1 General Provisions

1 Policy of JSC Belshina, legal address: sh. Minskoe, 4, 213824, Bobruisk, UNP 700016217, official websites www.belshina.by, www.san-shinnik.by, belshina.bel, kzri.belshina.by, shinnik.by, regarding the processing of personal data (hereinafter - the Policy) is a fundamental document that defines the conceptual basis for the activities of JSC «Belshina» (hereinafter - the Company) in the processing and protection of personal data.

1.2 This Policy is developed in accordance with the Law of the Republic of Belarus No. 99-3 «On Personal Data Protection» dated May 7, 2021 (hereinafter - the Law).

1.3 This Policy uses terms and their definitions in the meaning defined in the Law.

1.4 The purpose of this Policy is to protect the interests of personal data subjects and the Company, as well as to comply with the requirements of the Personal Data Legislation of the Republic of Belarus.

1.5 This Policy shall apply to all business processes of the Company related to the processing of personal data.

1.6 The requirements of this Policy apply to any personal data, regardless of the type of media on which they are recorded.

1.7 The Policy is binding for all employees and all structural subdivisions of the Company. The requirements of the Policy shall also apply to other persons if their participation in the Company's processing of personal data is necessary, as well as in cases where personal data is duly transferred to them on the basis of agreements and contracts.

1.8 The Policy is publicly available and is posted both on the Company's official website in the global computer network Internet and at the Company's location on the first floor of the AIC building at 4, Minskoye sh.

1.9 This Policy is applicable only to the official website of the Company. The Company does not control and is not responsible for other websites and mobile applications that contain information about the Company

1.10 The Policy is intended for familiarization by the subject of personal data, which may be an employee of the Company, a consumer of services rendered by the Company, other person providing the Company with his/her personal data both in writing on paper and electronically by any available means, including, but not limited to: by marking in the field on the Company's official websites «I agree», with a reference to the Policy.

1.11 The provisions of the Policy serve as a basis for the development of local legal acts regulating the issues of processing personal data of the Company's employees and other subjects of personal data.

1.12 In the event that after the issuance of this Policy a legislative act is adopted which establishes rules other than those which were in effect when this Policy was issued, the provisions and requirements stipulated by the regulatory legal acts of the Republic of Belarus shall apply.

 

2 Purposes of personal data processing

2.1 The Company processes personal data for the following purposes:

2.2 Only those personal data that meet the purposes of their processing shall be processed.

 

3 Categories of personal data subjects whose personal data are processed by the Company


3.1 The Company shall process personal data belonging to the following subjects of personal data received in accordance with the established procedure:

 

4 List of personal data

4.1 The list of personal data, including special personal data, processed by the Company shall be determined in accordance with the legislation and local legal acts of the Company taking into account the purposes of personal data processing specified in Chapter 2 of this Policy.

4.2 In accordance with the stated purposes, the Company processes the following personal data of personal data subjects:

 

5 Procedure and conditions of personal data processing

5.1 The Company shall process personal data, including collection, systematization, storage, modification, use, depersonalization, blocking, distribution, provision, deletion of personal data, in accordance with the procedure and on the terms and conditions defined by the Law and local legal acts of the Company.

5.2 Personal data shall be processed by the Company's employees on paper and (or) automatically by means of the Company's information systems.

5.3 In the course of its activities, the Company may carry out trans-border transfer of personal data in accordance with the Law, taking into account the purposes of personal data processing specified in Chapter 2 of this Policy.

5.4 In cases stipulated by the law, in particular those stipulated by Articles 6 and 8 of the Law, the Company shall process personal data without special consent of the personal data subject. In other situations, the Company shall offer the personal data subject to execute a consent to the processing of personal data. The subject of personal data may revoke his/her consent to the processing at any time.

5.5 The condition for termination of personal data processing may be the achievement of the purposes of personal data processing, expiration of the personal data subject's consent to the processing of his/her personal data or withdrawal of the personal data subject's consent to the processing of his/her personal data, except for cases defined by law.

5.6 When the purposes of personal data processing are achieved, as well as in case of withdrawal of consent to processing by the subject of personal data, personal data shall be deleted or blocked, except for cases provided for by the Law or other legislative acts.

5.7 The Company shall provide the subject of personal data with information regarding the processing of his/her personal data at his/her request, in the form, scope and terms established by law.

5.8 The Company shall not disclose or distribute personal data to third parties without the consent of the subject of personal data, unless otherwise provided for by law.

5.9 The Company's employees whose job description includes personal data processing shall be allowed to process personal data.

5.10 Transfer of personal data to the bodies of inquiry and investigation, tax authorities, Federal Social Security Fund, Belgosstrakh and other executive authorities and organizations shall be carried out in accordance with the requirements of the legislation.

5.11 The Company shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions.

6 Rights and obligations of personal data subjects and the Company

6.1 The subject of personal data has the right to:

6.2 The subject of personal data shall:

6.3 The Company shall have the right to:

6.4 The Company shall:


7 Measures taken to ensure fulfillment of the operator's obligations

7.1 . Measures necessary and sufficient to ensure that the Company fulfills the obligations of the operator as stipulated by the legislation in the field of personal data include:

7.2 Measures to ensure the security of personal data during their processing in information systems shall be established in accordance with the Company's local legal acts regulating the security of personal data during their processing in the Company's information systems.

 

8 Responsibility for violations

8.1 Persons guilty of violating the Law shall be held liable in accordance with the legislative acts.

8.2 Employees and other persons guilty of violating this Policy, as well as the legislation in the field of personal data, may be brought to disciplinary and material responsibility, as well as may be brought to civil, administrative and criminal liability in accordance with the procedure established by the legislation of the Republic of Belarus.