1. TERMS DEFINITION
1.1. The following definitions are used in this Policy:
1.1.1. The websites of the Center: cmrks.ru, festmir.ru (hereinafter the Websites).
1.1.2. The Websites Administration involves persons who are authorized to manage the Websites (hereinafter the Operator), work on behalf of the Center, organize and (or) process personal data, define the personal data processing purposes, details and operations.
1.1.3. "Personal data" (hereinafter the Data) is any information directly or indirectly related to a private person (a personal data subject), defined or to be defined.
1.1.4. "Personal data processing" is any action (activity) or the series of actions (activities), with (or without) use of automatic controls, that includes collecting, recording, classification, gathering, storage, specification (updating, changing), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, deletion, erasing of personal data.
1.1.5. "Personal data privacy" is the mandatory requirement for the Operator or other persons who have access to personal data to prevent its dissemination without a personal data subject consent or the existence of any other legal basis.
1.1.6. "Personal data subject" is an individual private person who is directly or indirectly defined or to be defined by using personal data.
1.1.7. "Cookies" is a personal data subject, which is stored in a computer in the form of a piece of data, and is sent by a web client or a web browser to the web server through a HTTP request in order to open a relevant web page.
1.1.8. "IP address" is a unique web address of a node in the network based on Internet Protocol.
2. GENERAL PROVISIONS
2.1. The Center processes personal data of the following categories of personal data subjects:
— participants of events that are organized/held by the Center;
— the Center’s employees;
— family members of the Center’s employees;
— the Center’s job applicants;
— individual private persons who are in contractual relationships and other civil-law relations with the Center;
— legal persons representatives;
— the Center’s websites visitors;
— other persons who provided their personal data to the Center in person or by proxy.
2.2. A person who provided his/her personal data of any kind to the Center, including the Websites visits and forms filling, agrees with the Policy, its conditions and purposes of his/her personal data processing.
2.3. Personal data is provided to the Center on a voluntary basis and can be changed (updated, supplemented, specified, blocked, deleted) at the request of a person who submitted it.
2.4. Personal data which is provided to the Center and stipulated by the Policy terms means ascertainment of the fact that a person had or has the opportunity to review the Policy including personal data processing. If a person provides to the Center any data about other person, he/she is obliged to ensure that this person had or has the opportunity to review the Policy.
2.5. In case a person who agreed to personal data processing disagrees with the Policy terms, he/she should withdraw the agreement in written form or stop to use Websites.
2.6. The Center does not control and is not responsible for the functioning of third-party websites or mobile applications, the links to which are available on the Websites.
2.7. A personal data subject guarantees that his/her personal data provided is complete, correct and reliable; his/her personal data does not violate current legislation of the Russian Federation, third parties' legitimate rights and interests, and is filled personally. The Center and the Websites Administration does not verify personal data provided by a personal data subject.
3.1. This Policy establishes the obligations to nondisclosure and guarantee of confidentiality of personal data provided to the Center and the Websites Administration.
3.2. The Center collects both "Direct personal data" and "Anonymous data". Direct personal data is the information that allows to identify a person, for example, his full name, email address, phone number, a personal data subject’s name, login, password, mailing address, IP address and photo, as well as information associated with such data. "Anonymous data" is the information that cannot be used to identify a person, it is not associated with data that can be used for these purposes. This data includes passively gathered information about actions of a personal data subject on the Websites used by the Center (for example, information about the fact and means of use of the Websites' functions), to the extent the information is not related to Personal data.
3.3. Personal data that is allowed to be processed within the Policy is provided in different forms:
3.3.1. surname, name, patronymic name, gender and age of a personal data subject;
3.3.2. emails, phone numbers;
3.3.3. residential addresses;
3.3.4. photographic and video materials;
3.3.5. passport data, SNILS, taxpayer identification number;
3.3.6. bank details, credit/debit cards numbers and accounts;
3.3.7. preference information that personal data subject provides in settings, for example advertisement preferences, contact methods (e.g. text messages), home address, business address and (or) favorite places and survey information;
3.3.8. any data provided to the Center on the Websites by way of feedback, application or during problem solving;
3.3.9. information collected during the Websites use, including the electronic device model, browser type, operating system, Internet protocol (IP) and domain name. If a mobile device is used, a UDID or other unique identifier and mobile operating system data may be collected;
3.3.10. any data which can be processed according to the consent of a personal data subject;
3.3.11. personal data which was made public by a personal data subject;
3.4. If a personal data subject visits the Websites through a third party website, this website may provide personal data;
3.5. Since the operation of the servers depends on third party commercial software and programs, personal data may be collected unpremeditatedly due to certain automatic functions or features of such software or due to certain software changes or updates;
3.6. Any other additional provision of information initiated by a personal data subject and related to personal data is carried out voluntarily and in his/her own interest. The Data provided in this way is considered authorized for processing.
4. PURPOSES OF PERSONAL DATA COLLECTING
4.1. The Center may use personal data for the following purposes:
4.1.1. in order to contact a person by means of notifications and requests regarding use of the Websites, services provision, processing of questions, requests, offers, applications, etc.;
4.1.2. for confirmation of accuracy and completeness of the provided personal data;
4.1.3. for the upgrading of the Websites' functioning, as well as for the structure improvement, arrangements for ensuring safety and security of the Websites and provision of effective customer and technical support in case of problems associated with use of the Websites;
4.1.4. to provide a person with information about the Center’s news, events, services, and so forth on behalf of the Center (or partners of the Center) and with a person’s consent;
4.1.5. to carry out advertising activities with a person’s consent;
4.1.6. for purchase transactions' acceptance and processing;
4.1.7. to make contracts for service rendering/work fulfilment, etc., where a personal data subject is one of the parties;
4.1.8. to process requests of state control bodies and law enforcement bodies;
4.1.9. to acquire travel documents;
4.1.10. for personal data processing in accordance with the state social assistance legislation, labor legislation, pension legislation of the Russian Federation;
5. PERSONAL DATA PROCESSING METHODS AND TIME PERIOD
5.1. Personal data processing is carried out without any time limit, by any legal means, including personal data systems with (or without) use of automatic controls.
5.2. A personal data subject gives his/her consent that the Center has the right to pass personal data to the third parties such as messenger services, postal services and telecommunication services solely for the purposes of business or information cooperation with them.
5.3. Personal data can be passed to the state power authorized bodies of the Russian Federation only on the grounds and in accordance with procedures established by the legislation of the Russian Federation.
5.4. In case of personal data loss or disclosure, the Website Administration informs a personal data subject about personal data loss or disclosure.
5.5. The Center uses reasonable technical and organizational security measures to protect a personal data subject’s information from unauthorized or accidental access, destruction, alteration, blocking, copying, disclosure and other illegal actions of the third parties.
5.6. The Center and a personal data subject together take all necessary measures to prevent financial losses or other negative consequences caused by the loss or disclosure of personal data.
6. OBLIGATIONS OF THE PARTIES
6.1. A personal data subject shall be obliged to:
6.1.1. Provide necessary accurate personal data required for cooperation with the Center and for use of the Websites.
6.1.2. Update and supplement personal data provided, if this data changes.
6.2. The Center shall be obliged to:
6.2.1. use personal data for certain purposes stipulated in this Policy;
6.2.2. keep confidentiality of secret information, and not to disclose it without the prior written consent of a personal data subject, and also not to sell, exchange, publish, or disclose the provided personal data in other possible ways, with the exception of cases established by law;
6.2.3. take precautions in order to protect a personal data subject’s confidentiality in accordance with the procedure usually used to protect this kind of information in existing business practice;
6.2.4. block personal data of a personal data subject from the moment of application or request of this subject (or his/her legal representative/authorized body for personal data subjects rights protection during the verification period), in case inaccurate personal data or illegal actions were revealed.
7. RESPONSIBILITY OF THE PARTIES
7.1. In case of personal data loss or disclosure, the Center is not responsible if this confidential information:
7.1.1. became public before its loss or disclosure;
7.1.2. was received from a third party before it was provided to the Center;
7.1.3. was disclosed with a personal data subject consent;
8. SETTLEMENT OF DISPUTES
8.1. Before taking legal action due to disputes arising from the relationship between a personal data subject and the Center, a claim (or a written proposal for the voluntary settlement of the dispute) must be submitted.
8.2. The claim recipient shall notify the claimant in writing about results of the claim consideration within 30 calendar days of the date of the claim receipt.
8.3. If the agreement is not reached, the dispute will be referred to the judicial authority in accordance with the current legislation of the Russian Federation.
8.4. The current legislation of the Russian Federation applies to this Policy and the relationship between a personal data subject and the Center.
9. FINAL TERMS
9.2. The new Policy comes into force from the moment of its publication, unless otherwise provided by the new version of the Policy.