Top.Mail.Ru
Русский English
Request a demo
Home

Policy in the field of personal data processing

1. General Provisions

1.1. This Personal Data Processing Policy (hereinafter referred to as the Policy) defines the procedure of processing and protection of personal data of individuals within the framework of conclusion and execution of contracts, conducting statutory activities of PJSC «IVA», address: 420500, Tatarstan Republic, Verkhneuslonsky district, Innopolis city, Universitetskaya street, house No. 7, (hereinafter referred to as the Company) and ensuring the security of processed personal data.

1.2. This policy applies to all personal data of persons (hereinafter referred to as Users) using the following services of the Company (hereinafter referred to as Services):

1.2.1. the website Main.

1.3. The Policy is designed to ensure the protection of the rights and freedoms of the subject of personal data during the processing of his/her personal data (hereinafter — PD).

1.4. Downloading, installation, registration, authorization, access, use of the Services in any other way confirms the User’s full consent to this Policy and the procedure and terms of personal data processing defined by it. When using the Services, the User accepts the terms and conditions of the Policy and gives the Company informed and informed consent to the processing of his/her personal data under the terms and conditions stipulated by this Policy and the laws of the Russian Federation. In case of disagreement with the terms and conditions of the Policy, the User shall immediately stop using the Services.

 

2. Terms and definitions

Personal data protection — a set of technical, organizational, organizational and technical measures aimed at protection of information related to a certain or determined on the basis of such information personal data subject;

Information — information (messages, data) regardless of the form of its presentation;

User — a natural person using the services;

Confidentiality of personal data — mandatory requirement not to allow dissemination of personal data without the consent of the subject or other legal basis;

Provision of personal data — actions aimed at disclosure of personal data to a certain person or a certain circle of persons;

Dissemination of personal data — actions aimed at disclosure of personal data to an indefinite number of persons;

Website — a resource that includes a set of web pages placed on the Internet and specified in clause 1.2.1 of this Policy;

Personal Data Subject — a natural person to whom the personal data refers;

Online Events — conferences, lectures, webinars, master classes, live broadcasts held via audio and video communication on the Internet using the Company’s Software and other Services;

Partners — persons who create and conduct Online Events using the Services on the basis of an agreement with the Company.

 

3. Legal basis of personal data processing

3.1. Processing of Personal Data shall be carried out on the basis of the following federal laws and regulations:

1) Constitution of the Russian Federation;

2) The Labor Code of the Russian Federation;

3) Federal Law No. 152-FZ dated July 27, 2006 «On Personal Data»;

4) Federal Law «On Information, Information Technologies and Information Protection» dated 27.07.2006 N 149-FZ.

5) Regulations on the peculiarities of personal data processing carried out without the use of means of automation. Approved by Resolution of the Government of the Russian Federation No. 687 dated September 15, 2008.

6) Resolution No. 1119 dated November 1, 2012 on the approval of requirements for the protection of personal data during their processing in personal data information systems.

7) Order of FSTEC of Russia No. 55, FSB of Russia No. 86, Ministry of Communications and Mass Media of Russia No. 20 dated February 13, 2008. «On Approval of the Procedure for Classification of Personal Data Information Systems»;

8) Order of the FSTEC of Russia No. 21 dated February 18, 2013 «On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data when Processing in Personal Data Information Systems»;

9) other regulatory legal acts.

 

4. Purposes and procedure of personal data processing

4.1. Personal data shall be processed by the Operator for the following purposes:

4.1.1. fulfillment of the requirements of the legislation of the Russian Federation;

4.1.2. Conclusion, execution and termination of civil law contracts, fulfillment of rights and obligations assumed by the Operator under the contracts, including for the purpose of execution of the contract to which the personal data subject is a party, beneficiary or guarantor.

4.1.3. Realization and protection of rights and legitimate interests of the Company or third parties.

4.1.4. Providing Users with access to the Services and their functionality, rendering services to Users, both for a fee and free of charge.

4.1.5. Registration, authorization, identification, authentication of Users when using the Services.

4.1.6. Carrying out settlements with the subjects of personal data.

4.1.7. Advertising of the Company’s services and facilities by addressing directly to the User. Sending information about news, promotions, discounts, contests, surveys, Services and other products of the Company and its partners. The User has the right to refuse to receive advertising messages at any time.

4.1.8. Refinement, improvement of the quality of services, support, improvement of the quality of the Services and convenience of their use, elimination of errors, shortcomings, including those in the security system.

4.1.9. Analyzing and monitoring the use of the Services.

4.1.10. Sending to Users notices, information, requests related to the operation of the Services and provision of services to Users, including information about payments, access to paid services, other consulting of Users, processing of applications, questions, statements and other messages of Users.

4.1.11. Providing Users with personalized services and services.

4.1.12. Targeting of advertising materials.

4.1.13. Conducting statistical and other research using anonymized personal data.

4.1.14. Carrying out activities stipulated by the Company’s Charter.

4.1.15. Execution of instructions of other personal data operators.

4.1.16. Registration of Users for events organized by the Company within the framework of its activities (conferences, lectures, webinars, etc.).

4.2. For each of the purposes stipulated in cl. 4.1. of these Regulations, the uniform methods, terms of processing and storage of personal data provided for in these Regulations are applied, the procedure for destruction of personal data is provided for by the Instruction on destruction of personal data adopted by the Company and does not depend on the purpose of use of personal data.

4.3. When processing personal data, the Operator will perform the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

4.4. In cases stipulated by the current legislation, the subject of personal data decides to provide his/her personal data to the Operator and gives his/her consent to their processing freely, of his/her own free will and in his/her own interest.

4.5. The Operator shall ensure that the content and scope of processed personal data corresponds to the stated processing purposes and, if necessary, shall take measures to eliminate their redundancy in relation to the stated processing purposes.

 

5. Composition of processed personal data

5.1. The following data subjects' personal data shall be processed by the Operator:

  • operator’s customers;
  • users of the Services;
  • contractors and their representatives;
  • persons sending appeals to the Company and their representatives.

5.2. List of processed personal data:

  • Surname, first name, patronymic;
  • Date of birth;
  • Gender;
  • Contact details (e-mail address, telephone number);
  • Place of work, Position;
  • Photos;
  • Address;
  • Passport details;
  • Bank details;
  • Other data of the subject of personal data voluntarily given to the Company when filling in registration forms, in any other interaction between the Company and the subject.

5.3. Biometric personal data are not processed.

5.4. The Company processes unique information relating to personal data subjects, not related to personal data, which it receives when using the Services, including:

5.4.1. Cookies. Small text files stored in the browser of the User’s device that save the User’s individual settings. When using the Site for the first time in the browser, the Site asks for consent to the processing of cookies. By consenting to the processing of said files or by continuing to use the Services, the User consents to the Company being able to download cookies to the User’s device. The User has the right to delete cookies at any time. If the User refuses to process and save cookies, some components of the Services may not be available.

5.4.2. Log data. Text files that record information about all User activities and the operation of the Services in chronological order. Log data may include IP address, characteristics of the browser and device of the User, data on the date, time and duration of use of the Services, actions of Users, data on errors occurring during the use of the Services.

5.4.3. Data on the use of the Services. Includes technical parameters of the use of the Services, error reports.

5.4.4. Data about technical means: IP-address, type of operating system, browser type, User’s device type, geographical location, Internet provider.

 

6. Procedure of personal data processing

6.1. The Company collects personal data in the following ways:

  • Self-filling of registration and feedback forms by the User when using the Service;
  • Automatic collection of data specified in clause 5.4. of this Policy;
  • Receipt of personal data from the organizer of online events held through the Services using the API function (software application programming interface to implement complex scenarios of interaction between the Software and websites and information systems of the online event organizer). The online event organizer shall obtain consent from the personal data subject to transfer personal data to the Company independently.

6.2. Grounds for termination of data processing:

  • achievement or lack of necessity to achieve the purposes of personal data processing;
  • expiration of the consent period or withdrawal of consent by the subject of personal data;
  • detection of unlawful processing of personal data.

6.3. The Company undertakes to cease processing of personal data from the moment of receipt of the personal data subject’s application (revocation), and in case the personal data retention is no longer required for the purposes of personal data processing, to destroy them within the time period and under the terms and conditions established by the legislation of the Russian Federation.

 

7. Ensuring protection of personal data during their processing by the Operator

7.1. The Operator shall take measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Federal Law of July 27, 2006 No. 152-FZ «On Personal Data» and regulatory legal acts adopted in accordance with it. The Operator independently determines the composition and the list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Federal Law of July 27, 2006, No. 152 «On Personal Data», by the Government Decision of September 15, 2008, No. 687 «On Approval of the Regulation on the peculiarities of personal data processing carried out without the use of means of automation», by the Government Decision of November 1, 2012, No. 1119 «On Approval of the requirements for the protection of personal data during their processing in information systems». Such measures include:

  • appointment by the Operator of a person responsible for organization of personal data processing;
  • issuance by the Operator of documents defining the Operator’s policy with regard to personal data processing, local acts on personal data processing, as well as local acts establishing procedures aimed at prevention and detection of violations of the legislation of the Russian Federation, elimination of consequences of such violations;
  • application of legal, organizational and technical measures to ensure the security of personal data;
  • internal control and (or) audit of compliance of personal data processing with the Federal Law «On Personal Data» and regulatory legal acts adopted in accordance with it, requirements to personal data protection, Operator’s policy on personal data processing, local acts of the Operator;
  • determining the assessment of the damage that may be caused to personal data subjects in case of violation of the Federal Law «On Personal Data», the correlation between the said damage and the measures taken by the Operator aimed at ensuring the fulfillment of obligations stipulated by the Federal Law «On Personal Data»;
  • familiarization of the Operator’s employees directly involved in personal data processing with the provisions of the Russian Federation legislation on personal data, including the requirements to personal data protection, documents defining the policy The Operator in relation to personal data processing, local acts on personal data processing, and (or) training of the said employees.

7.2. When processing personal data, the Operator shall take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.

 

8. Right of the personal data subject to access his/her personal data

8.1. The data subject has the right to request the Operator to clarify his/her personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect his/her rights.

8.2 Information shall be provided to the personal data subject or his/her representative by the operator upon application or upon receipt of a request from the personal data subject or his/her representative. The request shall contain the number of the main identity document of the personal data subject or his/her representative, information on the date of issue of the said document and the issuing authority, information confirming the participation of the personal data subject in relations with the Operator (contract number, date of the contract, word designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator, signature of the personal data subject or his/her representative. The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

8.3 The Operator has the right to refuse the personal data subject to fulfill a repeated request. Such refusal shall be motivated. The obligation to provide evidence of the reasonableness of the refusal to fulfill the repeated request lies with the Operator.

8.4 The personal data subject has the right to receive information regarding the processing of his/her personal data, including information containing:

  • confirmation of the fact of personal data processing by the Operator;
  • legal grounds and purposes of personal data processing;
  • the purposes and methods of personal data processing applied by the Operator;
  • name and location of the Operator, information about persons (except for the Operator’s employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with
  • the Operator or on the basis of federal law;
  • the personal data being processed relating to the respective personal data subject, the source of obtaining such data, unless another procedure for the presentation of such data is provided for by federal law;
  • the terms of personal data processing, including the terms of their storage;
  • the procedure for exercising by the subject of personal data the rights provided for by the Federal Law «On Personal Data»;
    information about the realized or supposed trans-border transfer of data;
  • the name or surname, first name, patronymic and address of the person who processes personal data on behalf of the Operator, if the processing is or will be entrusted to such a person.

8.5 If the personal data subject believes that the operator processes his/her personal data in violation of the requirements of the Federal Law «On Personal Data» or otherwise violates his/her rights and freedoms, the personal data subject has the right to appeal the actions or inactions of the operator to the authority authorized to protect the rights of personal data subjects, or in court.

8.6 The subject of personal data has the right to protection of his/her rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court.

 

9. Final provisions

9.1 This Policy is approved in the manner prescribed by the Company’s Articles of Association.

9.2 This Policy shall have unrestricted access to all interested parties.

9.3 This Policy shall be valid for an indefinite period of time. Amendments to this Policy shall be approved in accordance with the procedure stipulated by the Company’s Charter and shall come into effect from the moment of their approval and posting of the electronic version on the Company’s websites specified in clause 1.2. of the Policy. of the Policy.

9.4 The approved Policy shall be kept at the address of the location of the Company’s executive body.

Cookie Notification

We use cookies to provide the best possible representation of our website. By continuing to use this website, you agree to the use of cookies.