About the processing of personal data

15.11.2021 №1

Minsk

1. GENERAL PROVISIONS

1.1. This Regulation on the processing and confidentiality of personal data (hereinafter referred to as the Regulation) has been developed in accordance with the Law of the Republic of Belarus dated 07.05.2021 No. 99-Z “On the Protection of Personal Data” and other legislation of the Republic of Belarus. It applies to all information that an Individual Entrepreneur Ekaterina Mikhailovna Shilina (hereinafter referred to as the Operator) can receive about the User while using the smartink website.by and use of these educational products. The Regulation defines the policy regarding the processing of personal data, including the procedure for the collection, storage, use, transfer and protection of personal data.

1.2. The regulation of the handling of personal data is aimed at ensuring the rights and freedoms of citizens in the processing of personal data, maintaining the confidentiality of personal data and their protection.

1.3. The Regulation is a local legal act of the Operator, mandatory for compliance and execution by employees, as well as other persons involved in the processing of personal data in accordance with this Regulation.

2. BASIC CONCEPTS

2.1. The following basic concepts and terms are used in this Regulation:

a) The operator is an Individual entrepreneur Shilina Ekaterina Mikhailovna located at the address: 220004, Minsk, Melnikaite str., 16 – 137;

b) personal data — any information relating to an identified individual or an individual who can be identified;

c) personal data subject — an individual to whom the personal data processed by the Operator relates, including an individual who is not an employee of the Operator to whom the personal data processed relates;

d) personal data processing — any action or set of actions performed with personal data, including collection, systematization, storage, modification, use, depersonalization, blocking, distribution, provision, deletion of personal data;

e) processing of personal data using automation means – processing of personal data using computer technology, while such processing cannot be recognized as carried out exclusively using automation tools only on the grounds that personal data is contained in the personal data information system or has been extracted from it;

f) processing of personal data without the use of automation means – actions with personal data, such as use, clarification, distribution, destruction, carried out with the direct participation of a person, if this ensures the search for personal data and (or) access to them according to certain criteria (card files, lists, databases, journals, etc.);

g) dissemination of personal data — actions aimed at familiarization with the personal data of an indefinite circle of persons;

h) provision of personal data — actions aimed at familiarization with the personal data of a certain person or circle of persons;

i) blocking of personal data – termination of access to personal data without their deletion;

j) deletion of personal data — actions as a result of which it becomes impossible to restore personal data in information resources (systems) containing personal data, and (or) as a result of which the material carriers of personal data are destroyed;

k) depersonalization of personal data — actions as a result of which it becomes impossible to determine the identity of personal data to a specific personal data subject without the use of additional information;

m) cross-border transfer of personal data — transfer of personal data to the territory of a foreign state;

h) a natural person who can be identified — a natural person who can be directly or indirectly identified, in particular, through a surname, proper name, patronymic, date of birth, identification number or through one or more features characteristic of his physical, psychological, mental, economic, cultural or social identity.

3. CATEGORIES OF PERSONAL DATA SUBJECTS

3.1. The Operator processes personal data of the following categories of subjects:

employees, former employees of the Operator;

candidates for hiring an Operator;

contractors and customers of the Operator who are individuals;

representatives and (or) employees of the Operator’s counterparties who are legal entities (individual entrepreneurs);

visitors (users) of the Operator’s websites;

persons who provided the Operator with personal data by subscribing to the newsletter, when sending reviews, appeals, filling out questionnaires, surveys during advertising and other events conducted by the Operator;

other entities whose interaction with the Operator creates the need for personal data processing.

4. CONTENT AND SCOPE OF PERSONAL DATA

4.1. The content and volume of personal data of each category of subjects is determined by the need to achieve specific goals of their processing, as well as the need for the Operator to exercise their rights and obligations, as well as the rights and obligations of the relevant subject.

4.2. Personal data of employees, former employees of the Operator include:

last name, first name, patronymic (as well as previous surnames);

date and place of birth;

citizenship;

passport data or data of another identity document (series, number, date of issue, name of the issuing authority, etc.);

number and series of the insurance certificate of the state social insurance;

taxpayer registration number;

bank account details;

data of visas and other migration registration documents;

floor;

address of registration at the place of residence;

biometric personal data (including photos, images from CCTV cameras, voice recordings);

information about social benefits and payments;

information about the marital status and composition of the family, indicating the surnames, first names and patronymics of family members, date of birth;

information of a medical nature in cases provided for by law (information on disability);

information about education, advanced training and professional retraining, academic degree, academic title;

information about the specialty, profession, qualification;

information about employment, including the availability of incentives, awards and (or) disciplinary penalties;

information about marriage registration;

information about income from a previous job;

information about bringing to administrative or criminal responsibility;

contact information (including work and/or mobile phone numbers, e-mail, etc.);

other data provided by employees in accordance with the requirements of the legislation of the Republic of Belarus (or) necessary for the performance of mutual rights and obligations.

4.3. Personal data of candidates for employment with the Operator include:

last name, first name, patronymic;

date and place of birth;

citizenship;

floor;

information about education, advanced training and professional retraining, academic degree, academic title;

information about employment (including length of service and work experience, employment data indicating the position, division, information about the employer, etc.);

information about the specialty, profession, qualification;

contact information (including home and/or mobile phone numbers, e-mail, etc.);

information about awards and incentives;

information provided by the candidate himself in resumes, letters, characteristics, during the completion of personality questionnaires and the passage of psychometric testing activities, as well as the results of such testing (psychometric profile, abilities and characteristics);

other data that may be indicated in the candidate’s resume or questionnaire.

4.4. The personal data of the Operator’s counterparties who are individuals include:

last name, first name, patronymic;

citizenship;

passport data or data of another identity document (series, number, date of issue, name of the issuing authority, identification number, etc.);

information about registration at the place of residence;

number and series of the insurance certificate of the state social insurance;

taxpayer registration number;

bank account details;

contact information (including home and/or mobile phone numbers, e-mail, etc.);

personal signature;

other data necessary for the performance of mutual rights and obligations between the Operator and the counterparty.

4.5. Personal data of the Operator’s clients who are individuals (users of the smartink website.by or registered on the site) may include:

last name, first name, patronymic;

e-mail;

phone number;

country and city;

social media profile;

photo;

personal signature;

IP address.

4.6. Personal data of representatives and (or) employees of the Operator’s counterparties who are legal entities (individual entrepreneurs) include:

last name, first name, patronymic;

passport data or data of another identity document (series, number, date of issue, name of the issuing authority, etc.);

information about registration at the place of residence (including address);

contact information (including work, home and/or mobile phone numbers, e-mail, etc.);

post;

other data necessary for the performance of mutual rights and obligations between the Operator and the counterparty.

4.7. Personal data of visitors (users) of the Operator’s websites include (about the current connection in terms of statistical information):

user ID assigned by the site;

visited, requested pages;

number of page visits;

information about moving through the pages of the site;

user session duration;

entry points (third-party sites from which the user follows the link to the site);

exit points (links on the Portal by which the user goes to third-party sites);

user’s country;

user’s region;

the time zone set on the user’s device;

the user’s provider;

user’s browser;

user search queries, including search queries relative to a user-defined location;

User’s OS;

screen parameters (resolution, color depth, page placement parameters on the screen);

information about the use of automation tools when accessing the Portal;

cookies or data included in cookies;

IP address.

4.8. Personal data of persons who have provided the Operator with personal data by subscribing to the newsletter, when sending reviews, appeals, filling out questionnaires, surveys during advertising and other events conducted by the Operator, include:

last name, first name, patronymic;

contact details (including mobile phone numbers, e-mail, etc.);

address of the place of residence (stay);

other data necessary for the performance of mutual rights and obligations between the Organization and the subject of personal data.

5. PRINCIPLES OF PERSONAL DATA PROCESSING

5.1. The processing of personal data of subjects is based on the following principles:

a) the processing of personal data is carried out in accordance with the Law on the Protection of Personal Data and other legislative acts;

b) the processing of personal data must be proportionate to the stated purposes of their processing and ensure at all stages of such processing a fair balance of interests of all interested parties;

c) the processing of personal data is carried out with the consent of the subject of personal data, except in cases provided for by the Law on the Protection of Personal Data and other legislative acts;

d) the processing of personal data should be limited to achieving specific, pre-stated legitimate goals. Processing of personal data that is incompatible with the originally stated purposes of their processing is not allowed;

e) the content and volume of the processed personal data must correspond to the stated purposes of their processing. The processed personal data should not be redundant in relation to the stated purposes of their processing;

f) the processing of personal data should be transparent. For these purposes, the subject of personal data, in cases provided for by the Law on the Protection of Personal Data, is provided with relevant information regarding the processing of his personal data;

g) The Operator is obliged to take measures to ensure the accuracy of the personal data processed by him, if necessary, to update them;

h) the storage of personal data must be carried out in a form that allows identifying the subject of personal data, no longer than the stated purposes of personal data processing require.

6. PURPOSES OF PERSONAL DATA PROCESSING

6.1. Processing of personal data of personal data subjects is carried out for the following purposes:

ensuring compliance with the Constitution of the Republic of Belarus, legislative and other regulatory legal acts of the Republic of Belarus, local legal acts of the Operator;

implementation and performance of functions, powers and duties assigned by the legislation of the Republic of Belarus and international treaties of the Republic of Belarus to the Operator, including the provision of personal data to state authorities, to the Social Protection Fund of the Ministry of Labor and Social Protection of the Republic of Belarus, as well as to other state bodies;

implementation of the provided activities of the Operator;

informational and advertising mailing;

communication with personal data subjects, processing of their requests and reviews;

tracking visits and traffic, determining the most popular pages of the Site (performance cookie data);

contractual obligations of the Operator to customers and counterparties;

protection of life, health or other vital interests of personal data subjects;

regulation of labor relations with employees and consideration of the possibility of employment of candidates to the Operator;

evaluation and analysis of the Operator’s websites, services, monitoring and improving the quality of the Operator’s work, its services;

the Operator conducts promotions (including advertising), surveys, interviews, tests using the Operator’s website and services;

providing personal data subjects with information about the Operator’s activities;

advertising and promotion of products, goods, works, services of the Operator;

registration and user service on the Operator’s website;

for other purposes that do not contradict the legislation of the Republic of Belarus.

6.2. Personal data is processed solely for the achievement of one or more of these legitimate purposes. If personal data has been collected and processed to achieve a specific purpose, in order to use this data for other purposes, it is necessary to inform the personal data subject about this and, if necessary, obtain a new consent for processing.

6.3. The processing of personal data may be carried out for other purposes, if necessary in connection with ensuring compliance with the law.

7. PERSONAL DATA PROCESSING RULES

7.1. General Rules

7.1.1. The processing of personal data is carried out by mixed (both with the use of automation tools and without the use of automation tools) processing, including using the internal network and the Internet.

7.1.2. In cases established by the legislation of the Republic of Belarus, the main condition for the processing of personal data is to obtain the consent of the relevant personal data subject in written, electronic or other form.

7.1.3. The consent of the personal data subject to the processing of his personal data includes:

a) surname, proper name, patronymic (if any);

b) date of birth;

c) the identification number, and in the absence of such a number – the number of the document certifying his identity;

d) the signature of the subject of personal data or by marking the consent in electronic form.

If the purposes of personal data processing do not require the processing of information, this information is not subject to processing by the Operator upon receipt of the consent of the personal data subject.

7.1.4. Processing of special personal data without the consent of the personal data subject is prohibited, except in the following cases:

if special personal data is made publicly available by the personal data subject himself;

when registering labor (official) relations, as well as in the process of labor (official) activity of the subject of personal data in cases provided for by law;

for the organization and conduct of state statistical observations, the formation of official statistical information;

for the implementation of administrative procedures;

in other cases provided for by the Law on Personal Data Protection and other legislative acts.

7.2. Collection of personal data

7.2.1. The source of information about all personal data is directly the subject of personal data, publicly available sources.

7.3. Storage of personal data

7.3.1. When storing personal data, the conditions ensuring the safety of personal data must be observed.

7.3.2. Documents containing personal data contained on paper are located in specially designated places with limited access in conditions that ensure their protection from unauthorized access. The list of document storage locations is determined by the Operator.

7.3.3. Personal data stored in electronic form is protected from unauthorized access using special technical and software protection tools. Storage of personal data in electronic form outside the information systems and specially designated databases used by the Operator (out-of-system storage of personal data) is not allowed.

7.3.4. The storage of personal data must be carried out in a form that allows identifying the subject of personal data, but not longer than the purposes of their processing require, unless another period is established by the legislation of the Republic of Belarus or the contract to which the subject of personal data is a party, beneficiary or guarantor.

7.3.5. Unless otherwise provided by law, the processed personal data is subject to destruction or depersonalization upon achievement of the processing goals, in case of loss of the need to achieve these goals or after the expiration of their storage, revocation of the consent of the personal data subject to the processing of his personal data, as well as identification of unlawful processing of personal data.

7.3.6. The destruction or depersonalization of personal data must be carried out in a way that excludes further processing of these personal data. At the same time, if necessary, it is necessary to preserve the possibility of processing other data recorded on the appropriate material carrier.

7.3.7. If it is necessary to destroy or block a part of personal data, the material carrier is destroyed or blocked with preliminary copying of information that is not subject to destruction or blocking, in a way that excludes simultaneous copying of personal data that is subject to destruction or blocking.

7.3.8. If it is necessary to destroy or block a part of personal data, the material carrier is destroyed or blocked with preliminary copying of information that is not subject to destruction or blocking, in a way that excludes simultaneous copying of personal data that is subject to destruction or blocking.

7.4. Use

7.4.1. Personal data is processed and used for the purposes specified in clause 6.1 of the Regulation.

7.4.2. Access to personal data is provided only to those employees of the Operator whose job responsibilities involve working with personal data, and only for the period necessary to work with the relevant data. The list of such persons is determined by the Operator.

7.4.3. If it becomes necessary to provide access to personal data to employees who are not included in the list of persons with access to personal data, they may be granted temporary access to a limited range of personal data by order of the head of the Operator. The relevant employees must be familiarized with all local legal acts of the Operator in the field of personal data, and must also sign an obligation of non-disclosure of personal data.

7.4.4. Employees who process personal data without the use of automation tools are informed (including by familiarizing themselves with this Regulation) about the fact that they process personal data, the categories of personal data being processed, as well as about the specifics and rules for such processing established by law and this Regulation.

7.4.5. The Operator’s employees who do not have a properly issued access permit are prohibited from accessing personal data.

7.4.6. If it is necessary to use or distribute certain personal data separately from other personal data located on the same material carrier, the personal data subject to distribution or use is copied in a way that excludes simultaneous copying of personal data not subject to distribution and use, and a copy of personal data is used (distributed).

7.4.7. Clarification of personal data during their processing without the use of automation means is carried out by updating or changing data on a material carrier, and if this is not allowed by the technical features of the material carrier – by fixing information on the changes made to them on the same material carrier or by manufacturing a new material carrier with updated personal data.

7.5. Transfer

7.5.1. The transfer of personal data of subjects to third parties is allowed in the minimum necessary amounts and only for the purpose of performing tasks corresponding to the objective reason for the collection of this data.

7.5.2. The transfer of personal data to third parties, including for commercial purposes, is allowed only with the consent of the subject or other legal grounds.

7.5.3. When transferring personal data to third parties, the subject must be notified of such transfer, except in cases specified by law, in particular if:

a) the subject of personal data is notified about the processing of his personal data by the Operator who received the relevant data;

b) personal data is made publicly available by the subject of personal data or obtained from a publicly available source;

c) the transfer of personal data by the Operator is related to and is necessary for this personal data subject to fulfill his professional duties;

d) personal data is processed for statistical or other research purposes, for the professional activity of a journalist or scientific, literary or other creative activity, if the rights and legitimate interests of the subject of personal data are not violated.

7.5.4. The transfer of information containing personal data must be carried out in a way that provides protection against unauthorized access, destruction, modification, blocking, copying, distribution, as well as other illegal actions in relation to such information.

7.5.5. Cross-border transfer of personal data is prohibited if an appropriate level of protection of the rights of personal data subjects is not provided on the territory of a foreign state, except in cases when:

the consent of the personal data subject is given, provided that the personal data subject is informed about the risks arising from the lack of an appropriate level of their protection;

personal data is obtained on the basis of an agreement concluded (being concluded) with the subject of personal data for the purpose of performing the actions established by this agreement;

personal data can be obtained by any person by sending a request in the cases and in the manner prescribed by law;

such transfer is necessary to protect the life, health or other vital interests of the subject of personal data or other persons, if obtaining the consent of the subject of personal data is impossible;

the processing of personal data is carried out within the framework of the execution of international agreements of the Republic of Belarus;

such transfer is carried out by the financial monitoring body in order to take measures to prevent the legalization of proceeds from crime, the financing of terrorist activities and the financing of the proliferation of weapons of mass destruction in accordance with the legislation;

the relevant permission of the authorized body for the protection of the rights of personal data subjects has been obtained.

7.5.6. Persons receiving personal data should be warned that this data can only be used for the purposes for which they are reported and with respect to the confidentiality regime. The operator has the right to require confirmation from these persons that this rule has been observed.

7.5.7. In cases where state bodies have the right to request personal data or personal data must be provided by virtue of legislation, as well as in accordance with a court request, relevant information may be provided to them in accordance with the procedure provided for by the current legislation of the Republic of Belarus.

7.5.8. All incoming requests must be transmitted to the person responsible for organizing the processing of personal data in the Organization for preliminary consideration and approval.

7.6. Processing order

7.6.1. The Operator has the right to entrust the processing of personal data to an authorized person.

7.6.2. In the contract between the Operator and the authorized person, the act of legislation or the decision of the state body must be defined:

purposes of personal data processing;

the list of actions that will be performed with personal data by an authorized person;

obligations to respect the confidentiality of personal data;

measures to ensure the protection of personal data in accordance with Article 17 of the Law on the Protection of Personal Data.

7.6.3. The authorized person is not obliged to obtain the consent of the personal data subject. If it is necessary to obtain the consent of the personal data subject in order to process personal data on behalf of the Operator, the Operator receives such consent.

7.6.4. If the Operator entrusts the processing of personal data to an authorized person, the Operator is responsible to the personal data subject for the actions of the specified person. The authorized person is responsible to the Operator.

7.7. Protection

7.7.1. Personal data protection means a number of legal, organizational and technical measures aimed at:

a) ensuring the protection of information from unauthorized access, destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions in relation to such information;

b) confidentiality of restricted access information;

c) the exercise of the right of access to information.

7.7.2. To protect personal data, the Operator takes the necessary measures provided for by law (including, but not limited to):

a) restricts and regulates the composition of employees whose functional duties require access to information containing personal data (including by using passwords to access electronic information resources);

b) provides conditions for storing documents containing personal data in restricted access;

c) organizes the procedure for the destruction of information containing personal data, if the legislation does not establish requirements for the storage of relevant data;

d) monitors compliance with the requirements for ensuring the security of personal data, including those established by this Regulation (by conducting internal audits, establishing special monitoring tools, etc.);

e) investigate cases of unauthorized access or disclosure of personal data with the involvement of guilty employees to account, taking other measures;

f) implements software and technical means of information protection in electronic form;

g) provides the possibility of restoring personal data modified or destroyed due to unauthorized access to them.

7.7.3. In order to protect personal data during their processing in information systems, the Operator carries out the necessary measures provided for by law (including, but not limited to):

a) identification of threats to the security of personal data during their processing;

b) the application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for the protection of personal data;

c) accounting of machine carriers of personal data;

d) detection of unauthorized access to personal data and taking measures;

e) recovery of personal data modified or destroyed due to unauthorized access to them;

f) establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system.

7.7.4. The Operator appoints persons responsible for organizing the processing of personal data.

7.7.5. The Operator takes other measures aimed at ensuring that it fulfills its obligations in the field of personal data provided for by the current legislation of the Republic of Belarus.

8. RIGHTS AND OBLIGATIONS OF PERSONAL DATA SUBJECTS

8.1. The subject of personal data has the right to:

a) withdraw his consent at any time without giving reasons by submitting an application to the Operator in accordance with the procedure established by Article 14 of the Law on Personal Data Protection, or in the form by which his consent was obtained;

The operator is obliged, within 15 days after receiving the subject’s application in accordance with its content, to stop processing personal data, delete them and notify the subject about it, if there are no other grounds for such actions with personal data provided for by the legislation of the Republic of Belarus.

In the absence of the technical possibility of deleting personal data, the Operator is obliged to take measures to prevent further processing of personal data, including blocking them, and notify the subject of personal data about this within the same period.

Revocation of the consent of the subject of personal data is not retroactive, that is, the processing of personal data before its termination is not illegal. Printed publications, audio or video recordings of programs, radio, television programs, newsreel programs, other information products containing personal data released before the withdrawal of the consent of the subject of personal data are not subject to withdrawal from civil circulation.

b) receive information concerning the processing of their personal data, containing:

name (surname, proper name, patronymic (if any)) and location (address of the place of residence (place of stay)) Operator;

confirmation of the fact of personal data processing by the Operator (authorized person);

his personal data and the source of their receipt;

legal grounds and purposes of personal data processing;

the period for which his consent is given;

the name and location of the authorized person, which is a state body, a legal entity of the Republic of Belarus, or another organization, if the processing of personal data is entrusted to such a person;

other information provided by law;

c) require the Operator to make changes to their personal data if the personal data is incomplete, outdated or inaccurate. For these purposes, the subject of personal data submits an application to the Operator in accordance with the procedure established by Article 14 of the Law on Personal Data Protection, with the attachment of relevant documents and (or) their duly certified copies confirming the need to make changes to personal data;

d) receive information from the Operator about the provision of their personal data to third parties once a calendar year for free, unless otherwise provided by the Law on Personal Data Protection and other legislative acts. To obtain this information, the subject of personal data submits an application to the Operator.

e) require the Operator to stop processing their personal data free of charge, including their deletion, in the absence of grounds for processing personal data provided for by the Law on Personal Data Protection and other legislative acts. In order to exercise this right, the personal data subject submits an application to the Operator in accordance with the procedure established by the Law on Personal Data Protection;

f) appeal the actions (inaction) and decisions of the Operator that violate his rights when processing personal data to the authorized body for the protection of the rights of personal data subjects in accordance with the procedure established by the legislation on appeals of citizens and legal entities.

8.2. In accordance with Article 4 of the Law on Personal Data Protection, in order to exercise the rights specified in subparagraphs a)-e) of this paragraph, the subject of personal data submits an application to the Operator in writing or in the form of an electronic document. Legislative acts may provide for the mandatory personal presence of the subject of personal data and the presentation of an identity document when submitting an application to the operator in writing.

The application of the personal data subject must contain:

the surname, proper name, patronymic (if any) of the subject of personal data, the address of his place of residence (place of stay);

date of birth of the personal data subject;

the identification number of the subject of personal data, in the absence of such a number — the number of the identity document of the subject of personal data, in cases where this information was indicated by the subject of personal data when giving his consent to the Operator or the processing of personal data is carried out without the consent of the subject of personal data;

statement of the essence of the requirements of the personal data subject;

personal signature or electronic digital signature of the subject of personal data;

The response to the application is sent to the personal data subject in the form corresponding to the application form, unless otherwise specified in the application itself.

8.3. The subject’s right to access his personal data may be restricted in accordance with the legislation of the Republic of Belarus.

8.4. All requests of subjects or their representatives in connection with the processing of their personal data are recorded in the appropriate journal.

8.5. The subject of personal data is obliged to:

a) provide the Operator with reliable personal data;

b) promptly inform the Operator about changes and additions to their personal data;

c) exercise their rights in accordance with the legislation of the Republic of Belarus and local legal acts of the Operator in the field of processing and protection of personal data;

d) perform other duties stipulated by the legislation of the Republic of Belarus and local legal acts of the Operator in the field of processing and protection of personal data.

9. RIGHTS AND OBLIGATIONS OF THE ORGANIZATION

9.1. The Operator has the right to:

a) establish rules for processing personal data by the Operator, make changes and additions to this Regulation, independently develop and apply forms of documents necessary for the performance of the Operator’s duties within the framework of legal requirements;

b) exercise other rights provided for by the legislation of the Republic of Belarus and local legal acts of the Operator in the field of processing and protection of personal data.

9.2. The Operator is obliged to:

a) explain to the subject of personal data his rights related to the processing of personal data;

b) obtain the consent of the subject of personal data, except in cases provided for by the legislation of the Republic of Belarus;

c) ensure the protection of personal data during their processing;

d) provide the subject of personal data with information about his personal data, as well as about the provision of his personal data to third parties, except in cases provided for by the legislation of the Republic of Belarus;

e) make changes to personal data that are incomplete, outdated or inaccurate;

f) to terminate the processing of personal data, as well as to delete or block them (to ensure the termination of the processing of personal data, as well as their deletion or blocking by an authorized person) in the absence of grounds for processing personal data provided for by this legislation of the Republic of Belarus;

g) notify the authorized body for the protection of the rights of personal data subjects of violations of personal data protection systems immediately, but no later than three working days after the operator became aware of such violations;

h) to change, block or delete false or illegally obtained personal data of the personal data subject at the request of the authorized body for the protection of the rights of personal data subjects;

i) comply with other requirements of the authorized body for the protection of the rights of personal data subjects on the elimination of violations of the legislation on personal data;

j) perform other duties provided for by this legislation of the Republic of Belarus.

FINAL PROVISIONS

10.1. Issues related to the processing of personal data that are not fixed in this Regulation are regulated by the legislation of the Republic of Belarus.