PERSONAL DATA PROCESSING AND SECURITY POLICY

1. General Provisions

Sever Minerals JSC (hereinafter referred to as the “Company”), as part of the selection of personnel for its own needs, processes personal data of various categories of personal data subjects using its website http://severminerals.ru. For the purposes of this Policy, personal data is understood to mean any information provided through the Company's website related to a directly or indirectly determined or determined individual (personal data subject).

2. Personal data collection

The Company through its website collects personal data that users or other persons enter into the data fields on the Company's website on their behalf.

3. Principles and conditions for the processing of personal data

Only personal data that meets the purposes of their processing are subject to processing. The content and volume of personal data processed by the Company corresponds to the stated processing goals, redundancy of processed personal data is not allowed.
The company in the course of its activities may provide and / or entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by the legislation of the Russian Federation on personal data. In this case, the obligatory condition for the provision and (or) an order to process personal data to another person is the obligation of the parties to maintain confidentiality and ensure the security of personal data during their processing.

The terms for processing personal data are determined in accordance with the purposes for which they were collected.

4. Rights of the subject of personal data

The personal data subject has the right (unless otherwise provided by law):

If you have questions about the nature of the use, use, change or deletion of your personal data that you have provided, or if you want to refuse to further process it by the Company, please contact us by mail at the address of the Company or by e-mail: hr @ severminerals.com

Please note that the Company is not responsible for inaccurate information provided by the subject of personal data.

5. Implementation of requirements for the protection of personal data

In order to maintain business reputation and ensure compliance with federal legislation, the Company considers the most important tasks to ensure the legitimacy of the processing of personal data in the business processes of the Company and to ensure the appropriate level of security of personal data processed in the Company.

The company requires other persons who have access to personal data not to disclose to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.

In order to ensure the security of personal data during its processing, the Company takes the necessary and sufficient legal, organizational and technical measures to protect personal data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions against them.

The company seeks to ensure that all measures taken by it for the organizational and technical protection of personal data are carried out legally, including in accordance with the requirements of the legislation of the Russian Federation on the processing of personal data.

In accordance with the identified threats, the Company applies the necessary and sufficient legal, organizational and technical measures to ensure the security of personal data, including the use of information security tools, detection of unauthorized access to personal data and taking measures, restoring personal data, restricting access to personal data, registration and accounting of actions with personal data, as well as monitoring and evaluating the effectiveness of the measures taken to ensure th security of personal data.

The Company's management recognizes the importance and necessity of ensuring the security of personal data and encourages the continuous improvement of the system for protecting personal data processed as part of the Company's core business.

The Company has appointed persons responsible for organizing the processing and ensuring the security of personal data.
Each new employee of the Company who directly processes personal data is familiarized with the requirements of the legislation of the Russian Federation on processing and ensuring the security of personal data, this Policy and other local acts of the Company on the processing and ensuring the security of personal data and undertakes to comply with them.