Personal Data Processing Policy
1. General Provisions
This Personal Data Processing Policy is drafted in accordance with the requirements of Federal Law No. 152-FZ “On Personal Data” dated 27.07.2006 (hereinafter referred to as the “Personal Data Law”) and outlines the procedures for processing personal data and measures to ensure the security of personal data. These procedures are implemented by the Association of Anti-Corruption Experts “Ekspertiza” (hereinafter referred to as the “Operator”).
1.1. The Operator considers the protection of human and civil rights and freedoms during the processing of personal data, including the right to privacy, personal and family confidentiality, as its paramount goal and essential condition for its activities.
1.2. This Policy regarding the processing of personal data (hereinafter referred to as the “Policy”) applies to all information the Operator may obtain about visitors to the website https://АссоциацияЭкспертиза.рф.
2. Key Terms Used in the Policy
2.1. Automated Processing of Personal Data — the processing of personal data using computer technology.
2.2. Blocking of Personal Data — the temporary suspension of personal data processing (except when processing is required to clarify personal data).
2.3. Website — a collection of graphical and informational materials, as well as software and databases, accessible on the Internet at the network address https://АссоциацияЭкспертиза.рф.
2.4. Personal Data Information System — a collection of personal data contained in databases and the information technologies and technical tools that enable their processing.
2.5. Anonymization of Personal Data — actions that render it impossible to identify, without the use of additional information, the association of personal data with a specific User or other subject of personal data.
2.6. Processing of personal data – any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Operator – a state body, municipal body, a legal entity or an individual who independently or jointly with other persons organize and/or carry out the processing of personal data, as well as determine the purposes of processing personal data, the composition of personal data subject to processing, and the actions (operations) performed with personal data.
2.8. Personal data – any information related directly or indirectly to a specific or identifiable User of the website https://АссоциацияЭкспертиза.рф.
2.9. Personal data allowed by the subject of personal data for distribution – personal data to which access of an unlimited number of persons is provided by the subject of personal data by giving consent to the processing of personal data allowed by the subject of personal data for distribution in the manner prescribed by the Law on Personal Data (hereinafter – personal data allowed for distribution).
2.10. User – any visitor to the website https://АссоциацияЭкспертиза.рф.
2.11. Provision of personal data – actions aimed at disclosing personal data to a certain person or a certain group of persons.
2.12. Dissemination of personal data – any actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or familiarizing an unlimited number of persons with personal data, including the publication of personal data in the media, placement in information and telecommunication networks or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a government authority of a foreign state, a foreign individual or a foreign legal entity.
2.14. Destruction of personal data – any actions as a result of which personal data are irrevocably destroyed with the inability to further restore the content of personal data in the personal data information system and/or the material media of personal data are destroyed.
3. Main Rights and Obligations of the Operator
3.1. The Operator has the right to:
— receive authentic information and/or documents containing personal data from the subject of personal data;
— in the event of the withdrawal by the subject of personal data of consent to the processing of personal data, as well as the submission of an application with a demand to stop the processing of personal data, to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Law on Personal Data;
— independently determine the composition and list of measures necessary and sufficient to fulfill the obligations provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws.
3.2. The Operator is obliged to:
— provide the subject of personal data, at his/her request, with information related to the processing of his/her personal data;
— organize the processing of personal data in the manner established by the current legislation of the Russian Federation;
— respond to appeals and requests of subjects of personal data and their legal representatives in accordance with the requirements of the Law on Personal Data;
— report to the authorized body for the protection of the rights of subjects of personal data, upon request of this body, the necessary information within 10 days from the date of receipt of such a request;
— publish or otherwise provide unlimited access to this Policy regarding the processing of personal data;
— take legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data;
— stop the transfer (distribution, provision, access) of personal data, stop the processing and destroy personal data in the manner and cases provided for by the Law on Personal Data;
— fulfill other obligations provided for by the Law on Personal Data.
4. Main Rights and Obligations of Subjects of Personal Data
4.1. Subjects of personal data have the right to:
— receive information related to the processing of his/her personal data, except for the cases provided for by federal laws. The information is provided to the subject of personal data by the Operator in an accessible form, and it should not contain personal data related to other subjects of personal data, except for cases where there are legitimate grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Law on Personal Data;
— demand that the operator clarify his/her personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
— put forward the condition of prior consent when processing personal data for the purpose of promoting goods, works and services on the market;
— revoke consent to the processing of personal data, as well as to send a requirement to stop the processing of personal data;
— appeal to the authorized body for the protection of the rights of subjects of personal data or in court against unlawful actions or inaction of the Operator in the processing of his/her personal data;
— exercise other rights provided for by the legislation of the Russian Federation.
4.2. Subjects of personal data are obliged to:
— provide the Operator with reliable data about themselves;
— inform the Operator about the clarification (updating, changing) of their personal data.
4.3. Persons who have provided the Operator with unreliable information about themselves, or information about another subject of personal data without the consent of the latter, are responsible in accordance with the legislation of the Russian Federation.
5. Principles of Personal Data Processing
5.1. Personal data processing is carried out on a legal and fair basis.
5.2. Processing of personal data is limited to the achievement of specific, pre-defined and legal goals. Processing of personal data incompatible with the purposes of collecting personal data is not allowed.
5.3. Merging databases containing personal data, the processing of which is carried out for incompatible purposes, is not allowed.
5.4. Only personal data that meet the purposes of their processing are subject to processing.
5.5. The content and volume of the processed personal data correspond to the stated purposes of the processing. Excessive processing of personal data in relation to the stated purposes of their processing is not allowed.
5.6. When processing personal data, the accuracy of personal data, their sufficiency, and in necessary cases, their relevance in relation to the purposes of personal data processing are ensured. The Operator takes the necessary measures and/or ensures their adoption to delete or clarify incomplete or inaccurate data.
5.7. Personal data is stored in a form that allows identification of the subject of personal data for no longer than required by the purposes of processing personal data, unless the storage period of personal data is established by federal law, a contract to which the subject of personal data is a party, beneficiary or guarantor. The processed personal data are destroyed or anonymized upon achieving the processing purposes or in case of loss of the need to achieve these purposes, unless otherwise provided by federal law.
6. Conditions for processing personal data
6.1. Personal data is processed with the consent of the subject of personal data to the processing of his/her personal data.
6.2. Processing of personal data is necessary to achieve the goals provided for by an international treaty of the Russian Federation or a law, for the implementation of the functions, powers and duties imposed on the operator by the legislation of the Russian Federation.
6.3. Processing of personal data is necessary for the administration of justice, execution of a court act, an act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings.
6.4. Processing of personal data is necessary for the performance of a contract to which the subject of personal data is a party, beneficiary or guarantor, as well as for the conclusion of a contract at the initiative of the subject of personal data or a contract under which the subject of personal data will be a beneficiary or guarantor.
6.5. Processing of personal data is necessary for the exercise of the rights and legitimate interests of the operator or third parties, or for the achievement of socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated.
6.6. Processing of personal data is carried out, the access of an unlimited number of persons to which is provided by the subject of personal data or at his/her request (hereinafter referred to as publicly available personal data).
6.7. Processing of personal data subject to publication or mandatory disclosure in accordance with federal law is carried out.
7. Procedure for collecting, storing, transferring and other types of processing personal data
The security of the personal data processed by the Operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the current legislation in the field of personal data protection.
7.1. The Operator ensures the safety of personal data and takes all possible measures to exclude access to personal data by unauthorized persons.
7.2. The User’s personal data will never, under any circumstances, be transferred to third parties, except in cases related to the execution of current legislation or in the event that the subject of personal data has given the Operator consent to transfer data to a third party for the performance of obligations under a civil contract.
7.3. In case of detecting inaccuracies in personal data, the User can update them independently by sending a notification to the Operator’s email address expertz@internet.ru with the note “Updating personal data”.
7.4. The term of processing personal data is determined by the achievement of the purposes for which the personal data were collected, unless a different term is provided for by the contract or current legislation.
The User can at any time withdraw their consent to the processing of personal data by sending a notification to the Operator’s email address expertz@internet.ru with the note “Withdrawal of consent to the processing of personal data”.
7.5. All information collected by third-party services, including payment systems, means of communication and other service providers, is stored and processed by the said persons (Operators) in accordance with their User Agreement and Privacy Policy. The subject of personal data is advised to familiarize themselves with the specified documents. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this paragraph.
7.6. The restrictions on the transfer (except for providing access) and on the processing or processing conditions (except for granting access) of personal data authorized for distribution, established by the subject of personal data, do not apply in cases of processing personal data in the state, public and other public interests defined by the legislation of the Russian Federation.
7.7. The Operator, when processing personal data, ensures the confidentiality of personal data.
7.8. When delivering goods, the Operator may collect data on the final delivery point and the recipient in order to accurately calculate the route. Cargo transportation is carried out with the help of transport companies and courier delivery services. Prices are according to the carrier’s tariffs, depending on the volume and weight of the cargo, as well as the distance from the point of departure. For oversized and bulky cargo, special transportation conditions apply, the cost can be calculated through the website NNV-Negabarit.
7.9. The Operator stores personal data in a form that allows identifying the subject of personal data, no longer than required by the purposes of personal data processing, unless the storage period of personal data is established by federal law, a contract to which the subject of personal data is a party, beneficiary or guarantor.
7.10. The condition for termination of personal data processing may be the achievement of the purposes of personal data processing, the expiration of the consent of the subject of personal data, the withdrawal of consent by the subject of personal data or the requirement to stop the processing of personal data, as well as the detection of unlawful processing of personal data.
8. List of actions performed by the Operator with the received personal data
8.1. The Operator performs collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction of personal data.
8.2. The Operator carries out automated processing of personal data with the receipt and/or transfer of the received information over information and telecommunication networks or without them.
9. Cross-border transfer of personal data
9.1. Before starting activities related to the cross-border transfer of personal data, the Operator is obliged to notify the authorized body for the protection of the rights of personal data subjects of its intention to carry out the cross-border transfer of personal data (such a notification is sent separately from the notification of the intention to process personal data).
9.2. Before submitting the above notification, the Operator is obliged to obtain the relevant information from the authorities of a foreign state, foreign individuals, foreign legal entities to whom the cross-border transfer of personal data is planned.
10. Confidentiality of personal data
The Operator and other persons who have access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.
11. Final provisions
11.1. Users may request clarification on any questions related to the processing of their personal data by contacting the Operator via email at expertz@internet.ru.
11.2. Any changes to the Operator’s personal data processing policy will be reflected in this document. The Policy remains in effect indefinitely until replaced by a new version.
11.3. The current version of the Policy is publicly available on the Internet at https://АссоциацияЭкспертиза.рф/policy.