1. General provisions1.1. This Personal Data Processing Policy (the “Policy”) adopted by Pepeliaev Group LLC (OGRN 1027739040273, INN 7707301372, registered at: Entrance 7, Floor 15, 12 Krasnopresnenskaya Nab., Moscow 123610, Russia (“Pepeliaev Group”) defines the main principles, objectives, procedure and conditions of processing personal data of Visitors to the website, as well as the measures to ensure that such personal data is secure and protected.
1.2. This Policy has been developed in compliance with the Russian Constitution and statutory and other regulations of the Russian Federation in the sphere of personal data and has been published for open access at Pepeliaev Group’s website at: www.pgplaw.ru.
1.3. The terms used in this Policy are interpreted as defined in Federal Law No. 152-FZ “On personal data” dated 27 July 2006.
1.4. Pepeliaev Group guarantees that personal data it received shall be treated confidential having regard to the provisions of this Policy and undertakes to use such personal data only for the purposes set out in the Policy.
2. Definition and composition of personal data
2.1. The list of personal data to be safeguarded at Pepeliaev Group shall be formed in accordance with Federal Law No. 152-FZ “On personal data” dated 27 July 2006.
2.2. Pepeliaev Group shall process and safeguard personal data (including the surname, name, place of work, position, contact phone number, email, etc.) of the Visitors to Pepeliaev Group’s Website at www.pgplaw.ru (the “Website”), as well as personal data coming to the Pepeliaev Group’s corporate email ending with @pgplaw.ru (the “Corporate Email”) of personal data subjects who expressed their Consent to the processing of their personal data (the “Consent”) by submitting the information through the forms they select (the “Forms”) on the Website or by sending an email. The moment at which the Consent is accepted will be the marking of the corresponding field of the Form and the pressing on the button of ‘Submit Form’ on any page of the Website, as well as the pressing on the button of ‘Submit email’ to the Corporate Email, with such email containing personal data of the subject.
2.3. When visiting the Pepeliaev Group’s Website, reading texts and loading other information, certain data is automatically registered on a PC from which a Website Visitor browses Pepeliaev Group’s Website. When visitors browse its Website, Pepeliaev Group gathers the following information:
• the date and time when the Website was visited;
• the number and title of pages visited, as well as the duration of the visit to each page;
• IP address assigned to the device for connecting to the Internet;
• type of browser and operating system;
• the URL of the website from which a visitor came.
3. Purposes of processing personal data
3.1. Personal data of Website Visitors will be processed for the following purposes:
• sending to the Website Visitors reference and marketing materials to the email addresses that the Website Visitors indicate;
• offering Visitors an opportunity to contact Pepeliaev Group for feedback;
• advising Website Visitors of the services we provide, for the purpose of marketing and providing support to Website Visitors and for any other purposes that do not contravene current Russian legislation and the provisions of the agreement between Pepeliaev Group and the corresponding Website Visitors.
4. Principles of and timeframes for processing personal data
4.1. Pepeliaev Group processes personal data based on the following principles:
• the processing is carried out on legal and fair basis;
• the processing is limited to specific and predetermined legal purposes;
• it is not permitted to process personal data which is incompatible with the purposes for which such personal data was collected;
• it is not permitted to combine the databases which contain personal data processed for mutually incompatible purposes;
• the content and the volume of personal data being processed should be consistent with the declared purposes of the processing;
• personal data is stored in a form which allows the personal data subject to be identified, but for no longer than it is required in accordance with the purposes for processing the personal data, unless another period is set by a federal law or a contract to or under which the personal data subject is a party, beneficiary or a guarantor;
• based on such other principles as current Russian legislation on personal data may provide for.
4.2. Pepeliaev Group will process personal data if either of the conditions below is met:
• a personal data subject granted Consent to the processing of his/her personal data;
• the processing of personal data is necessary for rights and legal interests of Pepeliaev Group to be exercised or for socially valuable purposes to be achieved, provided that this does not infringe the rights and liberties of personal data subjects;
• personal data is processed for the purposes of statistical or other research, provided that such data is always depersonalised;
• other conditions for which current Russian legislation on personal data provides.
5. Rights and obligations of a personal data subject
5.1. A personal data subject has the right:
• to demand that his/her personal data be updated, renewed, blocked or destroyed;
• to obtain the list of his/her personal data which Pepeliaev Group processes and the source from which such personal data has been received, to be advised of the period for which his/her personal data will be processed, including the period of storage, and any other information about the processing of his/her personal data;
• to demand that all persons to whom his/her inaccurate or incomplete personal data be advised of any corrections or supplements made;
• to challenge, in the established manner, any unlawful acts or omissions when his/her personal data is processed.
5.2. Website Visitors must submit only accurate data about themselves.
5.3. A Visitor grants his/her Consent to the processing of his/her personal data for the whole period necessary for Pepeliaev Group to attain the goals of processing such personal data.
5.4. A Visitor may revoke his/her Consent to the processing of his/her personal data by sending an application in writing to Pepeliaev Group’s postal address at: Entrance 7, Floor 15, 12 Krasnopresnenskaya Nab., Moscow 123610, or to its corporate email address (email@example.com).
5.5. Persons who have transferred the data to Pepeliaev Group via the Website about another personal data subject without having the consent of the subject whose personal data has been transferred will be held liable under Russian legislation.
6. Rights and obligations of Pepeliaev Group
6.1. Pepeliaev Group never asks a Website Visitor about his/her race, national origins, political views, religious and philosophical convictions, health, and private life.
6.2. When processing personal data Pepeliaev Group may do the following: gather, record, systematise, accumulate, store, update (renew or modify), retrieve, use, transfer (distribute, provide or access), depersonalise, block, delete or destroy the personal data of a Visitor.
6.3. If Visitors take part in the events Pepeliaev Group holds, Pepeliaev Group may disclose the corresponding personal data of the Visitor to persons who participate in holding the event.
6.4. Pepeliaev Group may not transfer personal data to any third party, except for the following persons:
• officials of state authorities to the extent of their powers;
• persons to whom Pepeliaev Group is obliged to transfer such personal data to comply with Russian legislation;
• persons to whom Pepeliaev Group transfers personal data in pursuance of an agreement with the personal data subject;
• persons whom Pepeliaev Group instructs to process personal data;
• Pepeliaev Group’s legal successors in the event of its reorganisation;
• other persons, with the consent of the personal data subject.
6.5. Pepeliaev Group may not disclose personal data of a Website Visitor for any commercial purposes without his/her consent. The processing of a Visitor’s personal data for the purposes of promoting goods, work and/or services on the market by directly contacting a potential consumer using means of communications is only allowed with the Visitor's prior consent.
6.6. Pepeliaev Group undertakes to warn persons who have received a Visitor’s personal data that such data may be used only for the corresponding purposes and to require that such persons confirm their compliance with this rule.
6.7. Persons who received a Visitor’s personal data must keep such data secret (confidential).
6.8. Pepeliaev Group will process personal data of Website Visitors and undertake measures to protect such personal data in accordance with the provisions of this Policy and other bylaws Pepeliaev Group may issue.
7. Protection and security of personal data
7.1. Pepeliaev Group applies the corresponding standards of technical and operational security to protect information submitted by Website Visitors from unauthorised access, disclosure, distortion, blocking or destruction.
7.2. The measures Pepeliaev Group applies include the following:
• appointing a person to be responsible for organising the processing of personal data;
• applying legal, technical and organisational measures to ensure the safety of personal data;
• assessing the damage personal data subjects may sustain if legislation is breached, and the correlation between the damage and security measures Pepeliaev Group applies;
• using secured premises with delineated access where personal data servers are placed and using locked cabinets to store personal data in hard copy form;
• acquainting Pepeliaev Group’s employees who are directly involved in processing personal data with the provisions of Russian legislation on personal data;
• monitoring the measures undertaken to safeguard personal data.
7.3. Access to personal data is granted only to Pepeliaev Group’s authorised employees who have undertaken to keep such information confidential.
8. Storage of personal data
8.1. Personal data of Website Visitors is stored during the period required for the purposes for which such data has been submitted, or for the period stipulated by legislation.
8.2. Once such purposes are attained or the period for processing personal data has expired, the personal data of Website Visitors will be destroyed.
9. Log data, cookies and web beacons
The standard information gathered will be used solely for strategic purposes. Pepeliaev Group does not use personal data for the purpose of the personal identification of any Visitors. If, however, registered Visitors are authorised on the Website, Pepeliaev Group will be able to use such data together with the information obtained via data analysis tools and cookie files so that to analyse how visitors use the Website.
9.2. When using the Website, a Visitor grants his/her consent to Pepeliaev Group uploading cookie files to the Visitor’s device in accordance with the conditions above.
9.3. A Visitor can manage cookie files by using the browser settings. If cookie files are deleted, all data regarding the Visitor’s preferences will be deleted, including his/her preference regarding a refusal to use cookie files. If cookie files are blocked, changes may be reflected on a user’s interface and some of the Website's features may become unavailable.
10. Final provisions
10.1. This Policy will be amended or added to if the corresponding changes or additions are made to current Russian legislation on personal data. The Policy may be amended at any moment at the discretion of Pepeliaev Group. The current version of Pepeliaev Group’s Policy is always available for review by public at large at its permanent address: www.pgplaw.ru.
10.2. All relationships involving Pepeliaev Group relating to processing and protection of personal data which are not expressly reflected in this Policy will be regulated in accordance with Russian legislation on personal data.
10.3. Compliance with this Policy will be monitored by the person in charge of processing of personal data at Pepeliaev Group.
The date of the latest update of the Policy is 31 July 2017.