Privacy Policy and Personal Data Processing Policy of Baikal Mining Company LLC
Last revision: July 26, 2020

1. GENERAL PROVISIONS
1.1. This document (hereinafter referred to as the Policy) stipulates the policy of the Limited Liability Company Baikal Mining Company (hereinafter referred to as the Operator or Company) related to personal data processing.
1.2. This Policy is developed in compliance with the requirements of clause 2 Part 1 Art. 18.1 of the Federal Law of July 27, 2006 N 152-FZ "On Personal Data" (hereinafter - the Federal Law on Personal Data).
1.3. Basic terms specified in Art. 3 of the Federal Law on Personal Data are used in this Policy with the same meaning.
1.4. This Policy applies to all operations performed by the Operator towards personal data with or without the use of automation tools.
1.5. Basic rights and obligations of the Operator.
1.5.1. Operator has the right to:
• receive reliable information and / or documents containing personal data from the subject of personal data;
• require from the subject of personal data to timely rectify the provided personal data.
1.5.2. Operator is obliged to:
• process personal data under the current statutory procedure;
• consider requests of the subject of personal data (his authorized representative) on the processing of personal data and provide substantive responses;
• provide personal data to the subject of personal data (his legal representative) in an accessible form;
• take measures to rectify, destroy personal data of the subject of personal data due to his (his legal representative’s) legal and reasonable request;
• organize the protection of personal data in accordance with the legislation of the Russian Federation.
1.6. Basic rights and obligations of the subject of personal data:
1.6.1. Subject of personal data has the right to:
• receive full information concerning the processing of his personal data by the Operator;
• access his personal data, including the right to obtain copy of any record containing his personal data, unless otherwise provided by Federal law.
• rectify, block or destroy his personal data in the event that the personal data are incomplete, out-of-date, inaccurate, unlawfully obtained or are not necessary for the stated purpose of processing;
• revoke the consent given for personal data processing;
• take statutory actions to protect his rights;
• exercise other rights as stipulated by legislation of the Russian Federation.
1.6.2. Subject of personal data is obliged to:
• provide reliable personal data;
• provide documents containing personal data to the extent necessary for the purpose of processing;
• inform the Operator about the refinement (update, change) of his personal data.
1.6.3. Persons providing inaccurate information about themselves or other subjects of personal data without consent of that subjects shall bear responsibility in accordance with the legislation of the Russian Federation.

2. THE VOLUME AND CATEGORIES OF PROCESSED PERSONAL DATA, THE CATEGORIES OF THE SUBJECTS OF PERSONAL DATA
2.1. Operator may process personal data of the following categories of the subjects of personal data:
• Current and former Operator’s employees, candidates for employment, family members of the Operator’s employees;
• Operators’ customers and contractors (individuals);
• Representatives/employees of the Operator’s customers and contractors (legal entities);
• Visitors of the Company website(s) (hereinafter referred to as Website or Websites).
2.2. Personal data processed by the Operator includes the following:
• Surname, name, patronymic (if applicable) of the subject of personal data;
• Gender;
• Citizenship;
• Place of residence (Region/City);
• Educational background, field of professional interests;
• Cellphone number;
• E-mail;
• Search & watch history of the Website and its Services (for the Websites’ visitors);
• Miscellaneous information (the above-mentioned list may be reduced or expanded on a case-by-case basis and purpose of processing).
2.3. Operator ensures that the content and volume of the processed personal data meet the stated purpose of processing and, if appropriate, takes measures to eliminate their redundancy in relation to the declared purpose of processing.
2.4. The Operator processes biometric personal data subject to the written consent of the relevant subjects of personal data, as well as in the other cases stipulated by the legislation of the Russian Federation.
2.5. The Operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, intimate life.
2.6. International transfer of the personal data.
Operator may transfer your personal data to countries other than your country of residence (including countries outside the European Economic Area). International transferring occurs in the course of providing your services or because our Company, partners or service providers have operations in countries across the world. The laws of these countries may not afford the same level of protection to your personal data.
In the course of providing your services or because our Company, partners or service providers have operations in countries across the world, we may transfer your personal data to Russia, China, Hong Kong, Kazakhstan, Georgia, United Arab Emirates, EU countries, the United Kingdom, Canada and United States of America.
The European Commission has determined that certain countries outside the European Union offer an adequate level of data protection (see article 45 General Data Protection Regulation (GDPR)).
Operator ensures that adequate safeguards are in place to comply with the requirements for the international transfer of personal data under applicable privacy laws. For transfers of personal data outside the European Economic Area, Operator may use European Commission approved Standard Contractual Clauses as safeguards (see article 46 General Data Protection Regulation (GDPR)).

3. PURPOSES OF PERSONAL DATA COLLECTION
3.1. The processing of personal data by the Operator is carried out for the following purposes:
• Execution with the subjects of personal data of any agreements and their further implementation;
• Organization by the Company of campaigns, surveys, interviews, tests and research on the Website(s);
• Provision of works and services of the Company for the subjects of personal data, as well as information about the development of new products and services by the Company, including advertising;
• Feedback from the subjects of personal data, including the processing of their requests and appeals, informing about the operation of the Website(s);
• Control and enhancing the quality of works and services of the Company, including those offered on the Website(s);
• Personnel and HR record management of the Company, regulation of labor and other relations directly associated with them;
• Recruitment and selection of candidates to work at the Company;
• Formation of statistical reporting;
• Implementation of business activities;
• Implementation of other functions, duties and powers assigned to the Operator by the legislation of the Russian Federation.

4. Legal authority for the processing of personal data
4.1. Legal authority for the processing of personal data is as follows:
• Constitution of the Russian Federation;
• Labor Code of the Russian Federation;
• Civil Code of the Russian Federation;
• Federal Law No.149-FZ of July 27, 2006 On Information, Informational Technologies and Protection of Information;
• Law of the Russian Federation No. 2124-1 of December 27, 1991 On Mass Media;
• Federal Law No. 294-FZ of December 26, 2008 On the Protection of Legal Entities' and Individual Entrepreneurs' Rights During State Control (Supervision) and Municipal Control;
• The Decree No. 188 of March 6, 1997, of the President of the Russian Federation On Approval of the List of Confidential Data;
• The Regulation No. 512 of July 6, 2008, of the Government of the Russian Federation On Approval of the Requirements to Physical Media of Biometric Personal Data, and Storage Technologies for Such Data outside Personal Data Information Systems;
• The Regulation No. 687 of September 15, 2008, of the Government of the Russian Federation On Approval of the Statute on Special Aspects of Personal Data Processing Without the Use of Automation Technology;
• The Regulation No. 1119 of November 1, 2012, of the Government of the Russian Federation On Approval of the Requirements to Personal Data Protection in the course of Its Processing in Personal Data Information Systems;
• The Order of the Russian Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications No. 996 of September 5, 2013 On Approving the Requirements and Methods for Depersonalizing Personal Data;
• The Order of FSTEC of Russia No. 21 of February 18, 2013 On Approving the List and Scope of Planning and Technical Activities for Protection of Personal Data While Processing via Personal Data Information Systems;
• Operator’s statutory documents;
• Agreements concluded between the Operator and the subjects of personal data;
• Consent of the subjects of personal data to process personal data;
• Other grounds when the consent to process personal data is not required by law.

5. PROCEDURE AND CONDITIONS OF THE PERSONAL DATA PROCESSING
5.1. Personal data processing is carried out as follows:
• Non-automated processing of personal data;
• Automated processing of personal data with or without transmission of the received information through information and telecommunication networks;
• mixed processing of personal data.
5.2. The list of actions carried out by the Operator with personal data includes: collection, accumulation, storage, rectification (update, modification), usage, distribution (including transmission), depersonalization, blocking, destruction, as well as carrying out of any activities under the current legislation of the Russian Federation.
5.3. The processing of personal data shall be carried out by the Operator with the consent of the subjects of personal data (hereinafter referred to as Consent), as well as without any Consent in cases stipulated by the legislation of the Russian Federation.
5.4. The subject of personal data shall give Consent to the processing of personal data freely, of his own will, and in his own interest.
5.5. Consent may be given in any form which provides evidence of its receipt. Consent shall be made in writing under the conditions stipulated by the legislation of the Russian Federation.
5.6. The processing of personal data may be terminated in case of achievement of the purposes of the personal data processing, expiration or withdrawal of Consent by the subject of personal data and revealing of unlawful processing of personal data.
5.7. Consent to the processing of personal data may be withdrawn upon written notice sent by registered mail at the address of the Company.
5.8. The Operator, with regard to the processing of personal data, takes necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution and other unauthorized actions thereto.
5.9. Personal data shall be stored in a form that allows verification of the identity of personal data subject only to the extent necessary for processing purposes unless the personal data storage time is not established by federal laws, agreements concluded with personal data subjects as a beneficiary or guarantor party.
5.10. The Operator shall use databases located in the territory of the Russian Federation when storing personal data.

6. RECTIFICATION, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, REPLIES TO THE REQUESTS OF THE SUBJECTS OF PERSONAL DATA TO ACCESS PERSONAL DATA
6.1. In the event that personal data are confirmed as inaccurate or unlawfully processed, the Operator shall be obliged to rectify the personal data or to terminate processing thereof.
6.2. The evidence of the inaccuracy of personal data or unlawful processing thereof shall be established by the subject of the personal data or authorized bodies of the Russian Federation.
6.3. The information concerning the processing of personal data shall be provided to a personal data subject or his representative by an Operator upon receipt of a written request from the personal data subject or his representative. A request shall contain the number of the principal identification document of the personal data subject or of his legal representative, information as to the date of issue of that document and the body which issued it, information evidencing the personal data subject’s relationship with the Operator (number of contract, date of conclusion of contract, reference designation and (or) other information) or information which otherwise confirms the processing of the personal data by the Operator, and the signature of the personal data subject or of his representative. A request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
6.4. Where the request of the subject of personal data does not cover all the necessary information or the subject does not have the right to access the requested information, a reasonable refusal should be sent to him.
6.5. In cases provided for in clause 6.3, a personal data subject shall have the right to request an Operator to rectify, block or destroy his personal data in the event that the personal data are incomplete, out-of-date, inaccurate, unlawfully obtained or are not needed for the stated purpose of the processing, and shall have the right to take measures provided for by law to protect his rights.
6.6. Where the purpose of the processing of personal data has been achieved and where the Consent has been revoked by the subject of personal data, personal data shall be destroyed if:
• the Operator has no right to carry out the processing of personal data without the Consent of the subject of personal data;
• unless otherwise stipulated by the contract, concluded with personal data subject as a beneficiary or guarantor party;
• unless otherwise stipulated by the agreement between the Operator and the subject of personal data.

7. FINAL PROVISIONS
7.1. All relations concerning the processing of the personal data that are not covered under this Policy, shall be governed by the applicable laws of the Russian Federation.
7.2. The Operator has the right to modify this Policy. Where the current Policy is modified, the date of the latest renewal is specified in the last revision. Last revision of the Policy enters into force since the date of its publication on the Website unless otherwise stipulated by the last revision of the Policy. Current Policy is available on the website at: https://www.bmc.ai/ .