version of March 7, 2023
The present policy defines the policy of the Operator concerning processing of personal data and contains the information on the requirements realized by the Operator to protection of personal data. The present policy is valid in relation to all personal data processed by means of the Service, which the Operator receives or can receive from the User.
- GENERAL PRINCIPLES
The Operator has determined that the following terms and definitions have the following meaning for purposes of this policy:
«Personal Data» — any information relating directly or indirectly to an identified or identifiable private individual («personal data subject»); an identifiable private individual is a person who can be identified directly or indirectly, in particular by reference to an identifier, such as name, last name, patronymic (if applicable), identification number, individual tax number, SNILS, bank details, year, month, date and place of birth, address, e-mail address, telephone number, family, social, and property status, education, profession, income, metadata, which are transmitted to the Operator in the process of using the Service with the help of the software installed on the User’s Device (including location data, HTTP headers, IP-address, cookie data, User browser information, hardware and software specifications used by the User, date and time of access to the Service, addresses of requested pages of the Service, and other similar information), one or more physical, physiological, genetic, spiritual, economic, cultural factors characteristic of the person in question, or referring to social identity factors. In addition, personal data for the purposes of this policy also includes information about the User, the processing of which is stipulated by the Agreement governing the use of the Service. Personal Data refers to information of a confidential nature. The Operator collects only such personal data that is necessary for the performance of the Agreement.
«Law No. 152-FZ» — Federal Law of 27.07.2006 N 152-FZ «On Personal Data». Applies to the Operator’s activities only if it processes personal data on residents of the Russian Federation. In other cases, applicable laws apply.
«Operator» — «JUG Ru Group» Limited Liability Company, OGRN 1177847388465, INN 7801341446, KPP 780101001, Registered address: 199004, St. Petersburg, V.O. 9th Line, 34, Lit. A, office. 500, processing personal data, as well as defining the personal data processing objectives, composition of personal data to be processed, actions (operations) performed with personal data.
«User» — any fully capable individual (subject of personal data), including acting on behalf and in the interests of another individual, who can provide his personal data to the Operator while using the Service, alone or through the represented individual who expressed his consent to the conditions set forth in the Agreement by signing it, including an electronic signature. The User in the context of this policy also means the persons whose personal data is processed by the Operator on behalf of the User, contained in the Agreement or implemented under other agreements with the User.
«Service», «Site» — Internet resource located on the Internet, used by the Administration to inform Users about the activities of the Administration and the services offered by the Administration, access to which is temporarily provided to Users by the Administration at the following addresses: https://jugru.org/; https://techtrain.ru/; https://holyjs.ru/; https://mobiusconf.com/; https://jpoint.ru/; https://heisenbug.ru/; https://cppconf.ru/; https://dotnext.ru/; https://flowconf.ru/; https://smartdataconf.ru/; https://devoops.ru/; https://vtconf.com/; https://piterpy.com/; https://jokerconf.com/; https://hydraconf.com/. The Site is an information resource, the totality of information that can be accessed through a traditional and publicly available Internet browser (Internet Explorer, Firefox, Safari, Opera, Flock, Maxthon, Google Chrome and other different versions) and otherwise through a unified information resource location index, consisting of letters, numbers and other characters, allowing unambiguously identify its location on the Internet, including the mobile version of the Site, mobile application, intranet and FTP-server, as well as its subdomains and versions of other hardware platforms.
The Site is a complex object in the meaning of Article 1240 of the Civil Code of the Russian Federation, the creation of which is organized by the Administration. It includes computer programs, databases, program codes, know-how, algorithms, design elements, fonts, logos, as well as text, graphic and other materials, information, texts, graphic elements, images, photos, audio and video materials and other results of intellectual activity. Exclusive rights to the Service and any of its components belong to the Administration as the right holder or licensee by law, contract or other transaction.
«Agreement» — a user agreement, the terms of which are in effect between the User and the Operator, regulating the order of use of the Service and containing the User’s consent and/or instruction to the Operator to process his personal data.
«Processing of personal data» — actions (operations) with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction.
«Processor» — means a private individual or legal person, state body, agency, or other body that processes personal data on behalf of and on behalf of the Operator.
«Recipient» — means private individual or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not they are third parties. However, public authorities that may receive personal data as part of a specific investigation under European Union law or Member State law are not considered recipients; the processing of such data by such public authorities must comply with applicable data protection regulations, depending on the purpose of the processing.
«Third party» — means a private individual or legal person, state body, agency or other body, other than the data subject, controller, processor, as well as persons authorized to process personal data under the direct supervision of the Operator or the Processor.
«Automated processing of personal data» — processing of personal data by means of computer technology.
«Non-automated processing of personal data», «Processing of personal data without the use of automation» — processing of personal data contained in the information system of personal data or extracted from such a system in cases where such actions with personal data as use, modification, distribution, destruction of personal data in respect of each subject of personal data is performed with direct human involvement.
«Dissemination of personal data» — actions aimed at disclosure of personal data to an indefinite circle of persons.
«Provision of personal data» — actions aimed at transfer of personal data to a certain person or a certain circle of persons.
«Blocking of personal data» — temporary termination of processing of personal data (except for cases when processing is necessary for clarification of personal data).
«Destruction of personal data» — actions that make it impossible to restore the content of personal data in the information system of personal data and (or) result in the destruction of material carrier of personal data.
«Impersonalization of personal data» — actions that make it impossible, without the use of additional information, to determine whether the personal data belongs to a particular subject. It is a «pseudonymisation» within the meaning of the GDPR.
«Use of personal data» — actions (operations) with personal data performed in order to make decisions, transactions or other actions that have legal consequences with respect to the subjects of personal data or otherwise affect their rights and freedoms or the rights and freedoms of others.
«Publicly available personal data» — personal data to which access is granted to an unlimited number of persons with the consent of the subject or which, in accordance with applicable law, is not subject to the requirement of confidentiality.
«Confidentiality of personal data» — a mandatory requirement for a person who has access to personal data to prevent its dissemination without the consent of the subject or other legal basis.
«Device», «User’s Device» — a computer, mobile device or virtual machine running on an operating system compatible with the Service with a compatible web browser installed.
«Account», «Personal Account», «Account» — a set of records in the Operator’s database, which identifies the User with the credentials (login and password) specified by him during registration, and allows managing the parameters of the Site and the Service.
«Statistics» — information about the use of the Site and the Service, additional functionality, the website as a whole, about the interaction of Users with the Account, collected through the use of Counters, cookies, web beacons and other similar technologies.
«Counter», «Tracker» — a part of the Site, a computer program that uses a fragment of code responsible for collecting statistical and personal data on the use of the Site. The Administration may use counters both proprietary and those provided by third parties under a limited licence (licence agreement), such as Yandex.Metrika, Roistat and other similar counters. Counters collect personal data in an impersonal form.
«Token» — a unique set of characters that identifies the User in accounts of third-party web services (social networks, messengers, Google Play, Apple App Store and others). Token allows authorized connection to the Site using authorization through third-party web services (social networks, messengers, Google Play, Apple App Store and others).
«IP-address» — a number from the numbering resource of the data network based on the IP protocol (RFC 791), unambiguously identifying the subscriber terminal (computer, smartphone, tablet, other device) or means of communication included in the information system and belonging to the User when providing telematic communication services, including Internet access.
«HTTP header» — a line in an HTTP message containing a colon-separated name-value pair. The format of HTTP headers corresponds to the general format of ARPA network text message headers described in RFC 822.
«Cache» — the intermediate storage located on the User’s device for the data received from the Site and most likely to be requested more frequently than others, which can be accessed from the cache at a much faster rate than sampling the original data from a remote source (such as a remote server or website).
«Cookies», «cookie» — is a small piece of data sent by a web server and stored on the user’s device of the website on which the Counter is installed. Cookies contain small pieces of text and are used to store information about how browsers work. They allow to store and retrieve identification and other information on computers, smartphones, phones, and other devices. Cookie specifications are described in RFC 2109 and RFC 2965. Other technologies are used for the same purpose, including data stored by browsers or devices, identifiers associated with devices, and other software. All of these technologies are referred to in this Agreement as «cookies».
«Web beacons» — images in electronic form (one-pixel (1×1) or blank GIF images). Web beacons can help the Operator recognize certain types of information on the User’s device, such as cookies, time and date of page view, and the description of the page where the web beacon is placed.
«Messenger» — an information system and/or computer program (mobile application, web service, web application, etc.) that is designed and/or used to receive, transmit, deliver and/or process electronic messages of Internet users (e.g. Skype, WhatsApp, Viber, Telegram, VK, OK, Facebook Messenger, etc.).
«Checksum», or «Hash-Sum» — some mathematical value (sequence of symbols) calculated on a data set by applying a certain algorithm, used under this Agreement to verify the integrity of electronic files during their transfer or storage. For the purposes of this Agreement, Checksums (Hash-Sums) are calculated and verified by applying MD5 and SHA256 algorithms, including using certutil.exe software (for Windows) or md5sum and sha256sum (for Linux).
«Applicable Law» — the law of the country in which the Administration is registered or resident, i.e. the law of the Russian Federation. In some cases, the applicable law may be the law of the country in which the User resides or is a resident of, if such law establishes the priority of its rules over the rules of this policy.
All other terms and definitions appearing in the text of this policy shall be interpreted by the Parties in accordance with applicable law, current recommendations (RFCs) of international Internet standardization bodies and customary rules for the interpretation of the relevant terms on the Internet.
Terms and definitions used in this policy may be used in singular or plural, depending on the context, and may be capitalized or capitalized.
The titles of headings (articles) as well as the construction of the policy are intended solely for the convenience of using the text of the policy and have no literal legal meaning.
This policy is developed in accordance with the requirements of international law, as well as applicable law.
This policy defines the order and conditions of personal data processing by the Operator, including the order of transfer of personal data to third parties, features of non-automated processing of personal data, access to personal data, personal data protection system, the order of internal control and liability for violations in the processing of personal data, as well as other issues.
The present policy comes into force from the moment of its approval by the Operator and is valid indefinitely until it is replaced by a new policy.
The Operator has the right to change the present policy without the consent of the User. All changes in the policy are made by the ordering act of the Operator.
The present policy is applied to all the processes of personal data processing, carried out with the help of the Service both with the use of means of automation and without the use of means of automation. The Operator doesn’t control and doesn’t bear responsibility for the services belonging to the third parties to which the User can go by the links placed in Service.
- LEGAL BASIS FOR PROCESSING PERSONAL DATA
- The Operator processes the User’s personal data in accordance with international acts in the field of personal data protection, acts of applicable legislation, as well as, with regard to the Users located in the territory of the Russian Federation, the Law № 152-FZ.
- Processing of personal data of the User is performed on the basis of and pursuant to the Agreement regulating the procedure of using the Service, and other transactions, agreements or contracts concluded between the User and the Operator, or on the basis of a separate consent of the User to such processing.
- Other legal basis for processing of personal data of the User are:
- Federal Law No. 14-FZ «On Limited Liability Companies»;
- Federal Law No. 149 of July 27, 2006 «On Information, Information Technologies and Information Protection»;
- Decree of the Government of the Russian Federation dated September 15, 2008 N 687 «On Approval of Provisions on Specifics of Processing of Personal Data Performed without the Use of Automation Means»;
- Decree of the Government of the Russian Federation of 01.11.2012 N 1119 «On Approval of the requirements for the protection of personal data during their processing in the information systems of personal data;
- Order of FSTEC of Russia dated February 18, 2013 N 21 «On approval of the composition and content of organizational and technical measures to ensure security of personal data during their processing in personal data information systems»;
- Other laws and regulations of the Russian Federation, within the framework of implementation and execution of functions, powers and duties imposed on the Operator by the legislation of the Russian Federation;
- The Operator processes the User’s personal data only if the User is 16 years old. In case the User is under 16 years old, the obligatory consent of the User’s legal representatives is required, otherwise the Operator deletes the User’s data from the Service when it detects that the age does not correspond to the required age. If the requirements of the applicable legislation establish a lower or higher age, the provisions of the applicable legislation are applied.
- PURPOSES OF COLLECTING PERSONAL DATA
- The Operator processes only those personal data that are necessary to use the Service or perform transactions, agreements and contracts with the User, except in cases where the applicable laws provide for mandatory storage of personal information for a period specified by law, in particular in accordance with the accounting laws and the rules of the organization of public archives.
- When processing personal data, the Operator does not combine databases containing personal data, the processing of which is carried out for incompatible purposes.
- The Operator processes the User’s personal data for the following purposes:
- use of personal data for the purposes of conclusion and execution of the Agreement or any other transaction with the Operator;
- improving the quality of the Operator’s service, organizing the improvement of the software of the Service;
- using the personal data for the purpose of the proper functioning of the Service in accordance with the Users’ expectations, in particular for the correct identification of the Users or for the correct provision of the functionality of the Service, if the result depends on the data provided;
- posting personalized advertising and/or other information in any section of the Service and interrupting the use of the Service with advertising information;
- promotion of the Operator’s products and services, including transfer of information and advertising messages about the Operator’s services by means of direct contacts via telephone, mobile radiotelephone network and/or by other means, messengers, SMS messages, messages via instant messaging services, e-mail, push notifications, holding promotional events, including lotteries, contests, games, and other promotional actions, organized by the Operator; conducting marketing programs, various offers, promotions, and advertising activities related to the Service;
- statistical and other research on the use of the Service on the basis of impersonal data;
- creation of data information systems, analysis, modelling, forecasting, construction of mathematical models, building scoring models, their use, and transfer of the results of information processing to third parties, analysis of aggregated and anonymous data, statistical and research purposes;
- compliance with mandatory requirements of applicable laws.
- For the purpose of execution of sub-clause 2 of clause 1 of Article 18.1 of Law No.152-FZ the Operator hereby notifies the User that this policy defines:
- The purposes specified in clauses 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8. of personal data processing;
- The categories and list of processed personal data specified in clauses 4.2., 4.3;
- The categories of subjects referred to in clauses 4.4.1. and 4.4.2. whose personal data are processed;
- The methods of processing of personal data specified in clause 1.1;
- The terms of processing and storage of personal data specified in point 5.2;
- The procedure for destroying personal data upon achieving the purposes of processing or upon the occurrence of other legal grounds specified in clauses 8.11, 8.11.1, 8.11.2, 8.11.3, 8.11.4, 8.11.5, 8.11.6.
- VOLUME AND CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF PERSONAL DATA SUBJECTS
- The Operator may receive the User’s personal data from various sources, in particular:
- from the Service in the course of their operation;
- when the User uses the Service;
- when the User contacts the Technical Support service;
- when the User participates in marketing programs, various offers, promotions and advertising events of the Operator concerning the Service.
- Personal data permitted to be processed in accordance with this Policy and provided by Users who are private individuals using the Service by filling in the appropriate input fields when using the Service, may include the following information:
- last name, first name;
- e-mail address;
- cell phone number;
- city of residence;
- place of work or study;
- occupation, position;
- Personal data processed in accordance with this Policy and automatically transmitted to the Operator in the course of using the Service by means of the software installed on the User’s Device may include the following information:
- HTTP headers;
- the IP-address of the Device;
- cookie data;
- data collected by counters;
- data collected by web beacons;
- information about browsers;
- technical specifications of the Device and software;
- technical data about the operation of the Service, including dates and times of use and access to the Service;
- identifiers of the requested windows of the Service interface.
- In accordance with this Policy, the Operator carries out processing of personal data of the persons belonging to the following categories of subjects of personal data:
- individuals who use the Service in accordance with the Agreement on its use and/or use the Operator’s services on the basis of the Agreement, other contracts and transactions;
- Individuals who do not use the Operator’s services and do not use the Service, but who visit publicly accessible pages of the Service.
- Processing of certain categories of personal data of Users is carried out with the following features:
- User Information. Some data is used to provide the functionality of the Service related to the User’s data, in particular the last name, first name and patronymic, email address and other data. The token assigned to the User can be used to send messages and notifications to the User’s Device (for example, messages with important warnings).
- Information about the use of the Service. Such information is processed for the purpose of studying the Service activity and its interaction with the User, in particular, how much time it took the Service to perform this or that operation under the User’s request, which functionality is used by the Users more often than others, the type of action performed on the Site (click, pointing, etc.), date and time of action performance; page URL, Referer, screen resolution, HTML element class, which is clicked, the data on the number of page views, clicks on the selected hyperlinks, data on the facts of filling out forms on the Site, including errors when filling them out, data on the use of the interface of the Service (opening dialog boxes, transitions, launches, crashes, etc.). Such information helps the Operator to solve problems in the operation of the Service, prevent fraudulent activities, improve the Service, increase its performance and make it more user-friendly.
- Technical specifications of the User’s Device, including its IP address, and its software. Such information as the Device type, operating system, IP address, network connection method, etc. may be necessary for the Operator to be able to take into account the nuances of the Service functioning on different Devices in different networks and to ensure its compatibility with third-party software.
- Information about the approximate location of the User. The Service may both actively and in the background collect data about the User’s location provided to it by the hardware of the User’s Device only for the purpose of providing the User with services and information corresponding to its location.
- The Operator may receive the User’s personal data from various sources, in particular:
- PROCEDURE AND CONDITIONS OF PERSONAL DATA PROCESSING
- The Operator carries out processing of personal data of the User by means of the Service both with use of means of automation and without use of means of automation according to regulations of the applicable legislation establishing the requirements to safety of personal data at their processing and to observance of the rights of subjects of personal data. Such actions with personal data, as use, clarification, distribution, destruction of personal data in relation to the User, are carried out with the direct participation of the Operator’s employees.
- The Operator processes and stores the User’s personal data during the time the Users use the Service, as well as within 3 (three) years after the termination of such use to comply with limitation periods, or within any other period, which the Operator informed the User when receiving the User’s consent to process their personal data otherwise (in the checkbox, text message, e-mail, etc.).
- Personal data of the User is kept confidential, except when the User voluntarily provides information about himself/herself for public access to an unlimited number of people.
- The Operator has the right to transfer the User’s personal data to the processor, the recipient, third parties using modern methods of encryption of connection through the secure HTTPS protocol in the following cases:
- The User has asked the Operator for such a transfer;
- there is the User’s consent for such actions;
- the transfer is necessary for the User to use a certain functionality of the Service (for example, for registration and authorization) or to execute a certain agreement, contract, or transaction with the User;
- the transfer is stipulated by the applicable law or other norms of law within the framework of the procedure established by normative legal acts;
- in case of transfer of rights to the Service, transfer of personal data to the acquirer is required, along with the transfer of all obligations to comply with the terms of this Policy in relation to personal data obtained by the acquirer;
- to protect the rights and legitimate interests of the Operator or third parties in case of breach of this Policy or the Service Agreement by the User;
- in other cases stipulated by normative legal acts.
- Processors can be:
- the provider of the website hosting;
- the operator of the electronic platform for the distribution of the Service or services provided through it (Apple AppStore, Google Play);
- other persons who will be tasked with processing personal data on behalf of the Operator.
- In case of establishing the fact of unlawful or accidental transfer (provision, distribution, access) of personal data, which resulted in violation of User’s rights, the Operator is obliged from the moment of revealing such incident by the Operator, the authorized body on protection of rights of personal data subjects or any other interested person to notify the authorized body on protection of rights of personal data subjects:
- within twenty-four hours about the incident that occurred, the alleged reasons that led to the violation of Users’ rights, the alleged harm caused to Users’ rights, the measures taken to eliminate the consequences of the incident, as well as provide information about the person authorized by the Operator to interact with the authorized body for the protection of the rights of personal data subjects, on issues related to the detected incident;
- within seventy-two hours, on the results of internal investigation of the identified incident, as well as provide information on the persons whose actions caused the identified incident (if any).
- The Operator takes necessary organizational and technical measures to protect the User’s personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions of third parties. In particular, all processed data is transmitted using modern methods of connection encryption through the secure HTTPS protocol.
- The Operator together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or unauthorized disclosure of the User’s personal data.
- The Operator is entitled to transfer personal data to bodies of inquiry and investigation, other authorized bodies on the grounds stipulated by normative legal acts.
- When collecting personal data, the Operator records, systematizes, accumulates, stores, clarifies (updates, changes), extracts personal data of Users, who are citizens of the relevant country, using databases located in the territory of such country or another country, if it is allowed in accordance with applicable law.
- The Operator stops processing personal data of Users, which are processed with their consent, when the User’s consent to their processing expires or when the User withdraws his consent to processing his personal data, as well as in case of detection of unlawful processing of personal data or liquidation of the Operator.
- HOW PERSONAL DATA IS COLLECTED THROUGH COOKIES, WEB BEACONS, AND COUNTERS
- Cookie files and data from Counters transferred from the Operator to the User’s Device and from the User to the Operator can be used by the Operator to achieve the purposes of personal data processing in accordance with the privacy and personal data processing policy.
- The Operator uses different types of cookies and Counters in the Service, which serve different purposes and, depending on them, can be classified into one of the following categories:
- «Mandatory», i.e. cookies, data of the Counters, which are strictly necessary for the functioning of the critical components of the Service, identification of the technical characteristics of the User’s Device and used software, as well as authorization and making payments by the User;
- «Analytical», i.e. cookies, data of the Counters, which allow the Service to recognize the Users, count their quantity and collect the information about the operations performed by them in the Service, including the information about the actions performed in the Service;
- «Technical», i.e. cookies, data of the Counters, which allow collecting information about the interaction of the Users with the Service in order to identify errors and test new functions to improve the performance of the Service;
- «Functional», i.e. cookies, data of the Counters, which allow the User to receive certain functions of the Service, interact with the interface of the Service and use its capabilities, record information about the actions performed in the Service and configure the Service according to the User’s needs in order to memorize the information entered by the User, save the preferred language, location, etc;
- «Third-party», i.e. cookies, data of the Counters, which collect information about the User, sources of traffic, actions of the User and advertisements displayed to the User, as well as advertisements on which the User has made in the Service, in order to display advertisements that may be of interest to the User, based on the analysis of the collected information. These cookies and data of the Counters are also used for statistical and research purposes.
- The Operator does not explicitly request consent when using mandatory cookies and receiving mandatory data from Counters. If the User doesn’t want his personal data to be collected with the help of obligatory cookies, he can disable their provision by the Operator in the software (browser) on his Device. In this case the User can no longer access the functionality of the Service, associated with the mandatory cookies, which can lead to the complete inoperability or malfunctioning of the Service. Disabling mandatory cookies is technically impossible, because they are part of the software code of the Service.
- Functional and analytical cookies can be used by the Operator only with the User’s consent, which is expressed as a general rule by accepting the Agreement and starting to use the Service. Otherwise, the User has the right to refuse to use such cookies by disabling them in the Service settings without any harm to its functionality. Disabling the Counters that collect functional and analytical data is technically impossible, because they are part of the software code of the Service.
- The User agrees that its Devices and software used to operate the Service, depending on their version and configuration, may or may not have the ability to deny cookie operations for any or certain sites and applications, as well as the ability to delete previously received cookies (e.g., browser private mode).
- The Operator has the right to require the User’s Device to accept and receive cookies due to security requirements.
- The structure of cookies, their content and technical parameters are determined by the Operator and are subject to change without prior notice to the User. The User has the right to get all the necessary information about the cookies by sending a request to the Operator in accordance with the procedure established by the privacy and personal data processing policies.
- Counters placed by the Operator in the Service can be used by the Operator to analyze cookies and collect personal data about the use of the Service in order to improve the quality of the Service, the level of convenience of their use, to improve the Service. Technical parameters of work of meters are defined by the Operator and can change without the prior notice of the User.
- The Operator can use web beacons separately or together with cookies to collect information about the use of the Service. The User has the right to block web beacons when using the Service by prohibiting the uploading of images in the settings of their software (browser).
- ACCESS TO PERSONAL DATA
- The right of access to the User’s personal data is granted only to the Operator’s and/or Processor’s employees allowed to work with the User’s personal data due to their job duties on the basis of the list of persons allowed to work with personal data, which is approved by the Operator and/or Processor.
- The Operator and/or the Processor keeps up-to-date the list of employees who have received access to personal data.
- Access to the User’s personal data by persons who are not employees of except for the exception of cases established by normative legal acts.
- Access of the Operator’s and/or Processor’s employees to the User’s personal data ceases from the date of termination of labour relations or from the date when the employee loses the right to access the User’s personal data due to changes in job duties, position or other circumstances in accordance with the procedure established at the Operator/ Processor. In case of termination of labor relations, all media with the User’s personal data, which were at the disposal of the dismissed employee of the Operator/ Processor, shall be transferred to the superior employee in accordance with the procedure established by the Operator/ Processor.
- UPDATING, CORRECTION, DELETION, AND DESTRUCTION OF PERSONAL DATA
- The User may at any time change, update, supplement or delete the personal data or any part thereof by using the interface of the Service.
- In case the Operator independently identifies the fact of incompleteness or inaccuracy of personal data in the Service, the Operator shall take all possible measures to update the personal data and make appropriate corrections.
- If it is impossible to update incomplete or inaccurate personal data of the User, the Operator takes measures to delete it.
- If it is revealed that the User’s personal data is processed unlawfully, the Operator stops processing the User’s personal data, and the personal data is subject to deletion.
- In the situation of the Service interface inoperability or lack of Service functionality to change, update, add or delete personal data by the User, as well as in any other cases the User may demand in writing from the Operator to clarify his personal data, its blocking or destruction on the grounds that personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing.
- The Operator makes the necessary changes to the personal data, which are incomplete, inaccurate, or irrelevant, within a period not exceeding seven working days from the date of submission by the User of information confirming that the personal data is incomplete, inaccurate, or irrelevant.
- The Operator destroys illegally obtained or unnecessary for the stated purpose of processing personal data of the User within seven working days from the date of submission by the User of information confirming that such personal data is illegally obtained or unnecessary for the stated purpose of processing.
- The Operator notifies the User about the changes made and measures taken and takes reasonable measures to notify the persons to whom this User’s personal data was transferred.
- If it is not possible to destroy personal data within the period specified in clauses 8.6, 8.7, the Operator shall block such personal data or ensure their blocking (if the processing of personal data is carried out by another person acting on behalf of the Operator) and ensure the destruction of personal data within a period not exceeding six months, unless otherwise provided by federal laws.
- User’s rights to change, update, supplement or delete personal data may be limited in accordance with the requirements of regulatory legal acts. Such restrictions, in particular, may entail the Operator’s obligation to retain the User’s modified, updated, supplemented or deleted personal data for a period specified by normative legal acts and transfer such personal data to state bodies in accordance with the established procedure.
- Personal data processed by the Operator is subject to destruction or depersonalization upon attainment of processing goals or when it is no longer necessary to attain those goals, unless otherwise provided for by the laws of the Russian Federation.
- Documents, files, books and registers containing the User’s personal data shall be destroyed by the Operator in the manner prescribed by Federal Law No. 125-FZ "On Archival Matters in the Russian Federation.
- The issue of destruction of allocated documents containing personal data shall be reviewed by the Operator’s General Director.
- Based on the results of the review, an order on allocation of documents for destruction shall be issued and their completeness shall be checked.
- Materials selected for destruction shall be crushed mechanically to an extent that makes it impossible to read the text.
- After destruction of material carriers, the act of destruction of carriers containing personal data shall be signed.
- Destruction at the end of the processing period of personal data on electronic media is carried out by mechanical destruction of the integrity of the media, making it impossible to read or restore personal data, or removal from electronic media by methods and means of guaranteed removal of residual information.
- RESPONSES TO USER REQUESTS FOR ACCESS TO PERSONAL DATA AND THEIR DELETION
- The User has the right to receive information from the Operator regarding the processing of his personal data, including containing:
- confirmation of the fact of processing of personal data by the Operator;
- legal grounds and purposes of processing of personal data;
- methods of personal data processing used by the operator;
- name and location of the Operator, information about persons (except for employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of regulatory legal acts;
- processed personal data relating to the relevant User, the source of its receipt, unless another procedure for presentation of such data is stipulated in a regulatory legal act;
- time periods for processing of personal data, including time periods for their storage;
- procedure for the exercise by the User of the rights provided by the regulatory acts in the field of personal data;
- information about performed or expected cross-border transfer of data;
- the name or the last name, first name, patronymic, and address of the person processing personal data on behalf of the Operator, if the processing is or will be assigned to such person;
- information about the ways in which the Operator shall fulfill the obligations set forth in Article 18.1 of the Law No. 152-FZ;
- other information provided for in the laws and regulations.
- The Operator shall provide free of charge familiarization with the processed and stored personal data in the Operator’s information system upon the User’s request within ten working days from the date of receipt of the User’s written request. The specified period may be prolonged, but not more than for five working days in case the Operator sends a motivated notice to the User stating the reasons for prolongation of the period for providing the requested information.
- In case of the Operator’s refusal to provide information about the availability of personal data about the User or personal data to the User upon receipt of the User’s request the Operator shall provide in writing a reasoned response, which is the basis for such refusal, within a period not exceeding ten business days from the date of receipt of the User’s request. The specified period may be prolonged, but not more than for five working days in case the Operator sends a motivated notice to the User stating the reasons for prolongation of the period for providing the requested information.
- The Operator provides an opportunity to send a request for deletion of personal data, information about which was received by the User by sending a request to the electronic address of the Operator specified in this Policy.
- If the User submits a request, the Operator stops processing and deletes personal data within ten working days from the date of receipt of the User’s written request. The specified time period may be extended, but by no more than five working days in case the Operator sends the User a motivated notification stating the reasons for extending the time period for providing the requested information.
- The User has the right to receive information from the Operator regarding the processing of his personal data, including containing:
- INFORMATION ABOUT THE IMPLEMENTED REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA
- The security of personal data during its processing in the personal data information system is ensured by a personal data security system that neutralizes current threats.
- The Operator shall apply the personal data protection system, including legal, organizational, technical and other measures to ensure security of personal data, determined taking into account current security threats to personal data and information technologies used in information systems.
- With regard to personal data, in respect of which the User’s consent to its processing by the Processor has been given, the Operator has the right to engage on the basis of a contract a Processor to ensure the security of such personal data during its processing in the information system.
- When processing personal data in its information system, the Operator ensures:
- carrying out activities aimed at prevention of unauthorized access to the User’s personal data and/or its transfer to persons not entitled to access such information;
- timely detection of facts of unauthorized access to personal data;
- preventing impact on technical means involved in processing of personal data, which may result in malfunctioning of such means;
- possibility of immediate recovery of personal data, modified or destroyed as a result of unauthorized access to it;
- continuous control over ensuring the level of security of personal data.
- In order to comply with security requirements and to implement the personal data security system, the Operator implemented a private model of security threats to the personal data information system.
- The Operator has determined the level of protection of personal data during its processing in the information system of personal data owned by the Operator.
- Based on the results of determining the level of protection of personal data in their processing in the information system of personal data without the use of automation, the Operator has developed and implemented a set of measures to protect and ensure the security of personal data.
- The Operator uses technical means and software for processing and protection of personal data, as well as maintains an electronic log of the means of protection of personal data.
- The Operator maintains an electronic log of accounting and storage of removable media containing personal data (if available).
- The technical means ensuring operation of the personal data information system shall be located in the premises owned by the Operator by right of ownership or other proprietary right (lease, gratuitous use, etc.).
- All employees of the Operator, admitted to work with personal data, as well as related to the operation and maintenance of the information system of personal data, are familiarized with the internal documents of the Operator, regulating the procedure of work with personal data.
- The Operator has organized training for employees on how to use personal data protection tools operated by the Operator. Employees having permanent access to personal data and employees connected with operation and maintenance of personal data information system and personal data protection means are trained.
- The Operator’s internal documents stipulate that employees must immediately report to an appropriate official of the Operator about loss, damage or shortage of data carriers containing personal data, as well as about attempts of unauthorized access to personal data, its causes and conditions.
- CONSENT TO PERSONAL DATA PROCESSING
- The User decides to provide its personal data and consents to its processing freely, of its own free will and in its own interest.
- The consent to the processing of personal data provided by the User is freely given, specific, informed, conscious, meaningful and unambiguous.
- In case of processing of personal data of the User on the basis of and for execution of the Agreement, regulating the order of use of the Service, and other transactions, agreements or contracts concluded between the User and the Operator with the use of the Service, such processing of personal data of the User does not require a separate consent.
- In the case of processing of personal data of the User on the basis of his individual consent to such processing, expressed directly when using the Service by pressing the appropriate button, by ticking the appropriate checkbox indicator, sending an SMS message or e-mail, such consent to the processing of personal data is provided by the User in the form of an electronic document, signed by a simple electronic signature in accordance with the Agreement governing the use of the Service.
- Consent to the processing of personal data may be withdrawn by the User in accordance with the procedure established by regulatory legal acts.
- FINAL STATEMENTS
- When the User starts using the Service, it means that the User agrees to the terms of this policy. If the User does not agree to the terms of this policy, use of the Service must be immediately terminated.
- This Policy and the relations between the User and the Operator arising in connection with the application of this Policy shall be governed by applicable law. In particular, Users located on the territory of the Russian Federation are subject to Law No. 152-FZ.
- This Policy is permanently available to the public at the following link: https://jugru.org/privacy_policy/.
- Any suggestions or questions regarding this Policy may be directed by the User to the Operator’s User Support Team by sending an e-mail to: email@example.com.
JUG Ru Group LLC, OGRN 1177847388465, INN 7801341446, KPP 780101001
Registered address: 199004, Saint-Petersburg, V.O. 9th line, 34, Lit. A, office. 500,
Phone.: +7 (812) 982-47-96