1. TERMS AND DEFINITIONS

1.1. Personal Data Operator - Limited Liability Company "METALEKS", OGRN 1237700171488, TIN 9726038924, registered at the address: 117208, Moscow, 13, bldg. 1, k.48, Sumskoy proezd, Moscow (the "Company").

1.2 Personal Data means any information relating to a directly or indirectly defined or identifiable natural person (subject of personal data).

1.3 Personal Data Processing - any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

1.4 Automated processing of personal data - processing of personal data by means of computer equipment.

1.5 Dissemination of personal data - actions aimed at disclosure of personal data to an indefinite number of persons (transfer of personal data) or familiarization of personal data to an unlimited number of persons, including disclosure of personal data in mass media, placement in information and telecommunication networks or providing access to personal data in any other way.

1.6 Provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain circle of persons.

1.7. Blocking of personal data - temporary cessation of personal data processing (except for cases when processing is necessary to clarify personal data).

1.8 Destruction of personal data - actions as a result of which it is impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.

1.9. Personal data depersonalization - actions as a result of which it is impossible to determine without using additional information the belonging of personal data to a particular subject of personal data.

1.10. Personal data information system - a set of personal data contained in databases and information technologies and technical means ensuring their processing.

1.11. Cross-border transfer of personal data - transfer of personal data to the territory of a foreign country to a foreign government authority, a foreign individual or a foreign legal entity.

1.12. Special categories of personal data - personal data concerning racial, nationality, political views, religious or philosophical beliefs, state of health, intimate life.

1.13. Biometric personal data - information that characterizes physiological and biological features of a person, on the basis of which it is possible to establish his/her identity.

1.14. Employees - employees of the Company who have access to personal data and / or are directly engaged in processing of personal data on the basis of the order of the General Director of the Company.

2. GENERAL PROVISIONS

2.1 This Personal Data Processing Policy (hereinafter - the "Policy") defines the procedure for processing personal data and measures to ensure the security of personal data in the Limited Liability Company "METALEKS", OGRN 1237700171488, TIN 9726038924, registered at the address: 117208, Moscow, 13, bldg.1, k.48, Sumskaya Proezd, Moscow (the "Company").

2.2 This Policy is developed in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" (hereinafter - "FZ-152") and other applicable laws in respect of personal data collected through the Company's websites. The policy of processing personal data of the Company's employees is regulated by a separate internal document.

2.3 The Company is a Personal Data Operator processing personal data using automation tools. The Policy applies to all personal data of subjects processed by the Company with the use of means of automation. Personal data is collected using the Company's website. The composition of personal data is specified in paragraph 3.1 of this Policy.

2.4 This Policy is binding on the Company and the Company's Employees. The Policy is a local normative act of the Company defining the obligations of the Employees to process personal data.

2.5 This Policy is available in unrestricted access and is published on the website www.magenta.legal.

2.6 The objectives of this Policy are:

- protection of human and citizen's rights and freedoms in the processing of their personal data, including the protection of the rights to privacy, personal and family secrecy;

- ensuring protection of personal data from unauthorized access, loss, unlawful use or dissemination;

- ensuring compliance with the legislation of the Russian Federation of the Employees' actions aimed at processing personal data.

3. COMPOSITION AND SUBJECTS OF PERSONAL DATA

3.1 The Company processes the following personal data: surname, first name, patronymic, address, place of birth, date of birth, marital status, education, profession, property status, social status, income, e-mail address, telephone number.

The Company does not process special categories of personal data and biometric personal data.

3.2 The subjects of personal data are persons having contractual relations with the Company, persons using the Company's services, as well as users of various services and participants of various projects on the Company's website, including persons sending requests through the feedback form on www.magenta.legal, as well as representatives of all the above-mentioned persons. The provision of personal data of other persons by the subject of personal data is not allowed.

4. PROCESSING OF PERSONAL DATA

4.1. PROCESSING PURPOSES

4.1.1 Personal data is processed for the purposes of providing services, including (but not limited to) legal consulting services, accounting services, other consulting services, distribution of marketing materials, including (but not limited to) in the form of newsletters on changes in legislation and other similar letters (including by e-mail, telephone, other means of communication), for statistical purposes, for the purpose of collecting clients' opinions on the Company's work, for the purpose of compiling (including by third parties) rankings of legal firms, for the purpose of providing legal services, for the purpose of providing information on the Company's activities, and for the purpose of providing information on the Company's activities.

4.1.2 Employees may not process personal data that is not related to the achievement of processing purposes.

4.1.3 The amount of processed personal data shall correspond to the purposes of processing. Processing of redundant personal data is not allowed.

4.2. CONDITIONS OF PERSONAL DATA PROCESSING

4.2.1 The Company has the right to process personal data only if at least one of the following conditions exists:

- processing of personal data is carried out with the consent of the subject of personal data to the processing of his/her personal data;

- processing of personal data is necessary to achieve the purposes provided for by the law, to exercise and fulfill the functions, powers and duties assigned to the Company by law;

- processing of personal data is necessary for the execution of an agreement to which the personal data subject is a party or beneficiary, as well as for the conclusion of an agreement at the initiative of the personal data subject or an agreement under which the personal data subject will be a beneficiary;

- processing of personal data is necessary for the exercise of rights and legitimate interests of the Company or third parties or for the achievement of socially important goals, provided that the rights and freedoms of the personal data subject are not violated;

- processing of personal data is carried out for statistical or other research purposes on condition of obligatory anonymization of data (except for cases of processing for the purpose of promotion of services on the market).

4.2.2 The Company ensures recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data of citizens of the Russian Federation using databases on the territory of the Russian Federation.

4.3. TERM OF PERSONAL DATA PROCESSING

4.3.1 The term of personal data processing: until the liquidation / reorganization of the Company or until the subject of personal data withdraws consent to processing.

4.3.2 Processing of personal data is also terminated when the purposes of processing are achieved, when it is impossible to achieve the purposes of processing, as well as when it is impossible to eliminate violations of personal data processing.

4.3.3 Personal data are subject to destruction or depersonalization upon termination of their processing.

4.4. ACCESS TO PERSONAL DATA

4.4.1 The Company determines the composition of employees who have access to personal data and are directly involved in the processing of personal data. The expediency of granting access to personal data is determined on the basis of local acts of the Company and based on the reasonableness of the required access rights.

4.4.2 Employees shall process personal data only at their workplaces.

4.4.3 Employees are obliged to observe confidentiality of personal data and rules of their processing.

4.4.4 The Company and Employees are obliged not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided for by federal law.

4.5. TRANSFER OF PERSONAL DATA

4.5.1 The Company has the right to entrust the processing of personal data to another person, including the Company's partners and postal services, with the consent of the subject of personal data, unless otherwise provided for by federal law. The person processing personal data on behalf of the Company shall be obliged to comply with the principles and rules of personal data processing stipulated by the Federal Law-152 and other applicable laws and regulations.

4.5.2 Any data transfer shall be performed using the encryption method corresponding to the current state of the art via HTTPS protocols.

4.5.3 It is prohibited to transfer personal data to a third party without the consent of the subject of personal data, except in cases when it is necessary to prevent a threat to life and health, as well as in cases established by Russian law.

4.5.4 Trans-border transfer of personal data is allowed in the territories of foreign countries that ensure an adequate level of protection of personal data, including the territories of the states-parties to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. Trans-border transfer of personal data in the territory of other states may be carried out by the Company only if the subject of personal data consents to the said trans-border transfer of his/her personal data.

4.5.5 Employees shall provide personal data to relatives, family members and representatives of the subject of personal data only with the consent of the subject of personal data, except for cases when the transfer of personal data without the consent of the subject of personal data is permitted by applicable law.

4.5.6 Documents containing personal data may be sent by mail or e-mail at the personal request of the personal data subject. The letter (e-mail message) must have a note on confidentiality of information and responsibility for its unlawful disclosure. It is possible to use other protected means of communication.

4.5.7 Persons receiving personal data must be warned that this data may be used only for the purposes for which it is communicated.

4.5.8 All facts of transfer of personal data to third parties must be recorded in the Company's documents.

4.6. TECHNOLOGIES AND SERVICES FOR AUTOMATIC DATA COLLECTION

4.6.1 The Company may use computer technologies and services for automatic collection and processing of information when the subject of personal data visits the Company's website: web protocols, cookies, web-tags, plug-ins, etc., as well as similar applications and tools of third parties.

4.6.2 Information on the Company's use of technologies and services for automatic collection and processing of information is brought to the attention of the subject of personal data by posting the relevant information on the Internet site, including by posting this Policy. Similarly, the subjects of personal data will be informed about their right to refuse the use of these technologies and services, the way of realization of such right, as well as the consequences of this realization.

5. RIGHTS OF THE PERSONAL DATA SUBJECT

5.1 The subject of personal data decides on the provision of his/her personal data and consents to their processing freely, of his/her own free will and in his/her own interest. The consent can be given by placing a check mark ("tick") in a special field on the website www.magenta.legal when filling in the feedback form with the Company.

5.2 The subject of personal data has the right to withdraw consent to the processing of his/her personal data at any time. Withdrawal of consent with indication of surname, first name and patronymic should be sent to the following e-mail address: info@magenta.legal . In this case, the Company shall, within ten days from the receipt of the withdrawal, cease processing the personal data of the said subject of personal data, of which the Company shall notify the subject of personal data by sending a notice to the e-mail address specified when registering on the Company's website.

5.3 The subject of personal data has the right to receive information regarding the processing of his/her personal data. The subject of personal data has the right to demand from the Company to clarify his personal data, block or destroy them in case the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect his rights. The relevant request specifying the surname, first name and patronymic of the personal data subject shall be sent to the following e-mail address: info@magenta.legal. The Company is obliged to respond to the request within 10 days of its receipt.

5.4 Processing of personal data for the purpose of promotion of services on the market by means of direct contact with potential customers by means of communication is allowed only with the prior consent of the subject of personal data. The Company is obliged to immediately stop processing of personal data for the above purposes at the request of the subject of personal data.

5.5 It is prohibited to make decisions based solely on the automated processing of personal data that give rise to legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests, except as provided by law or with the consent in writing of the subject of personal data.

5.6 The subject of personal data has the right to protection of his rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court.

6. DUTIES OF EMPLOYEES

6.1 Employees are obliged to:

- To know and fulfill the requirements of this Policy;

- to process personal data for the purposes defined by this Policy;

- Process only those personal data to which they have access;

- to keep secret the personal data they have become aware of;

- inform his/her immediate supervisor about the facts of violation of the procedure of personal data processing and about attempts of unauthorized access to personal data;

- warn the persons receiving personal data that such data may be used only for the purposes for which they were communicated;

- comply with the requirements for personal data protection.

7. ENSURING PERSONAL DATA SECURITY

7.1 Personal data security is ensured by implementation of legal, organizational, technical and software measures necessary and sufficient to ensure the requirements of the federal legislation in the field of personal data protection.

7.2 To purposefully create unfavorable conditions and obstacles for intruders attempting to gain unauthorized access to personal data in the Company, the Company shall apply, among other things, the following organizational and technical measures:

- Appointing an employee responsible for organizing the processing and protection of personal data;

- limiting the number of employees having access to personal data;

- familiarization of employees against signature with the requirements of legislation and internal documents of the Company on processing and protection of personal data;

- ensuring storage of material data carriers and their handling, preventing theft, substitution, unauthorized copying and destruction;

- password protection of access to the personal data information system;

- application of means of access control to communication ports, information input-output devices, removable machine media and external data storage devices;

- antivirus control, prevention of malicious programs and program tabs introduction into the corporate network;

- information backup;

- ensuring recovery of personal data modified or destroyed due to unauthorized access to it;

- familiarizing employees with the rules of working with personal data;

- conducting proceedings on the facts of violation of personal data security requirements;

- placement of technical means of personal data processing within the protected territory;

- organization of access regime to the Company's territory.

7.3 If the Company's website provides a link to third party websites, except for websites owned by the Company, this Policy does not apply to the content of such websites. The Company has no information about what data the administrators of these sites may be collecting and has no control over the process of collecting such data. Information on this can be found in the data protection guidelines of the respective page.

8. FINAL PROVISIONS

8.1 Other rights and obligations of the Company as a Personal Data Operator are determined by the personal data legislation of the Russian Federation.

8.2 Control over fulfillment of the requirements of this Policy shall be exercised by the Employee responsible for personal data security.

8.3 Employees guilty of violating the rules governing the processing and protection of personal data shall bear material, disciplinary, administrative, civil or criminal liability in accordance with the procedure established by law.

8.4 Personal data subjects shall be informed in advance about changes to this Policy.

©2024 Magenta legal
Russian law firm
All rights reserved

MAGENTA Legal

NewsPersonal Data Processing Policy Depository receipts (ADRs / GDRs)Intellectual Property ProtectionImpressum

Contacts

107045, Russia, Moscow
Daev Lane, 20, Daev Plaza

+7 495 246-20-23
info@magenta.legal