Policy Regarding the Processing of Personal Data Using the Internet Information and Communication Network
1. General Provisions
1.1. DEDI LLC (Digital Economy Development Institute LLC), located at: 42 bldg. 1, Bolshoy Boulevard, Skolkovo Innovation Center, Moscow, Russia (hereinafter referred to as the “Company”) is committed as its highest priority to the security of users’ personal data at the www.dedicorp.net website maintained in the Internet information and telecommunication network (hereinafter referred to as the “Internet sites”).
1.2. This Policy regarding the processing of personal data (hereinafter referred to as the “Policy”) provides information on the basic concepts of which the processing of personal data using Internet sites are based and the requirements for their protection specified.
1.3. This Policy is publicly available on the Internet sites.
2. Concepts of personal data processing
2.1. The Company’s policy regarding the processing of personal data is that personal data should be processed only in cases established by law, and in order to carry out activities in the main areas of the Company's business. Under no circumstances can the processing of personal data of Internet site users be aimed at causing damage or inconvenience to them. The processing of personal data is based on the following principles:
- the processing of personal data should be carried out in a lawful and fair manner;
- the processing of personal data should be limited to the achievement of specific, predetermined and legitimate goals. Processing of personal data incompatible with the purposes of collecting personal data is not allowed;
- databases that contain the personal data, the processing of which is carried out for mutually incompatible purposes, may not be combined;
- only personal data that meet the purposes of their processing are subject to processing;
- the content and volume of the processed personal data must comply with the declared processing goals. The processed personal data should not be redundant with respect to the declared purposes of their processing;
- in processing personal data, the accuracy of personal data, their adequacy, and, if necessary, relevance in relation to the purposes of processing personal data must be ensured. The company must take or adopt the measures needed to delete or clarify incomplete or inaccurate data;
- personal data should be stored in a form that allows determination of the personal data subject for a time no longer than that is required by the purpose of processing personal data, provided otherwise is not established by federal law or an agreement to which personal data subject is a party, a beneficiary or guarantor. The processed personal data should be deleted or depersonalized upon achievement of the processing goals or in case achievement of these goals is no longer needed, unless otherwise provided by federal law.
2.2. In requesting personal data, the Company shall only collect the minimum amount of personal data needed to achieve the goals of collecting personal data.
2.3. The Company may process personal data in both automated and non-automated ways.
3. Goals of processing personal data
3.1. The company shall process the personal data of Internet site users for the following purposes:
- distribution among the users of reference and marketing information also in form of advertising mailings, direct phone calls or SMS notes and e-mail messages;
- provision to the users of a channel for feedback with the Company;
- provision to the users of recommendations on issues related to products and services;
- assistance in the exchange of expertise and arrangement of communication between Internet site users;
- marketing communication and support.
4. Terms of processing personal data
4.1. Personal data shall be collected through web forms with the consent of Internet site users.
4.2. Personal data of Internet site users may be collected and processed in other ways without their consent in cases when it is required for fulfillment of a civil law contract concluded between the Company and the user, or a contract of which the user is a beneficiary, as well as in other cases established by laws of the Russian Federation.
4.3 The website can be used both for collecting personal data of users and for subsequent processing of the collected personal data directly on that website.
4.4 If the Internet site users whose personal data are collected are citizens of the Russian Federation, those data shall be stored on the servers located in the Russian Federation.
4.5 Processing of special categories of personal data regarding race, nation origin, political affiliations, religious or philosophical beliefs, health status, financial conditions, or private life of website users is not allowed.
4.6 The company may entrust the processing of personal data to a third party with the consent of the personal data subject. The third party that processes personal data on behalf of the Company shall comply with the concepts and rules for the processing of personal data and maintaining the confidentiality and security of personal data in processing the data.
4.7 Transfer of personal data by sending a filled-in web form to Internet sites and the storage of personal data involves the use of a hosting provider’s technical resources needed to process and store personal data. By consenting to the processing of personal data, the website user agrees to transfer his/her personal data to the Company’s hosting provider.
4.8 The Company may transfer the personal data of Internet site users to third parties (for processing on behalf of the Company), including hosting providers, telecommunications companies, and other third parties (in transferring personal data in cases provided by law).
5. Communication with the Company
5.1 The personal data subject may request that the Company clarify his/her personal data, block or delete the data should the personal data be incomplete, outdated, inaccurate, illegally obtained or not needed for the declared processing purpose, as well as personal data subject may use remedies set forth by law to protect his/her rights.
5.2 The personal data subject may request that the Company, as well as the third party processing the personal data on behalf of the Company confirm the fact of processing of personal data.
5.3 The personal data subject may withdraw his/her Consent to the processing of his/her personal data by sending an email to mail@cdc.ru.
5.4. The personal data subject may contact the Company with questions, suggestions, and complaints regarding the processing of personal data by:
phone: +7 925 505 20 55
e-mail: az@dedicorp.net
mail: 42 bldg. 1, Bolshoy Boulevard, Skolkovo Innovation Center, Moscow, Russia
6. Information on the requirements implemented for personal data protection
6.1 Personal data are considered to be confidential information.
6.2 Security of the personal data of Internet site users is ensured by preventing unauthorized, including accidental, access to personal data and by taking the following security measures:
- identification of threats to the security of personal data during their processing in information systems;
- application of organizational and engineering measures to ensure the security of personal data, when they are processed in information systems, that are needed to fulfill the standards of personal data security established by the Government of the Russian Federation;
- use of information protection measures that have passed check of conformity, according to the established procedure;
- accounting of computer media for personal data;
- detection of unauthorized access to personal data and taking of appropriate measures;
- recovery of personal data that were modified, deleted or damaged as a result of unauthorized access to them;
- introduction of rules that govern access to personal data processed in information systems and logging and recording of all activities performed with personal data in information systems;
- control over the measures taken to ensure personal data security and the levels of information system security.
6.3 The company implements the following requirements for personal data protection:
- establishes a security regime for the premises, in which information systems processing the personal data of Internet site users are located, that prevents the uncontrolled entry or stay in those premises of the persons not authorized to access such premises;
- ensures the safety of personal data media;
- approves the list of persons who may access personal data as part of their job responsibilities;
- uses information protection tools whose compliance with the requirements of Russian laws regarding information security was checked, provided that such tools are needed to neutralize actual threats;
- appointed an officer responsible for arrangement of personal data processing.
“Approved”
H. M. Az-zari
CEO, DEDI LLC
