete and destroy personal data.
8.2 The processing of personal data is carried out in the following ways:
- manual processing of personal data;
- automated processing of personal data with or without transfer of information via information and telecommunication networks;
- mixed processing of personal data.
8.3 Personal data shall be processed by the Operator with the consent of the personal data subject to the processing of his personal data, unless otherwise provided by the legislation of the Russian Federation.
8.4 Storage of personal data of subjects of personal data is carried out in the form allowing to define the subject of personal data, not longer than it is demanded by the purposes of their processing if the period of storage of personal data is not established by the federal law, orcontract, the party, beneficiary or the guarantor of which the subject of personal data is.
8.5 The conditions for termination of personal data processing may be:
- achievement of personal data processing purposes;
- expiration of the consent or withdrawal of the consent of the personal data subject to the processing of its personal data;
- termination of the Operator's activities (liquidation or reorganization).
8.6 When processing personal data, the Operator shall take necessary and sufficient legal, organizational and technical measures to protect personal data from illegal or accidental access, destruction, modification, blocking, copying, providing, distributing personal data, as well as from other illegal actions in relation to personal data, including:
- appointment of a person responsible for the organization of personal data processing;
- adoption of local acts and other documents in the field of processing and protection of personal data;
- identification of personal data security threats during their processing in personal data information systems;
- organizational and technical measures to ensure the security of personal data when processing it in personal data information systems;
- familiarization of the Operator's employees who directly process personal data with the provisions of the legislation of the Russian Federation on personal data and local acts on the processing of personal data and, if necessary, organize training for these employees;
- obtaining consent of personal data subjects to the processing of their personal data, except for cases stipulated by the legislation of the Russian Federation;
- internal control over measures taken to ensure the security of personal data;
- other measures provided for by the legislation of the Russian Federation in the field of personal data.
8.7 The Operator's employees responsible for violation of the requirements of the Federal Law "On Personal Data" and the regulations adopted in accordance with it bear material, disciplinary, administrative, civil law or criminal liability in the manner established by the legislator of the Russian Federation.