Personal data processing policy
1. The personal data processing policy of Foundation for Scientific and Technological development of the Khanty-Mansi Autonomous Area–Yugra
1.1. Policy of the Foundation for Scientific and Technological development of Yugra, located on the domain name f-std.ru (hereinafter – Foundation, Personal Data Operator, Operator) for the processing of personal data (hereinafter– policy) is designed to protect the rights and freedoms of the subject of personal data when processing his personal data, including protection of privacy rights, personal and other legally protected secrets.
1.2. The main concepts used in this policy:
- website administration – authorized employees of the Foundation, who determine and carry out the personal data of the website user;
- personal data- any information relating to, directly or indirectly, a specific or identifiable individual (personal data subject), which, by itself or in conjunction with other information held by the website, allows user identification;
- user of the website – individual, user of the website services, the subject of personal data having access to the website through the Internet and uses the Foundation’s website for information;
- personal data processing – any action (operation) or set of actions (operations) committed with use of using automatic equipment or without using such equipment with personal data, including collection, recording, systematization, collection, storage, revision (update, modification), recall, use, transfer (distribution, presentation, access), depersonalization, locking, deletion, removal of User’s personal information;
- automated processing of personal data – personal data processing by means of computers;
- distribution of personal data – intentional act disclosing personal data to an undefined group of people;
- provision of personal data – actions aimed at disclosing personal data to a specific person or a certain group of persons;
- personal data blocking – temporary cessation of personal data processing (with the exception of the cases when the processing is necessary to specify some personal data);
- destruction of personal data – operations allowing to restore the content of personal data in the personal data information system and (or) to destroy the personal data media;
- personal data depersonalization – actions resulting in impossibility to determine the owner of personal data without additional information.
1.3. This policy sets out the procedure for obtaining, protecting, storing and processing personal data of website users, applies to all information, which the Website Administration may receive about users during their use of the website.
This policy does not apply to other sites and does not applicable to third party websites. Website Administration is not responsible for third party websites, to which Users can follow the links available on the website.
1.4. Personal data or website users includes:
- surname, name, patronymic;
- contact number;
- e-mail address.
All personal data about Users can be obtained only from them.
Personal data of Website users is confidential information and may not be used by the administration of the website or any other person for personal purposes.
1.5. The purpose of processing personal data of users of the website:
- user identification on this website;
- processing of requests and applications from Users;
- provide the website’s user effective customer support;
- informing the user about the latest scientific and technical developments, expanding the impact of science on society, raising the prestige of a career in science, technologies and innovations;
- informing users about scientific competitions held by the Foundation;
- organization and holding of events and surveys, researches, analysis of the quality of goods and services provided, improving the quality of customer service.
1.6. The administration of the website provides users with free access to their personal data, including the right to receive copies of any record containing their personal data, except for the cases stipulated by the legislation.
1.7. The administration of the website develops measures of protection of personal data of the website Users.
1.8. When collecting personal data, including through the information and telecommunications network “The Internet”, the operator is obliged to provide record, systematization, accumulation, storage, clarification (update, change), extraction of Personal information of citizens of the Russian Federation is made using the mentioned database in the territory of the Russian Federation, except as specified in points 2, 3, 4, 8 part 1 of article 6 of the Federal Law of the Russian Federation “On personal data”.
2. Storage, processing and transfer of personal data of website users
2.1. The processing of personal data of the users of the website is carried out exclusively for the purpose mentioned in point 1.5 of this Policy.
2.2. Personal data of website users is stored electronically in the information system of personal data, as well as in archival copies of the website database.
When storing personal data of website users, organizational and technical measures ensuring their safety and excluding unauthorized access to them.
Processing of personal data of website’s users can only be accessed by employees, allowed to work with the personal data of users and signed a non-disclosure agreement on personal data of website’s users.
The list of employees with access to personal data of website’s users is determined by order of the General Director.
2.3. The processing of personal data on the website is carried out in an automated manner.
2.4. The administration of the website may transfer personal data of website’s users to third parties, only if it is necessary to prevent a threat to life and health, as well as in cases stipulated by law.
2.5. The website administration is obliged to provide personal data of users only to entities authorized persons, and only in the part that is necessary for them to fulfill their labor duties, in accordance with this Policy and the legislation of the Russian Federation.
2.6. When transferring personal data of users of the website, the administration of the website warns persons, that the data can only be used to, for which they are communicated, and requires these persons to provide written proof of compliance.
2.7. Other rights, obligations, actions of employees of the website administration, in the work of which includes the processing of personal data of users of the website, determined by job descriptions.
2.8. All information about the transfer of personal data of users of the website is taken into account to control the legality of using this information by the persons who received it.
2.9. In order to improve the quality of the service and provide legal protection, the administration of the website has the right to keep log files about actions performed by users within the framework of using the website.
3. The volume of processed personal data, categories of subjects of personal data
3.1. The content and amount of personal data processed correspond to the stated purposes of processing. The personal data processed must not be redundant in relation to stated purposes of their processing.
3.2. Processing of personal data is allowed in the following:
- processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
- processing of personal data is necessary for fulfillment of obligations in realization of scientific, scientific- technical and innovative projects supported by the Foundation;
-processing of personal data is necessary to increase the availability of information on achievements of scientific teams.
3.3. The categories of subjects of personal data include users of the Foundation’s website.
In this category the operator processes personal data, obtained by the operator for the purpose of providing access to information, details, scientific data posted on the website of the Foundation:
Personal data category- general personal data only;
Personal data list: surname, first name, patronymic; phone numbers (home, mobile, work); e-mail, place of residence.
3.4. Website’s administration protects data that is automatically transmitted during the browsing process viewing advertisements and visiting pages on which the statistical script is installed:
- IP address;
- information from cookies;
- information about the browser (or other program that provides accesses the advertisement display);
- access time;
- referrer (previous page address).
4.1. The website uses okies and tracking mechanisms.
4.2. Cookies are small text files that are saved on the user’s device.
The information collected in cookies allows the Foundation to improve the website and adapt it to the individual interests of users.
4.3. The website is used as a cookie, which is mandatory for normal technical operation of the website, and cookies ant tracking mechanisms that are not required for website operation.
4.4. By using cookies and tracking mechanisms, the Foundation can show the user offerings based on their interests, analyzing user behavior. For this purpose, including the use of tools Google Analytics, Yandex.Metrics, etc.
4.5. All data collected about visitors are processed anonymously, excluding the possibility of the ability to relate them to any real user.
4.6. User can manage cookie settings and tracking mechanisms in browser and disable them. Disabling cookies may affect the functionality of the website.
5. Rights and obligations of website’s administration
5.1. The administration of the site has the right to set requirements to the composition of personal data of users, which must necessarily be provided for the use of the website, the administration of the website is guided by this policy, the Constitution of the Russian Federation, other federal laws.
5.2. The website’s administration does not verify the reliability of provided users of personal data, believing that they act in good faith and keep their personal data up to date.
5.3. The administration of the website is not responsible for the voluntary transfer of users of their contact data, password or login to third parties.
5.4. The administration of the site has no right to receive and process personal data of users about their political, religious and other beliefs and private life.
6. Procedure and Conditions for Processing Personal Data
6.1. Processing of Personal Data – transactions conducted with automation or without using such means of personal data, including collection, recording, systematization, stockpiling, storage, clarification (updating, modification), extraction, use, transfer (granting, access), depersonalization, blocking, deletion, deletion of personal data.
6.2. Processing of personal data is carried out in compliance with the principles and rules stipulated by the Personal Data Act.
6.3. Processing of personal data by the operator is limited to achieving specific, predetermined and legitimate purposes. Only personal data that meet the purpose of processing must be processed. The content and amount of personal data processed must be consistent with the stated processing objectives.
6.4. Personal data should be stored in a form that allows identification of the subject of personal data, no longer than the purpose of processing personal data, if the retention period of personal data is not established by a federal law to which the agreement to which the agreement to which the beneficiary or the guarantor for which is the subject of personal data. The personal data processed shall be destroyed or anonymized when the objectives are achieved or if there is no need to achieve these objectives, unless otherwise provided by federal law.
6.5. When storing personal data, the operator of personal data is obliged to use the databases located on the territory of the Russian Federation, in accordance with Part 5 of Art. 18 of the Law on Personal Data.
Personal data when processed without automation shall be separated from other information, in particular by fixing them to individual material carries of personal data (hereinafter referred to as material carries), in special sections or in the fields of forms. When personal data is fixed on material media, it is not allowed to fix the personal data on one material carrier, the purposes of which obviously incompatible. For the processing of various categories of personal data, carried out without the use of automation, for each category of personal data a separate material medium should be used.
6.6. A condition for discounting the processing of personal data may be the achievement of the purposes of processing personal data, expiration of consent or withdrawal of consent of the subject of personal data for processing personal data, as well as detection of illegal processing of personal data.
6.7. The Foundation may entrust the processing of personal data to another person on the basis of the conclusion with the contract with that person.
The person processing personal data on behalf of the operator is obliged to comply with the principles and rules for the processing of personal data provided for the Act on Personal Data, to respect the confidentiality of personal data, to take necessary measures aimed at ensuring the fulfilment of the obligations stipulated by the Act on Personal Data.
In addition, the operator has the right to transfer personal data to the bodies of inquiry and investigation, other authorized bodies on the grounds provided by the current legislation of Russian Federation.
6.8. The Foundation and other persons who have access to personal data are obliged not to disclose to third parties and not disseminate personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
6.9. Consent to the processing of personal data authorized by the subject of personal data for distribution, issued separately from other consent of the subject of personal data. The Foundation is obliged to ensure that the subject of personal data can determine a list of personal data for each category of personal data, specified in consent to the processing of personal data authorized by the subject of personal data for dissemination.
6.10. In consent to the processing of personal data authorized by the subject of personal data for dissemination, may prohibit the transfer (except the granting of access) of these personal data to an unlimited number of persons, as well as prohibitions on processing or conditions of processing (except access) or these personal data to an unlimited number of persons.
6.11. Transmission (dissemination, provision, access) of personal data authorized by the subject of personal data for dissemination, must be terminated at any time at his request.
6.12. The Foundation shall take such measures as are necessary and sufficient to ensure the fulfilment of its obligations, in accordance with the Personal Data Act and the regulations adopted thereunder legal acts. The operator determines the composition and list of measures himself.
6.13. The Foundation shall accept the necessary legal, organizational and technical measures or their adoption to protect personal data from unlawful or accidental access to them, destruction, changes, blocking, copying, provision, distribution, as well as other misconduct as to personal data.
7. Procedure for destruction, blocking of personal data
7.1. In case of detection of improper processing of personal data when contacting users, the administration of the website is obliged to block improperly processed personal data, relating to these users from the time of such request to the period of verification.
7.2. In case of detection of inaccurate personal data when using the website, administration is obliged to block personal data, relating to these users from the moment of such request for the period of the inspection, if the blocking of personal data does not violate the rights and legitimate interests of users or third parties.
7.3. In case of confirmation of inaccuracy of personal data administration of the website on the basis of information provided by users or other necessary documents must clarify personal data within 7 (seven) working days from the date of submission of such information and to remove the blocking of personal data.
7.4. In case of detection of improper processing of personal data implemented by the website, the website’s administration in a period not exceeding 3 (three) working days from the date of this identification, is obliged to stop inappropriate processing of personal data.
7.5. If it is impossible to ensure the correctness of personal data processing, the administration of the website must destroy such personal data within a period not exceeding ten working days from the date of revealing illegal processing of personal data.
7.6. Following the termination of processing of personal data or destruction of personal data, the administration of the website must notify the website’s users.
7.7. If the purpose of processing personal data is achieved, the website administration is obliged to stop processing personal data and to destroy personal data in period not exceeding 30 (thirty) days from the date of achieving the purpose of processing personal data.
7.8. In case of withdrawal by users of consent to processing their personal data the administration of the website is obliged to stop processing them and if the retention of personal data is no longer required for the purposes of processing personal data and to destroy personal data in period that not exceeding 30 (thirty) days from the date of receipt of the said withdrawal.
7.9. If it is not possible to destroy personal data within the period specified in points 6.4-6.8 of this Policy, the administration of the website shall block such personal data and ensures the destruction of personal data within a maximum of 6 (six) months, unless otherwise specified by federal laws.
8. Liability for violation of the rules governing the processing and protection of the personal data of the website’s users
8.1. Persons guilty of violation of norms regulating the acquisition, processing and protection of personal data of website’s users are subject to disciplinary, material, civil, administrative and criminal liability in the manner established by the current legislation of the Russian Federation.
9.1. This Policy can be modified or terminated by the administration of the website unilaterally and without prior notice. The new version of the Policy shall come into effect at the moment of its posting on the website, unless different is provided in the new version of the Policy.
9.2. The current version of the Policy is located on the website in the information and telecommunication network “Internet” at: f-std.ru.