PRIVACY AND PERSONAL DATA PROCESSING POLICY OF THE WEBSITE
1. General provisions
1.1. This Privacy and Personal Data Processing Policy (hereinafter referred to as the "Policy") is an official document of the Moscow Chamber of Commerce and Industry Union (TIN 7710104913, OGRN 1037739268270), registered at: 115088, Moscow, 38 Ball Bearing Street, building 1 (hereinafter referred to as the "Administration"), which is the administrator of the Website https://startbizmsc.ru /, including all pages of this Site and its subdomains at any level), as well as by the Operator of Personal Data), which determines the procedure for processing and protecting information (including the procedure for protecting and processing of their personal data) about individuals using the website https://startbizmsc.ru / (hereinafter referred to as the "Site") (hereinafter referred to as Users).
1.2. This Privacy and Personal Data Processing Policy applies to all information and data that the Moscow Chamber of Commerce and Industry Union may receive about a user of the global Internet (User) using the Site, and is aimed at regulating the provision of adequate protection of information about Users, including their personal data, from unauthorized access. and disclosures. Issues related to the collection, storage, dissemination and protection of User information may be supplemented and set out in other official documents of the Site Administration and in the norms of current Russian legislation.
1.2.1. FOR THE PROCESSING OF PERSONAL DATA AUTHORIZED BY THE USER FOR DISTRIBUTION, THE LAW PROVIDES FOR SPECIAL CONDITIONS AND PROCEDURES FOR PROCESSING (art. 10.1 OF FEDERAL LAW NO. 152-FZ of 27.07.2006). THUS, THE PROCESSING OF PERSONAL DATA AUTHORIZED BY THE USER FOR DISTRIBUTION IS CARRIED OUT BY THE OPERATOR SOLELY ON THE BASIS OF THE INFORMED CONSENT OF THE PERSONAL DATA SUBJECT TO THE PROCESSING OF PERSONAL DATA AUTHORIZED BY THE SUBJECT FOR DISTRIBUTION.
1.3. Consent to the processing of personal data is an integral part of this Policy (https://startbizmsc.ru/agreement /).
1.4. The use of the Website is governed by this Privacy Policy and the processing of personal data on the Website (https://startbizmsc.ru/policy /), Consent to the processing of personal data (https://startbizmsc.ru/agreement /), Consent to the processing of personal data authorized by the subject personal data for dissemination (to be processed additionally in cases prescribed by applicable law), The Site's User Agreement (https://startbizmsc.ru/agreement /).
1.5. If the User does not agree with the terms of this Policy, then in order to terminate the Policy in relation to him, the User must stop using the Site, including by visiting the Site.
1.6. The User's use of the Site, in any way and in any form within its declared functionality, including: (a) registration /authorization on the Site; (b) access to the Site; (c) other use of the functionality of the Site or any services of the Site, the User confirms that:
- a) Read the terms of this Policy in full before using the Site or any of the Site's services. b) Accepts all the terms of this Policy in full without any exceptions or restrictions on the part of the User and undertakes to comply with them, or in case of disagreement with any terms of this Policy, the User is obliged to completely refrain from using the Site or any services of the Site in any form.
- c) Marking in the appropriate field during registration/authorization on the Site, together with other specific actions of the User, is recognized by the Parties as an analogue of the User's handwritten signature when processing (using software) electronic documents sent from the User to the Administration, including obtaining any necessary consents (including Consent to the processing of personal data) and confirmations from the User, and/or exchanged between the Parties, including recognition by the Parties of compliance with the written form of the transaction, subject to the requirement of a signature, if a person commits a transaction using electronic or other technical means that make it possible to reproduce the contents of the transaction unchanged on a tangible medium, and the User's actions indicated above are considered to be agreed upon by the Parties in a manner that reliably identifies the person who expressed his will to conclude the transaction.
1.8. The Policy uses the following basic concepts:
- a) automated processing of personal data — processing of personal data using computer technology;
- b) blocking of personal data — temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data);
- c) personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing;
- d) depersonalization of personal data — actions as a result of which it is impossible to determine the identity of personal data to a specific personal data subject without using additional information; e) personal data processing — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data; f) operator (in the terminology of the General Data Protection Regulation (GDPR), adopted by Resolution (European Union) 2016/679: controller) — a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) processing personal data, and also defining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
- g) personal data — any information relating directly or indirectly to a specific or identifiable natural person (personal data subject);
- h) provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons;
- i) dissemination of personal data — actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or at familiarizing with personal data of an unlimited number of persons;
- k) destruction of personal data — actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed; l) A processor is a natural or legal person, government agency, agency or other body that processes personal data on behalf of and on behalf of the controller.
1.9. Legal grounds for personal data processing:
Personal data is processed in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data", Article 53 of Federal Law No. 126-FZ of 07.07.2003 "On Communications", the Labor Code of the Russian Federation, Decree of the Government of the Russian Federation dated 11/01/2012 No. 1119 "On Approval of Protection Requirements personal data during their processing in personal data information systems", by Decree of the Government of the Russian Federation dated September 15, 2008. No. 687 "On approval of the Regulation on the specifics of personal Data Processing carried out without the use of automation tools" and other regulatory legal acts in the field of personal data protection.
2. Personal information of Users that is received and processed by the Moscow Chamber of Commerce and Industry
2.1. Within the framework of this Policy, "User's Personal Information" means:
2.1.3. The Administration does not purposefully collect "sensitive personal data", and the Administration cannot request the User's consent to such processing, since it is not aware in advance of the potentially sensitive nature of such personal information.
- 2.1.1. Personal information, including personal data that the User provides about himself/herself during registration/authorization on the Website.
- 2.1.2. The information required to be provided, marked in a special way, includes:
- a) a valid mobile phone number and/or a valid email address; b) consent to the terms of the User Agreement, Privacy Policy and Personal Data Processing, Consent to the processing of personal data.
- c) personal data that can be collected and processed by the owner of the personal data database (the Site Administration), among other things, can be understood (at the same time, a specific list of personal data will be determined solely based on the data of the registration and registration forms of the Site and the services of the Site: last name, first name, patronymic (if any); date of birth; contact information (mobile radiotelephone subscriber device number, fixed telephone subscriber device number, e-mail address, etc.); IP address of Users' devices (unique network address of a node in a computer network built using the IP protocol); information from cookies (a small piece of data sent by a web server and stored on the User's computer, which the web client or web browser sends each time to the web server in an HTTP request when trying to open the page of the corresponding site); User-Agent, including the browser and its version, through which the User accesses The Website and/ or any service of the Website (or any other program that provides access to the display of advertising); the time of access to the Website and / or any service of the Website; the address of the Internet page on which the advertising block is located; referrer (address of the previous page); geolocation service data; anonymized user ID in an automated system, which cannot be identified by an individual without additional information.; characteristics of a user's interaction with a web resource, including the use of a keyboard, mouse, and navigation through a web resource (including the history of search queries, as well as characteristics of interaction with the content of a web resource in terms of various measurement metrics, for example, but not limited to: visit time, bounce rate, browsing depth, interaction with the start button, the time of inspection, refusal, inspection, etc.); javascript code uploaded to the pages of a web resource; the structure and attributes of web forms hosted on the pages of a web resource; attributes of the following HTML elements: iframe, object, embed, applet; URL requests made from web pages to "third" party domains; content of the DOM model of the web page or its individual elements; operating system and its version; operating system bit rate; name and model of the client's device; Accept-Encoding (HTTP protocol header, which specifies a list of supported ways to encode the contents of an entity during transmission); Accept-Language (HTTP protocol header, which specifies a list of supported natural languages); screen resolution; color depth; ActiveX accessibility; time zone; browser fonts; browser plug-ins; supported languages; canvas fingerprint; number of logical CPU cores; amount of RAM; WebGL parameters, any other information entered/ provided independently by the User of the Site (or from his device) on his own initiative, and which can be attributed to personal data. At the same time, the User is prohibited from specifying data in the transmitted personal data that poses a particular risk to the User's rights and freedoms (the so-called "sensitive personal data"): racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, data related to health, sexual life, biometric or genetic data. The User should take into account that the Administration cannot request the User's consent to such processing, since it is not aware in advance of the potentially sensitive nature of the personal data that the User may publish.
2.2. This Policy applies only to the Moscow Chamber of Commerce and Industry Union. The Moscow Chamber of Commerce and Industry Union does not control and is not responsible for third-party websites and software to which the User can click on links available on the Website and the use of personal information provided by the User on third-party websites.
2.3. The methods of obtaining (collecting) Users' personal data are:
- 2.3.1. User's indication of data when filling out electronic questionnaires and questionnaires in cases of participation or registration in programs, promotions, events and services.
3. The purposes of collecting and processing Users' Personal Information. Legitimate interests
3.1. The single purpose of collecting and processing personal data under this Policy is to ensure that the User can be identified within the Site and/or the Site's services in order to provide the Moscow Chamber of Commerce and Industry Union with the opportunity for the User to use the Site and/or the Site's services.
In order to achieve the specified Single Purpose of processing personal data, the Site Administration has the right to perform the following necessary and integral actions, namely:
- a) registration, identification of the User within the framework of the Site and the services of the Site;
- b) providing the Site Users with the opportunity to use the Site and the Administration's Services;
- c) analysis and research of User preferences in order to improve the Site and/or any Website service, to carry out measurements, collect statistics, analytics and use other business services, including for the purpose of providing such impersonal data to third parties (for example, but not limited to: targeted metrics about the types of, types and number of views, advertising materials, and the effectiveness of advertising campaigns, User actions outside the Site, as a result of going to the advertiser's website after interacting with ads on the Website and/or any Website service; other generalized statistics in the form of analytical reports and measurement reports);
- d) sending/posting news, advertising, survey, statistical, marketing and other information about the Website and/or any Website service, including for personalization of Website functions and/or any Website service, content, content preferences, advertising, promotional offers and other sponsored content, offering recommendations (for example, subscriptions, channels, groups, events that may be of interest to the User, etc.); to develop, test and improve the products of the Website Administration and/or any Website service, including through conducting surveys and research, as well as testing new products and functions and troubleshooting them;
- e) sending information messages; f) conducting marketing, statistical and audit research, including surveys of User satisfaction with the Website and/or any Website service.
3.2. The legitimate interests of the Administration include:
- (I) Website maintenance and administration; (II) offering Users other services, tools, and products that, in the opinion of the Administration, may be of interest to the User (this applies, among other things, taking into account the interests of users: the work of recommendation technologies, or advertising, or relevant search results, including those based on previous User requests); (iii) collection, processing and presentation of statistical data, big data and other research; (IV) compliance with any contractual, legal or regulatory obligations under applicable law.
4. Conditions for processing the User's Personal Information and its transfer to third parties
4.1. The processing of the User's personal data (User's Personal Information) is carried out by the Moscow Chamber of Commerce and Industry in accordance with the legislation of the Russian Federation.
4.2. The User gives his consent to the processing of personal data by the Committee for Public Relations and Youth Policy of the City of Moscow (location: 36 Novy Arbat, Moscow, tel. 495-633-60-10).
These personal data are necessary for verifying compliance by the Moscow Chamber of Commerce and Industry Union with the terms of the project "Start Your Business with Moscow University Business School for International Students" in accordance with the grant agreement No. 076-GM/23 dated October 20, 2023, concluded between the Moscow Chamber of Commerce and Industry Union and the Committee for Public Relations and Youth Policy of the City of Moscow.
4.3. Principles of personal data processing
-
4.3.1. The processing of personal data by the Operator is based on the following principles:
-
a) the processing of personal data is carried out by the Operator on a lawful and fair basis and is limited to achieving specific, predetermined and legitimate goals. Only personal data that meets the purposes of their processing is subject to processing. The content and volume of personal data processed by the Operator correspond to the stated purposes of processing, redundancy of the processed data is not allowed;
- b) restrictions on the processing of personal data to achieve specific, predetermined and legitimate goals;
- c) ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
- d) preventing the consolidation of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
- e) processing only those personal data that meet the purposes of their processing;
- f) compliance of the content and volume of the processed personal data with the stated purposes of processing;
- g) preventing the processing of personal data that is excessive in relation to the stated purposes of their processing; h) destruction or depersonalization of personal data upon achievement of the purposes of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate violations of personal data, unless otherwise provided by federal law; i) the storage of personal data must be carried out in a form that makes it possible to identify the subject of personal data, no longer than the purposes of personal data processing require, unless the period of storage of personal data is established by federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor. The processed personal data is subject to destruction or depersonalization upon achievement of the processing objectives or in case of loss of the need to achieve these objectives, unless otherwise provided by federal law.
4.4. With respect to the User's Personal Information, its confidentiality is maintained, except in cases where the User voluntarily provides information about himself for general access to an unlimited number of persons.
4.5. The transfer is carried out to any third party in order to ensure the legal protection of the Administration or third parties in case of violation of the User Agreement by the User, or in a situation where there is a threat of such violation.
4.6. The Administration has the right to transfer anonymized data to a third party. In this case, if there is a possibility of aggregation of such data with the relevant personal data held by a third party, the Administration takes all necessary steps to obtain guarantees for the protection of the transmitted data by a third party.
4.7. Personal data is stored by the Administration in a form that allows determining the subject of personal data for no longer than the purposes of personal data processing require, unless the period of personal data storage is established by federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor. The personal data being processed is subject to destruction or depersonalization upon achievement of the processing objectives, unless otherwise provided by federal law.
4.8. Personal data is processed in an automated manner in personal data information systems.
4.9. Unless otherwise stipulated by the text of this Policy, the Administration does not carry out cross-border transfer of personal data and does not make decisions regarding the subject of personal data based solely on automated processing.
4.10. Taking into account the above, as well as taking into account the Administration's compliance with the processing objectives, the User agrees and instructs the Administration to perform the following actions:
- - processing, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), comparison, extraction, use, blocking, deletion/destruction of the User's Personal Information;
- - transfer of Personal Information to the Committee of Public Relations and Youth Policy of the City of Moscow, and its processing;
4.11. The User agrees to the processing of the data collected by the Website/Data services, to the extent specified in the Site Policy.
5. Measures applied to protect Users' Personal Information
5.1. The Moscow Chamber of Commerce and Industry Union takes necessary and sufficient organizational and technical measures to protect the User's Personal Information from unauthorized access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties in relation to it.
5.2. The Administration does not guarantee the security of the data transmitted by the User to the Website and its services, unauthorized access to which may be obtained by third parties as a result of any illegal actions. Any data transfer is performed by the User at his own risk.
5.3. When processing the User's Personal Information, the Administration takes the necessary legal, organizational and technical measures to protect them from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions with respect to such data. Such measures, in accordance with Federal Law No. 152-FZ of 27.07.2006 "On Personal Data", in particular, include the following::
- - a person responsible for organizing the processing and ensuring the security of personal data has been appointed;
- - this Policy has been developed, local acts on personal data processing, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations;
- - internal control of the compliance of personal data processing with the requirements of the Federal Law and regulatory legal acts adopted in accordance with it is organized;
- - employees of the Administration who directly process personal data are familiar with the provisions of the legislation of the Russian Federation on personal data, including the requirements for personal data protection, this Policy and local acts of the Administration on personal data processing;
- - The Administration conducts periodic checks of compliance with the procedure for processing and ensuring the security of personal data.
6. The procedure for storing Users' Personal Information
6.1. Recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation is carried out by the Administration exclusively on server facilities located on the territory of the Russian Federation.
6.2. Consent to the processing of personal data may be revoked by the User by sending a written application, which is signed by the User and delivered, or sent by registered mail with a notification of delivery to the Moscow Chamber of Commerce and Industry to the address indicated at the beginning of this Consent. Consent to the processing of personal data can also be revoked by the User in any legal way, including in information systems using automation tools.
7. Other terms
7.1. The Site does not control and is not responsible for third-party sites and services to which the User can click on links/buttons available on the Site, as well as for the content of such sites and services.
7.2. Any changes to the Policy will take effect from the moment the new version of the Policy is published on the Website. Continued use of the Site after the publication of the new version of the policy on the Site will mean that the User agrees to the changes in the policy. In case of disagreement with the policy changes that have entered into force, the user is obliged to stop using it on his own.
7.3. The applicable law under this policy is the law of the Russian Federation. All disputes regarding the Policy are resolved in accordance with the current legislation of the Russian Federation at the location of the Administration.