[POLICY OF PROCESSING PERSONAL DATA OF WEBSITE VISITORS]

1. GENERAL PROVISIONS
1.1 This Policy (hereinafter - the Policy) is prepared in accordance with the provisions of the Constitution of the Russian Federation, the Federal Law of 27.07.2006 № 152-FZ "On Personal Data", the Federal Law of July 27, 2006 № 149-FZ "On Information, Information Technologies and Information Protection", as well as other regulations of the Russian Federation in the field of processing and protection of information and personal data and determines the policy of the personal data operator - JUR DATA (hereinafter - the Company) in relation to the processing of personal data, the collection of which is the subject of the Policy.
1.2 The Policy contains information on the basic principles, purposes, procedure and conditions of personal data processing, as well as information on the Company's requirements for the protection of processed personal data and is intended to ensure the protection of the rights and freedoms of personal data subjects during the processing of their personal data by the Company.
1.3 Processing of personal data shall be carried out on the territory of the Russian Federation and in accordance with the laws of the Russian Federation (hereinafter - "Applicable Law").
1.4 This Policy applies to any action (operation) or set of actions (operations) performed with the use of automation or without the use of such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data, performed with the use of automation or without the use of such means.

2. PRINCIPLES OF PERSONAL DATA PROCESSING
2.1 Conditions of personal data processing:
- personal data processing is carried out with the consent of the subject of personal data to the processing of his/her personal data and the Company determines specific legitimate purposes prior to the processing (including collection) of personal data;
- only those personal data are collected that are necessary and sufficient for the stated purpose of processing, only those personal data that meet the purposes of processing are subject to processing;
- the content and scope of processed personal data correspond to the stated purposes of processing, processed personal data are not redundant in relation to the stated purposes of processing;
- The Company destroys personal data upon achievement of the purposes of processing or in case of loss of necessity to achieve the purposes (unless otherwise provided for by a contract or other agreement with the data subject or Applicable Law);
- the processing of personal data is necessary to achieve the purposes provided for by Applicable Law in order to perform and fulfill the functions, powers and duties assigned to the operator;
- the processing of personal data is necessary for the execution of an agreement to which the personal data subject is a party, beneficiary or guarantor, as well as for the conclusion of an agreement at the initiative of the personal data subject or an agreement under which the personal data subject will be a beneficiary or guarantor;
- processing of personal data is necessary for the exercise of rights and legitimate interests of the operator or third parties or for the achievement of socially important goals, provided that the rights and freedoms of the subject of personal data are not violated;
- it is not allowed to merge databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other.

3. CATEGORIES OF PERSONAL DATA AND PURPOSES OF PROCESSING
3.1 The Company processes personal data of job seekers (candidates) and other website visitors whose personal data may have been collected by the Company using the Website (hereinafter - Users).
3.2 The personal data of Users may be processed through the Site for the following purposes:

3.3 The Company may carry out cross-border transfer of personal data within the limits established by Applicable Law. The Company shall check whether the state, on whose territory the personal data transfer is carried out, provides adequate protection of the rights of personal data subjects, prior to the commencement of trans-border transfer of personal data. In case of trans-border transfer of personal data to countries that do not ensure protection of the rights of personal data subjects, except as provided by Applicable Law, the trans-border transfer is carried out on the basis of a separate consent in writing.
3.4 The Company does not process special categories of personal data, in particular those relating to race, nationality, criminal record, political opinions, religious or philosophical beliefs. Biometric personal data of Users are not processed.
3.5 The Company does not collect personal data in secret from Users. The Sites may use services for keeping statistics of visits, determining the level of interest of visitors and other similar tools that collect and analyze only impersonal information (not personal data). The Sites may automatically save cookies to Users' computers that do not contain personal data and are not used to identify the User. Cookies are stored indefinitely, not only during the session, if the User does not wish to save these files on his computer, he can at any time change the browser settings and delete the already saved files using the standard functionality of the browser. Disabling certain cookies may make it impossible to use certain sections or functions of the Site. If the user of the Site does not agree with the use of methods, means and tools of Internet statistics and customization, he must stop using the Site, in which case the Company will not be able to provide the user with the use of the Site. For more information on the management of cookies, including the refusal of cookies, please refer to the settings of browsers: Chrome, Edge, Firefox, InternetExplorer, Opera, Safari.
3.6 The Company does not use the Sites to process financial information, as well as information about Users' bank cards.

4. PROCEDURE AND CONDITIONS OF PERSONAL DATA PROCESSING AND STORAGE
4.1 The Company processes personal data in the following ways:
- with the use of means of automation, including the use of information technologies and technical means, including computer facilities, information technology complexes and networks, means and systems of transmission, reception and processing of personal data, software (operating systems, database management systems, etc.), information protection means used in information systems;
- without the use of automation tools.
4.2 Processing of personal data is carried out during the periods necessary to achieve the purposes of processing. The condition for termination of personal data processing by the Company may be the achievement of the purposes of their processing, withdrawal of the personal data subject's consent to the processing of his/her personal data, termination of the Company's activities, closure of the Website or change of its functionality.
4.3 The totality of operations of processing of personal data of Users, carried out by the Company, includes collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data. Other operations with personal data, including storage, are carried out without using the Site and are regulated by the Company's internal documents.
4.4 The Company shall store personal data in a form that allows identification of the subject of personal data for no longer than required by the purposes of personal data processing, unless the period of personal data storage is established by federal law, contract, agreement or local normative act.
4.5 In order to achieve the stated purposes of processing, the Company may disclose personal data to third parties, as well as entrust the processing of personal data to other persons on the basis of an agreement containing confidentiality conditions and other mandatory provisions prescribed by Applicable Law.
5. PROTECTION OF PERSONAL DATA
5.1 Personal data of Users is confidential information in accordance with the Applicable Law. The Company shall take measures necessary and sufficient to ensure fulfillment of obligations stipulated by the Applicable Law in the field of personal data. If necessary, the Company performs the following measures aimed at protecting the rights of personal data subjects:
- appointment by the Company of a person responsible for organizing the processing of personal data;
- issuance by the Company of documents defining the operator's policy with regard to personal data processing, local acts on personal data processing, as well as local acts establishing procedures aimed at preventing and detecting violations of Applicable Laws and eliminating the consequences of such violations;
- application of legal, organizational and technical measures to ensure personal data security in accordance with the personal data legislation of the Russian Federation;
- internal control and (or) audit of compliance of personal data processing with Applicable legislation in the field of personal data and regulatory legal acts adopted in accordance with it, requirements to personal data protection, the Company's policy on personal data processing, local acts of the Operator;
- assessment of the damage that may be caused to the subjects of personal data in case of violation of the Applicable Law in the field of personal data, the correlation between this damage and the measures taken by the Company aimed at ensuring the fulfillment of obligations under the Applicable Law in the field of personal data;
- familiarization of the Company's employees directly involved in personal data processing with the provisions of the Applicable Laws in the field of personal data, including requirements to personal data protection, documents defining the Company's policy with regard to personal data processing, local acts on personal data processing, and (or) training of the said employees;
- providing unrestricted access to the document defining the policy on personal data processing, to the information on the implemented requirements to personal data protection, including publication of this Policy on the Website.
5.2 Ensuring the security of personal data shall be achieved by the Operator, in particular by:
- determining threats to the security of personal data during their processing in the information systems of personal data;
- application of organizational and technical measures to ensure the security of personal data during their processing in the information systems of personal data, necessary to meet the requirements to the protection of personal data, the execution of which ensures the levels of protection of personal data established by the Government of the Russian Federation;
- application of information protection devices that have passed the conformity assessment procedure in accordance with the established procedure;
- assessment of the effectiveness of the measures taken to ensure personal data security prior to the commissioning of personal data information systems;
- detecting facts of unauthorized access to personal data and taking measures;
- recovery of personal data modified or destroyed due to unauthorized access to them;
- establishing rules of access to personal data processed in personal data information systems, as well as ensuring registration and record keeping of all actions performed with personal data in personal data information systems;
- control over the measures taken to ensure the security of personal data and the level of protection of personal data information systems.

6. UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA
6.1 In case of confirmation of the fact of inaccuracy of personal data or unlawfulness of their processing, personal data can be updated by the Company or their processing is stopped.
6.2 When the purposes of personal data processing are achieved, as well as in case the subject of personal data withdraws consent to their processing, personal data are subject to destruction, except in cases established by Applicable Law.
6.3 Upon achievement of the purposes of personal data processing, as well as in case of revocation of consent to their processing by the User of personal data, personal data shall be destroyed, unless:
- otherwise is not provided for by the contract to which the Personal Data User is a party, beneficiary or guarantor;
- The Company may not carry out processing without the consent of the subject of personal data on the grounds provided for by the Personal Data Law or other federal laws;
- unless otherwise provided by another agreement (public offer of employment) between the Company and the User.

6.4 The User has the right to:
- Request a copy of the personal data held by the Company;
- request correction of inaccurate or incomplete personal data held by the Company;
- withdraw consent to the processing of personal data;
- request the deletion of personal data relating to himself/herself as a User, except in cases where the Company is obliged to store such data, in accordance with Applicable Law.

7. CONSENT TO THE PROCESSING OF PERSONAL DATA
7.1 The Website User freely, of his/her own free will and in his/her own interest provides the Company with his/her personal data.
7.2 By accepting the terms of this Policy, the Website User hereby confirms that the personal data provided by him/her are true. The Company assumes that the Website user provides reliable personal data and keeps them up to date.
7.3 By filling in the data fields provided on the Website, the Website user accepts this Policy and gives his/her consent to the processing of his/her personal data in the manner and on the terms specified in this Policy.
7.4 By accepting the terms and conditions of this Policy, the Site user confirms that he/she is aware of his/her rights and obligations provided for by the current Applicable legislation on personal data, in particular, the right to access his/her personal data, to withdraw his/her consent.
7.5 If the Site user does not intend to provide personal data or does not accept this Policy, he/she must stop using the Site, in which case the Company will not be able to provide the user with the use of the Site.
7.6. The consent to the processing of personal data is valid until its revocation.
7.7 The consent may be withdrawn at the will of the subject by sending an Application for withdrawal of consent to the Company. In this case, the Application shall contain:
- Full name of the User, e-mail address and cell phone number
- The purpose (or purposes) of personal data processing for which the User withdraws his/her consent
The User may submit (write) a written (hard copy) application for withdrawal of consent at the Company's office or send it to the office by Russian Post.

The User can send an application for withdrawal of consent in electronic form by e-mail to privacy@hrbro.ge.
7.8 In case of withdrawal of consent to the processing of personal data, the Company has the right to continue the processing of personal data without consent on the grounds specified in paragraphs 2 - 11 of Part 1 of Article 6, Part 2 of Article 10 and Part 2 of Article 11 of Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006.

8. FINAL PROVISIONS
8.1 This Policy shall be subject to amendment or supplementation in cases of relevant amendments or supplements to the current legislation of the Russian Federation on personal data, and may be amended at any time at the discretion of the Company. The current version of the Company's Policy is always available for viewing by an unlimited number of persons on the Website at the permanent address: (link).
8.2 All relations involving the Company concerning the processing and protection of personal data and not directly reflected in this Policy shall be regulated in accordance with the provisions of the current legislation of the Russian Federation on personal data.
8.3 Date of the last update of the Policy: 15.12.2022.