Protection of personal data

Personal Data Protection Policy of Joint Stock Company «Mogilev metallurgical works»

Achieving these goals involves solving the following tasks:

• prevention of unauthorized, accidental and other unauthorized access of third parties to personal data;
• prevention of intentional software, technical and other influences for the purpose of theft, copying, blocking, dissemination of personal data, their damage, destruction or destruction during processing;
• prevention of possible damage caused by unlawful intentional or careless actions of legal entities and (or) individuals through the gratuitous appropriation of information or its disclosure, violation of established norms governing the processing and protection of personal data.

When implementing personal data protection tasks, the following principles must be observed:

• Justice. The processing of personal data must ensure a fair balance of interests of all interested parties;
• Legality. Data processing is carried out with the consent of their subject, with the exception of cases provided for by law;
• Goal restrictions. Data processing should be limited to achieving specific, pre-stated legitimate goals;
• Data minimization. The processed data should not be redundant in relation to the stated purposes of processing;
• Transparency. The subject of personal data is provided with relevant information concerning the processing of his personal data in accordance with the procedure and under the conditions established by the Law on the Protection of Personal Data;
• Accuracy. The company is obliged to ensure the accuracy of the personal data processed by it, to update them if necessary;
• Storage restrictions. Personal data must be stored in a form that allows identifying the subject of personal data. They can be stored no longer than the stated processing purposes require.
• Continuity and continuity of improvement. Modernization and expansion of measures and means of personal data protection is carried out on the basis of constant monitoring of their processing processes, identification and analysis of threats, development of measures to prevent them, introduction of new ways to protect them.

The top management of the company assumes responsibility for the effectiveness of the personal data protection system, obligations to implement the stated Policy, including ensuring compliance of the company's activities with the established requirements, communicating and explaining the Policy provisions to the staff, applying risk-based thinking, at least when creating and updating the personal data protection system, its processes, allocating the necessary to do this, resources, analysis of the permanent suitability of the Policy and improvement of the current system of personal data protection.