WEBSITE PERSONAL DATA PRIVACY AND PROCESSING POLICY
1. General Provisions
1.1. This Personal Data Privacy and Processing Policy (hereinafter referred to as "the Policy") is an official document of the Moscow Chamber of Commerce and Industry (TIN 7710104913, OGRN[1] 1037739268270) registered at: 38 Sharikopodshipnikovskaya Street, bld. 1, 115088 Moscow (hereinafter referred to as "the Administration"), which is the administrator of the Website http://startbizmsc.ru/, including all pages of this Website and its subdomains at any level), as well as the Personal Data Operator), which determines the procedure for processing and protecting information (including the procedure for protecting and processing their personal data) on individuals using the Website http://startbizmsc.ru/ (hereinafter referred to as "the Website") (hereinafter referred to as "the Users").
1.2. This Personal Data Privacy and Processing Policy shall apply to all information and data that the Moscow Chamber of Commerce and Industry may receive referring to a user of the global Internet network (the User) using the Website, and is aimed at regulating the provision of adequate protection of information on Users, including their personal data, from unauthorized access and disclosure. Issues related to the collection, storage, dissemination and protection of User information may be supplemented and set out in other official documents of the Website Administration and in the norms of current Russian legislation.
1.2.1. FOR THE PROCESSING OF PERSONAL DATA AUTHORIZED BY THE USER FOR DISTRIBUTION, THE LAW PROVIDES FOR SPECIAL CONDITIONS AND PROCEDURES FOR PROCESSING (ART. 10.1 OF FEDERAL LAW OF 27.07.2006 NO. 152-FZ). THUS, THE PROCESSING OF PERSONAL DATA AUTHORIZED BY THE USER FOR DISTRIBUTION SHALL BE CARRIED OUT BY THE OPERATOR SOLELY ON THE BASIS OF THE INFORMED CONSENT OF THE PERSONAL DATA SUBJECT TO THE PROCESSING OF PERSONAL DATA AUTHORIZED BY THE SUBJECT FOR DISSEMINATION.
1.3. Personal Data Processing Consent of (https://startbizmsc.ru/en/policy/) shall be an integral part of this Policy.
1.4. Use of the Website shall be governed by this Personal Data Privacy and Processing Policy of the Website (https://startbizmsc.ru/privacy/), Personal Data Processing Consent of (https://startbizmsc.ru/privacy/1), Personal Data Processing Consent Allowed by the Personal Data Object for Dissemination (to be drawn up additionally in cases established by the current legislation), User Agreement of the Website (https://startbizmsc.ru/en/policy/).
1.5. If the User does not agree with the terms and conditions of this Policy, then in order to terminate the Policy in relation to him/her, the User must stop using the Website, including by visiting the Website.
1.6. Using the Website in any way and in any form within its declared functionality, including: (a) registration/authorization on the Website; (b) access to the Website; (c) other use of the functionality of the Website or any services of the Website, the User confirms that:
a) he/she has read the terms and conditions of this Policy in full before using the Website or any of the Website's services.
b) he/she accepts all the terms and conditions of this Policy in full without any exceptions or restrictions on the part of the User and undertakes to comply with them, or in case of disagreement with any terms and conditions of this Policy, the User shall be obliged to completely refrain from using the Website or any services of the Website in any form.
c) Marking in the appropriate field during registration/authorization on the Website, together with other specific actions of the User, shall be recognized by the Parties as an analogue of the User's handwritten signature when processing (using software) electronic documents sent from the User to the Administration, including obtaining any necessary consents (including Personal Data Processing Consent) and confirmations from the User, and/or exchanged between the Parties, including recognized by the Parties compliance with the written form of the transaction, subject to the requirement of a signature, if a person commits a transaction using electronic or other technical means that allow the contents of the transaction to be reproduced on a tangible medium in an unchanged form, and the User's actions indicated above shall be considered as agreed upon by the Parties in a manner that reliably identifies the person who expressed the will to conclude the transaction.
1.7. The Policy (including any of its parts) may be changed by the Administration without any special notification to Users. The new version of the Policy shall come into force from the moment it is posted on the Website, or brought to the User's attention in another convenient form, at the discretion of the Administration, unless otherwise provided by the new version of the Policy, the User independently shall bear the burden of verifying changes and/or additions to the Policy. The current version shall be always available on the page at: https://startbizmsc.ru/en/policy/.
1.8. The following basic concepts are used in the Policy:
a) automated personal data processing means the processing of personal data using computer technologies;
b) block of personal data means the temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data);
c) the personal data information system means a set of personal data contained in databases and information technologies and technical means that ensure their processing;
d) depersonalization of personal data means an action that makes it impossible to determine the identity of personal data to a specific personal data subject without using additional information;
e) personal data processing means any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
f) operator (according to the terminology of the General Data Protection Regulation (GDPR) admitted by the Directive (EU) 2016/679: controller means a state body, a municipal body, a legal entity or an individual who independently or jointly with other persons organize and (or) process personal data, as well as determine the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
g) personal data means any information related directly or indirectly to a specific or identifiable natural person (personal data subject);
h) providing personal data means an action aimed at disclosing personal data to a specific person or a specific group of people;
i) dissemination of personal data means actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or at familiarizing with personal data of an unlimited number of persons;
k) destruction of personal data means actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
l) processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
1.9. Legal grounds for personal data processing:
Personal data shall be processed in accordance with Federal Law of July 27, 2006 No. 152-FZ "On Personal Data", Article 53 of Federal Law of 07.07.2003 No. 126-FZ "On Communications", the Labor Code of the Russian Federation, the Decree of the Government of the Russian Federation dated 01.11.2012 No. 1119 "On Approval of Personal Data Protection Requirements During Processing in Personal Data Information Systems", by the Decree of the Government of the Russian Federation dated September 15, 2008. No. 687 "On Approval of the Regulation on the Specifics of Personal Data Processing Carried Out without the Use of Automation Tools" and other regulatory legal acts in the field of personal data protection.
2. Personal information of Users that is received and processed by the Moscow Chamber of Commerce and Industry.
2.1. For the purposes of this Policy, "User's Personal Information" means:
2.1.1. Personal information, including personal information that the User provides on himself/herself during registration/authorization on the Website.
2.1.2. The information required to be provided, marked in a special way, includes:
a) a valid mobile phone number and/or a valid email address;
b) consent to the terms and conditions of the User Agreement, Personal Data Privacy and Processing Policy, Personal Data Processing Consent.
c) personal data that can be collected and processed by the owner of the personal data database (the Website Administration), among other things, can be understood as (at the same time, a specific list of personal data will be determined solely based on the data of the registration and registration forms of the Website and the services of the Website:
last name, first name, patronymic (if any); date of birth; contact information (mobile radiotelephone subscriber unit number, fixed telephone subscriber unit number, e-mail address, etc.); city, country; nationality; gender; social media account; social status; native language and/or information about foreign language proficiency; information about education; profession, specialization; job position; work experience; area of interest; information about publications of scientific papers (discoveries, inventions); The IP address of Users' devices (the unique network address of a node in a computer network built using the IP protocol); information from cookies (a small piece of data sent by a web server and stored on the User's computer, which the web client or web browser sends each time to the web server in an HTTP request when trying to open the corresponding page Website); User-Agent, including the browser and its version, through which the User accesses the Website and/or any Website service (or other program that provides access to the display of ads); the time of access to the Website and/or to any service of the Website; the address of the Internet page on which the advertising block is located; the referrer (address of the previous page); data from geolocation services; an impersonal user identifier in an automated system, which is impossible to identify an individual without additional information; characteristics of user interaction with a web resource, including the use of a keyboard, mouse, and navigation through a web resource (including the history of search queries, as well as characteristics of interaction with the content of a web resource in terms and conditions of various measurement metrics, for example, but not limited to: visit time, bounce rate, viewing depth, screening time, rejection, inspection, etc.); javascript code uploaded to the pages of a web resource; the structure and attributes of web forms hosted on the pages of a web resource; attributes of the following HTML elements: iframe, object, embed, applet; URL requests made from web pages to "third" party domains; the content of the DOM model of the web page or its individual elements; the operating system and its version; the operating system bit rate; the name and model of the client's device; Accept-Encoding (HTTP protocol header, which specifies the list of supported methods of encoding content entities during transmission); Accept-Language (HTTP protocol header that specifies the list of supported natural languages); screen resolution; color depth; ActiveX accessibility; time zone; browser fonts; browser plug-ins; supported languages; WebGL parameters, any other information entered/provided independently by the User of the Website (or from his/her device) on his/her own initiative, and which can be attributed to personal data.
At the same time, the User is prohibited from specifying data in the transmitted personal data that poses a particular risk to the User's rights and freedoms (the so-called "sensitive personal data"): racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, data related to health, sexual life, biometric or genetic data. The User should take into account that the Administration cannot request the User's consent to such processing, since it is not aware in advance of the potentially sensitive nature of the personal data that the User may publish.
2.1.3. The Administration shall not purposefully collect "sensitive personal data", and the Administration cannot request the User's consent to such processing, since it is not aware in advance of the potentially sensitive nature of such personal information.
2.2. This Policy shall apply only to the Moscow Chamber of Commerce and Industry. The Moscow Chamber of Commerce and Industry shall not control and shall not be responsible for the Websites and software of third parties to which the User can click on the links available on the Website and the use of personal information provided by the User on third-party Websites.
2.3. The methods of obtaining (collecting) personal data of Users shall be:
2.3.1. User's indication of data when filling out electronic questionnaires and questionnaires in cases of participation or registration in programs, promotions, events and services.
3. The purposes of collecting and processing Users' Personal Information. Legitimate interests
3.1. The single purpose of collecting and processing personal data under this Policy is to enable the User to be identified within the Website and/or the Website's services in order to provide the Moscow Chamber of Commerce and Industry with the opportunity for the User to use the Website and/or the Website's services.
In order to achieve the specified Single Purpose of processing personal data, the Website Administration has the right to perform the following necessary and essential actions, namely:
a) registration, identification of the User within the framework of the Website and the services of the Website;
b) providing the Website Users with the opportunity to use the Website and the Administration's Services;
c) the use of cookies technology to analyze and study User preferences in order to improve the Website and/or any Website service, to carry out measurements, collect statistics, analytics and use other business services, including for the purpose of providing such anonymized data to third parties (for example, but not limited to: targeted metrics about types, types and number of views, advertising materials, and the effectiveness of advertising campaigns, User actions outside the Website, as a result of going to the advertiser's Website after interacting with ads on the Website and/or any Website service; other generalized statistics in the form of analytical reports and measurement reports);
d) mailing/posting of news, advertising, survey, statistical, marketing and other information about the Website and/or any Website service, including for personalization of Website functions and/or any Website service, content, content preferences, advertising, promotional offers and other sponsored content, offers of recommendations (for example, subscriptions, channels, groups, events that may be of interest to the User, etc.); to develop, test, and improve the products of the Website Administration and/or any Website service, including by conducting surveys and research, as well as testing new products and functions and troubleshooting them;
e) directing of information messages;
f) conducting marketing, statistical, and classroom research, including surveys of User satisfaction with the Website and/or any Website service.
3.2. The legitimate interests of the Administration shall include:
(i) Website maintenance and administration;
(ii) offering Users other services, tools, and products that, in the opinion of the Administration, may be of interest to the User (this applies, among other things, taking into account the interests of users: the work of recommendation technologies, or advertising, or relevant search results, including information based on previous User requests);
(iii) collection, processing, and presentation of statistical data, big data, and other research;
(iv) compliance with any contractual, legal or regulatory obligations under applicable law.
4. Terms and conditions for processing the User's Personal Information and its transfer to third parties
4.1. The processing of the User's personal data (User's Personal Information) is carried out by the Moscow Chamber of Commerce and Industry in accordance with the legislation of the Russian Federation.
4.2. The user gives his/her Personal Data Processing Consent by the Committee for Public Relations and Youth Policy of the City of Moscow (location: 36 Novy Arbat, Moscow).
These personal data are necessary to verify compliance by the Moscow Chamber of Commerce and Industry with the conditions for the implementation of the "Start Your Business with Moscow University Business School for International Students" project in accordance with the grant agreement in the form of subsidy No. 236-ГМ/24 dated October 24, 2024, concluded between the Moscow Chamber of Commerce and Industry and the Committee for Public Relations and Youth Policy of the City of Moscow.
4.3. Principles of personal data processing
4.3.1. The processing of personal data by the Operator is based on the following principles:
a) the processing of personal data is carried out by the Operator on a lawful and fair basis and is limited to achieving specific, predetermined and legitimate goals. Only personal data that meets the purposes of their processing is subject to processing. The content and volume of personal data processed by the Operator correspond to the stated purposes of processing, redundancy of the processed data is not allowed;
b) restrictions on the processing of personal data to achieve specific, predetermined and legitimate goals;
c) ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
d) preventing the consolidation of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
e) processing only those personal data that meet the purposes of their processing;
f) compliance of the content and volume of personal data processed with the stated purposes of processing;
g) preventing the processing of personal data that is excessive in relation to the stated purposes of their processing;
h) destruction or depersonalization of personal data upon achievement of the purposes of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate violations of personal data, unless otherwise provided by federal law;
i) storage of personal data must be carried out in a form that makes it possible to identify the subject of personal data, no longer than the purposes of personal data processing require, unless the period of storage of personal data is established by federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor. The personal data being processed is subject to destruction or depersonalization upon achievement of the processing objectives or in case of loss of the need to achieve these objectives, unless otherwise provided by federal law.
4.4. With respect to the User's Personal Information, its confidentiality is maintained, except in cases where the User voluntarily provides information about himself for general access to an unlimited number of people.
4.5. The transfer shall be carried out to any third party in order to ensure the legal protection of the Administration or third parties in case of violation of the User Agreement by the User, or in a situation where there is a threat of such violation.
4.6. The Administration has the right to transfer anonymized data to a third party. In this case, if there is a possibility of aggregation of such data with the relevant personal data held by a third party, the Administration takes all necessary steps to obtain guarantees for the protection of the transmitted data by a third party.
4.7. The Administration stores personal data in a form that makes it possible to determine the subject of personal data, no longer than the purposes of personal data processing require, unless the period of storage of personal data is established by federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor. The personal data being processed is subject to destruction or depersonalization upon achievement of the processing objectives, unless otherwise provided by federal law.
4.8. Personal data shall be processed in an automated manner in personal data information systems.
4.9. Unless otherwise stipulated by the text of this Policy, the Administration does not carry out cross-border transfer of personal data and does not make decisions regarding the subject of personal data based solely on automated processing.
4.10. Taking into account the above, as well as taking into account the Administration's compliance with the processing objectives, the User agrees and instructs the Administration to perform the following actions:
- processing, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), comparison, extraction, use, blocking, deletion/destruction of User's Personal Information;
- transfer of Personal Information to the Committee for Public Relations and Youth Policy of the City of Moscow, and its processing;
4.11. The User agrees to the processing of the data collected by the Website/Data services, to the extent specified in the Website Policy.
5. Measures applied to protect Users' Personal Information
5.1. The Moscow Chamber of Commerce and Industry takes necessary and sufficient organizational and technical measures to protect the User's Personal Information from unauthorized access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties in relation to it.
5.2. The Administration does not guarantee the security of the data transmitted by the User to the Website and its services, unauthorized access to which may be obtained by third parties as a result of any illegal actions. Any data transfer is performed by the User at his/her own risk.
5.3. When processing the User's Personal Information, the Administration takes the necessary legal, organizational and technical measures to protect them from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions with respect to such data. Such measures, in accordance with Federal Law of 27.07.2006 No. 152-FZ "On Personal Data", in particular, shall include the following:
- a person responsible for organizing the processing and ensuring the security of personal data has been appointed;
- this Policy has been developed, as well as local acts on personal data processing, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations;
- the implementation of internal control over the compliance of personal data processing with the requirements of the Federal Law and regulatory legal acts adopted in accordance with it has been organized;
- employees of the Administration who directly process personal data are familiar with the provisions of the legislation of the Russian Federation on personal data, including the requirements for personal data protection, this Policy and local acts of the Administration on personal data processing;
- the administration conducts periodic checks of compliance with the procedure for processing and ensuring the security of personal data.
6. The procedure for storing Users' Personal Information
6.1. Recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation is carried out by the Administration exclusively on server facilities localized on the territory of the Russian Federation.
6.2. Personal Data Processing Consent may be revoked by the User by sending a written application, which is signed by the User and delivered, or sent by registered mail with a notification of delivery to the Moscow Chamber of Commerce and Industry to the address indicated at the beginning of this Consent. Personal Data Processing Consent can also be revoked by the User in any legal way, including in information systems using automation tools.
7. OTHER TERMS AND CONDITIONS
7.1. The Website shall not control and shall not be responsible for the Websites and services of third parties to which the User can click on the links / buttons available on the Website, as well as for the content of such Websites and services.
7.2. Any changes to the policy shall take effect from the moment the new version of the Policy is published on the Website. Continued use of the Website after the publication of the new version of the policy on the Website shall mean that the User agrees to the changes in the policy. In case of disagreement with the policy changes that have entered into force, the user shall be obliged to stop using it on his/her own.
7.3. The applicable law under this policy shall be the law of the Russian Federation. All disputes regarding the Policy shall be resolved in accordance with the current legislation of the Russian Federation at the location of the Administration.
[1] Primary State Registration Number