Personal Data Processing Policy

1. General provisions

This Personal Data Processing Policy was developed in compliance with the requirements of Federal Law No. 152-FZ dated 27.07.2006 On Personal Data (hereafter – Personal Data Law) and defines the procedure for processing personal data and measures to ensure the personal data security implemented by Inventorus LLC (hereafter – the Operator).

1.1. The Operator sets as its most important goal and condition for the implementation of its activities the observance of human and civil rights and freedoms when processing personal data, including the protection of the rights to privacy, personal and family secrets.

1.2. This Operator's Policy regarding personal data processing (hereafter – the Policy) applies to all information the Operator may receive on visitors of website https://inventorus.ru.

2. Policy basic concepts

2.1. For automated personal data processing, computer aids are used.

2.2. Personal data blocking is the temporary termination of personal data processing (except when processing is necessary to amend personal data).

2.3. A website is a collection of graphic and informational materials along with computer programs and databases ensuring their availability at the Internet at the network address https://inventorus.ru.

2.4. Personal data information system is a set of information technologies and technology devices contained in personal data databases to enable data processing.

2.5. Depersonalization of personal data is an action making it impossible to determine whether personal data belongs to a specific User or another personal data subject without using additional information.

2.6. Personal data processing is any action (operation) or set of actions (operations) run with or without using automation tools with personal data, including collection, recording, systematization, accumulation, storage, amendment (updating, modification), extraction, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.7. The Operator is a government agency, municipal body, legal entity or individual independently or jointly with other persons organizing and/or running personal data processing and defining personal data processing purposes, processed personal data composition and actions (operations) applied to personal data.

2.8. Personal data is any information related directly or indirectly to a specific or identifiable User of the website https://inventorus.ru.

2.9. Personal data authorized by the personal data subject for dissemination are personal data to which the personal data subject allowed access to an unlimited number of persons by giving consent to personal data processing and dissemination according to the procedure specified at the Personal Data Law (hereafter – personal data authorized for dissemination).

2.10. User is any visitor of the website https://inventorus.ru.

2.11. Providing personal data is an action aimed at disclosing personal data to a specific person or a specific group of people.

2.12. Dissemination of personal data are any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or at familiarizing an unlimited number of persons with personal data, including personal data publication of in media, posting in information and telecommunication networks or providing access to personal data in any other way.

2.13. Cross-border transfer of personal data is the transfer of personal data to a foreign authority, a foreign individual or a foreign legal entity at the territory of a foreign state.

2.14. Destruction of personal data are any actions resulting in personal data permanently destruction with the impossibility of further restoration of personal data content in the personal data information system and/or destruction of personal data material carriers.

3. Basic rights and obligations of the Operator

3.1. The Operator has the right to:

  • receive reliable information and/or documents containing personal data from the personal data subject;
  • if the personal data subject withdraws consent to personal data processing or sends a request to terminate personal data processing, the Operator has the right to continue processing personal data without the consent of the personal data subject, provided there are grounds specified in the Personal Data Law;
  • independently determine the composition and list of actions necessary and sufficient to ensure the fulfillment of obligations specified at the Personal Data Law and regulatory legal acts adopted according to it, unless otherwise provided by the Personal Data Law or other federal laws.
    3.2. The Operator must:
  • provide the personal data subject, upon his/her request, with information related to the processing of its personal data;
  • organize personal data processing according to the procedure established at the Russian Federation applicable law;
  • respond to appeals and requests from personal data subjects and their legal representatives according to Personal Data Law requirements;
  • supply with necessary information the authorized body protecting personal data subjects rights on its request within 10 days from request receipt date;
  • publish or otherwise provide unrestricted access to this Personal Data Processing Policy;
  • take legal, organizational and technical measures to protect personal data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions with respect to personal data;
  • stop transferring (disseminating, providing, accessing) personal data, stop processing and destroy personal data according to the procedure and cases specified at the Personal Data Law;
  • perform other duties specified at the Personal Data Law.

4. Basic rights and obligations of personal data subjects

4.1. Personal data subjects have the right to:

  • receive information regarding the processing of their personal data, except in cases provided for by federal laws. The information is provided to the personal data subject by the Operator in an accessible form, and it should not contain personal data related to other personal data subjects, except in cases when legitimate grounds exist for disclosure of these personal data. The information scope and the procedure for obtaining it are established by the Personal Data Law;
  • require the Operator to amend its personal data, block or destroy them if personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the declared purpose of processing, as well as to take legal measures to protect its rights;
  • put forward a condition of prior consent when processing personal data in order to promote goods, activities and services at the market;
  • revoke consent to personal data processing, as well as to send a request to terminate personal data processing;
  • appeal to the authorized body protecting personal data subjects rights or in court against unlawful actions or omissions of the Operator during the processing of its personal data;
  • exercise other rights provided for by the Russian Federation legislation.
    4.2. Personal data subjects are obliged to:
  • provide the Operator with reliable personal information;
  • inform the Operator on amendment (updating, modification) of its personal data.
    4.3. Persons who have provided the Operator with false information about themselves or information about another personal data subject without the latter's consent are liable according to the Russian Federation legislation.

5. Principles of personal data processing

5.1. Personal data are processed on a lawful and fair basis.

5.2. Personal data processing is limited to the achievement of specific, predetermined and legitimate purposes. Personal data processing incompatible with the purposes of personal data collection is not allowed.

5.3. It is not allowed to combine databases containing personal data processed for purposes incompatible with each other.

5.4. It is allowed to process only personal data meeting the purposes of their processing.

5.5. The content and scope of processed personal data should correspond to the declared processing purposes. Redundancy of processed personal data in relation to their declared processing purposes is not allowed.

5.6. When processing personal data, their accuracy, sufficiency, and, if necessary, relevance to personal data processing purposes must be ensured. The Operator must take the necessary measures and/or ensure that they are taken to delete or update incomplete or inaccurate data.

5.7. Personal data must be stored in a form allowing to identify the personal data subject no longer than the purposes of personal data processing require, unless the period of personal data storage is established by federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor. The personal data being processed must be destroyed or depersonalized upon achievement of the processing objectives or in case of loss of the need to achieve these objectives, unless otherwise provided by federal law.

6. Purposes of personal data processing

Purpose of processing
To provide the User access to services, information and/or materials contained at the website

Personal data
Last name, first name, patronymic, email address, phone numbers

Legal grounds
Statutory (constituent) documents of the Operator

Types of personal data processing
Collection, recording, systematization, accumulation, storage, destruction and depersonalization of personal data, sending information letters to an e-mail address

7. Personal data processing condition

7.1. Personal data processing is run with the consent of the personal data subject to the processing of its personal data.

7.2. Personal data processing is necessary to achieve the goals specified at an international agreement of the Russian Federation or a law, to carry out functions, powers and duties assigned to the Operator by the Russian Federation legislation.

7.3. Personal data processing is necessary for justice administration, execution of judicial acts, acts of another body or official subject according to the Russian Federation legislation on enforcement proceedings.

7.4. Personal data processing is necessary to perform agreements to which the personal data subject is a party or beneficiary or guarantor, as well as to sign agreements on the personal data subject initiative or agreements where the personal data subject will be the beneficiary or guarantor.

7.5. Personal data processing is necessary to exercise rights and legitimate interests of the Operator or third parties, or to achieve socially significant goals, provided that the personal data subject rights and freedoms are not violated.

7.6. Personal data is processed, and access to an unlimited number of persons is provided by the personal data subject or at its request (hereafter – publicly available personal data).

7.7. Personal data processing is subject to publication or mandatory disclosure according to federal law.

8. Procedure for collecting, storing, transferring and other types of personal data processing

Security of personal data processed by the Operator is ensured through implementation of legal, organizational and technical measures necessary to fully comply with applicable law requirements in the field of personal data protection.

8.1. The Operator ensures the safety of personal data and takes all possible measures to exclude access to personal data of unauthorized persons.

8.2. The User's personal data will never, under any circumstances, be transferred to third parties, except in cases related to applicable law implementation or if the personal data subject consents to the Operator to transfer data to a third party to fulfill obligations under a civil contract.

8.3. In case of personal data inaccuracies, the User can update them independently by sending a notification to the Operator's email address info@inventorus.ru tagged Personal Data Update.

8.4. The duration of personal data processing is determined by the achievement of the purposes for which personal data were collected, unless another period is specified at the contract or applicable legislation.

The User can revoke its consent to personal data processing at any time by sending an e-mail notification to the Operator's e-mail address info@inventorus.ru tagged Consent Withdrawal To Personal Data Processing.

8.5. All information collected by third-party services, including payment systems, communication facilities and other service providers is stored and processed by these persons (Operators) according to their User Agreement and Privacy Policy. Personal data subjects and/or subjects with specified documents. The Operator is not responsible for actions of third parties, including service providers specified in this paragraph.

8.6. Prohibitions established by the personal data subject on personal data transfer (other than granting access), as well as on their processing or processing conditions (other than gaining access) permitted for dissemination, do not apply in cases of personal data processing in state, social and other public interests defined by the Russian Federation legislation.

8.7. The Operator ensures personal data confidentiality during their processing.

8.8. The Operator stores personal data in a form allowing to identify the personal data subjects for no longer than the purposes of personal data processing require, unless the period of personal data storage is established by federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor.

8.9. The condition for personal data processing termination may be the achievement of personal data processing purposes, expiration of the personal data subject consent, withdrawal of the personal data subject consent or its requirement to terminate personal data processing, as well as identification of unlawful personal data processing.

9. Scope of actions the Operator applies to received personal data

9.1. The Operator collects, records, systematizes, accumulates, stores, amends (updates, changes), extracts, uses, transfers (disseminates, provides, accesses), depersonalizes, blocks, deletes, and destroys personal data.

9.2. The Operator runs automated personal data processing with or without receiving and/or transmitting the information received via information and telecommunication networks.

10. Cross-border transfer of personal data

10.1. Before starting activities on cross-border transfer of personal data, the Operator is obliged to notify the authorized body protecting personal data subjects rights of its intention to carry out cross-border transfer of personal data (this notification is sent separately from the notification on intention to process personal data).

10.2. Prior to submitting the above notification, the Operator is obliged to obtain relevant information from the foreign state authorities, foreign individuals and foreign legal entities to whom the cross-border transfer of personal data is planned.

11. Confidentiality of personal data

The Operator and other persons who obtained access to personal data are obliged not to disclose or disseminate personal data to third parties without the personal data subject consent, unless otherwise provided by federal law.

12. Final provisions

12.1. The User can receive any clarifications on issues of interest related to the processing of its personal data contacting the Operator via e-mail info@inventorus.ru .

12.2. This document will reflect any changes to the Operator's Personal Data Processing Policy. The Policy is valid indefinitely until it is replaced by a new version.

12.3. The current version of the Policy is freely available at the Internet at https://inventorus.ru/privacy-en.