1. GENERAL PROVISIONS

1.1. The present Policy with regard to personal data processing (hereinafter referred to as the Policy) has been drawn up in accordance with paragraph 2 of Article 18.1 of Federal Law "On Personal Data" No.1`152-FZ dated July 27, 2006, as well as other regulatory legal acts of the Russian Federation in the field of protection and processing of personal data and applies to all personal data (hereinafter referred to as the Data), which LLC "NPK "Gemos Limited" (hereinafter referred to as the Operator, the Company) may receive from the personal data Subject, which is the user of the site (hereinafter referred to as the User), located at the following Internet address: http://www.mining-media.ru (hereinafter referred to as the Website).

1.2. The operator shall secure protection of the processed personal data from unauthorized access and disclosure, illegal use or loss in accordance with the requirements of Federal Law No.152-FZ "On Personal Data" dated July 27, 2006.

1.3. Change of Policy

1.3.1. The Operator has the right to make changes to this Policy. When changes are made, the date of the last update of the Policy is specified in the Policy title. The new version of the Policy shall come into force as soon as it is posted on the Website, unless otherwise provided by the new version of the Policy.

2. TERMS AND ACRONYMS ADOPTED

Personal data (PD) - any information related directly or indirectly to a certain or identifiable individual natural person (Personal Data Subject).

Processing of personal data - any action (operation) or set of actions (operations), made with the personal data using automation tools or without the use of such tools, including gathering, recording, systematization, accumulation, storage, specification (updating, change), extraction, use, transfer, depersonalization, blocking, removal, destruction of the personal data.

Automated processing of personal data - processing of personal data by means of computing equipment.

Personal Data Information System (PDIS) - a set of personal data contained in databases as well as information technologies and technical means that ensure its processing.

The personal data made public by the Subject of the personal data - the PD, access to which is given to an unlimited number of persons by the Subject of the personal data or at the request of this Subject.
Blocking of personal data - temporary termination of the personal data processing (except for the cases when such processing is necessary for rectification of personal data).

Destruction of personal data - actions that render it impossible to restore the content of personal data in the Personal Data Information System and (or) that destroy material carriers of personal data.

Operator - the organization that independently or together with other persons organizes processing of personal data and determines the purposes of processing the personal data to be processed and actions (operations) performed with the personal data. The operator is LLC "NPK "Gemos Limited", registered at the following address: Moscow, Leninsky Prospekt, Block 6/3, office 265, Taxpayer Identification Number (TIN): 7723083844, Primary State Registration Number (OGRN): 1027739360440.

3. PROCESSING OF PERSONAL DATA

3.1. Obtaining PD.

3.1.1. All PD should be obtained directly from the Subject. If the Subject's PD can be obtained only from a third party, the Subject must be notified of this or their consent must be obtained.

3.1.2. The Operator shall inform the Subject about the objectives, assumed sources and methods of obtaining the PD, the nature of the PD to be obtained, the list of actions with the PD, the period during which the consent is valid and the procedure for its withdrawal, as well as about the consequences of the Subject's refusal to give its written consent to obtain the PD.

3.1.3. The Subject can transfer the PD to the Operator for processing in the following ways:

  • By visiting the Website;
  • By filling in the follow-up form on the Website (order a call, leave feedback, registration, make an order and others).

3.2. Processing of Personal Data.

3.1.2. Processing of personal data is performed:

  • With the consent of the Subject of personal data to the processing of their personal data;
  • In cases when processing of the personal data is necessary in order to exercise and perform the functions, powers and duties imposed by the Russian legislation;
  • In cases when processing is performed of the personal data, access to which is given to an unlimited number of persons by the Subject of the personal data or at the request of the Subject (hereinafter referred to as the personal data made publicly accessible by the Subject of the personal data).

3.2.2. Purposes of processing personal data:Raising awareness of the Website users about the Company's products/work/services, providing relevant advertising information, advertising optimization, providing information support, consulting services, conducting marketing campaigns (including e-mail newsletters and SMS notifications about the news and promotions, etc.), sending notifications about the status of inquiries, requests, orders, as well as in other ways of utilizing the Website by the User.

3.2.3. Categories of personal data Subjects.
The PD of the following PD Subjects is processed:
natural persons - Website Users.

3.2.4. PD processed by the Operator:

  • name, family name, patronymic of the natural person and/or individual entrepreneur, position held, e-mail address, contact phone number, location address;
  • the source of access to the Website and the search or promotional query information;
  • user device data (including resolution, version and other attributes that characterize the user device);
  • user clicks, page views, field fillings, banner and video displays and views;
  • data characterizing the audience segments;
  • session parameters;
  • visiting time data;
  • the information stored in the cookies,
  • IP-address.

3.2.5. Processing of personal data is executed:

  • using automation tools;
  • Without the use of automation tools.

3.3. Storage of Personal Data.

1.3.3. The PD of the Subjects received by the Operator is further processed and transferred for storage in electronic form.

3.2.3. It is not allowed to store and place the documents containing PD in open electronic catalogues (file exchangers) in the Personal Data Information System (PDIS).

3.3.3. Storage of PD in a form that allows identification of the PD Subject is done for as long as it is required for the purposes of its processing, and this PD is subject to destruction upon achievement of the processing purposes or in case the need to achieve these purposes exists no longer.

3.4. Destruction of Personal Data.

3.1.4. PD stored on electronic media is destroyed by erasing or formatting the media.

3.2.4. The fact of PD destruction is documented with a media destruction certificate.

3.5. Transfer of Personal Data.

3.1.5. The operator shall transfer the PD to third parties in the following cases:

  • the Subject has expressed his consent to such actions;
  • the transfer is subject to Russian or other applicable law within a legally established procedure.

4. PROTECTION OF PERSONAL DATA

4.1. The main PD protection measures used by the Operator include the following:

4.1.1. Appointment of the person responsible for PD processing, which organizes the PD processing, training and instruction, internal control over compliance of the Operator and its employees with the PD protection requirements.

4.1.2. Identification of actual security threats to PD during its processing in the Personal Data Information System (PDIS) and development of measures and activities to protect the PD.

4.1.3. Development of a policy related to personal data processing.

4.1.4. Establishing rules to access the PD processed in the Personal Data Information System (PDIS).

4.1.5. Setting access passwords for the Operator's employees in the Personal Data Information System (PDIS).

4.1.6. Compliance with the conditions ensuring safety of the PD and preventing unauthorized access to it.

4.1.7. Detection of unauthorized access to personal data and taking action.

4.1.8. Recovery of PD modified or destroyed as the result of unauthorized access.

4.1.9. Training of the Operator's employees directly involved in PD processing in provisions of the RF legislation on personal data, including requirements for personal data protection, documentation defining the Operator's policy regarding personal data processing, local acts on personal data processing.

4.1.10. Implementation of internal control and audit.

5. BASIC RIGHTS OF THE PD SUBJECT AND OBLIGATIONS OF THE OPERATOR

5.1. Basic rights of the PD Subject.

The Subject has the right to access his personal data and the following information:

  • confirmation of the fact that the Operator has processed the PD;
  • legal basis and purpose of PD processing;
  • objectives and methods of PD processing used by the Operator;
  • name and location of the Operator, information regarding persons (except for the Operator's employees) who have access to the PD or who may be disclosed to the PD pursuant to the contract with the Operator or under the federal law;
  • terms of processing personal data, including the terms of their storage;
  • the procedure to exercise the rights granted to the PD Subject by Federal Law No.152-FZ "On Personal Data" dated July 27, 2006;
  • name or family name, first name, patronymic and address of the person to process the PD based on the Operator's request, if such processing has been or will be assigned to this person;
  • contacting the Operator and sending requests;
  • appealing against actions or omissions of the Operator.

5.2. Obligations of the Operator.

The operator shall:

  • provide information about PD processing when collecting the PD;
  • in cases when the PD was not received directly from the PD Subject, notify the Subject hereof;
  • explain the consequences of such refusal to the Subject if the Subject refuses to provide the PD,
  • publish or otherwise provide unrestricted access to the documents defining its policy related to the PD processing and to the information regarding the implemented requirements towards the PD protection;
  • take the necessary legal, organizational and technical measures or ensure their adoption to protect the PD from illegal or accidental disclosure, destruction, alteration, blocking, copying, provision, distribution, as well as from other illegal actions related to the PD;
  • provide response to the requests and appeals of the PD Subjects, their representatives and the bodies authorized to protect the rights of the PD Subjects.