• Privacy policy

    APPROVED by the Order of the Director of JSC "AGAT – management systems" - the management company of the holding "Geoinformation management systems" 03.03.2022 No. 79

    Policy of JSC "AGAT-management Systems" – the management company of the holding "Geoinformation Management Systems" in relation to the processing of personal data

    1. GENERAL PROVISIONS


    1.1. The policy of open JSC "AGAT-management Systems" – the management company of the holding "Geoinformation Management Systems" (hereinafter referred to as the Organization) regarding the processing of personal data (hereinafter referred to as the Policy) defines the basic principles, objectives, conditions and methods of processing personal data, lists of subjects and personal data processed in the Organization (hereinafter referred to as the Operator), the functions of the Operator in the processing of personal data, the rights of personal data subjects, as well as the requirements for the protection of personal data implemented in the Organization.
    1.2.The Organization, being the operator of personal data (hereinafter referred to as the Operator), processes the personal data of employees of the Organization and other personal data subjects who are not in an employment relationship with the Organization.
    1.3. This Policy has been developed in compliance with the requirements of paragraph 1 of paragraph 3 of Article 17 of the Law of the Republic of Belarus dated May 7, 2021 No. 99-Z "On Personal Data Protection" (hereinafter referred to as the Personal Data Law) in order to ensure the protection of human and civil rights and freedoms when processing his personal data.
    1.4. The Policy is a fundamental local legal act that defines the Organization's policy regarding the processing and security of personal data, measures aimed at protecting personal data, as well as procedures aimed at identifying and preventing violations of the legislation of the Republic of Belarus in the field of personal data.
    1.5. The Policy applies to all personal data processed by the Operator and is mandatory for all employees of the Operator who process personal data in accordance with their official duties.
    1.6. The Policy applies to the relations in the field of personal data processing that arose with the Operator both before and after the approval of the Policy.
    1.7. Ensuring the confidentiality and security of personal data processing is one of the priorities of the Organization.
    1.8. For these purposes, a set of organizational and administrative documentation has been put into effect in the Organization, which is mandatory for all employees of the Organization who are allowed to process personal data.
    1.9. Processing, storage and ensuring the confidentiality and security of personal data is carried out in accordance with the current legislation of the Republic of Belarus in the field of personal data protection, and in accordance with the local legal acts of the Organization.
    1.10. Since it is necessary to provide unrestricted access to the Policy, it does not publish detailed information about the measures taken to protect personal data in the Organization, as well as other information, the use of which by an unlimited number of persons may harm the Operator or the subjects of personal data.
    1.11. In compliance with the requirements of paragraph 4 of Article 17 of the Law on Personal Data, this Policy is published in free access on the Internet information and telecommunications network on the Organization's website.
    1.12. The provisions of the Policy serve as the basis for the development of local legal acts regulating the processing of personal data of employees of the Organization and other subjects of personal data in the Organization.
    1.13. The main terms used in the Policy and their definitions:

    • automated processing of personal data – processing of personal data using computer technology;
    • biometric personal data is information that characterizes the physiological and biological characteristics of a person, which is used for his unique identification (fingerprints, palms, iris, facial characteristics and its image, etc.);
    • blocking of personal data – termination of access to personal data without their deletion;
    • genetic personal data is information related to inherited or acquired genetic characteristics of a person, which contains unique data about his physiology or health and can be identified, in particular, by examining his biological sample;
    • information – information (messages, data) about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation;
    • personal data information system – a set of personal data contained in databases and information technologies and technical means that ensure their processing;
    • depersonalization of personal data – actions as a result of which it becomes impossible to determine the identity of personal data to a specific personal data subject without the use of additional information;
    • personal data processing is any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use.
    The processing of personal data includes, inter alia:
    • collecting;
    • record;
    • systematization;
    • accumulation;
    • keeping;
    • clarification (update, change);
    • extraction;
    • usage;
    • transfer (distribution, provision, access);
    • depersonalization;
    • blocking;
    • removal;
    • destruction;
    • publicly available personal data – personal data distributed by the personal data subject himself or with his consent or distributed in accordance with the requirements of legislative acts;
    • the operator of personal data is a state body, a legal entity of the Republic of Belarus, another organization, an individual, including an individual entrepreneur, independently or jointly with other specified persons organizing and (or) processing personal data;
    • personal data – any information relating to an identified individual or an individual who can be identified;
    • provision of personal data – actions aimed at familiarizing with the personal data of a certain person or circle of persons;
    • dissemination of personal data – actions aimed at disclosure of personal data to an indefinite circle of persons;
    • special personal data – personal data relating to race or nationality, political views, membership in trade unions, religious or other beliefs, health or sexual life, bringing to administrative or criminal responsibility, as well as biometric and genetic personal data;
    • the subject of personal data is an individual in respect of whom personal data is processed;
    • cross–border transfer of personal data - transfer of personal data to the territory of a foreign state;
    • deletion of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
    • a natural person who can be identified is a natural person who can be directly or indirectly identified, in particular, through a surname, proper name, patronymic, date of birth, identification number or through one or more features characteristic of his physical, psychological, mental, economic, cultural or social identity.

    2. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA


    2.1 The legal basis for the processing of personal data is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:

    • Constitution of the Republic of Belarus;
    • Civil Code of the Republic of Belarus;
    • Labor Code of the Republic of Belarus;
    • Tax Code of the Republic of Belarus;
    • Personal Data Law;
    • Law of the Republic of Belarus No. 418-Z of 21.07.2008 "On the Population Register";
    • Law of the Republic of Belarus No. 455-Z of 10.11.2008 "On Information, informatization and information protection";
    • other regulatory legal acts regulating relations related to the Operator's activities.
    2.2. The legal basis for the processing of personal data is also:

    • the charter of the Organization;
    • registration of labor (official) relations, as well as in the process of labor (official) activity of the subject of personal data;
    • contracts concluded between the Operator and personal data subjects;
    • consent of personal data subjects to the processing of their personal data;
    • cases when legislative acts explicitly provide for the processing of personal data without the consent of the personal data subject.

    3. PRINCIPLES AND PURPOSES OF PERSONAL DATA PROCESSING


    3.1. The processing of personal data by the Operator is carried out taking into account the need to ensure the protection of the rights and freedoms of employees of the Organization and other subjects of personal data, including the protection of the right to privacy, personal and family secrets, based on the following principles: 

    • оthe processing of personal data is carried out on a legal and fair basis; 

    • the processing of personal data is carried out in proportion to the stated purposes of their processing and ensures at all stages of such processing a fair balance of interests of all interested parties; 

    • the processing of personal data is carried out with the consent of the subject of personal data, except in cases provided for by legislative acts; 

    • оthe processing of personal data is limited to the achievement of specific, pre-stated legitimate goals. Processing of personal data that is incompatible with the originally stated purposes of their processing is not allowed; 

    • the content and volume of the processed personal data correspond to the stated purposes of their processing. The processed personal data is not redundant in relation to the stated purposes of their processing; 

    • the processing of personal data is transparent. The subject of personal data may be provided with relevant information regarding the processing of his personal data; 

    • The Operator takes measures to ensure the accuracy of the personal data processed by it, updates them if necessary; 

    • the storage of personal data is carried out in a form that allows identifying the subject of personal data, no longer than the stated purposes of personal data processing require.

    3.2. The processing of personal data by the Operator is carried out for the following purposes: 

    • recruitment and selection of candidates for work in the Organization, verification of candidates (including their qualifications and work experience); 

    • conducting personnel records management; 

    • regulation of labor relations with employees of the Organization (assistance in employment, training and promotion, ensuring personal safety, monitoring the quantity and quality of work performed, ensuring the safety of property); 

    • processing of requests and requests from personal data subjects; organization and support of business trips (business trips); 

    • issuance of powers of attorney and other authorizing documents; 

    • provision of benefits and compensations to relatives of employees; 

    • organization of registration for individual (personalized) registration of employees in the mandatory pension insurance system; 

    • filling in and submitting to the executive authorities and other authorized organizations the required reporting forms; 

    • implementation of civil law relations; 

    • accounting; military accounting; 

    • implementation of access and intra-facility modes at the Organization's facilities; 

    • formation of reference materials for internal information support of the Organization's activities; 

    • execution of judicial acts, acts of other bodies or officials subject to execution in accordance with the legislation of the Republic of Belarus on enforcement proceedings;

    • negotiation, preparation, conclusion, execution and termination of contracts with counterparties (verification of the counterparty); 

    • for other purposes that do not contradict the legislation of the Republic of Belarus.

    3.3. The processing of personal data of employees may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.

    4. CATEGORIES OF PERSONAL DATA SUBJECTS, LISTS OF PROCESSED PERSONAL DATA


    4.1. The Operator processes personal data of the following categories of subjects:
    • candidates for employment in the Organization;
    • employees and former employees of the Organization;
    • family members of employees of the Organization; clients and contractors of the Operator;
    • other subjects of personal data (to ensure the implementation of the processing purposes specified in section. 3 Policies).
    4.2. The content and volume of the processed personal data must correspond to the stated processing purposes provided for in section. 3 Policies. The processed personal data should not be redundant in relation to the stated purposes of their processing.
    4.3. The Operator may process the listed personal data of the following categories of personal data subjects.
    4.3.1. Candidates for employment in the Organization:
    • last name, first name, patronymic;
    • gender;
    • citizenship;
    • date and place of birth;
    • contact details;
    • information about education, work experience, qualifications;
    • other personal data provided by candidates in the resume
    • and cover letters.
    4.3.2. Employees and former employees of the Organization:
    • last name, first name, patronymic;
    • gender
    • citizenship;
    • date and place of birth;
    • image (photo);
    • passport data;
    • address of registration at the place of residence;
    • address of actual residence;
    • contact details;
    • individual taxpayer number;
    • information about education, qualifications, professional training and advanced training;
    • marital status, presence of children, family ties;
    • information about employment, including the availability of incentives, awards and (or) disciplinary penalties;
    • marriage registration data;
    • information about military registration;
    • disability information;
    • information about the retention of alimony;
    • information about income from a previous job;
    • other personal data provided by employees in accordance with the requirements of labor legislation.
    4.3.3. Family members of employees of the Organization:
    • last name, first name, patronymic;
    • degree of kinship;
    • year of birth;
    • other personal data provided by employees in accordance with the requirements of labor legislation.
    4.3.4. Clients and counterparties of the Operator (individuals):
    • last name, first name, patronymic;
    • date and place of birth;
    • passport data;
    • >address of registration at the place of residence;
    • contact details;
    • individual taxpayer number;
    • current account number;
    • other personal data provided by clients and contractors (individuals) necessary for the conclusion and execution of contracts.
    4.3.5. Representatives (employees) of the Operator's clients and counterparties (legal entities):
    • last name, first name, patronymic;
    • passport data;
    • contact details;
    • current position;
    • other personal data provided by representatives (employees) of clients and counterparties necessary for the conclusion and execution of contracts.
    4.4.The processing by the Operator of biometric personal data (for example, photos) is carried out in accordance with the legislation of the Republic of Belarus.
    4.5. The Operator does not process special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except in cases provided for by the legislation of the Republic of Belarus.

    5. PROCEDURE AND CONDITIONS OF PERSONAL DATA PROCESSING


    5.1.The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Republic of Belarus.
    5.2. The processing of personal data is carried out with the consent of the personal data subjects to the processing of their personal data.
    5.3. Procedure for obtaining the consent of the personal data subject
    5.3.1. The operator provides the subject of personal data in written or electronic form, corresponding to the form of expression of his consent, information about his rights related to the processing of personal data, mechanisms for the exercise of such rights, as well as the consequences of giving consent to the subject of personal data or refusal to give such consent.
    5.3.2. This Policy is intended and mandatory for review by persons who consent to the transfer of personal data to the Operator.
    5.3.3. The subject of personal data expresses his consent to the processing of his personal data on the terms set out in this Policy and confirms that he is familiar with this Policy and agrees with its terms.
    5.3.4. The main forms of obtaining consent are:
    • job candidate's application form, in other documents by handwritten signature;
    • electronically putting a mark in the field of the site / Operator "I agree", with reference to this Policy.
    5.3.5. Consent is granted from the moment the subject of personal data joins the agreement (contract) and for the entire period of its validity, as well as until the expiration of the terms stipulated by the regulatory legal acts of the Republic of Belarus.
    5.4. Consent to the processing of personal data authorized by the subject of personal data for distribution is issued separately from other consents of the subject of personal data to the processing of his personal data.
    5.5. The Operator does not disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by the legislation of the Republic of Belarus.
    5.6. The Operator has the right to entrust the processing of personal data on behalf of the Organization or in its interests to an authorized person on the basis of an agreement concluded with this person.
    The contract must contain:
    • purposes of personal data processing;
    • a list of actions that will be performed with personal data by an authorized person;
    • obligations to respect the confidentiality of personal data;
    • measures to ensure the protection of personal data in accordance with article 17 of the Law on the Protection of Personal Data.
    5.7. The authorized person is not obliged to obtain the consent of the personal data subject. If it is necessary to obtain the consent of the personal data subject in order to process personal data on behalf of the Organization, the Operator has received such consent.
    5.8. Processing of personal data by the Operator is carried out in the following ways:
    • using automation tools;
    • without the use of automation tools, if at the same time the search for personal data and (or) access to them is provided according to certain criteria (card files, lists, databases, journals, etc.).
    5.9. Employees of the Organization whose job responsibilities include processing personal data are allowed to process personal data.
    5.10. Processing of personal data is carried out by:
    • receiving personal data in oral and written form directly from the subjects of personal data;
    • obtaining personal data from publicly available sources;
    • entering personal data into the logs, registers and information systems of the Operator;
    • the use of other methods of processing personal data.
    5.11. Disclosure to third parties and dissemination of personal data without the consent of the subject of personal data is not allowed, unless otherwise provided by law.
    5.12. The transfer of personal data to the bodies of inquiry and investigation, to the tax authorities, the Social Protection Fund and other executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Republic of Belarus.
    5.13. The Operator stores personal data no longer than the purposes of personal data processing require, unless the period of personal data storage is established by the legislation of the Republic of Belarus, the contract.
    5.14. Basic rights and obligations of the Operator.
    5.14.1. The Operator has the right to:
    • independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by law;
    • entrust the processing of personal data to another person, unless otherwise provided by law, on the basis of a contract concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing provided for by the Law on Personal Data;
    • if the personal data subject withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Personal Data Law.
    5.14.2. The Operator is obliged to:
    • organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
    • respond to requests and requests of personal data subjects in accordance with the requirements of the Law on Personal Data;
    • report to the authorized body for the protection of the rights of personal data subjects;
    • comply with the requirements of the authorized body for the protection of the rights of personal data subjects to eliminate violations of the legislation on personal data.
    5.15. For the purposes of internal information support, the Organization may create internal reference materials, which, with the written consent of the subject of personal data, unless otherwise provided by the legislation of the Republic of Belarus, may include his surname, first name, patronymic, place of work, position, year and place of birth, address, subscriber number, e-mail address, other personal data reported by the subject of personal data.
    5.16. Access to personal data processed in the Organization is allowed only to employees of the Operator who hold positions included in the list of positions of structural divisions of the Organization, its branches and representative offices, when replacing which personal data is processed.

    6. RIGHTS OF PERSONAL DATA SUBJECTS


    6.1. The subject of personal data has the right to:
    • receive information concerning the processing of his personal data, except in cases provided for by law. The information is provided to the personal data subject by the Operator in an accessible form, and it should not contain personal data related to other personal data subjects, except in cases where there are legitimate grounds for disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
    • require the Operator to clarify his personal data if the personal data is incomplete, outdated, inaccurate;
    • withdraw your consent to the processing of personal data at any time without giving reasons;
    • require the Operator to block or delete his personal data illegally obtained or not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights;
    • appeal the actions (inaction) and decisions of the Operator that violate his rights when processing personal data to the authorized body for the protection of the rights of personal data subjects in accordance with the procedure established by the legislation on appeals of citizens and legal entities.

    7. MEASURES TAKEN BY THE ORGANIZATION TO ENSURE THE FULFILLMENT OF THE OPERATOR'S DUTIES WHEN PROCESSING PERSONAL DATA


    7.1. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution and other unauthorized actions, including:
    • identifies threats to the security of personal data during their processing;
    • adopts local legal acts and other documents regulating relations in the field of personal data processing and protection;
    • appoints a structural unit or a person responsible for the implementation of internal control over the processing of personal data;
    • appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
    • creates the necessary conditions for working with personal data;
    • organizes accounting of documents containing personal data;
    • organizes work with information systems in which personal data is processed;
    • stores personal data in conditions that ensure their safety and exclude unauthorized access to them;
    • informs the personal data subjects or their representatives in accordance with the established procedure about the availability of personal data related to the relevant subjects, provides an opportunity to get acquainted with these personal data when contacting and (or) receiving requests from these personal data subjects or their representatives, unless otherwise established by the legislation of the Republic of Belarus;
    • stops processing and destroys personal data in cases stipulated by the legislation of the Republic of Belarus in the field of personal data;
    • familiarizes employees of the Organization directly engaged in the processing of personal data with the provisions of the legislation of the Republic of Belarus and local legal acts of the Organization in the field of personal data, including the requirements for the protection of personal data;
    • organizes training on the protection of personal data of the Operator's employees who process personal data and persons responsible for internal control over the processing of personal data;
    • performs other actions provided for by the legislation of the Republic of Belarus in the field of personal data.
    7.2. The measures necessary and sufficient to ensure that the Organization fulfills the obligations of the Operator provided for by the legislation of the Republic of Belarus in the field of personal data include:
    • providing personal data subjects with the necessary information before obtaining their consent to the processing of personal data;
    • clarification of personal data subjects of their rights related to the processing of personal data;
    • obtaining written consent of personal data subjects to the processing of their personal data, except in cases provided for by the legislation of the Republic of Belarus;
    • appointment of a structural unit or person responsible for internal control over the processing of personal data in the Organization;
    • publication of the Operator's policy regarding the processing of personal data;
    • familiarization of employees directly engaged in the processing of personal data in the Organization with the provisions of the legislation on personal data;
    • establishing the procedure for accessing personal data, including those processed in an information resource (system);
    • implementation of technical and cryptographic protection of personal data in the Organization in accordance with the procedure established by the Operational and Analytical Center under the President of the Republic of Belarus, in accordance with the classification of information resources (systems) containing personal data;
    • providing unrestricted access, including through the use of the global computer network Internet, to documents defining the Operator's policy regarding the processing of personal data, prior to the start of such processing;
    • termination of processing of personal data in the absence of grounds for their processing;
    • immediate notification of the authorized body for the protection of the rights of personal data subjects about violations of personal data protection systems;
    • modification, blocking, deletion of false or illegally obtained personal data;
    • limiting the processing of personal data to the achievement of specific, pre-stated legitimate goals;
    • the storage of personal data in a form that allows the identification of personal data subjects for no longer than the stated purposes of personal data processing require;
    • establishment and up-to-date maintenance:
        • a list of information resources (systems) containing personal data of which they are the owners (owners);
        • categories of personal data to be included in such resources (systems): publicly available personal data, special personal data (except biometric and genetic personal data), biometric and genetic personal data, personal data that is not publicly available or special;
        • the list of authorized persons, if the processing of personal data is carried out by authorized persons;
        • terms of storage of processed personal data;
        • entering information about information resources (systems) containing personal data into the state information resource "Register of Personal Data Operators" created by the National Center for Personal Data Protection, as well as ensuring the updating of relevant information (from 01.01.2024).
    7.3. Ensuring the security of personal data during cross-border processing of personal data is carried out in accordance with the requirements of the Law on Personal Data, recommendations of international legal acts on the security of personal data, international standards on information security and legislation of the countries in which personal data is processed.
    7.4. Measures to ensure the security of personal data during their processing in personal data information systems are established in accordance with the local legal acts of the Organization regulating the issues of ensuring the security of personal data during their processing in the personal data information systems of the Organization.

    8. UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA


    8.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in paragraphs 1 and 4 of Article 11 of the Law on Personal Data, are provided by the Operator to the personal data subject upon receipt of the personal data subject's application. The information provided does not include personal data relating to other personal data subjects, except in cases where there are legitimate grounds for the disclosure of such personal data.
    The application must contain:
    • the surname, proper name, patronymic (if any) of the subject of personal data, the address of his place of residence (place of stay);
    • date of birth of the subject of personal data;
    • the identification number of the personal data subject, in the absence of such a number – the number of the identity document of the personal data subject, in cases where this information was indicated by the personal data subject when giving his consent to the operator or the processing of personal data is carried out without the consent of the personal data subject;
    • statement of the essence of the requirements of the subject of personal data;
    • personal signature or electronic digital signature of the subject of personal data.
    The application may be sent in writing, in the form of an electronic document signed with an electronic digital signature in accordance with the legislation of the Republic of Belarus. If the personal data subject's application does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or the subject does not have access rights to the requested information, then a reasoned refusal is sent to him. The subject of personal data may be refused to provide information in accordance with part 3 of Article 11 of the Law on Personal Data.
    8.2. In case of detection of inaccurate personal data when the subject of personal data is contacted or at his request or at the request of the authorized body for the protection of the rights of personal data subjects, the Operator blocks personal data related to this personal data subject from the moment of receipt of the specified application or request for the verification period. In case of confirmation of the fact of inaccuracy of personal data, the Operator, based on the information provided by the personal data subject or the authorized body for the protection of the rights of personal data subjects, or other necessary documents, clarifies personal data within 15 days from the date of submission of such information and removes the blocking of personal data.
    8.3. In case of detection of unlawful processing of personal data upon receipt of the application of the personal data subject or the request of the authorized body for the protection of the rights of personal data subjects, the Operator blocks the unlawfully processed personal data relating to this personal data subject from the moment of such request or receipt of the application (request).
    8.4. Upon achieving the purposes of personal data processing, as well as in the case of withdrawal by the subject of personal data of consent to their processing, personal data shall be deleted, unless otherwise provided by another agreement between the Operator and the subject of personal data or legislation.

    9. MONITORING COMPLIANCE WITH THE LEGISLATION OF THE REPUBLIC OF BELARUS AND LOCAL LEGAL ACTS OF THE ORGANIZATION IN THE FIELD OF PERSONAL DATA, INCLUDING REQUIREMENTS FOR PERSONAL DATA PROTECTION


    9.1. Monitoring of compliance by the structural divisions of the Organization with the legislation of the Republic of Belarus and local legal acts of the Organization in the field of personal data, including requirements for personal data protection, is carried out in order to verify compliance of personal data processing in the structural divisions of the Organization with the legislation of the Republic of Belarus and local legal acts of the Operator in the field of personal data, including the requirements for protection of personal data, as well as the measures taken, aimed at preventing and detecting violations of the legislation of the Republic of Belarus in the field of personal data, identifying possible channels of leakage and unauthorized access to personal data, eliminating the consequences of such violations.
    9.2. Internal control over compliance by the structural divisions of the Organization with the legislation of the Republic of Belarus and local legal acts of the Operator in the field of personal data, including requirements for the protection of personal data, is carried out by the person responsible for organizing the processing of personal data in the Organization.
    9.3. Control over the fulfillment of the requirements of the Policy is carried out by the person responsible for organizing the processing of personal data at the Operator.

    10. FINAL PROVISIONS


    10.1. Personal responsibility for compliance with the requirements of the legislation of the Republic of Belarus and local legal acts of the Organization in the field of personal data in the structural subdivision of the Organization, as well as for ensuring confidentiality and security of personal data in these divisions of the Organization is assigned to their managers.
    10.2. Responsibility for violation of the requirements of the legislation of the Republic of Belarus and local legal acts of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Republic of Belarus.
    10.3. Issues related to the processing of personal data that are not fixed in this Policy are regulated by the legislation of the Republic of Belarus.
    10.4. If any provision of the Policy is found to be contrary to the law, the remaining provisions remain in force and are valid, and any invalid provision will be considered deleted or amended to the extent necessary to ensure its compliance with the law.
    10.5. The Organization has the right, at its discretion, to change and (or) supplement the terms of this Policy without prior notification of personal data subjects.