Policy of personal data processing in respect to the Websites Users personal data

  1. Terms and definitions

    “The Company” refers to the Joint Stock Company "Russian Venture Company", OGRN 1067746333742, INN 7724570128, KPP 773101001, location: 121205, Moscow, the Territory of Skolkovo Innovation center, Nobelya street, building 1, 4th floor, phone: +7(495) 7770104, fax: + 7(495) 7770106, email: info@rvc.ru. The official URL of the Company: http://www.rvc.ru.

    Policy of personal data processing in respect to the Websites Users personal data– this Policy of personal data processing, applicable to any user of any Website owned by the Company developed and approved by the Company pursuant to the requirements of the Federal law "On personal data" No. 152-FZ dated 27.07.2006, hereinafter and in the user agreements on the Websites referred to as "Policy on Personal Data Processing" and/or "Policy".

    Website content is filled by the Owner of the domain name and/or Website Owner and/or User of the Website and/or Content Participants and located in the Internet at the following web-addresses (including, but not limited to): http://www.rvc.ru; http://generation-startup.ru; http://upgreat.one.

    Website User refers to any person and/or representative of a legal entity that expressed interest in the Contests conducted by the Company and/or information and content posted on the Site by visiting the Website (transfer to the Website) at one of the specified URLs, which at the time of the transition to the page of the Website provides (transfers) the personal data (or a part thereof) to the Company, and the Website user is the Subject within the meaning of the terms used in this Policy.

    Subject refers to any individual or legal entity which provides the Company with their personal data, including Website Users and/or Contest Participants and/or the Administrator and/or the Expert, as well as other persons communicating with the Company by telephone connection and communication and/or through electronic correspondence.

    Personal data refers to any information directly or indirectly related to an identified or identifiable individual (Personal Data Subject), including but not limited to: surname, name, patronymic, age, phone number, email address, passport details, IP address, email address, photos and videos, location information, date and time of Website visit, online ID, and other information that the Subject provides by filling in forms/fields of the Website, or received by the company through cookie files when the user enters the Website page.

    Operator refers to state authority, municipal authority, legal entity or individual who independently or together with other persons organizes and/or performs personal data processing, and also determines the purposes of personal data processing, the scope of personal data to be processed, actions (operations) to be committed with the personal data.

    Personal data processing: any action (operation) or set of actions (operations) committed with or without the use of automation with personal data, including collection, recording, systematization, accumulation, correction (updating, changes), retrieval, use, transfer (provision, access), depersonalization, blocking, deletion, and destruction of personal data.

    Automated personal data processing refers to personal data processing with the use of computer technology.

    Personal Data Provision includes actions aimed at the disclosure and/or transfer of the Personal Data Subject's personal data to Partner Companies and/or Operators for appropriate processing, storage and protection of personal data provided by the Personal Data Subjects, as well as for the interaction of the Subjects of Personal Data with the Company's Partners within the framework of the Contests held.

    Personal Data Blocking refers to temporary cessation of personal data processing (except in cases when processing is required for the correction of the personal data).

    Personal Data Destruction: actions that result in elimination of the possibility to restore the contents of personal data in the information system of the personal data and/or which results in the destruction of the material carriers of personal data.

    Depersonalization of personal data refers to actions due to which it becomes impossible to determine, without additional information, direct or indirect relation of personal data to a specific Personal Data Subject.

    Publicly available personal data refers to the personal data of the Subject and/or a group of Subjects united by a common goal ("Team") which has become publicly available (i.e. posted on the Website and open for processing by an unlimited number of people) as a result of independent actions of the Subject and/or actions of other persons performed upon the Subject's request.

    Company's Partners refers to legal entities (Russian and/or international) which concluded a cooperation agreement with the Company in order to hold Contests, which enable the processing of personal data of the Subjects who gave consent to the Company for their personal data processing by any of the methods stipulated for herein.

    Cross-border transfer of personal data refers to the transfer of personal data of a Subject into the territory of a foreign country to a foreign state authority and/or to a foreign legal person based on contractual interaction.

    Contest Participant refers to an individual and/or group of individuals (teams) and/or legal entity registered on the corresponding Website by generating user name and password in order to log in to the personal account. The User acquires the status of the Participant on the date specified in the User agreement of the corresponding Website/project/Contest.

    Contest refers to a public contest held by the Company, both independently and with Partners on competitive basis, aimed at the achievement of socially useful purposes. Information about the Contest is posted on the Websites.

  2. General provisions

    2.1. This Policy of personal data processing was developed in compliance with the requirements of the Federal law "On Personal Data" No. 152-FZ dated 27.07.2006 (hereinafter "Personal Data Law"), the Federal Law "On Information, Information Technologies and Information Protection" No. 149-FZ dated 27.07.2006 (hereinafter "Law on Information"), and established the procedure and principles of processing personal data of Personal Data Subjects, conditions, the effective term of the consent for personal data processing, collection, recording, systematization, accumulation, correction, use, extraction, destruction, blocking, depersonalization, deletion and transfer of such data.

    2.2. The goal of the adoption of this Policy is to ensure compliance of personal data processing and protection with the legislation of the Russian Federation.

    2.3. This Policy is part of the Company's general policy in relation to the processing of personal data.

    2.4. In the case of transborder transfer of personal data (as a part of interaction with the Company's Partners), the Company provides processing and protection of personal data in accordance with the Regulation (EU) 2016/679 ofthe European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "EU Regulation"), with due account for the priority of application of the current domestic legislation of the Russian Federation, and may be prohibited or restricted in order to protect the foundations of the constitutional system of the Russian Federation, morality, health, rights and legitimate interests of citizens, ensuring the country's defense and state security.

    2.5. The Company processes the following personal data of Users:

    — surname, name, patronymic;
    — email address;
    — telephone number;
    — postal address;
    — personal details posted on the website.

    2.6. The Company also processes other data that are automatically transferred in the course of the use of the Website through software installed on the computer of a person (personal data subject):

    — the information about the web browser used (or another program used to access the website);
    — IP address;
    — cookie files data.

    2.7. The Company shall process the personal data of Personal Data Subjects by automated, mechanical or manual maintenance of databases in order to ensure:

    — identification of the Subject to provide the Subject with information support on the Contests held and technical assistance during the Contests held by the Company and/or Partners of the Company;
    — provision of access to personalized resources of the Website(s) to the Subject;
    — feedback provision to the Subject, including but not limited to: sending mailings, notifications in the form of text messages, e-mails, oral and written requests, processing requests and applications from the Subject;
    — confirmation of the accuracy and completeness of the personal data provided by the Subject;
    — informing the Subject about upcoming and ongoing Company events, including by telephone and text messaging;
    — proper arrangement of Contests, provision of reliable and complete information on the Contests held;
    — provision of access of the Subject to Websites or services of the Company's Partners for the purpose of receiving information, updates and services from both the Company and the Company's Partners. Partners receive the data of the Subjects when the latter visit or use their services, or through third parties which Partners cooperate with;
    — for statistics and other research purposes, subject to depersonalization of the Subjects' personal data.

    2.8. Processing of Publicly Available Personal Data of the Subject is performed without the Subject's consent, but in compliance with the principles of personal data processing.

    The scope of this Policy covers any actions of the Company in respect to the Personal Data of Users, participants, administrators, experts, who engage in direct communication with the Company in any of the forms mentioned in this Policy.

    2.9. The Company shall notify the Website User that it is forbidden to use the Website Content in any way, in whole or in part, including its reproduction, copying, distribution, broadcast on air/by cable, translation, remaking, putting into practice or publicizing without the prior written consent of the Company and/or of other right holders of such Content, except for cases when free use of Content is directly stipulated for in the current legislation of the Russian Federation. The use of the Content without the consent of the Company and other rights holders outside the framework of legally permitted use of information may lead to civil, administrative or criminal responsibility and is a violation of Russian legislation and international law.

  3. The moment the Subject's consent to the processing of personal data

    3.1. the Company shall notify the Subject that some clearly-defined, specific, conscious and free actions confirming the awareness of the Subject on the provisions of this Policy, are considered equal to a written consent of the Subject to personal data processing in accordance with this Policy:

    — an oral form used in the case of a telephone connection of the personal data Subject with the Company's employees, resulting in the identification of the Subject, and the metadata of the conversation are recorded (in particular, the number that the call was made from, the time when it was made and its duration). In this case, any information provided by the Subject to the Company's employee and directly or indirectly related to the Subject, is considered to be given freely, voluntarily and with their unconditional consent;
    — an electronic document signed by a simple electronic signature in the form of a text message. In accordance with the Federal Law of 6 April 2011 No. 63-FZ "On Electronic Signature", a simple electronic signature is an electronic signature formed by use of codes, passwords, or other means that confirm the fact of formation of the electronic signature by a particular person. Such consent may be expressed in the form of entering a text message code sent to the phone of the Personal Data Subject when registering on the corresponding Website;
    — at the moment when the Subject ticks the checkbox at the Website: "I agree to the processing of my personal data in accordance with the terms of the Policy on the Personal Data Processing", and its activation, the Company receives from the said Subject a consent to personal data processing and to all the methods of information provision and communication specified in this Policy;
    — electronic form of the consent expressed in an e-mail from the e-mail account of the Subject of personal data to the email address of a Company's employee or directly to the Company's email;

  4. The effective term of the Subject's consent to their personal data processing / revocation procedure

    4.1. The Consent is granted for an indefinite period. The subject acknowledges and agrees that this consent may be revoked by sending a written notice to the Company to the address specified in cl. 1 hereof, by registered mail sent with a list of its contents. As a legal consequence of the withdrawal of consent for the processing of personal data of the Subject, the Operator loses its right to process the personal data of this Subject, apart from cases when the Operator has other grounds for processing such data pursuant to the Law on Personal Data (cl. 2 - 11 p. 1 Art. 6, p. 2 Art. 10 and part 2 Art. 11 of the Law on Personal Data). The withdrawal of consent for treatment applies only to the future period but not retroactively. Thus, personal data processing performed by the Operator prior to such withdrawal will continue to be legitimate after the withdrawal.

    4.2. In the case of receiving mailings via e-mail, the Subject shall have the right, at any time, to unsubscribe from the mailing list of the Company, by activating the "Unsubscribe" field included in each email, and then the personal data of the Subject which were provided earlier will be removed from the database of the Company and/or the database of the service which the Company uses.

  5. The principles of personal data processing

    5.1. This Policy is published online at http://www.rvc.ru to provide unrestricted access to any interested person to review and pursues the following principles:

    — the processing of personal data is performed in a lawful and fair manner;
    — processing of personal data should be relevant to the purposes stated in connection of personal data collection;
    — processing is performed only in respect to the personal data meeting the purposes of the processing;
    — the content and scope of the personal data processed must be the minimum sufficient for the achievement of the predetermined goals of personal data processing;
    — the processing of the personal data must ensure accuracy, adequacy and relevance of the personal data in relation to the purposes of processing, and to ensure timely deletion or clarification of inaccurate or incomplete data.

    5.2. When processing personal data, the Company shall use the minimum scope of personal data to achieve the purpose of personal data processing.

  6. Terms and conditions of personal data processing

    6.1. The processing of personal data by the Company shall be in accordance with the current legislation of the Russian Federation, international agreements and internal documents of the Company.

    6.2. Personal data shall be processed subject to an explicit consent of the Personal Data Subject or their legal representative for their personal data processing. Letters of consent from the Subjects are accumulated in the general database of the Company.

    6.3. The processing of personal data can be performed without the consent of the personal data Subject (or if the personal data Subject revoked their consent to the processing of personal data) if there are grounds specified in clauses 2 - 11 of Part 1, Article 6, part 2 of article 10 and part 2 of article 11 of the Law on Personal Data.

    6.4. The Company shall not process special categories of personal data relating to racial origin, political opinions, physiological characteristics on the basis of which the person can be identified (biometric personal data), religious or philosophical beliefs, or sexual life.

    6.5. Access to personal data of Personal Data Subjects (regardless of the media) is provided to the employees of the Company in accordance with their official duties.

    6.6. Personal data shall only be stored in the form that allows to identify the personal data subject for as long as it is necessary for the purpose of personal data processing, unless a storage period is established for personal data by federal law or by a contract which the Subject of personal data is a party to, or beneficiary or guarantor in. The personal data processed must be destroyed or depersonalized when the goals of processing have been achieved or if it became unnecessary to achieve such goals, unless otherwise provided by federal law.

    6.7. The Company may entrust personal data processing to a third party subject to the consent of the Personal Data Subject, unless otherwise stipulated by the current legislation of the Russian Federation, on the basis of a contract concluded with this party to the contract (including a state or municipal contract), or by a corresponding instrument implemented by a state or municipal authority.

    6.8. Any third party that processes personal data on behalf of the Company shall respect the principles and rules of personal data processing in accordance with the Law on Personal Data and ensure the privacy and security of personal data during their processing. And in the event of cross-border transfer of data, the Company shall control the compliance with the requirements of the EU Regulation, the Law on Personal Data and other applicable legislation, taking into account the priority of the domestic legislation of the Russian Federation.

  7. The rights of personal data subjects

    7.1. A personal data Subject shall have the right to demand from the Company in writing, by sending a letter, to amend the Subject's personal data, block or destroy such data in case personal data are incomplete, outdated, inaccurate or are not necessary for the declared purpose of the processing, is entitled to withdraw their consent to the processing of personal data in accordance with this Policy and the current legislation of the Russian Federation, in whole or in parts (for example, to withdraw consent for the use of personal data for the purpose of the Company's newsletter mailings), is entitled to receive intelligible information from the Company about the transmission of the Personal Data, as well as to take legal measures to protect their rights.

    7.2. In the cases and pursuant to the order established by the Law on Personal Data, a personal data Subject has the right to obtain information from the Company regarding the processing of the Subject's personal data, including the following:

    — confirmation of the processing of personal data by the Company;
    — legal grounds and purposes of personal data processing;
    — goals of personal data processing and the methods for such processing applied by the Company;
    — data on the persons (excluding the Company's employees) who have access to personal data or who personal data may be disclosed to on the basis of a contract with the Company or pursuant to a federal law;
    — processed personal data related to the corresponding Subject of personal data, the source of their receipt, unless a different procedure for the provision of such data is stipulated by the Federal law;
    — other data stipulated for in the Law on Personal Data or other federal laws.

  8. Information on the measures aimed at personal data protection

    8.1. When processing personal data, the Company takes legal and organizational measures which are necessary and sufficient to ensure compliance with the obligations stipulated by the legislation of the Russian Federation. Personal Data Processing is performed in accordance with the legislation of the Russian Federation and other normative legal acts, including the competent state bodies regulating personal data processing.

    8.2. The Company develops and approves documents determining its policy in relation to personal data processing, as well as local acts establishing procedures to prevent and detect violations of the legislation of the Russian Federation and eliminate the consequences of such violations;

    8.3. The Company develops and implements in-house policies concerning personal data processing, as well as in-house policies establishing procedures to prevent and detect violations of the established personal data processing procedures and elimination of the consequences of such violations;

    8.4. The Company's employees immediately involved in the processing of personal data must be familiar with the provisions of the legislation of the Russian Federation concerning personal data processing, including requirements for the protection of personal data, documents defining the Company's policy on personal data processing, by-laws concerning personal data processing.