Privacy Policy

POLICY FOR PERSONAL DATA PROCESSING IN LLC "RIC Media"
1. General Provisions.
1.1. This Policy on the processing of personal data (hereinafter the Policy) is prepared in accordance with Article 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" and applies to all personal data that APRIORI LLC (the "Operator" ) can receive from subjects of personal data.
1.2. The policy applies to personal data received both before and after approval of this Policy.

2. Purpose and principles of personal data processing
2.1. Personal data refers to any information that relates directly or indirectly to a specific or identifiable individual.
2.2. The purpose of collecting, processing, storing, and also other actions with personal data of employees, contractors, executors, customers or third parties (hereinafter referred to as personal data subjects) is the fulfillment of obligations by the Operator under a contract with them.
2.3. When processing personal data of the subjects, the following principles are implemented:
- compliance with the legality of receiving, processing, storage, as well as other actions with personal data;
- processing of personal data solely for the purpose of fulfilling obligations under the contract, and also for the purpose of fulfilling the duties of the tax agent and the insured by the Operator;
- collecting only those personal data that are minimally necessary to achieve the stated processing objectives;
- implementation of measures to ensure the safety of personal data during processing and storage;
- Observance of the rights of the subject of personal data to access his personal data.

3. Composition and methods of processing personal data
3.1. The main purpose of processing information containing personal data is the implementation by the Operator of its core business in accordance with the Charter.
3.2. The following list of processed personal data is defined:
3.2.1. The operator processes the following categories of personal data in connection with the implementation of labor relations:
- Full Name;
- education;
- information on work and general experience;
- passport details;
- Information on military registration;
- tax status (resident / non-resident);
- information on the wages of the employee;
- information on social benefits;
- specialty;
- position held;
- residence address;
- phone;
- Other information not mentioned above, contained in personal files and work books of employees;

- information that is the basis for orders on personnel;
- information contained in the insurance certificate of mandatory pension insurance, a certificate of registration with a tax authority of a natural person at the place of residence in the territory of the Russian Federation,
- files containing materials on the improvement of professional skill and retraining of employees, their attestation, official investigations.
3.2.2. For the purposes of implementing the statutory (commercial) activity, the Operator processes the following categories of personal data of customers, contractors, performers, counterparties, foreign citizens and stateless persons:
- Full Name;
- education;
- passport details;
- Taxpayer Identification Number;
- tax status (resident / non-resident);
- Citizenship;
- data of a document confirming the status of a compatriot;
- data of documents on vocational education, professional retraining, advanced training, internships, data on documents confirming special knowledge;
-data of documents on assignment of a scientific degree, academic title, lists of scientific works and inventions;
- Foreign language skills;
- SNILS;
- Information on income;
- place of work;
- specialty;
- position held;
- information on work and general experience;
- residence address;
- phone;
- E-mail address;
- other information indicated by the applicant.

4. Objectives of collecting and processing personal data
4.1. The operator performs processing of personal data for the following purposes:
- implementation of activities provided for by the Operator's Charter, the current legislation of the Russian Federation, in particular, the Federal Law "On Individual (Personalized) Accounting in the Mandatory Pension Insurance System", "On Personal Data";
- rendering services to foreign citizens and stateless persons in admission to training in educational organizations of the Russian Federation;

- conclusion, execution and termination of civil law contracts with individuals, legal entities, individual entrepreneurs and other persons, in cases provided for by the current legislation and the Charter of the Operator;
- Organization of personnel records of the Operator, ensuring compliance with laws and other regulatory legal acts, signing and executing obligations under labor and civil law contracts; maintenance of personnel records management, training and promotion, the use of various types of benefits, the implementation of the requirements of tax legislation in connection with the calculation and payment of personal income tax, pension
legislation in the formation and presentation of personalized data on each recipient of income taken into account when calculating insurance premiums for compulsory pension insurance and security, filling the primary statistical documentation in accordance with the Labor Code of the Russian Federation, the Tax Code of the Russian Federation, federal laws, in particular: "On the individual personified) accounting in the mandatory pension insurance system "," On personal data ", as well as the Charter and local acts of the Operator.
4.2. With the consent of the personal data subject, the Operator may use the personal data of counterparties, foreign citizens and stateless persons for the following purposes:
- for communication with clients and counteragents, if necessary, including for sending notifications, information and inquiries related to the provision of services, as well as processing of applications, requests and applications of customers and counterparties;
- exchange (reception, transfer, processing) of information when assisting foreign citizens and stateless persons in enrolling in educational institutions of the Russian Federation, including:
- The Federal Agency for the Commonwealth of Independent States,
compatriots living abroad, and for international humanitarian cooperation (Rossotrudnichestvo);
- Ministry of Education and Science of the Russian Federation; Educational organizations selected by the Candidate when processing an application for the provision of services by the Operator;
- Administration of the Federal Migration Service of the Russian Federation (for the purposes of
registration of a visa invitation for the applicant to obtain a study visa);
- the insurance company chosen by the Candidate, making out the medical policy
voluntary medical insurance, if the Candidate orders the accompanying service for processing the policy;
- to improve the quality of services provided by the Operator;
- to promote services in the market through direct contacts with customers and counterparties;
- for conducting statistical and other studies on the basis of impersonal personal data.

5. Transfer of personal data
5.1. The operator does not provide or disclose information containing personal data of employees, contractors, performers, counterparties, foreign citizens and stateless persons to third parties without the written consent of the personal data subject, except in cases when it is necessary to prevent the threat to life and health, and also in cases established by federal laws.
5.2. On a motivated request solely for the performance of the assigned
legislation of functions and powers, the personal data of the subject of personal data without his consent can be transferred:
- to the judiciary in connection with the administration of justice;
- to the state security bodies;
- to the prosecutor's office;
- to the police;
- to investigative bodies;
- to the management of the Federal Migration Service of the Russian Federation;
- in other bodies and organizations in cases stipulated by regulatory legal acts that are binding for the Operator.
5.3. Employees of the Operator who handle the processing of personal data do not answer questions related to the transfer of personal data over the phone.

6. Rights and Obligations
6.1. Rights and obligations of the Operator
6.1.1. The Company, as an operator of personal data, has the right:

- to defend their interests in court;
- to provide personal data of subjects to third parties, if it is provided by the current legislation (tax, law enforcement agencies, etc.);
- refuse to provide personal data in cases provided for by the legislation of the Russian Federation;
- use the personal data of the subject without his consent, in cases stipulated by the legislation of the Russian Federation.
6.1.2. The operator of personal data is obliged:
Take measures that are necessary and sufficient to ensure the fulfillment of duties stipulated by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and regulatory legal acts adopted in accordance with it.
6.2. Rights of the subject of personal data
6.2.1. The subject of personal data has the right:
- to demand the specification of their personal data, their blocking or destruction in the case,
if the personal data are incomplete, outdated, unreliable, illegally obtained or are not necessary for the stated purpose of processing, and also take measures provided by law to protect their rights;
- Require a list of their personal data processed by the Operator and the source of their receipt;
- receive information on the processing of their personal data, including the time of their storage;
- require the notification of all persons who have previously been informed of incorrect or incomplete personal data about all exceptions, corrections or additions made in them;
- Appeal to the authorized body for the protection of the rights of subjects of personal data, or in the judicial order, improper acts or omissions while processing his personal data;
- to protect their rights and legitimate interests, including compensation for damages and (or) compensation for moral harm in the courts.

7. Measures to ensure the protection of personal data

7.1. The operator has no right to process the personal data of the personal data subject without his / her written consent, with the exception of the cases specified in cl. 6 of the Federal Law No. 152-FZ "On Personal Data". Written consent can be drawn up as a separate document or be embedded in the structure of another document signed by the subject of personal data.
7.2. The operator takes the necessary organizational and technical measures to protect personal data. The measures taken are based on the requirements of Art. 18.1, article 19 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data", other regulations in the field of personal data, including:
1) persons responsible for organizing processing and ensuring the security of personal data are appointed;
2) control of the implementation of the requirements of this Policy is carried out by the person responsible for organizing the processing and ensuring the safety of the personal data of the Operator;
3) the responsibility of the Operator's officials who have access to personal data for non-compliance with the requirements of the rules governing the processing and protection of personal data is determined in accordance with the legislation of the Russian Federation and the internal documents of the Operator;
4) the persons conducting the processing of personal data are instructed and familiarized with the regulatory legal acts regulating the procedure for the operation and protection of personal data; 5) the rights of access to the processed personal data are delineated;
6) separate storage of personal data (material carriers) is provided, the processing of which is carried out for various purposes;
7) for the purposes of internal control of the conformity of the processing of personal data with established requirements, periodic checks of the conditions for the processing of personal data are carried out;
8) In addition to the above measures, technical measures are implemented to:
- prevention of unauthorized access to systems in which personal data is stored;
- reservation and recovery of personal data, the operability of hardware and software, information security tools in personal data information systems modified or destroyed due to unauthorized access to them;
- other necessary security measures.

8. Revision of the Policy
8.1. This Policy is an internal document of the Operator, publicly available and is subject to posting on the official website of the Operator.
8.2. This Policy is subject to amendment, supplementation in the event of the emergence of new legislation and special regulations for the processing and protection of personal data.
8.3. Control over the implementation of the requirements of this Policy is carried out by the person responsible for organizing the processing of the personal data of the Operator.