1.1. “Personal data” means any information relating to a User (personal data subject) that is directly or indirectly defined that may be transferred by the User while using the Website.
1.2. “User” means any individual who is a user (visitor) of the Website.
1.3. “Website” means a website available at: rbs.partners.
1.4. “Operator” means Rights LLC, processing personal data of the User.
1.5. “Processing of personal data” means any action (operation) or set of actions (operations) of the Operator performed with the use of automation means and (or) without the use of such means in relation to personal data of the User, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, supply, access), depersonalization, blocking, deletion, destruction of personal data of the User.
1.6. “Automated processing of personal data” means processing of personal data using computing equipment.
1.7. “Non-automated processing of personal data” means processing of personal data without using any means of automation.
1.8. “Distribution of personal data” means actions aimed at disclosure of personal data of the User to an undefined number and group of persons.
1.9. “Personal data provision” means actions aimed at disclosure of personal data of the User to a certain person or a certain group of persons.
1.10. “Blocking of personal data” means temporary suspension of the User's personal data processing (except for cases when processing is necessary to confirm personal data).
1.11. “Destruction of personal data” means actions that make it impossible to restore the content of personal data of the User in the personal data information system and (or) as a result of which the tangible data carriers are destroyed;
1.12. “Transboundary transfer of personal data” means transfer of personal data to a foreign authority on the territory of a foreign country, foreign individual or foreign legal entity.
1.13. “Personal data information system” means a set of personal data contained in databases and ensuring their processing by information technologies and other technical means.
2. General Provisions
2.1. This Policy on the Processing of Personal Data of Users of the rbs.partners website (hereinafter referred to as the "Policy") defines the general terms and conditions for the collection, processing, storage, transfer and destruction of personal data of Users, which may be transferred by the User through the rbs.partners website.
2.2. This Policy has been developed subject to the requirements of the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation in the field of personal data.
3. Subjects of Personal Data
3.1 The Operator processes personal data of the following categories of subjects:
- individual who is a user or visitor of the Website (User).
4. Legal grounds for personal data processing
4.1 The Operator processes the User's personal data in accordance with the following set of legal acts:
- Labour Code of the Russian Federation;
- Civil Code of the Russian Federation;
- Federal Act No. 149 of 27 July, 2006 on Information, Information Technology and Information Protection;
- Presidential Decree No. 188 of 6 March, 1997 on the Approval of the List of Confidential Information;
- Decree of the Government of the Russian Federation № 1119 of 1 November, 2012 “On approval of requirements for the protection of personal data at their processing in the information systems of personal data”;
- Decree of the Government of the Russian Federation № 687 of 15 September, 2008 “On the features of processing of the personal data which is carried out without use of means of automation”;
- Order of the Federal Service for Technical and Export Control of Russia № 21 of 18 February, 2013 “On approval of the content, organizational and technical measures to ensure the security of personal data during their processing in the information systems of personal data”;
- Order of Roskomnadzor No. 996 of 5 September, 2013 “On Approval of Requirements and Methods for Personal Data Description”;
- Methodological recommendations for the application of Roskomnadzor's Order No. 996 dated 5 September, 2013 “On Approval of Requirements and Methods for Personal Data Description” approved by Roskomnadzor on 13 December, 2013;
- Articles of Association of Rights Limited Liability Company approved by the General Meeting of Shareholders (Minutes No. 1 of 1 November, 2012);
- Order of Rights LLC dated 1 July, 2017 No. “On Approval of the Policy with regard to processing of personal data of users of the website rbs.partners”.
5. The Purposes of Personal Data Processing
5.1 Processing of personal data of the User is carried out for the following purposes:
- establishing feedback with the User, including sending notifications as to the status of the User's application to the e-mail address specified by the User;
- enabling the User to send any information to the Website Operator by means of a feedback form.
6. Principle of Personal Data Processing
6.1 Processing of personal data of the User is carried out subject to the necessity to ensure the protection of the rights and freedoms of the User, including the protection of the right to privacy, personal and family secret, on the basis of the following principles:
6.1.1. Processing of personal data is performed on a legal and fair basis.
6.1.2. Processing of personal data is limited to the achievement of specific, predetermined and legitimate objectives set forth in this Policy.
6.1.3. Processing of personal data that is incompatible with the purposes of personal data collection as set forth in this Policy is prohibited
6.1.4. Databases containing personal data which are processed for purposes that are incompatible with each other may not be consolidated.
6.1.5. Only personal data that satisfies the purpose of its processing shall be processed.
6.1.6. The content and scope of processed personal data correspond to the stated processing purposes and are not excessive in relation to the stated processing purposes.
6.1.7. Personal data processing shall ensure the accuracy of personal data, its sufficiency and, if necessary, its relevance in relation to the purposes of personal data processing.
6.1.8. Necessary measures are to be taken to remove or clarify incomplete or inaccurate data.
6.1.9. Personal data shall be stored in a form that allows to identify the subject of personal data no longer than required by the purpose of personal data processing, unless another period of personal data storage is established by federal law or the contract (a party to which, beneficiary or guarantor is the personal data subject).
6.1.10. Processed personal data upon completion of the processing objectives or in case of loss of necessity to achieve these objectives, unless otherwise provided by the federal law or the contract (the party to which, beneficiary or guarantor is the personal data subject) shall be subject to destruction or depersonalization.
7. List of Processed Personal Data
7.1. The Operator processes the following categories of personal data of the User:
- First Name;
- Last Name;
- E-mail address.
8. Terms of Personal Data Processing
8.1. Processing of personal data is subject to the User's consent to processing of his personal data, unless the legislation of the Russian Federation provides otherwise.
8.3. The Operator shall provide and disclose the information containing the User's personal data to the third party only upon the consent of the User, except for the cases stipulated in the legislation of the Russian Federation.
8.4. The Operator shall be entitled to instruct another person to process the User's personal data on the basis of the contract concluded with this person, unless the federal law stipulates otherwise.
9. Procedure for Personal Data Processing
9.1. The Operator collects, records, systematizes, accumulates, stores, adjusts (updates, modifies), extracts, uses, transmits (distributes, provides, gives access), depersonalizes, blocks, deletes and destroys the User's personal data
9.2. Processing of personal data of the User is performed by the Operator in the following ways:
- processing of personal data using automation means;
- non-automated processing of personal data;
- mixed processing of personal data.
10. Rights of the User
10.1. The user is entitled to:
- obtain full information about his/hers personal data processed by the Operator;
- have an access to his/her personal data, receive a copy of any record containing his/her personal data, except for the cases stipulated by the legislation of the Russian Federation;
- clarify, block or delete his/her personal data if the personal data is incomplete, outdated, inaccurate, illegally obtained or unnecessary for the purpose stated in this Policy
- revoke the consent to personal data processing;
- adopt measures to protect rights in accordance with the legislation of Russian Federation;
- challenge the Operator's action or omission to act, which violate the requirements of the personal data legislation of the Russian Federation in the authorized body for the protection of the rights of personal data subjects or in court;
- exercise other rights provided for by the legislation of the Russian Federation.
10.2 The User are entitled to send to the Operator requests for information regarding the processing of his/her personal data (regarding the use of the personal data) in writing to the following address: 1123056, Moscow, Bolshaya Gruzinskaya Street, 42, building II, room 1B, office 5A, floor 1, or in the form of an electronic document, to the e-mail address: firstname.lastname@example.org.
10.2.1. The User's request for information regarding the processing of his/her personal data shall contain the following:
- last name, first name, Patrionymic of the User;
- number of the identity document of the User or its representative, information on the date of issue of the said document and the issuing authority;
- information confirming the existence of relations of the User with the Operator, or information otherwise confirming the fact of processing of personal data by the Operator;
- text of the request;
- e-mail address of the User where the answer of the Operator is to be sent;
- date and signature of the User.
10.2.2. Upon receipt of the User's request for information regarding the processing of his/her personal data, the Operator undertakes to review it and send a response within thirty calendar days from the date of receipt of the User's request.
11. Modification, blocking, destruction of personal data
11.1. The Operator obliges to make necessary modifications to the User's personal data or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or unnecessary for the purpose stated in the present Policy. This requirement of the User to the Operator shall contain the information indicated in 10.2.1. of this Policy.
11.2. The Operator notifies the User of the modifications made and measures taken within seven calendar days from the date of receipt of the User's request to modify or destroy his/her personal data.
11.3. In case the fact of inaccuracy of the User's personal data is confirmed, the Operator shall update the User's personal data.
11.4. In case of identification of illegal actions involving the User's personal data, the Operator is obliged to eliminate the committed violations within three working days from the date of such identification. In case of impossibility to eliminate the committed violations, the Operator shall be obliged to destroy the personal data within the period not exceeding three working days from the date of identification of the illegality of actions with the User's personal data. The Operator shall notify the User about elimination of the violations or destruction of personal data.
11.5. Upon expiration of three years since the last activity of the User on the Website, the Operator stops processing (storing) his/her personal data and destroys the User's personal data (unless another period of storage of personal data is established by federal law).
12. Measures of personal data protection
12.1. The Operator has taken measures necessary and sufficient to ensure the fulfillment of the Operator's obligations provided for by the laws of the Russian Federation on personal data.
12.2. The Operator shall take legal, organizational and technical measures provided for by Article 19 of the Federal Law No. 152-FZ "On Personal Data" dated 27 July, 2006, to protect the User's personal data from illegal or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in respect of personal data in the course of processing the User's personal data.
13.1. Personal data of the User is confidential information, which is not subject to disclosure, and may not be used by the Operator for the purposes not listed in this Policy.
13.2. Disclosure of the User's personal data or a part thereof shall be allowed only in cases provided for by the current legislation of the Russian Federation, or subject to obtaining the corresponding consent of the User.
13.3. Transboundary transfer of personal data to foreign countries, which do not provide adequate protection of the rights of personal data subjects, is carried out by the Operator only with the consent of the User to such transfer in writing.
14.1. The Operator shall be liable for violation of obligations to provide security and confidentiality of personal data during its processing in accordance with the legislation of the Russian Federation.
14.2. Liability of the Operator's employees who received access to the personal data of the User for failure to comply with the requirements of the standards governing the processing and protection of personal data shall be determined in accordance with the legislation of the Russian Federation on personal data processing and local acts of the Operator.
14.3. The website contains links to other websites. The Operator is not liable for the policy regarding the processing of personal data of other websites other than its own.
15.1. This Policy is an internal document approved by the Operator and is publicly available on the Operator's website.
15.2. This Policy shall become effective from the moment of its publication on the webite and shall apply to the User's personal data received both before and after the entry into force of the present Policy.
15.3. The Operator is entitled to make changes to this Policy unilaterally with mandatory notification sent to Users 15 (fifteen) calendar days prior to the anticipated date of making any amendments by publishing a new version of the Policy or amendments to it on the website in the event of alteration of regulatory legal acts of the Russian Federation, as well as at its own discretion.
16. Detailed information on the Operator
- Name according to the charter and bylaws: Obschestvo s ogranichennoy otvetstvennostyu “Rights”, OOO “Rights” (Rights LLC)
- Statutory address: 123056 Moscow, Bolshaya Gruzinskaya Street, 42, building II, room 1B, office 5A, floor 1
- Real address: 123317 Moscow, Presnenskaya naberezhnaya, 12, Federation Tower in Moscow-City Centre
- Phone: +7 499 408 54 41