“SEC NRS Policy regarding the personal data protection and processing” is approved
The Policy of “Scientific and Engineering Centre for Nuclear and Radiation Safety” (hereinafter to be referred to as SEC NRS) in respect to the personal protection and processing of personal data (hereinafter to be referred to as -the Policy) was developed for realization of requirements from the Federal law No. 152-FZ “On Personal Data” (dated from July 27, 2006; hereinafter to be referred to as the Federal law “On Personal Data”). The Policy is designed to ensure the protection of human and civil rights and freedoms in the course of the personal data processing, including the protection of the rights to inviolability of private life, personal and family confidentiality.
In the course of the personal data processing, SEC NRS remains deeply attached to the purposes and principles that are established by the Federal law “On Personal Data”.
The personal data subject to processing in SEC NRS are referred to the information of the confidential nature.
SEC NRS, through the implementation of range of legal, organizational and technical measures to provide security of the personal data, rigorously adheres to common requirements provided by legislation in the sphere of the personal data, namely:
- requirements to ensure confidentiality of the personal data;
- requirements to ensure the realization of the personal data subject of his rights;
- requirements to keep the personal data accurate and, if necessary, up-to-date in respect to the purposes of the personal data processing with providing the measures are in place to ensure removal or clarification of inaccurate or incomplete personal data;
- requirements to ensure protection of the personal data against the unauthorized or accidental disclosure/access, destruction, modification, blocking, copying, dissemination, as well other illicit actions in respect to the personal data.
SEC NRS, in concern to ensure the confidentiality and protection of the personal data, has identified principal threats posed to the personal data security in the course of their processing in the informational systems; the measures necessary to ensure the personal data protection are applied and they include the establishment of the rules on the personal data access and keeping, operation of the certified devices on information protection, accounting of machine-readable media for the personal data, revealing of the facts of the unauthorized access to the personal data and implementation of measures to prevent such access; restoration of the personal data that were modified or destroyed as a result of the unauthorized access, restriction of access to the personal data, registration and accounting of actions with the personal data.
SEC NRS has appointed the person responsible for organization of the personal data processing; it has developed and produced local documentation to regulate the personal data processing and protection.
SEC NRS respects the rights of the personal data subjects, which are established by the Federal law “On Personal Data”, namely:
- the right of the personal data subject to open and totally free of charge access to its’ personal data and reception of information related to the processing of its' personal data;
- the right of the personal data subject to require the adjustment of its’ personal data, their blocking or destruction in case of the incomplete, outdated, invalid or illegally obtained personal data or in case the personal data are not necessary for the declared purpose of processing;
- the right to withdraw the consent on the personal data processing;
- the right to complain the actions or the lack of actions from SEC NRS through appealing to the authorized body on protection the personal data subject’s rights;
- to the Federal Service on Supervision in the Sphere of Communication, Information Technologies and Mass Communications (‘Roskomnadzor’);
- or in juridical procedure.
SEC NRS carries out internal monitoring over the process of personal data processing compliance with the Federal law “On Personal Data” and the regulatory legal acts adopted under this Federal law; SEC NRS performs assessments of the efficiency of the measures applied to ensure protection of the personal data.
SEC NRS employees, which have right to access to the personal data, assume the obligation to respect standards regulating the processing and protection of the personal data, established by the legislation of the Russian Federation.
Updating and revision of the present Policy is carried out following the certain changes in the legislation of the Russian Federation in the sphere of the personal data and due to the analysis results regarding the adequacy, sufficiency, effectiveness of measures maintained to provide protection of the personal data under the processing in SEC NRS.The Policy is approved by Order of SEC NRS No. 116, dated from October 20, 2016.