1. General Provisions
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the "Policy") developed and applied by Limited Liability Company " Exhibition Companies Group "BIZON", abbreviated name "LLC "OVC "BIZON" (hereinafter also – "Operator") in accordance with the Federal Law of 27.07.2006 N 152-FZ "On Personal Data" (with amendments and additions), Federal Law of 13.03.2006 N 38-FZ "On Advertising" (with amendments and additions), and other regulatory acts in the field of personal data protection, which are in force on the territory of the Russian Federation.
1.2. This Policy is part of the general policy regarding the processing of personal data of LLC OVK BIZON.
1.3. This Policy applies to all personal data that can be obtained from individuals by the Operator through the website https://ctexpo.ru
/ (hereinafter referred to as the "Website"), through filling out registration forms, at events held by the Operator, and which can be unambiguously correlated with a specific individual and his personal data. This Policy does not apply to relationships:
- arising from the processing of personal data of the Operator's employees, since such relations are regulated by a separate local act, which is also part of the general policy regarding the processing of personal data of LLC OVK BIZON;
- terms and relations that Federal Law No. 152-FZ "On Personal Data" does not apply to (Clause 2 of Article 1).
1.4. The Policy defines the Operator's behavior regarding the processing of personal data accepted for processing, the procedure and conditions for processing personal data of individuals who have transferred their personal data for processing to the Operator (hereinafter also referred to as the "Subject of personal data", "Subject") with and without the use of automation tools, establishes procedures aimed at prevention of violations of the legislation of the Russian Federation, elimination of the consequences of such violations related to the processing of personal data.
1.5. The Policy is designed to ensure the protection of the rights and freedoms of Personal data Subjects when processing their personal data, as well as to establish the responsibility of the Operator's officials who have access to the personal data of Personal data Subjects for non-compliance with the requirements and norms governing the processing of personal data.
1.6. The Operator processes the following personal data:
- last name, first name;
- phone number;
- email address;
1.7. When using the services of the Website, the Operator also processes other depersonalized data that is automatically transmitted during the use of the Website through the software installed on the computer:
- information about the used browser (or other program with which the site is accessed);
- IP address;
- cookie data.
The Operator guarantees that organizations external to the Operator do not have access to such data that can be used by the Operator, except in cases explicitly stipulated by the current legislation of the Russian Federation and this Policy. Upon receipt of personal data not specified in this section, such data is subject to immediate destruction.
1.8. The Operator processes personal data of Personal data Subjects by maintaining databases in automated, mechanical, manual ways in order to:
1.8.1. in case of the expressed consent of the Subject of personal data, in order to promote the goods, works and services of the Operator on the market, notification of ongoing promotions, events, marketing campaigns of the Operator.
1.8.2. for other purposes, if the relevant actions of the Operator do not contradict the current legislation, the Operator's activities, and the consent of the Personal Data Subject has been obtained for carrying out the specified processing.
1.8.3. the data specified in clause 1.7. of this Policy are processed in order to carry out Site analytics, track and understand the principles of Site use by visitors, improve the functioning of the Site, solve technical problems of the Site, develop new products, expand services, identify the popularity of events and determine the effectiveness of advertising campaigns; ensure security and prevent fraud.
1.9. The Operator processes personal data by performing any action (operation) or a set of actions (operations), including the following:
- clarification (updating, changing);
- transfer (distribution, provision, access);
2. Reception, Use and Disclosure of Personal Data
2.1. The Operator receives and begins processing the Subject's personal data from the moment of receiving his consent.
Consent to the processing of personal data may be given by the Subject of personal data in any form that allows confirming the fact of obtaining consent, unless otherwise established by federal law: in writing, orally or in any other form provided for by applicable law, including through the performance of the Subject of personal data of the conclusive actions. In the absence of the consent of the Personal data Subject to the processing of his personal data, such processing is not carried out.
2.2. Personal data of the personal data Subjects are obtained by the Operator:
• by personal transfer of personal data by the Subject when entering information into the accounting forms in writing on paper when registering at the Operator's events;
• by personal transfer of personal data by the Subject when entering information into accounting forms in electronic form on the website at arms-expo.ru;
• in other ways that do not contradict the legislation of the Russian Federation and the requirements of international legislation on the protection of personal data.
2.3. Consent to the processing of personal data is considered to be provided by the Personal Data Subject performing any action or a combination of the following actions:
• filling out a paper document when registering at the Operator's events;
• placing an order on the Operator's Website;
• marking on the Site in the appropriate form of consent to the processing of personal data in the amount, for the purposes and in the manner provided for in the text proposed before obtaining consent for review;
2.4. The consent is considered as received in accordance with the established procedure and is valid until the Subject of personal data sends a corresponding application for termination of processing of personal data at the Operator's location.
2.5. The subject of personal data may withdraw his consent to the processing of personal data at any time, provided that such a procedure does not violate the requirements of the legislation of the Russian Federation.
To revoke consent to the processing of personal data, the subject of personal data must send a written notification to the postal address: 129223 Moscow, Russian Federation, P.B 10, or by e-mail firstname.lastname@example.org
In case if the Personal data Subject withdraws consent to the processing of his personal data, the Operator must stop processing them or ensure the termination of such processing (if the processing is carried out by another person acting on behalf of the Operator) and if the storage of personal data is no longer required for the purposes of their processing, destroy personal data or ensure their destruction (if processing of personal data is carried out by another person acting on behalf of the Operator) within a period not exceeding 30 (Thirty) days from the date of receipt of the specified recall, unless otherwise provided for by the contract to which the Personal Data Subject is a party, beneficiary or guarantor, by another agreement between the Operator and the Personal data Subject, or if the Operator is not entitled to process personal data without the consent of the Personal Data Subject on the grounds provided for by Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006. or other federal laws.
3. Rules and Procedures for Personal Data Processing
3.1. In order to achieve the objectives of this Policy, only those employees of the Operator who are assigned such a duty in accordance with their official (labor) duties are allowed to process personal data. The operator requires its employees to respect the confidentiality and security of personal data when processing them.
3.2. In accordance with this Policy, the Operator may process personal data independently, as well as with the involvement of third parties who are engaged by the Operator and carry out processing to fulfill the purposes specified in this Policy.
3.3. In case of assignment of personal data processing to a third party, the volume of personal data transferred to a third party for processing and the number of processing methods used by this person should be the minimum necessary for them to fulfill their duties to the Operator. With regard to the processing of personal data by a third party, the obligation of such a person to respect the confidentiality of personal data and to ensure the security of personal data during their processing is established.
The Operator stores the personal information of the Subjects of Personal Data in accordance with the current legislation.
3.4. Confidentiality is maintained with respect to the personal information of the Personal Data Subject, except in cases where the Subject voluntarily provides information about himself for general access to an unlimited number of persons. In this case, the Subject of Personal Data agrees that a certain part of his personal information becomes publicly available.
4. Information about the Implemented Requirements for the Protection of Personal Data
4.1. The Operator's activity in processing personal data is inextricably linked with the Operator's protection of the confidentiality of the information received.
4.2. The Operator requires other persons who have gained access to personal data not to disclose to third parties and not to distribute personal data without the consent of the Subject of personal data, unless otherwise provided by federal law.
4.3. All employees of the Operator are obliged to ensure the confidentiality of personal data, as well as other information established by the Operator, if this does not contradict the current legislation of the Russian Federation.
4.4. In order to ensure the security of personal data during their processing, the Operator takes the necessary and sufficient legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to them. The Operator ensures that all implemented measures for organizational and technical protection of personal data are carried out legally, including in accordance with the requirements of the legislation of the Russian Federation on personal data processing.
4.5. The Operator applies the necessary and sufficient legal, organizational and technical measures to ensure the security of personal data, including:
- identification of threats to the security of personal data during their processing in personal data information systems;
- application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of personal data protection established by the Government of the Russian Federation;
- the use of information security tools that have passed the compliance assessment procedure in accordance with the established procedure;
- assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;
- tracking, recording and accounting of machine carriers of personal data;
- detection of unauthorized access to personal data and taking precaution measures;
- recovery of personal data modified or destroyed due to unauthorized access to them;
- carrying out measures aimed at preventing unauthorized access to personal data and (or) transferring them to persons who do not have the right of access to such kind of information;
- timely detection of unauthorized access to personal data and taking the necessary precautionery measures;
- prevention of the impact on the technical means of automated processing of personal data, as a result of which their functioning may be disrupted;
- establishment of rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;
- control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.
The measures to ensure the security of personal data implemented by the Operator within the framework of the personal data protection system, taking into account the current threats to the security of personal data and the used information technologies, include:
- identification and authentication of access subjects and access objects;
- control of access subjects to access objects;
- limitation of the software environment;
- protection of machine data carriers on which personal data is stored and/or processed;
- registration of security events;
- antivirus protection;
- intrusion detection (prevention);
- ensuring the integrity of the information system and personal data;
- protection of the virtualization environment;
- protection of technical means;
- protection of the information system, its means, communication and data transmission systems;
- identification of incidents (one event or a group of events) that may lead to failures or disruption of the functioning of the information system and (or) to the emergence of threats to the security of personal data, and responding to them;
- configuration management of the information system and personal data protection system.
4.6 In order to ensure that the level of personal data protection complies with the requirements of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" and Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection", the Operator does not disclose information about specific means and measures used to ensure the information security of personal data.
4.7. The Operator undertakes not to disclose the information received from the Subject of personal data. It is not considered a violation for the Operator to provide information to agents and third parties acting on the basis of an agreement with the Operator to fulfill obligations to the Subject of personal data. Disclosure of information in accordance with reasonable and applicable requirements of the law is not considered a violation of obligations.
5. Consent to Receive Advertising Information via Telecommunication Networks
5.1. Submitting a request to receive a newsletter / subscribing to receive advertising information:
- when registering at an event held by the Organizer, by filling out the appropriate document on paper;
- on the Website, by putting a check mark by the Subject of personal data on the corresponding web page;
means the consent of the Subject of Personal Data to receive from the Operator and third parties attracted by the Operator, via telecommunication networks (by the provided mobile phone number and e-mail address) information messages, including commercial advertising information (advertising) specified in clause 1.8.2. of this Policy.
5.2. By giving the consent specified in clause 5.1. of this Policy, the Personal Data Subject confirms that he acts of his own free will and in his own interest, as well as that the specified personal data is reliable.
6. Final Provisions
6.1. This Policy is approved by the order of the General Director of LLC OVK BIZON and comes into force from the date of its signing.
6.2. In case of need changes and additions approved by the order of the General Director of LLC OVK BIZON may be made to this Policy.
6.3. The current version of the Confidentiality Policy is publicly available on the Internet at the following address: https://ctexpo.ru