PERSONAL DATA PROCESSING POLICY

I. Terms and Definitions

1.1. The Company shall mean Russian Venture Company JSC, OGRN (Primary State Registration Number) 1067746333742, INN (Taxpayer Identification Number) 7724570128, KPP (Tax Registration Reason Code) 773101001, registered address: 1 Nobelya St., 4th Floor, Skolkovo Innovation Center, Moscow, 121205, phone: +7 (495) 7770104, fax: +7 (495) 7770106, e-mail: info@rvc.ru. The Company’s official website is: http://www.rvc.ru.

1.2. Website Users Personal Data Protection Policy shall mean this Personal Data Protection Policy, which applies to any user of any Website owned by the Company, developed and approved by the Company in compliance with the requirements of Federal Law No.152-FZ of 27.07.2006 “On Personal Data”, hereinafter the “Personal Data Protection Policy”, and/or the “Policy”.

1.3. Website shall mean the content generated by the Owner of a domain name and/or the Titleholder of a Website, and/or by a Website User and/or by Contest Participants, located on the Internet.

1.4. Website User shall mean any natural person and/or representative of a legal entity that has expressed interest in the Contests conducted by the Company and/or information and content posted on the Website by visiting the Website (following a link to the Website) at one of the above addresses on the Internet, who provides (transmits) personal data (or part thereof) to the Company when visiting the Website page and is a Subject, as defined in this Policy.

1.5. A Subject shall mean any natural person and/or legal entity providing its personal data to the Company, including Website Users and/or Contest Participants, and/or Administrator and/or Expert, as well as other persons communicating with the Company by telephone and/or electronic correspondence.

1.6. Personal Data shall mean any information relating directly or indirectly to a specific or identifiable person (a Personal Data Subject), including but not limited to the following: first name, last name, patronymic, age, telephone number, e-mail address, passport data, IP address, postal address, photo and video materials, location data, date and time of visit to the Website, online identifier and other information that the Subject provides by filling out forms/fields on the Website, or received by the Company via cookie files at the time of visiting the Website.

1.7. The Operator shall mean a government authority, municipal body, legal entity or a natural person that arrange and/or perform processing of personal data, independently or together with other persons, and also define the purposes of personal data processing, contents of the personal data to be processed, and actions (operations) performed with the personal data.

1.8. Personal Data Processing means any action (operation) or a set of actions (operations) performed on personal data with or without using an automation tools, including collection, recording, systematization, accumulation, clarification (updating, modification), extraction, use, transmission (making available or accessing), depersonalization, blocking, deletion, and destruction of personal data.

1.9. Automated Personal Data Processing means the processing of personal data with the help of computer equipment.

1.10. Personal Data Provision shall mean actions aimed at disclosing and/or transmitting personal data on a Personal Data Subject the Company’s Partners and/or Operators with the aim of proper processing, storage and protection of the personal data provided by the Personal Data Subjects, as well as to ensure interaction between Personal Data Subjects and the Company’s Partners in the course of the Contests;

1.11. Personal Data Blocking shall mean temporary suspension of personal data processing (unless such processing is required for updating personal data).

1.12. Personal Data Destruction shall mean actions making it impossible to recover personal data in the Personal Data Information System, and/or resulting in the destruction of physical media where the personal data is stored.

1.13. Personal Data Depersonalization shall mean actions making it impossible to correlate personal data, directly or indirectly, to a specific Personal Data Subject without using additional information.

1.14. Publicly Available Personal Data shall mean personal data of a Subject and/or a group of Subjects united by a common goal (Team), which have become public (i.e. posted on the Website and made available for processing by the general public) as a result of independent actions of the Subject and/or actions of other persons at the Subject’s request.

1.15. Company’s Partners shall mean (Russian and/or foreign) legal entities who have concluded a cooperation agreement with the Company for the purpose of conducting the Contests, with the ability to process personal data of the Subjects who have granted consent to the Company for personal data processing by any of the methods provided by this Policy.

1.16. Cross-Border Personal Data Transmission shall mean transmission of a Subject’s personal data to the territory of a foreign country, to a foreign authority, or a foreign legal entity as part of the respective contractual interaction.

1.17. A Contest Participant shall mean a natural person and/or groups (teams) of natural persons, and/or a legal entity registered on the corresponding Website by specifying a login and password to log into a personal account. A User acquires the status of a Participant from the moment specified in the User Agreement of the respective Website/Project/Contest.

1.18. The Contest shall mean a public contest held by the Company, independently or together with Partners, based on a competitive idea, with the purpose of achieving socially useful objectives. Information about the Contest is posted on the Websites.

II. General provisions

2.1. This Personal Data Processing Policy is designed in compliance with the requirements of Federal Law No.152-FZ of 27.07.2006 “On Personal Data” (hereinafter, the Law on Personal Data), Federal Law No.149-FZ of 27.07.2006 “On Information, Information Technologies and Information Protection” (hereinafter, the Law on Information), and determines the procedure and principles for processing personal data of Personal Data Subjects, terms and conditions, validity term of the consent for processing personal data, collection, recording, systematization, accumulation, clarification, use, extraction, destruction, blocking, depersonalization, deletion and transmission of this data.

2.2. The purpose of adopting this Policy is to ensure that the process of processing and protection of personal data in the Company is in compliance with the legislation of the Russian Federation.

2.3. This Policy is part of the general policy governing the processing of personal data by the Company.

2.4. In case of cross-border transmission of personal data (as part of interaction with the Company’s Partners), the Company shall ensure the personal data is processed and protected in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the EU Regulation), taking into account the prevalence of current national legislation of the Russian Federation, and can be prohibited or limited with the aim of protecting the basics of constitutional order of the Russian Federation, morals, health, rights and lawful interests of the public, providing national defense and security.

2.5. The Company processes the following personal data of the Users:

  • First name, patronymic, last name;
  • E-mail;
  • Telephone number;
  • mailing address;
  • other profile information posted on the website.

2.6. The Company also processes other data, which is transmitted automatically in the course of using the Website by means of the software installed on the computer of a natural person (Personal Data Subject):

  • information on the browser used (or the other program you are using to access the website);
  • IP address;
  • cookie file data.

2.7. The Company processes personal data of the Personal Data Subjects by maintaining databases using automated, mechanical and manual methods, for the following purposes:

  • identification of the Subject with the aim of providing the Subject with information support about the Contests and technical assistance during the Contests by the Company and/or the Company’s Partners;
  • providing the Subject with access to personalized resources of the Website(s);
  • establishing feedback with the Subject, including but not limited to: communications and notifications in the form of SMS, e-mails, verbal and written requests, and processing requests and applications from the Subject;
  • verifying the accuracy and completeness of the personal data submitted by the Subject;
  • Informing the Subject about upcoming and ongoing activities of the Company, including by telephone and SMS information;
  • conducting the Contests properly, providing complete and accurate information about the Contests;
  • providing the Subject with access to the Websites or services of the Company’s Partners for the purpose of obtaining information, updates and services of both the Company and the Company’s Partners. The Partners receive Subjects’ data when the latter visit or uses their services, or via third parties they cooperate with;
  • for statistics and other research purposes, the Subjects’ personal data is provided in depersonalized form.

2.8. Publicly Available Personal Data is processed without the Subject’s consent; however, it is subject to all personal data processing rules and regulations.

This Policy shall apply to any actions undertaken by the Company in respect of Personal Data of the Users, participants, administrators, experts directly interacting with the Company in any of the forms specified in this Policy.

III. The timing of the Subject’s consent to personal data processing

3.1. The Company notifies the Subject that the following express, specific, conscious and willful actions constitute the Subject’s consent to the processing of his/her personal data and ascertain the Subject’s awareness of the provisions of this Policy:

  • in verbal form, as used during telephone calls between the Personal Data Subject and the Company employees, as a result of which the Subject is identified, and call metadata (in particular, the caller number, call time and duration) are recorded. In this case, any information provided by the Subject to the Company employee, which is directly or indirectly related to the Subject, shall be deemed to have been provided willfully, voluntarily and with the Subject’s unconditional consent;
  • an electronic document signed by a simple digital signature using an SMS. According to Federal Law No.63-FZ of 06.04.2011 “On Digital Signature”, a simple digital signature is a digital signature created by using codes, passwords or other means, which verifies the fact that a certain digital signature was provided by a certain person. This type of consent can be expressed by entering a code sent in an SMS message to the Personal Data Subject’s phone number indicated during registration at the respective Website;
  • by the Subject clicking the button on the Website, next to the statement “I agree to the terms of the User Agreement and the Personal Data Processing Policy”. This signifies the Subject’s consent to have his/her personal data processed by the Company and to be notified by all means of communication and interaction indicated in this Policy;
  • in electronic form – by expressing content in an e-mail sent by the Personal Data Subject to the e-mail address of a Company employee or directly to the Company.

IV. Validity term of the Subject’s consent to the personal data processing; revocation procedure

4.1. The consent provided shall remain valid indefinitely. The subject is notified and agrees that the said consent may be revoked by a written notice to the Company, to the address specified in paragraph 1 of this Policy, by registered mail with a list of enclosures. As a legal consequence of the consent revocation, the Operator loses the right to process that Subject’s personal data, unless it has other grounds provided by the Law on Personal Data for processing said data (paragraphs 2 - 11, Part 1, Art. 6; Part 2, Art. 10; and Part 2 Art. 11 of the Law on Personal Data). Withdrawal of consent to personal data processing only applies to future periods and has no retroactive effect. Thus, personal data processing by the Operator prior to revocation will continue to be deemed lawful even after revocation.

4.2. In case of receiving the Company’s communications by e-mail, the Subject can opt out of the mailings at any time by activating the “Unsubscribe” link contained in each e-mail, after which the email address will be deleted from the Company's mailing list and / or from the service’s mailing list used by the Company.

V. General principles of personal data processing

5.1. This Policy is available on the Internet at http://www.rvc.ru, for unrestricted access by any interested person for review, and pursues the following principles:

  • personal data processing is carried out on a legitimate and fair basis;
  • personal data processing shall be consistent with the purposes stated at the time the personal data is collected;
  • only the personal data that corresponds to the purposes of its processing shall be processed;
  • the content and volume of personal data processed shall be kept to the minimum as required to achieve predetermined purposes of personal data processing;
  • the processes involving personal data shall ensure accuracy, sufficiency and relevance of the personal data in relation to the purposes of its processing, and to provide for prompt removal or correction of incomplete or inaccurate data.

5.2. When processing personal data, the Company shall keep its personal data collection to the minimum required to achieve the goals for which said personal data is collected.

VI. Terms and conditions of personal data processing

6.1. The Company shall process personal data in accordance with the applicable laws of the Russian Federation, international treaties and internal regulations of the Company.

6.2. Personal data shall only be processed upon receiving express consent from the Subject or his/her legal representative. The Subjects’ letters of consent are accumulated in the Company’s database.

6.3. Personal data processing may be carried out without the consent of the Personal Data Subject’s consent (or upon revocation of such consent by the Personal Data Subject) if there are the grounds specified in paragraphs 2 - 11, Part 1, Art. 6; Part 2, Art. 10; and Part 2 Art. 11 of the Law on Personal Data.

6.4. Processing of special personal data categories relating to race, political views, information on specific physiological properties of a person, which can be used to establish his/her identity (personal biometric data), religious or philosophic beliefs and personal life, may not be carried out by the Company.

6.5. Access to personal data of the Personal Data Subjects (regardless of the type of media) shall be provided to the Company’s employees on the as-needed basis.

6.6. Personal data shall be stored in a personally identifiable form no longer than is required for the purposes of personal data processing, unless a longer term of storage is established by the federal law or an agreement under which the Personal Data Subject is a beneficiary or a guarantor. The personal data shall be destroyed or depersonalized once the purpose of its processing is completed, or once such purpose is no longer relevant, unless otherwise provided by the federal law.

6.7. Unless otherwise provided by Federal Law No. 152-FZ “On Personal Data”, the Company may appoint a third party to perform personal data processing by executing a contract with said party (including a government/municipal contract), or by virtue of a respective regulation issued by the respective government or municipal authority, and subject to the Personal Data Subject’s consent.

6.8. The third party processing personal data on behalf of the Company shall comply with the personal data processing principles and rules as provided by the Law on Personal Data, while maintaining confidentiality and security of personal data during processing. In case of cross-border data transmission, the Company shall ensure compliance with the requirements of the EU Regulation, the Law on Personal Data and other applicable legislation, taking into account the prevalence of the current national legislation of the Russian Federation.

VII. Personal Data Subjects’ Rights

7.1. A Personal Data Subject shall be entitled to demand, by a written letter, that the Company update, block or destroy his/her personal data if said data is incomplete, outdated, inaccurate or is not necessary for the declared processing purpose, to revoke the consent for processing of personal data in accordance with this Policy and the current legislation of the Russian Federation, in general or in part (e.g., revoke the consent to the Company using his/her personal data for mailing purposes), to obtain clear information from the Company on the transmission of his/her Personal Data, and to take measures to defend his rights as stipulated in the law.

7.2. In the cases and manner stipulated by the Law on Personal Data, a personal data subject shall be entitled to receive information from the Company regarding the processing of his/her personal data, in particular, concerning:

  • confirmation of the fact of personal data processing by the Company;
  • legal grounds and purposes of personal data processing;
  • the purposes and methods of personal data processing used by the Company;
  • information on persons (other than the Company’s employees) who have access to his/her personal data or to whom said personal data may be disclosed based on an agreement with the Company or in compliance with the Federal Law;
  • the data related to the respective Personal Data Subject and the source from which said personal data has been obtained, unless a different procedure for provision of such data is stipulated by the Federal Law;
  • other information as stipulated by the Law on Personal Data or other federal laws.

VIII. Information on personal data protection measures

8.1. When processing personal data, the Company shall take legal and organizational measures as may be necessary and sufficient to ensure compliance with the obligations stipulated by the laws of the Russian Federation. Personal Data Processing shall be carried out in compliance with the legislation of the Russian Federation and other regulatory documents, including those issued by the relevant government agencies responsible for regulating personal data processing.

8.2. The Company develops and adopts documentation defining the Company’s policy with regards to personal data processing, as well as internal regulations defining procedures aimed at preventing and detecting violations of the Russian law, mitigating the consequences of such violations;

8.3. The Company develops and implements internal regulations on various issues of personal data processing, as well as internal regulations for preventing and detecting violations of established personal data processing procedures and mitigating the consequences of such violations;

8.4. The Company employees directly involved in personal data processing shall be familiarized with the provisions of the Russian legislation with regards to personal data processing, including requirements to personal data protection, documents defining the Company’s policy with regards to personal data processing, and internal regulations on various issues of personal data processing.


Venue: