Privacy Policy
Personal data processing policy
- General provisions
This policy has been developed to comply with European Union legislation on personal data and is aimed at ensuring the protection of human and civil rights and freedoms when organizing and/or processing personal data by the Operator, including the protection of the rights to privacy, personal and family privacy, and informing personal data subjects about the Operator’s actions to process and protect their personal data.
The Policy has been developed in accordance with the General Data Protection Regulation and is subject to mandatory publication on the Operator’s website. Unlimited access to the Policy is provided.
The Policy applies to all structural divisions of the Operator. All employees of the Operator must be familiarized with the Policy in accordance with the procedure established by the Operator for familiarization with local regulations.
If third parties plan to obtain temporary or permanent access to personal data processed by the Operator, the Operator shall, prior to granting such access, take all necessary measures to ensure that such persons undertake obligations regarding the protection of personal data that are no less stringent than those provided for in the Policy.
- Principles of personal data processing
When processing personal data, the Operator adheres to the following principles:
- Legality, fairness, and transparency.
- Purpose limitation.
- Data minimization.
- Accuracy.
- Storage limitation.
- Integrity and confidentiality.
- Accountability.
- Conditions (legal grounds) for processing personal data
The Operator processes personal data if at least one of the following conditions (legal grounds) is met:
- The processing of personal data is carried out with the consent of the personal data subject to the processing of their personal data
- The processing of personal data is necessary to achieve the objectives set out in an international treaty or law, to implement and perform the functions, powers, and duties assigned to the operator by law.
- The processing of personal data is necessary for the execution of a judicial act, an act of another authority or official, subject to execution in accordance with European Union legislation on enforcement proceedings.
- The processing of personal data is necessary for the performance of a contract to which the data subject is a party or the beneficiary or guarantor, as well as for the conclusion of a contract at the initiative of the data subject or a contract in which the data subject will be the beneficiary or guarantor.
- The processing of personal data is necessary to protect the life, health, or other vital interests of the personal data subject if it is impossible to obtain the consent of the personal data subject.
- The processing of personal data is necessary to exercise the rights and legitimate interests of the operator or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the personal data subject.
- Personal data subject to publication or mandatory disclosure in accordance with the law is processed.
- Purposes of personal data processing, categories and list of personal data processed, categories of subjects whose personal data is processed, methods and terms of personal data processing and storage, procedure for its destruction
4.1. For each purpose of personal data processing, the Operator has determined:
- the categories and list of personal data processed
- the categories of personal data subjects whose personal data is processed by the Operator
- the methods and terms of processing and storage of personal data
- the procedure for destroying personal data
4.2. To achieve each purpose of personal data processing, the Operator processes personal data in the following manner: mixed processing, i.e., processing by both automated and non-automated means, with transmission via the internal network of the legal entity and via the Internet.
Actions (operations) with personal data that the Operator performs to achieve each of the purposes of personal data processing: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), blocking, deletion, and destruction of personal data.
4.3. The terms of processing and storage of personal data processed to achieve each purpose of personal data processing are established based on the conditions of personal data processing, the provisions of the contract, the party, beneficiary, or guarantor represented by the personal data subject, and/or the consent of the personal data subject. The processing and storage of personal data shall not exceed the time required to achieve the purposes of personal data processing, unless otherwise provided by law.
4.4. The destruction of personal data processed for each of the purposes of personal data processing shall be carried out in the following order, unless otherwise provided by law:
- upon achievement of the purpose of personal data processing or in case of loss of necessity to achieve the purpose of personal data processing
- upon discovery of unlawful personal data processing
- upon withdrawal of consent to personal data processing by the personal data subject
- upon submission of a request by the personal data subject to terminate personal data processing
The methods of destruction of personal data are determined by the Operator’s local regulations depending on the method of processing, the capabilities of the personal data information system, and the type of physical medium of personal data.
4.5. The Operator processes personal data to achieve the following objectives:
Conducting transactions to achieve the objectives of the Operator’s activities in accordance with the Operator’s Charter, exercising rights and fulfilling obligations under contracts with counterparties.
Categories of personal data: non-special and non-biometric: surname, first name, patronymic, date of birth, place of birth, citizenship, details of identity document, contact telephone numbers (personal, corporate), corporate email address, personal email addresses, place of work and position held, information about previous work experience and employers, education, photograph.
Categories of personal data subjects: employees, contractors, individuals – employees of the Operator’s clients.
Conditions (legal grounds) for processing personal data: consent, performance of a contract to which the personal data subject is a party or beneficiary, exercise of the rights and legitimate interests of the operator and third parties.
Methods of personal data processing: specified in clause 4.2 of the Policy.
Term of personal data processing and storage: specified in clause 4.3 of the Policy.
Procedure for the destruction of personal data: specified in clause 4.4 of the Policy.
Advertising and marketing purposes aimed at attracting customers, informing customers about the Operator’s services, and obtaining feedback.
Categories of personal data: non-special and non-biometric: surname, first name, patronymic, date of birth, contact telephone numbers (personal, corporate), corporate email address, personal email addresses, education.
Categories of personal data subjects: counterparties, visitors, event participants, any persons who have agreed to receive newsletters.
Conditions (legal grounds) for processing personal data: consent.
Methods of processing personal data: defined in clause 4.2 of the Policy.
Term of processing and storage of personal data: specified in clause 4.3 of the Policy.
Procedure for destruction of personal data: specified in clause 4.4 of the Policy.
Exercise and fulfillment of the functions, powers, and duties assigned to the Operator by European Union legislation.
Categories of personal data: non-special and non-biometric: surname, first name, patronymic, date of birth, place of birth, details of identity document.
Categories of personal data subjects: employees, former employees, contractors, participants in legal entities, members of management bodies of legal entities.
Conditions (legal grounds) for processing personal data: implementation and fulfillment of the functions, powers, and responsibilities assigned to the Operator by European Union legislation.
Methods of processing personal data: specified in clause 4.2 of the Policy.
Term of processing and storage of personal data: specified in clause 4.3 of the Policy.
Procedure for the destruction of personal data: specified in clause 4.4 of the Policy.
Preparation of proposals to clients for the conclusion of contracts.
Categories of personal data: non-special and non-biometric: surname, first name, patronymic, date of birth, place of birth, citizenship, details of identity document, contact telephone numbers (work, corporate), corporate email address, place of work and position held, information about previous work experience and employers, education, photograph.
Categories of personal data subjects: employees, contractors.
Conditions (legal grounds) for processing personal data: consent.
Methods of processing personal data: specified in clause 4.2 of the Policy.
Term of processing and storage of personal data: specified in clause 4.3 of the Policy.
Procedure for destruction of personal data: specified in clause 4.4 of the Policy.
Conducting an audit of the Operator’s activities.
Categories of personal data: non-special and non-biometric: surname, first name, patronymic, date of birth, place of birth, citizenship, details of identity document, contact telephone numbers (work, corporate), corporate email address, place of work and position held, information about previous work experience and employers, education, photograph.
Categories of personal data subjects: employees, contractors, customers.
Conditions (legal grounds) for processing personal data: consent.
Methods of processing personal data: specified in clause 4.2 of the Policy.
Term of processing and storage of personal data: specified in clause 4.3 of the Policy.
Procedure for destroying personal data: specified in clause 4.4 of the Policy.
- Rights of the personal data subject
The personal data subject has the rights granted to them by the GDPR. The personal data subject can exercise these rights by contacting the Operator with a written request or by emailing the address specified in the “Addresses and Contacts” section. The request to the Operator is written in free form, but must contain the following information: details of the person making the request (surname, first name, patronymic (if any); contact information – email address or postal address, as well as information that will allow the Operator to establish, based on the information available to the Operator, the fact of processing of the applicant’s personal data. If you are exercising your right to clarify, block, and/or delete information, the request must also contain a list of personal data to be clarified, blocked, and/or deleted.
- Cookie technology
Cookie technology allows our website to store pieces of data (“identifiers”) in your device’s browser, which will be used by our website when you visit it again. Cookies are used to ensure more efficient functioning of the website, as well as to provide certain information to the website owners.
Cookies perform many different tasks. For example, they help you navigate the website quickly, remember your preferences, and generally improve the user experience. In particular, cookies can tell us whether you have visited our website before or are visiting it for the first time.
Please note that our website may contain links to third-party resources that we do not control and to which the Policy does not apply. Any consent to the use of cookies or refusal to use them is limited to our website only and does not apply to other resources that may be linked to our website.
There are two basic categories of cookies:
- First-party cookies, which we place on your device
- Third-party cookies, which are placed by a third party on our behalf
Cookies may be stored on your computer or mobile device for varying periods of time. Some cookies are “session” cookies, meaning they only exist while your browser is open. Once you close your browser, they are automatically deleted. Other cookies are persistent, meaning they remain after you close your browser. They can be used by the website to identify your computer when you open your browser and start using the Internet again.
If you enable the “Do Not Track” feature in your browser, cookies will be automatically disabled.
Our website uses cookies that perform the following basic functions:
- Essential cookies, without which the website cannot function properly
- Functional cookies, which improve your experience of the website (for example, by remembering your settings) and help us to evaluate the effectiveness of the website and optimize its user interface. When using such files, we do not store any personal data, but use the information collected by these files exclusively in a generalized, anonymized form
- Analytical cookies, which are used to collect information about the number of visits, time spent on the website, etc. in order to improve the website’s performance
- Ensuring the security of personal data
The security of personal data processed by the Operator is ensured by the implementation of legal, organizational, and technical measures necessary to comply with the requirements of the legislation in the field of personal data protection.
To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
- Appointment of officials responsible for organizing the processing and protection of personal data
- Restriction of the number of persons authorized to process personal data
- Familiarization of subjects with the requirements of the legislation and regulatory documents of the Operator on the processing and protection of personal data
- Organization of accounting, storage, and handling of media containing personal data
- Identification of threats to the security of personal data during its processing, and the creation of threat models based on these threats
- Development of a personal data protection system based on threat models
- Verification of the readiness and effectiveness of information protection measures
- Differentiation of user access to information resources and software and hardware for information processing
- Registration and recording of actions of users of personal data information systems
- Use of antivirus tools and personal data protection system recovery tools
- Use of firewalls, intrusion detection, security analysis, and cryptographic information protection tools where necessary
- Organization of access control to the Operator’s premises and security of premises with technical means of personal data processing
- Final provisions
The Policy shall come into force and become binding on all employees of the Operator from the moment of its approval. The Operator has the right to change the Policy at any time at the Operator’s discretion. Other rights and obligations of the Operator in relation to the processing of personal data are determined by European Union legislation in the field of personal data. Employees of the Operator who are guilty of violating the rules governing the processing and protection of personal data shall bear material, disciplinary, administrative, civil, or criminal liability in accordance with the procedure established by law.