Policy on Processing of Personal Data 1. General Provisions
This policy on the processing of personal data has been drawn up in accordance with Federal Law No.152-FZ dated 27.07.2006 “On Personal Data” (hereinafter – “Law on Personal Data”) and sets out the procedure for processing personal data and the measures for ensuring the security of personal data undertaken by Urbantech-M LLC (hereinafter – “Operator”).
2. Basic Concepts Used in the Policy
- The Operator regards compliance with the rights and freedoms of man and citizens when processing their personal data, including protection of the right to privacy, personal and family secrecy as the most important objective and precondition of its activities.
- This policy of the Operator in respect of processing personal data (hereinafter – “Policy”) applies to any information which the Operator may receive about visitors to the website https://urbantechgroup.ru.
2.1. Automated processing of personal data means the processing of personal data using computer equipment.
2.2. Blocking of personal data means the temporary cessation of processing of personal data (except in cases where processing is essential to rectify personal data).
2.3. The website is the totality of graphical and information materials, together with software for computers and data bases making them accessible on the internet at the internet address https://urbantechgroup.ru.
2.4. The personal data information system is the totality of personal data contained in the data bases, together with the information technologies and technical systems used to process them.
2.5. Anonymization of personal data means actions that make it impossible to determine without additional information that personal data belong to a specific User or to another personal data subject.
2.6. Processing of personal data means any action (operation) or totality of actions (operations) performed using automated devices or without using such systems with personal data, including the collection, recording, systematization, accumulation, storage, rectification (updating, amendment), extraction, use, transfer (dissemination, provision, access) anonymization, blocking, deletion or destruction of personal data.
2.7. The Operator is a government body, municipal body, legal or physical entity which independently or jointly with other parties organizes and(or) performs processing of personal data, and also defines the purposes of processing personal data, the scope of personal data to be processed, and the actions (operations) to be performed with personal data.
2.8. Personal data means any information relating directly or indirectly to an identified or identifiable User of the website https://urbantechgroup.ru.
2.9. Personal data permitted for dissemination by a personal data subject means personal data to which the personal data subject has granted access to an unlimited range of persons by granting consent to processing of personal data permitted for dissemination, as stipulated in the Law on Personal Data (hereinafter – “Personal Data Permitted for Dissemination”).
2.10. A User is any visitor to the website https://urbantechgroup.ru.
2.11. The provision of personal data means actions aimed at disclosing personal data to a specific person or to a specific group of persons.
2.12. Dissemination of personal data means any actions aimed at disclosing personal data to an undefined group of persons (transfer of personal data) or at the viewing of personal data by an unlimited group of persons, including publication of personal data in the mass media, placement in data telecommunication networks or provision of access to personal data by any other means.
2.13. Cross-border transfer of personal data means the transfer of personal data to the territory of a foreign state to a government body of a foreign state, to a foreign individual or a foreign legal entity.
2.14. Destruction of personal data means any actions as a result of which personal data is irretrievably destroyed with no possibility of future restoration of the content of the personal data in the personal data information system and (or) physical media containing personal data are destroyed.3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:
– receive accurate information and/or documents containing personal data from the personal data subject;
– if a personal data subject withdraws their consent to processing of personal data, the Operator is entitled to continue processing the personal data without the consent of the personal data subject where there are grounds as stipulated in the Law on Personal Data;
– independently define the scope and list of necessary and sufficient measures to ensure compliance with the Law on Personal Data and the regulations adopted in accordance with it, unless otherwise stipulated by the Law on Personal Data or other federal laws.
3.2. The Operator must:
– provide information about the processing of their personal data to a personal data subject upon their request;
– organise the processing of personal data in line with current RF law;
– reply to queries and requests from personal data subjects and their legal representatives in accordance with the Law on Personal Data;
– submit the necessary information to the authorised body for protection of the rights of personal data subjects, if requested by such body, within 30 days of receipt of such request;
– publish or otherwise provide unlimited access to this Policy on processing of personal data;
– take legal, organisational and technical measures to protect personal data against unlawful or accidental access to them, destruction, alteration, blocking, copying, provision and dissemination of personal data, and also against other unlawful actions in respect of personal data;
– cease the transfer (dissemination, provision, access) of personal data, cease processing, and destroy personal data as and where stipulated by the Law on Personal Data;
– perform other obligations stipulated by the Law on Personal Data.4. Basic Rights and Obligations of Personal Data Subjects
4. Personal data subjects have the right to:
– receive information concerning the processing of their personal data, except as stipulated by federal laws. The information shall be provided to the personal data subject by the Operator in an accessible form and shall not contain personal data relating to other personal data subjects, except where there are legal grounds for disclosing such personal data. The list of information and procedure for receiving it are set out in the Law on Personal Data;
– demand that the operator rectify their personal data, block them or destroy them if the personal data are incomplete, obsolete, inaccurate, unlawfully obtained or are not necessary for the stated objective of the data processing, and also take measures as stipulated in law to protect their rights;
– set a condition of preliminary consent to processing of personal data for the purposes of promoting goods, works or services on the market;
– withdraw their consent to processing of personal data;
– appeal to the authorised body for protection of the rights of personal data subjects or in court against unlawful actions or omissions by the Operator when processing their personal data;
– exercise other rights stipulated by RF law.
4.2. Personal data subjects must:
– provide the Operator with accurate data about themselves;
– inform the Operator of rectifications (updates, amendments) to their personal data.
4.3. Parties who have provided the Operator with inaccurate information about themselves or information about another personal data subject without the latter’s consent are liable under RF law.5. The Operator may process the following personal data of a User
5.1. Full name.
5.2. Email address.
5.3. Telephone numbers.
5.4. The website also collects and processes anonymized data on visitors (including cookies) with the help of internet statistics services (Yandex.Metrica, Google Analytics and others).
5.5. Hereinafter, the aforementioned data are combined under the common general concept of Personal Data.
5.6. The Operator does not process special categories of personal data concerning racial and ethnic background, political views, religious or philosophical beliefs and sex life.
5.7. Processing of personal data permitted for dissemination among the special categories of personal data listed in Article 10.1 of the Law on Personal Data is permitted subject to compliance with the prohibitions and conditions stipulated in Article 10.1 of the Law on Personal Data.
5.8. The User’s consent to processing of personal data permitted for dissemination is documented separately from other consents to processing of their personal data. For this, the conditions stipulated inter alia in Article 10.1 of the Law on Personal Data must be observed. The requirements on the content of such consent are established by the authorised body for protection of the rights of personal data subjects.
5.8.1 The user shall provide their Consent to the processing of personal data permitted for dissemination directly to the Operator.
5.8.2 Within three working days of receipt of the said User consent, the Operator must publish information on the terms of processing, on the existence of prohibitions and conditions on processing by an unlimited range of persons of personal data permitted for dissemination.
5.8.3 The transfer (dissemination, provision, access) of personal data permitted for dissemination by a personal data subject must be terminated at any time upon the request of the personal data subject. This request must include the surname, first name and patronymic (if such exists), contact information (telephone number, email address or postal address) of the personal data subject, as well as a list of the personal data of which processing is to be terminated. The personal data indicated in this request may be processed only by the Operator to which they have been sent.
5.8.4 Consent to processing of personal data permitted for dissemination expires from the moment the request stipulated in Clause 5.8.3 of this Policy on Processing of Personal Data reaches the Operator.6. Principles of Processing Personal Data
6.1. Processing of personal data is carried out on a legal and fair basis.
6.2. Processing of personal data is limited to the achievement of specific, pre-defined and lawful objectives. Processing of personal data that is not compatible with the objectives of the collection of personal data is not permitted.
6.3. The amalgamation of data bases containing personal data which are being processed for mutually incompatible purposes is not permitted.
6.4. Only personal data which serve the objectives of their processing shall be processed.
6.5. The content and scope of personal data being processed shall serve the stated objectives of processing. Processing of personal data over and above the stated objectives of their processing is not permitted.
6.6. When processing personal data, the accuracy of the personal data, their sufficiency and, where necessary, their relevance to the objectives of processing the personal data shall be ensured. The Operator shall take the necessary measures and/or procure the adoption of such measures to delete or rectify incomplete or inaccurate data.
6.7. Personal data shall be stored in a form that enables identification of the personal data subject for no longer than is required by the objectives of processing the personal data, unless the period of storage of the personal data is established by federal law or by a contract to which the personal data subject is a party or a guarantor. The personal data being processed shall be destroyed or anonymized upon achievement of the objectives of the processing or if the need to achieve such objectives disappears, unless otherwise stipulated by federal law.7. Objectives of Processing of Personal Data
7.1. Objective of processing a User’s personal data:
– informing the User by email;
– informing the User by telephone.
7.2. The Operator also has the right to notify the User of new products and services, special offers and various events. The User can always unsubscribe from information messages by sending an email to the Operator at email@example.com marked “Unsubscribe to messages on new products, services and special offers”.
7.3. Anonymized data on Users gathered with the help of internet statistics services are used to gather information on User behaviour on the website and to improve the quality and content of the website.8. Legal Grounds for Processing Personal Data
8.1. The legal grounds for processing of personal data by the Operator are:– list the regulations governing relationships connected with your activities. For example, if your activities are connected with information technologies, and specifically with the creation of websites, you can insert here Federal Law No.149-FZ of 27.07.2006 “On Information and Information Technologies and on the Protection of Information”.
– the Operator’s statutory documents;
– contracts signed between the Operator and the personal data subject;
– federal laws, other regulations in the sphere of protection of personal data;
– consent of Users to processing of their personal data, to processing of personal data permitted for dissemination.
8.2. The Operator processes the User’s personal data only if they have been entered and/or sent by the User independently using special forms placed on the website https://urbantechgroup.ru or sent to the Operator by email. By filling in the relevant forms and/or sending their personal data to the Operator, the User signifies their agreement with this Policy.
8.4. The personal data subject independently takes the decision to provide their personal data and gives consent of their own free will and volition, and in ther own interest.9. Terms of Processing of Personal Data
9.1. Processing of personal data is performed with the consent of the personal data subject to processing of their personal data.
9.2. Processing of personal data is necessary to achieve the objectives stipulated in an international treaty of the Russian Federation or a law, or to discharge the functions, authorities and duties vested in the Operator by Russian Federation law.
9.3. Processing of personal data is necessary for the execution of justice, enforcement of a judicial act or an act of another body or official enforceable in accordance with Russian Federation law on enforcement proceedings.
9.4. Processing of personal data is necessary for performing a contract to which the personal data subject is a party, beneficiary or guarantor, and also for performing a contract on the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor.
9.5. Processing of personal data is necessary for exercising the rights and lawful interests of the Operator or third parties, or for achieving socially significant objectives on condition that the rights and freedoms of the personal data subject are not thereby violated.
9.6. Processing of personal data to which access has been granted to an unlimited range of persons by the personal data subject or at their request (hereinafter – Generally Accessible Personal Data).
9.7. Processing of personal data subject to publication or mandatory disclosure under federal law.10. Collection, Storage, Transfer and Other Types of Processing of Personal Data
The security of personal data processed by the Operator is ensured by implementing the legal, organizational and technical measures required to comply in full with current legislation on the protection of personal data.
10.1. The Operator ensures the safekeeping of personal data and takes every possible precaution to prevent unauthorised access to the personal data.
10.2. The User’s personal data shall never under any circumstances be transferred to third parties, except in relation to enforcement of current legislation or where a personal data subject has given consent to the Operator to transfer data to a third party for the performance of obligations under a civil law contract.
10.3. If inaccuracies are uncovered in the personal data, the User can update them independently by sending an email to the Operator at firstname.lastname@example.org marked “Updating of personal data”.
10.4. The personal data processing time is determined by achievement of the objectives for which the personal data were collected, unless otherwise stipulated by a contract or by current law.
The User may at any moment withdraw their consent to processing of personal data by sending an email to the Operator at email@example.com marked “Withdrawal of consent to processing of personal data”.
10.5. All information collected by third-party services, including payment systems, means of communication and other service providers, is stored and processed by the said parties (Operators) in accordance with their User Agreement and Confidentiality Policy. The personal data subject and/or User must familiarize themselves with the said documents independently and in a timely fashion. The Operator is not liable for the actions of third parties, including the service providers indicated in this clause.
10.6. The prohibitions established by the personal data subjеct on the transfer (except provision of access) and also on the processing or conditions of processing (except receipt of access) of personal data permitted for dissemination, are invalid where personal data is being processed in government, social or other public interests defined by RF law.
10.7. The Operator shall ensure that personal data remain confidential during their processing.
10.8. The Operator shall store personal data in a form enabling the identification of the personal data subject for no longer than is required by the objective of processing the personal data, unless the storage period of personal data is defined by federal law or by a contract to which the personal data subject is a party, beneficiary or guarantor.
10.9. The conditions for termination of processing of personal data may include the achievement of the objectives of processing of the personal data, the expiry of the period of consent of the personal data subject, or the withdrawal of consent by the personal data subject, as well as the discovery of unlawful processing of the personal data.11. List of Actions Performed by the Operator with Personal Data Received
11.1. The Operator carries out the collection, recording, systematization, accumulation, storage, rectification (updating, amendment), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion and destruction of personal data.
11.2. The Operator carries out automated processing of personal data, receiving and/or transferring information received via data telecommunication networks or without them.12. Cross-border Transfer of Personal Data
12.1. Before beginning a cross-border transfer of personal data, the Operator must
satisfy itself that the foreign state to the territory of which the personal data are to be transferred provides reliable protection of the rights of personal data subjects.
12.2. Cross-border transfers of personal data to the territory of foreign states that do not satisfy the above requirements can take place only in the event of written consent from the personal data subject to the cross-border transfer of their personal data and/or of execution of a contract to which the personal data subject is a party.13. Confidentiality of Personal Data
The Operator and other parties receiving access to personal data shall not disclose personal data to third parties or disseminate them without the consent of the personal data subject, unless otherwise stipulated by federal law. 14. Concluding Provisions
14.1. The User can receive any clarifications on matters of interest concerning the processing of their personal data by sending an email to the Operator at firstname.lastname@example.org.
14.2. Any amendments to the policy on processing personal data shall be recorded in this document by the Operator. The Policy shall remain in force indefinitely until it is replaced by a new version.
14.3. The current version of the Policy is freely available at https://urbantechgroup.ru/en/privacy.