Privacy policy

1. General provisions

1.1 This Public Policy of Personal Data Processing of Kosmos JSC

OG" (hereinafter referred to as the Policy) has been developed in accordance with the requirements of

Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" and

defines the principles of processing and ensuring the security of personal data

data in Kosmos OG JSC (hereinafter referred to as the Company).

1.2 This Policy applies to all processing processes

personal data of the Company, as with the use of automation tools,

and without the use of such funds, for all structural divisions and

employees of the Company involved in such processes, as well as on

information systems of the Company used in processing processes

personal data.

2. Principles and rules of personal data processing

2.1 The processing of personal data is carried out by the Company on a legal and

on a fair basis and is limited to achieving specific goals in advance

for specific and legitimate purposes. Only personal data is subject to processing

data that meets the purposes of their processing. Content and scope

the personal data processed by the Company correspond to the stated

for processing purposes, redundancy of the processed data is not allowed.

2.2 When processing personal data, the Company ensures the accuracy of

personal data, their sufficiency and, if necessary, relevance

in relation to the purposes of personal data processing. By the Society

necessary measures are being taken to remove or clarify incomplete or

inaccurate personal data.

2.3 The Company stores personal data in the form of,

allowing to identify the subject of personal data, no longer than this

The purposes of personal data processing are required if the storage period of personal data is

the data is not established by a federal law, an agreement to which the party,

the beneficiary or guarantor of which is the entity

personal data. The personal data being processed is subject to

destruction or depersonalization upon achievement of the processing objectives, unless otherwise specified

provided for by federal law.

2.4 The processing of personal data in the Company is carried out as follows

in an automated way in the information systems of personal

without the use of data, and without the use of automation tools.

2.5 The Company does not carry out cross-border transfer of personal data and

does not make decisions regarding the personal data subject based on

exclusively on automated processing.

2.6 The Company, with the written consent of the employee, publishes in publicly accessible

sources of his contact information (full name, position, work phone number,

e-mail, etc.) in order to carry out communications in the course of their

activities.

3. Categories of personal data processed by the Company

3.1 The Company does not process special categories

personal data related to race, nationality,

political views, religious or philosophical beliefs, and intimate

the lives of personal data subjects.

3.2 The Company is allowed to process information about the state of health

employees in order to comply with labor legislation, legislation on

State social assistance and pension legislation

Of the Russian Federation.

3.3 List of categories of personal data subjects whose data

are processed by the Company, the composition of such data, purposes and legal grounds

the purposes for processing are defined in the "Regulation on the Processing and Protection of Personal Data

data of employees of Kosmos OG JSC

4. Assignment of personal data processing

4.1 The Company has the right to entrust the processing of personal data to other persons with

consent of the personal data subject in accordance with Article 6

The Federal Law "On Personal Data".

5. Implemented measures to ensure the security of personal data

5.1 The Company has implemented the following measures to ensure

personal data security:

a) a person responsible for ensuring the security of personal data has been appointed

data;

b) a system for the protection of personal data of information systems has been created

personal data;

c) a security regime has been established for the premises in which the

processing of personal data that prevents the possibility of

uncontrolled entry or stay in these premises of persons who do not

having access rights to these premises;

d) the procedure for granting access to personal data processing has been defined

and providing access to personal data information systems;

e) accounting of machine-based personal data carriers is organized;

f) the safety of material (paper) personal data carriers has been ensured

data;

g) an assessment of the harm that may be caused to the subject has been carried out

personal data in case of violation of the requirements of the Federal Law "On

personal data";

h) the facts of unauthorized access to

personal data and taking action on such facts;

i) restoration of personal data modified is provided

or destroyed due to unauthorized access to them;

k) periodic checks of compliance with the processing procedure are carried out; and

ensuring the security of personal data in the Company.