Personal data protection policy
1. General provisions
1.1. This Personal Data Processing Policy (the “Policy”) adopted by INFRALEX, registered at: 123112, Russia, Moscow, Presnenskaya naberezhnaya, 8, bldg. 1. Business quarter "Moscow City" Tower "City of Capitals" North block 5th floor, office 11 defines the main principles, objectives, procedure and conditions of processing personal data of Visitors to the website, as well as the measures to ensure that such personal data is secure and protected.
1.2. This Policy has been developed in compliance with the Russian Constitution and statutory and other regulations of the Russian Federation in the sphere of personal data and has been published for open access at INFRALEX website at: www.infralex.ru.
1.3. The terms used in this Policy are interpreted as defined in Federal Law No. 152-FZ “On personal data” dated 27 July 2006.
1.4. INFRALEX guarantees that personal data it received shall be treated confidential having regard to the provisions of this Policy and undertakes to use such personal data only for the purposes set out in the Policy.
2. Definition and composition of personal data
2.1. The list of personal data to be safeguarded at INFRALEX shall be formed in accordance with Federal Law No. 152-FZ “On personal data” dated 27 July 2006.
2.2. INFRALEX shall process and safeguard personal data (including the surname, name, place of work, position, contact phone number, email, etc.) of the Visitors to INFRALEX Website at www.infralex.ru (the “Website”), as well as personal data coming to the INFRALEX corporate email ending with @infralex.ru (the “Corporate Email”) of personal data subjects who expressed their Consent to the processing of their personal data (the “Consent”) by submitting the information through the forms they select (the “Forms”) on the Website or by sending an email. The moment at which the Consent is accepted will be the marking of the corresponding field of the Form and the pressing on the button of ‘Submit Form’ on any page of the Website, as well as the pressing on the button of ‘Submit email’ to the Corporate Email, with such email containing personal data of the subject.
2.3. When visiting the INFRALEX Website, reading texts and loading other information, certain data is automatically registered on a PC from which a Website Visitor browses INFRALEX Website. When visitors browse its Website, INFRALEX gathers the following information:
- the date and time when the Website was visited;
- the number and title of pages visited, as well as the duration of the visit to each page;
- IP address assigned to the device for connecting to the Internet;
- type of browser and operating system;
- the URL of the website from which a visitor came.
3. Purposes of processing personal data3.1. Personal data of Website Visitors will be processed for the following purposes:
- sending to the Website Visitors reference and marketing materials to the email addresses that the Website Visitors indicate;
- offering Visitors an opportunity to contact INFRALEX for feedback;
- advising Website Visitors of the services we provide, for the purpose of marketing and providing support to Website Visitors and for any other purposes that do not contravene current Russian legislation and the provisions of the agreement between INFRALEX and the corresponding Website Visitors.
4. Principles of and timeframes for processing personal data
4.1. INFRALEX processes personal data based on the following principles:
- the processing is carried out on legal and fair basis;
- the processing is limited to specific and predetermined legal purposes;
- it is not permitted to process personal data which is incompatible with the purposes for which such personal data was collected;
- it is not permitted to combine the databases which contain personal data processed for mutually incompatible purposes;
- the content and the volume of personal data being processed should be consistent with the declared purposes of the processing;
- personal data is stored in a form which allows the personal data subject to be identified, but for no longer than it is required in accordance with the purposes for processing the personal data, unless another period is set by a federal law or a contract to or under which the personal data subject is a party, beneficiary or a guarantor;
- based on such other principles as current Russian legislation on personal data may provide for.
- a personal data subject granted Consent to the processing of his/her personal data;
- the processing of personaldata is necessary for rights and legal interests of INFRALEX to be exercised or for socially valuable purposes to be achieved, provided that this does not infringe the rights and liberties of personal data subjects;
- personal data is processed for the purposes of statistical or other research, provided that such data is always depersonalised;
- other conditions for which current Russian legislation on personal data provides
5. Rights and obligations of a personal data subject5.1. A personal data subject has the right:
- to demand that his/her personal data be updated, renewed, blocked or destroyed;
- to obtain the list of his/her personal data which INFRALEX processes and the source from which such personal data has been received, to be advised of the period for which his/her personal data will be processed, including the period of storage, and any other information about the processing of his/her personal data;
- to demand that all personsto whom his/her inaccurate or incomplete personal data be advised of any corrections or supplements made;
- to challenge, in the established manner, any unlawful acts or omissions when his/her personal data is processed.
5.3. A Visitor grants his/her Consent to the processing of his/her personal data for the whole period necessary for INFRALEX to attain the goals of processing such personal data.
5.4. A Visitor may revoke his/her Consent to the processing of his/her personal data by sending an application in writing to INFRALEX postal address at: 123112, Russia, Moscow, Presnenskaya naberezhnaya, 8, bldg. 1. Business quarter "Moscow City" Tower "City of Capitals" North block 5th floor, office 11 or to its corporate email address (firstname.lastname@example.org).
5.5. Persons who have transferred the data to INFRALEX via the Website about another personal data subject without having the consent of the subject whose personal data has been transferred will be held liable under Russian legislation.
6. Rights and obligations of INFRALEX6.1. INFRALEX never asks a Website Visitor about his/her race, national origins, political views, religious and philosophical convictions, health, and private life.
6.2. When processing personal data INFRALEX may do the following: gather, record, systematise, accumulate, store, update (renew or modify), retrieve, use, transfer (distribute, provide or access), depersonalise, block, delete or destroy the personal data of a Visitor.
6.3. If Visitors take part in the events INFRALEX holds, INFRALEX may disclose the corresponding personal data of the Visitor to persons who participate in holding the event.
6.4. INFRALEX may not transfer personal data to any third party, except for the following persons:
- officials of state authorities to the extent of their powers;
- persons to whom INFRALEX is obliged to transfer such personal data to comply with Russian legislation;
- persons to whom INFRALEXtransfers personal data in pursuance of an agreement with the personal data subject;
- persons whom INFRALEX instructs to process personal data;
- INFRALEX legal successors in the event of its reorganisation;
- other persons, with the consent of the personal data subject.
6.6. INFRALEX undertakes to warn persons who have received a Visitor’s personal data that such data may be used only for the corresponding purposes and to require that such persons confirm their compliance with this rule.
6.7. Persons who received a Visitor’s personal data must keep such data secret (confidential).
6.8. INFRALEX will process personal data of Website Visitors and undertake measures to protect such personal data in accordance with the provisions of this Policy and other bylaws INFRALEX may issue.
7. Protection and security of personal data7.1. INFRALEX applies the corresponding standards of technical and operational security to protect information submitted by Website Visitors from unauthorised access, disclosure, distortion, blocking or destruction.
7.2. The measures INFRALEX applies include the following:
- appointing a person to be responsible for organising the processing of personal data;
- applying legal, technical and organisational measures to ensure the safety of personal data;
- assessing the damage personal data subjects may sustain if legislation is breached, and the correlation between the damage and security measures INFRALEX applies;
- using secured premises with delineated access where personal data servers are placed and using locked cabinets to store personal data in hard copy form;
- acquainting INFRALEX employees who are directly involved in processing personal data with the provisions of Russian legislation on personal data;
- monitoring the measures undertaken to safeguard personal data.
8. Storage of personal data8.1. Personal data of Website Visitors is stored during the period required for the purposes for which such data has been submitted, or for the period stipulated by legislation.
8.2. Once such purposes are attained or the period for processing personal data has expired, the personal data of Website Visitors will be destroyed.
The standard information gathered will be used solely for strategic purposes. INFRALEX does not use personal data for the purpose of the personal identification of any Visitors. If, however, registered Visitors are authorised on the Website, INFRALEX will be able to use such data together with the information obtained via data analysis tools and cookie files so that to analyse how visitors use the Website.
9.2. When using the Website, a Visitor grants his/her consent to INFRALEX uploading cookie files to the Visitor’s device in accordance with the conditions above.9.3. A Visitor can manage cookie files by using the browser settings. If cookie files are deleted, all data regarding the Visitor’s preferences will be deleted, including his/her preference regarding a refusal to use cookie files. If cookie files are blocked, changes may be reflected on a user’s interface and some of the Website's features may become unavailable.
10. Final provisions10.1. This Policy will be amended or added to if the corresponding changes or additions are made to current Russian legislation on personal data. The Policy may be amended at any moment at the discretion of INFRALEX. The current version of INFRALEX Policy is always available for review by public at large at its permanent address: www.infralex.ru.
10.2. All relationships involving INFRALEX relating to processing and protection of personal data which are not expressly reflected in this Policy will be regulated in accordance with Russian legislation on personal data.
10.3. Compliance with this Policy will be monitored by the person in charge of processing of personal data at INFRALEX.
The date of the latest update of the Policy is 24 December 2019.