Personal data composition and processing goals
The Company may process personal data exclusively for the purpose for which they were gathered, and of which the personal data subject was informed at the time of their provision (e.g. in the Policy, in the text of consent to the processing of personal data, or in any other way).
In particular, the Company may process the following personal data in order to achieve the goals stated below:
- to ensure normal and secure operation of Company’s websites: technical data of the devices of Company’s website users (including user device identifiers, and information about website use), automatically gathered by web analytics systems used on Company’s websites and defined in the Policy;
- to interact with the existing and prospective clients of the Company as part of contacts maintained regarding requests, product promotion and arrangements for events, and handling of product complaints: full name, contact numbers of mobile and office phones, email addresses, employment information (including company name and address, and position), as well as other data that may be provided to the Company by means of filling our feedback forms on Company’s website, sending messages via communication links, providing business cards or otherwise;
- to look for and employ candidates for positions: full name, age, educational background, employment history and work experience, information about skills and professional competencies, as well as any such information that may be provided by candidates in their resumes and communications with the Company.
The Company shall not process biometric data, as well as information concerning racial or ethnical identity, political views, religious or philosophical beliefs, and intimate life. The Company shall not allow decisions to be made based exclusively on automated personal data processing as such decisions give rise to legal implications for personal data subjects or otherwise affect their rights and lawful interests. The Company shall not disseminate personal data, and shall not place them in publicly available sources without written consent of the subject of personal data.
Use of cookie files and other web analytics tools
Cookies are small files created and saved by the browser when you visit the Company’s website. Cookie files are stored on the device for no more than 6 months, they enable the Company to track website performance and characteristics of its use, as well as streamline marketing activities on the Internet.
Visits to and use of the Company’s website imply by default that cookie files are generated and saved. However, the user may at any time delete cookie files from the device using browser settings. The user may also refuse to accept cookie files but in that case the Company cannot guarantee the use of all of the website functionalities (e.g. remembering visitor’s language preferences).
The Company’s website uses the following types of web analytics tools:
Technical and functional cookies
These files are used to ensure uninterrupted website functioning, as well as to remember the settings selected by the user (in particular, language selection and popup banners).
Marketing and analytical cookies and pixels
The Company’s website uses Yandex.Metrika to gather and statistically analyze the data related to the website use. The information obtained through the use of the service does not allow to identify the user.
Legal grounds for processing personal data
The Company shall process personal data for the goals stated above when:
- processing is performed with the consent of the personal data subject;
- processing is required in order to exercise the rights and lawful interests of the Company or third parties as long as the subject’s rights and lawful interests are not violated in doing so;
- processing is required in order to enter into, execute, modify or terminate the contract to which the subject is a party or beneficiary, including, but not restricted to, this User Agreement;
- processing is required in order to perform functions, powers or responsibilities vested in the Company by the Russian legislation.
Involvement of third parties into personal data processing
To achieve the above stated goals, and if there are legal grounds, personal data may also be processed by third parties that were instructed by the Company to process personal data or received personal data from the Company (or were granted access to the same) for the above stated goals in accordance with the legislation.
Such third parties may include, but are not restricted to, companies of the PM Vent group, the Company’s counterparties (including, but not restricted to, those rendering services related to website hosting support of the used information systems, arrangements for events), as well as public power bodies in the cases provided for in the legislation. The Company may also receive personal data from such third parties.
The data used by web analytics systems may also be received and processed by third party providers of such systems (including, but not restricted to, Yandex LLC), in which personal data are processed with a view to making the website available to the users and performing the User Agreement.
Guidelines for processing personal data
The Company shall process personal data based on the following guidelines:
- personal data shall be processed on a lawful and fair basis;
- personal data processing shall be limited to the achievement of specific pre-determined and lawful goals;
- no processing of personal data is permitted if it is incompatible with the goals of gathering personal data;
- no aggregation of databases is permitted if they contain personal data to be processed for mutually incompatible goals;
- only the data that meet the goals of their processing shall be processed;
- the content and scope of personal data shall be in conformity with the stated processing goals. It is not permitted to process personal data that are redundant in relation to the stated processing goals;
- personal data shall be processed with a view to ensuring personal data accuracy, adequacy, and, if necessary, relevance in relation to the goals of personal data processing, and the necessary measures shall be taken to delete or update the incomplete or inaccurate personal data;
- personal data shall be stored in a format making possible the identification of the personal data subject, for no longer than required by the goals of personal data processing, if the storage period is not set forth in the federal law, consent to processing, or a contract to which the personal data subject is a beneficiary or guarantor;
- processed personal data shall be processed upon achievement of data processing goals or if there is no further need to achieve such goals, unless otherwise provided in the federal law;
- personal data processing may not be used for the purpose of causing property and/or moral harm to personal data subjects, and preventing them from exercising their rights and freedoms.
Personal data security measures
The Company shall take all the necessary legal, organizational and technical measures to protect the received personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision or dissemination of personal data, other unlawful actions in relation to personal data, and shall comply with the guidelines and rules for processing personal data, provided for in the Law on Personal Data, and other regulations.
The Company has appointed a person responsible for organizing personal data processing.
The Company’s internal documents that are binding on all the employees of the Company, as well as other relevant agreements with partners, counterparties, and other third parties, to the extent they are applicable to them, shall define:
- procedures for providing access to information;
- procedures for editing personal data with a view to ensuring their accuracy, reliability and relevance, including in relation to the processing goals;
- procedures for destroying or blocking personal data in case it is necessary to carry out such procedure;
- procedures for processing requests and personal data subjects (their legal representatives) for the cases provided for in the Law on Personal Data, and more specifically, the procedure for preparing information on the availability of personal data related to a specific subject, information required to enable the subject (his/her legal representative) to familiarize him/herself (his/her legal representatives) with his/her personal data, as well as procedures for processing requests for personal data updating, blocking or destruction, if they are incomplete, outdated, inaccurate, illegally obtained, or are unnecessary for the established goal of processing;
- procedures for processing queries received from the authorized body for the protection of the rights of personal data subjects;
- procedures for obtaining a consent of the personal data subject for the processing of personal data;
- procedures for transferring personal data to third parties;
- procedures for handling physical carriers of personal data;
- procedures required for notifying the authorized body for the protection of personal data subjects within the timeframe set out in the Law on Personal Data.
The Company shall implement the necessary and adequate legal, organizational and technical measures, including, but not restricted to:
- development of internal documents on matters related to personal data processing, as well as local regulations setting out procedures aimed at preventing and detecting violations of the RF legislation, and removing the implications of such violations;
- personal data protection from unauthorized access, unlawful processing or transfer, as well as loss, alteration, or destruction;
- establishment and implementation of technical and organizational measures to ensure the protection of personal data, prior to the introduction of new processes for processing personal data and new personal data information systems;
- identification of threats to the security of personal data during their processing in information systems;
- establishment of rules for accessing personal data processed in information systems, as well as provisions for logging and taking into account the actions related to personal data in information systems;
- monitoring and efficiency evaluation of used measures;
- detection of cases of unauthorized access and other incidents, measures aimed at remedying and mitigating their consequences;
- provision of access to personal data only in the cases and manner provided for in the RF legislation;
- familiarization of Company’s employees directly engaged in personal data processing with the provisions of the RF legislation, including the requirements for personal data protection, documents determining the Company’s personal data processing policy, local regulations on matters related to personal data processing, requirements for non-automated processing and/or training of the above employees.
Contacts involving matters related to personal data processing
In case of any queries or requests regarding personal data processing, personal data subjects may contact us by email at email@example.com or send a letter to the address of the Company.
Personal data subjects have the right to receive information on how the Company processes personal data, including information on the personal data list, grounds, goals and timeframe for their processing, third parties to whom they are transferred, as well as other information. In addition, personal data subjects may send a request to update or modify their personal data. Personal data subjects also have the right to withdraw their consent to the processing of personal data given by them to the Company.
This Policy may be updated or otherwise modified from time to time by the Company, any changes shall be published by the Company and shall take effect from their publication. The up-to-date text of the Policy is posted to our website at www.pmvent.ru/policy.