-  Policy of personal data processing of Tver regional center for coordinating support for export-oriented small and medium-sized business entities

Policy of personal data processing of Export support center of Tver region

1. General provisions

1.1. The present Policy of personal data processing (hereinafter referred to as the Policy) of Export support center of Tver region (hereinafter referred to as the Operator) is developed in accordance with the Constitution of the Russian Federation, Federal law No. 149-FZ of July 27, 2006 On Information, Information Technologies and the Protection of Information, Federal Law No. 152-FZ of July 27, 2006 On Personal Data, other federal laws and regulatory legal acts.

1.2. The policy is developed to protect the rights and freedoms of the subject of personal data when processing his/her personal data.

1.3. The present Policy is applicable in the process of using the site www.export-69.ru.

The Operator does not control and is not responsible for the sites of third parties to which the user can click on the links available on the site. On such sites, the other personal information may be collected or requested from the user, as well as other actions may be performed.

1.4. The Operator does not check the reliability of the personal information provided by users, and does not exercise control over their legal capacity. However, the Operator assumes that the user provides the reliable and sufficient personal information on the issues offered in the registration form and keeps this information updated.

1.5. The Policy shall apply to all personal data of entities processed by the Operator using the automation means and without the use of such means.

2. Purposes of personal data processing

2.1. Personal data are processed by the Operator for the following purposes:

2.1.1. increasing the awareness of the products and services of the Operator;

2.1.2. informing about the news and suggestions of the Operator;

2.1.3. identifying of the visitors on the Site;

2.1.4. ensuring compliance with laws and other regulatory legal acts in the field of personal data.

3. Basic principles of personal data processing

3.1. Personal data processing is based on the following principles:

- legalness and equitable basis;

- restrictions on the personal data processing by the achievement of specific, pre-defined and legitimate purposes;

- prevention the personal data processing incompatible with the purposes of collecting personal data;

- prevention of combining the databases containing the personal data, processing of which is carried out for purposes incompatible with each other;

- processing only those personal data that meet the purposes of their processing;

- conformity of the contents and volume of processed personal data to the stated processing purposes;

- prevention of the personal data processing that is redundant in relation to the stated purposes of their processing;

- ensuring the accuracy, adequacy and relevance of personal data in relation to the purposes of personal data processing;

- destruction or depersonalization of personal data upon the achievement of the purposes of their processing or in the event of the loss of the need to achieve these purposes, when the Operator can not eliminate the admitted violations of the personal data, unless otherwise provided by the federal law.

4. Personal data processing

4.1. The personal data processing by the Operator is carried out in the following ways:

- non-automated processing of personal data;

- automated processing of personal data with the transfer of information received through information and telecommunications networks or without it;

- mixed processing of personal data.

4.2. Processing of the personal data by the operator includes the following processes: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of the personal data.

5. Confidentiality of the personal data

The Operator is obliged not disclose to third parties or distribute the personal data without the consent of the personal data subject, unless otherwise provided by the federal law.

6. Consent of the personal data subject to processing of his/her personal data

6.1. The personal data subject decides to provide his/her personal data and agrees to their processing freely, by his/her own will and in his/her interest. The consent to personal data processing can be given by the personal data subject or his/her representative in any form that allows to confirm the fact of their receipt, unless otherwise provided by the federal law.

6.2. The obligation to provide the evidence of the receipt of the consent of the personal data subject to the processing of his/her personal data is the responsibility of the Operator.

7. Security of the personal data by processing by the Operator

7.1. The Operator takes measures necessary and sufficient to ensure the fulfillment of the duties provided for by the Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and regulatory legal acts adopted in accordance with it. The Operator independently determines the content and list of measures necessary and sufficient to security of the personal data. Such measures include the following:

- the appointment of a personal data processing manager;

- the Operators adoption of documents determining the Operators policy of personal data processing, issuing internal regulations on personal data processing and other internal regulatory documents establishing the procedures for preventing and detecting Russian law violations and eliminating the consequences of such violations;

- the application of legal, organizational and technical measures to protect the personal data;

- the performance of internal controls to assess compliance with the Federal law On Personal Data as well as with the regulations adopted thereunder, requirements to the personal data security, with the Operators policy of personal data processing and the internal regulations of the Operator;

- the assessment of the harm that might be caused to the personal data subjects in the event of a violation of the Federal Law On Personal Data, the ratio of this harm and measures taken by the Operator aimed at ensuring the fulfillment of obligations stipulated by the Federal Law On Personal Data;

- familiarization of employees of the Operator directly processing the personal data, with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the Operator's policy regarding the personal data processing, local acts on the personal data processing, and (or ) training of these employees.

7.2. The operator, while processing the personal data, takes the necessary legal, organizational and technical measures or ensures their adoption to protect the personal data from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as other illegal actions in regard to the personal data.

8. Trans-border transfer of personal data

Prior to the trans-border transfer of personal data, the Operator shall make sure that the foreign state, to the territory of which personal data are planned to be transferred, provides adequate protection of rights of personal data subjects.

Trans-border transfer of personal data to territories of foreign states that fail to provide adequate protection of rights of personal data subjects may be allowed only:

- given the personal data subjects written consent to the trans-border transfer of his or her personal data;

- in pursuance of a contract, under which the personal data subject acts as a party.

9. Rights of personal data subject

9.1. The personal data subject shall have the right to be provided by the Operator with information concerning the processing of the subjects personal data, unless such right is restricted in accordance with the federal laws. The personal data subject shall have the right to demand that the Operator refine, block or destroy his or her personal data if personal data are incomplete, outdated, inaccurate, unlawfully obtained or are not necessary for the stated purpose of their processing, and to take legally provided measures to protect his or her rights.

9.2. In order to implement the clause 9.1. of the present Policy the personal data subject sends a request either to the e-mail of the Operator ved69ru@gmail.com, or a written notification to the legal address of the Operator: 14, Prospekt Pobedy, Tver.

9.3. The Operator shall immediately stop, upon the request of the personal data subject, processing his/her personal data for the above-stated purposes.

It is prohibited to make decisions solely on the basis of automated personal data processing that results in legal implications with respect to the personal data subject or otherwise infringes upon his/her rights and legitimate interests, except for cases prescribed by Federal Laws, or if the written consent of the subject of personal data is obtained.

9.4. If the personal data subject believes that the Operator is processing his/her personal data in contravention of the requirements of FZ-152 or otherwise infringes upon his/her rights and freedoms, the subject of personal data shall be entitled to appeal against the Operator's actions or its lack of action to an authorized body for the defense of personal data subject rights, or start legal proceedings.

9.5. The subject of personal data is entitled to the protection of his/her rights and legitimate interests, including ones for the indemnification and/or reimbursement of moral harm in legal proceedings.