Privacy policy
1. General Provisions
1.1. This document (hereinafter — the Policy) defines the policy regarding the processing of personal data of users of the website of LLC "EXPOMEN" (hereinafter — the Operator) on the Internet at: expomanage.ru (hereinafter — the Website).
1.2. This Policy has been developed pursuant to paragraph 2, part 1, article 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data," as well as the Recommendations for drafting a document defining the operator’s policy on the processing of personal data, in the manner established by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data."
1.3. This Policy of the Operator regarding the processing of personal data applies to all information that the Operator may receive about visitors of the Website expomanage.ru.
1.4. The Operator considers as its most important goal and condition for conducting its activities the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family secrets.
1.5. In compliance with the requirements of part 2, article 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data," this Policy is published and made publicly available on the Operator’s Website at: expomanage.ru/privacy.
1.6. This Policy applies only to the Website. The Operator does not control and is not responsible for third-party websites to which the User may navigate via links available on the Website.
2. Basic Terms Used in the Policy
2.1. Terms contained in article 3 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" are used in this Policy with the same meaning. This Policy also uses the following definitions:
2.1.1. Website — a set of graphical and informational materials, as well as computer programs and databases ensuring their accessibility on the Internet at https://expomanage.ru;
2.1.2. User — any visitor of the Website expomanage.ru;
2.1.3. Personal data — any information relating directly or indirectly to an identified or identifiable individual (personal data subject);
2.1.3.1. Personal data authorized by the personal data subject for dissemination — personal data to which access is provided by the personal data subject to an unlimited number of persons by giving consent to the processing of personal data authorized by the personal data subject for dissemination in accordance with the Federal Law;
2.1.4. Provision of personal data — actions aimed at disclosing personal data to a certain person or a certain group of persons;
2.1.5. Operator — a state or municipal authority, legal or natural person, independently or jointly with other persons organizing and/or carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data;
2.1.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
2.1.7. Automated processing of personal data — processing of personal data using computer technology;
2.1.8. Distribution of personal data — actions aimed at disclosing personal data to an indefinite number of persons;
2.1.9. Provision of personal data — actions aimed at disclosing personal data to a certain person or a certain group of persons;
2.1.10. Blocking of personal data — temporary suspension of processing of personal data (except when processing is necessary for clarifying personal data);
2.1.11. Destruction of personal data — actions resulting in the impossibility of restoring the content of personal data in the personal data information system and/or resulting in the destruction of tangible media of personal data;
2.1.12. Depersonalization of personal data — actions making it impossible, without additional information, to determine the affiliation of personal data to a specific personal data subject;
2.1.13. Personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing;
2.1.14. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual, or a foreign legal entity.
3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:
— Independently determine the composition and list of measures necessary and sufficient to ensure fulfillment of obligations established by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" or other federal laws;
— Entrust the processing of personal data to another person with the User’s consent, unless otherwise provided by federal law, on the basis of a contract concluded with this person, including a state or municipal contract, or by adopting an act by a state or municipal authority;
— In case of withdrawal of the User’s consent to the processing of personal data, continue processing personal data without the User’s consent if there are grounds specified in the Federal Law "On Personal Data";
— Receive from the User reliable information and/or documents containing the User’s personal data for the purposes of processing specified in clause 5.2 of this Policy;
— Require the User to timely update the provided personal data.
3.2. The Operator is obliged to:
— Process personal data solely for the purposes specified in this Policy, in accordance with the applicable legislation of the Russian Federation, and take the necessary and sufficient measures to ensure fulfillment of obligations established by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" and regulatory acts adopted in accordance with it;
— Not disclose personal data without the User’s consent, unless otherwise provided by the legislation of the Russian Federation;
— Process personal data in compliance with the principles and rules provided for by the Federal Law "On Personal Data";
— Organize the protection of personal data in accordance with the requirements of the legislation of the Russian Federation;
— Review requests from the User (or their legal representative) regarding the processing of personal data and provide reasoned responses;
— Provide the User (or their legal representative) with free access to their personal data;
— Take measures to clarify, block, or delete the User’s personal data in cases established by the Federal Law "On Personal Data";
— Provide the authorized body for the protection of personal data subjects' rights, upon request, with the necessary information within 10 days from the date of receiving such a request;
— Publish or otherwise provide unrestricted access to this Policy regarding the processing of personal data;
— Cease the transfer (distribution, provision, access) of personal data, cease processing, and destroy personal data in the manner and cases provided by the Law on Personal Data;
— Fulfill other obligations established by the Law on Personal Data.
3.3. The Operator also has other rights and bears other obligations provided by the legislation of the Russian Federation.
4. Basic Rights and Obligations of Personal Data Subjects
4.1. The User has the right to:
— Receive complete information regarding the processing of their personal data by the Operator, except in cases provided for by the legislation of the Russian Federation. Such information shall be provided to the User by the Operator in an accessible form and must not contain personal data relating to other personal data subjects, except where there are legal grounds for disclosing such personal data. The list of such information and the procedure for obtaining it are established by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data";
— Request the rectification, blocking, or deletion of their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing. In case of identifying inaccuracies in their personal data, the User may update it independently by sending a notification to the Operator’s email address info@expomanage.ru with the note "Personal Data Update";
— Withdraw their consent to the processing of personal data, as well as submit a demand to cease the processing of personal data;
— Take measures provided by law to protect their rights;
— Lodge complaints with the authorized body for the protection of the rights of personal data subjects or in court against unlawful actions or omissions of the Operator in the processing of their personal data;
— Set a condition of prior consent when their personal data is processed for the purpose of promoting goods, works, or services on the market.
4.2. The User is obliged to:
— Ensure the accuracy of the personal data provided to the Operator, as required for the purposes of processing specified in clause 5.2 of this Policy;
— Provide the Operator, if necessary, with information for clarifying (updating, modifying) the personal data previously provided.
4.3. Persons who provide the Operator with false information about themselves, or information about another personal data subject without the latter’s consent, shall bear responsibility in accordance with the legislation of the Russian Federation.
4.4. Users also have other rights and bear other obligations provided for by the legislation of the Russian Federation.
5. Principles of Personal Data Processing
5.1. The processing of personal data shall be carried out on a lawful and fair basis.
5.2. The content and scope of the personal data processed shall correspond to the stated purposes of processing. The processing of personal data that is excessive in relation to the stated purposes of its processing is not permitted.
5.3. The processed personal data must not be redundant in relation to the stated purposes of its processing.
5.4. When processing personal data, the accuracy, sufficiency, and, where necessary, the relevance of personal data in relation to the purposes of its processing shall be ensured. The Operator shall take necessary measures and/or ensure that such measures are taken to delete or clarify incomplete or inaccurate data.
5.5. The Operator processes the User’s personal data for the following purposes:
5.5.1. Identifying the User registered on the Website;
5.5.2. Informing about the operation of the Website (Services), monitoring, and improving the quality of the Services;
5.5.3. Providing the User with access to personalized resources of the Website;
5.5.4. Establishing feedback with the User, including sending notifications, requests regarding the use of the Website, the provision of services, the performance of work, and processing requests and applications from the User;
5.5.5. Determining the User’s location to ensure security and to prevent fraud involving the User’s personal data on the Website;
5.5.6. Creating an account, if the User has consented to the creation of an account;
5.5.7. Providing the User with effective customer and technical support in case of problems related to the use of the Website;
5.5.8. Sending advertising to the User with their prior consent;
5.5.9. As well as for other purposes provided for and not prohibited by the current legislation of the Russian Federation.
6. Legal Grounds for the Processing of Personal Data
6.1. The legal grounds for the processing of personal data by the Operator are:
— The Constitution of the Russian Federation;
— The Civil Code of the Russian Federation;
— Federal Law of July 27, 2006 No. 152-FZ "On Personal Data";
— Federal Law of July 27, 2006 No. 149-FZ "On Information, Information Technologies and the Protection of Information";
— Federal Law of December 26, 2008 No. 294-FZ "On the Protection of the Rights of Legal Entities and Individual Entrepreneurs in the Exercise of State Control (Supervision) and Municipal Control";
— Decree of the President of the Russian Federation of March 6, 1997 No. 188 "On Approval of the List of Confidential Information";
— Resolution of the Government of the Russian Federation of November 1, 2012 No. 1119 "On Approval of the Requirements for the Protection of Personal Data During Their Processing in Personal Data Information Systems";
— Order of the Federal Service for Technical and Export Control of Russia of February 18, 2013 No. 21 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data During Their Processing in Personal Data Information Systems";
— The User’s consent to the processing of personal data on the Website.
7. Scope and Categories of Processed Personal Data, Categories of Personal Data Subjects
7.1. The Operator may process the personal data of the following Users: visitors of the Operator’s Website.
7.2. The personal data processed by the Operator includes:
— User's surname, first name, and patronymic;
— Place of residence (region/city);
— Mobile phone number;
— Email address;
— Data automatically transmitted to the Website Services in the course of their use through the software installed on the User’s device, namely: IP address, cookie data, information about the User’s browser (or other software used to access the Services), technical characteristics of the User’s hardware and software, date and time of access to the Services, addresses of requested pages, history of queries and views on the Website and its Services.
7.3. The Operator ensures that the content and scope of the processed personal data correspond to the declared purposes of processing specified in Section 5 of this Policy.
7.4. The Operator does not process biometric personal data or special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, or personal life.
8. Procedure and Conditions of Personal Data Processing
8.1. The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary to fully comply with the requirements of the applicable legislation in the field of personal data protection. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by such parties (Operators) in accordance with their User Agreements and Privacy Policies. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this clause.
The processing of personal data by the Operator is carried out in accordance with the requirements of the legislation of the Russian Federation in the following ways:
— Non-automated processing of personal data;
— Automated processing of personal data with or without the transfer of the obtained information through information and telecommunication networks;
— Combined processing of personal data.
8.2. The list of actions performed by the Operator with the User’s personal data for the purposes specified in clause 5.2 of this Policy includes: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction.
8.3. The processing of personal data by the Operator shall be carried out subject to obtaining the User’s consent (hereinafter — Consent), obtained in accordance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data," except in cases established by the legislation of the Russian Federation where the processing of personal data may be carried out without such Consent.
8.4. The User decides to provide their personal data and gives Consent freely, by their own will, and in their own interest.
8.5. The period of processing of personal data is determined by the achievement of the purposes for which the personal data was collected, unless another period is provided for by the agreement with the User or by applicable legislation.
The condition for terminating the processing of personal data may be the achievement of the purposes of processing personal data or the loss of necessity in achieving these purposes, the expiration of the Consent validity period or withdrawal of Consent by the User, as well as the detection of unlawful processing of personal data.
8.6. The User may at any time withdraw their consent to the processing of personal data by sending a notification to the Operator via email at info@expomanage.ru with the note "Withdrawal of Consent to the Processing of Personal Data."
8.7. The Operator carries out the dissemination of personal data authorized by the User for dissemination, i.e., actions aimed at disclosing such data to an indefinite number of persons, in compliance with the requirements, restrictions, and conditions established by part 9 of article 9 and article 10.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data." Disclosure to third parties and dissemination of personal data without the User’s consent is not permitted unless otherwise provided by federal law. Consent to the processing of personal data authorized by the User for dissemination shall be executed separately from other consents of the User to the processing of their personal data, taking into account the Requirements for the content of consent to the processing of personal data authorized by the data subject for dissemination, approved by the Order of Roskomnadzor of February 24, 2021 No. 18. Restrictions established by the User on transfer (except for granting access), as well as on processing or processing conditions (except for granting access) of personal data authorized for dissemination, do not apply in cases of processing personal data in state, public, and other public interests defined by the legislation of the Russian Federation.
8.8. In processing personal data, the Operator takes or ensures the adoption of necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as from other unlawful actions with respect to personal data.
8.9. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized persons from gaining access to personal data. Personal data is stored in a form that allows the User to be identified, for no longer than is required for the purposes of processing personal data, except in cases where a storage period for personal data is established by federal law or by an agreement to which the User is a party, beneficiary, or guarantor.
8.10. When processing personal data, the Operator complies with the requirements of article 18 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data."
8.11. When processing personal data, the Operator undertakes to maintain the confidentiality of personal data.
8.12. In the event of unlawful or accidental transfer (provision, dissemination, access) of personal data, the Operator shall inform the User of this within 3 (three) calendar days.
8.13. The Operator, together with the User, shall take all necessary measures to prevent losses or other negative consequences caused by unlawful or accidental transfer (provision, dissemination, access) of the User’s personal data.
9. Blocking, Rectification, and Destruction of Personal Data. Responses to User Requests for Access to Personal Data
9.1. In the event that unlawful processing of personal data is identified upon a request from the User (or their representative) or upon a request from the authorized body for the protection of the rights of personal data subjects, the Operator shall block the unlawfully processed personal data relating to the respective User, or ensure their blocking, from the moment of such request or receipt of the User’s request, for the period of verification.
If inaccurate personal data is identified upon a request from the User or their representative, or upon their request or the request of the authorized body for the protection of the rights of personal data subjects, the Operator shall block the personal data relating to the respective User, or ensure their blocking, from the moment of such request or receipt of the User’s request, for the period of verification, unless the blocking of such personal data violates the rights and legitimate interests of the User or third parties.
9.2. If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information provided by the User (or their representative) or the authorized body for the protection of the rights of personal data subjects, or other necessary documents, shall rectify the personal data or ensure their rectification within seven (7) business days from the date such information is provided.
9.3. If unlawful processing of personal data is identified, the Operator shall, within a period not exceeding three (3) business days from the date of such identification, cease the unlawful processing of personal data or ensure the cessation of unlawful processing of personal data. If it is impossible to ensure the lawful processing of personal data, the Operator shall, within a period not exceeding ten (10) business days from the date of identification of unlawful processing of personal data, destroy such personal data or ensure their destruction.
9.4. In the event that the purpose of processing personal data has been achieved, the Operator shall destroy the personal data or ensure their destruction within a period not exceeding thirty (30) days from the date the purpose of processing was achieved, unless otherwise provided for by a contract to which the User is a party, beneficiary, or guarantor, or by another agreement between the Operator and the User, or if the Operator is not entitled to process the personal data without the User’s consent on the grounds provided for by Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" or other federal laws.
9.5. In the event of the User’s withdrawal of consent to the processing of their personal data, and if the retention of such personal data is no longer required for the purposes of processing, the Operator shall destroy the personal data or ensure their destruction within a period not exceeding thirty (30) days from the date of receipt of such withdrawal, unless otherwise provided for by a contract to which the User is a party, beneficiary, or guarantor, or by another agreement between the Operator and the User, or if the Operator is not entitled to process the personal data without the User’s consent on the grounds provided for by Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" or other federal laws.
9.6. Within a period not exceeding seven (7) business days from the date on which the User (or their representative) provides information confirming that such personal data was unlawfully obtained or is not necessary for the stated purpose of processing, the Operator shall destroy such personal data.
9.7. The personal data being processed shall be subject to destruction if the necessity of achieving the purposes of processing is lost, unless otherwise provided for by federal law.
10. Cross-Border Transfer of Personal Data
10.1. Prior to commencing activities related to the cross-border transfer of personal data, the Operator is obliged to notify the authorized body for the protection of the rights of personal data subjects of its intention to carry out such cross-border transfer (this notification shall be submitted separately from the notification of intent to process personal data).
10.2. Before submitting the above-mentioned notification, the Operator is obliged to obtain from the authorities of the foreign state, foreign individuals, or foreign legal entities to which the cross-border transfer of personal data is planned, the relevant information.
11. Liability of the Parties
11.1. The Operator shall be liable for violation of the requirements of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" in accordance with the legislation of the Russian Federation.
11.2. The User has the right to claim compensation for damages and/or moral harm in court. Moral harm caused to the User as a result of violation of their rights, violation of the rules for processing personal data, as well as the requirements for the protection of personal data established in accordance with the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data," and the provisions of this Policy, shall be compensated in accordance with the legislation of the Russian Federation. Compensation for moral harm shall be provided regardless of compensation for property damage and losses incurred by the User.
12. Dispute Resolution
12.1. In the event of disputes and/or disagreements arising from the relationship between the User and the Operator, such matters shall be resolved in accordance with the applicable legislation of the Russian Federation.
12.2. The applicable legislation of the Russian Federation shall govern this Policy and the relationship between the User and the Operator.
13. Confidentiality of Personal Data
13.1. The Operator and other persons who have gained access to personal data are obliged not to disclose or disseminate personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.
14. Final Provisions
14.1. The Operator has the right to amend this Policy without the User’s consent.
14.2. The new version of the Policy enters into force from the moment it is published on the Website, unless otherwise provided by the new version of the Policy.
14.3. The new version of the Policy applies to relations that arise after it has entered into force.
14.4. The current version of the Policy is freely available on the Internet at: https://expomanage.ru/privacy.
1.1. This document (hereinafter — the Policy) defines the policy regarding the processing of personal data of users of the website of LLC "EXPOMEN" (hereinafter — the Operator) on the Internet at: expomanage.ru (hereinafter — the Website).
1.2. This Policy has been developed pursuant to paragraph 2, part 1, article 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data," as well as the Recommendations for drafting a document defining the operator’s policy on the processing of personal data, in the manner established by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data."
1.3. This Policy of the Operator regarding the processing of personal data applies to all information that the Operator may receive about visitors of the Website expomanage.ru.
1.4. The Operator considers as its most important goal and condition for conducting its activities the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family secrets.
1.5. In compliance with the requirements of part 2, article 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data," this Policy is published and made publicly available on the Operator’s Website at: expomanage.ru/privacy.
1.6. This Policy applies only to the Website. The Operator does not control and is not responsible for third-party websites to which the User may navigate via links available on the Website.
2. Basic Terms Used in the Policy
2.1. Terms contained in article 3 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" are used in this Policy with the same meaning. This Policy also uses the following definitions:
2.1.1. Website — a set of graphical and informational materials, as well as computer programs and databases ensuring their accessibility on the Internet at https://expomanage.ru;
2.1.2. User — any visitor of the Website expomanage.ru;
2.1.3. Personal data — any information relating directly or indirectly to an identified or identifiable individual (personal data subject);
2.1.3.1. Personal data authorized by the personal data subject for dissemination — personal data to which access is provided by the personal data subject to an unlimited number of persons by giving consent to the processing of personal data authorized by the personal data subject for dissemination in accordance with the Federal Law;
2.1.4. Provision of personal data — actions aimed at disclosing personal data to a certain person or a certain group of persons;
2.1.5. Operator — a state or municipal authority, legal or natural person, independently or jointly with other persons organizing and/or carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data;
2.1.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
2.1.7. Automated processing of personal data — processing of personal data using computer technology;
2.1.8. Distribution of personal data — actions aimed at disclosing personal data to an indefinite number of persons;
2.1.9. Provision of personal data — actions aimed at disclosing personal data to a certain person or a certain group of persons;
2.1.10. Blocking of personal data — temporary suspension of processing of personal data (except when processing is necessary for clarifying personal data);
2.1.11. Destruction of personal data — actions resulting in the impossibility of restoring the content of personal data in the personal data information system and/or resulting in the destruction of tangible media of personal data;
2.1.12. Depersonalization of personal data — actions making it impossible, without additional information, to determine the affiliation of personal data to a specific personal data subject;
2.1.13. Personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing;
2.1.14. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual, or a foreign legal entity.
3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:
— Independently determine the composition and list of measures necessary and sufficient to ensure fulfillment of obligations established by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" or other federal laws;
— Entrust the processing of personal data to another person with the User’s consent, unless otherwise provided by federal law, on the basis of a contract concluded with this person, including a state or municipal contract, or by adopting an act by a state or municipal authority;
— In case of withdrawal of the User’s consent to the processing of personal data, continue processing personal data without the User’s consent if there are grounds specified in the Federal Law "On Personal Data";
— Receive from the User reliable information and/or documents containing the User’s personal data for the purposes of processing specified in clause 5.2 of this Policy;
— Require the User to timely update the provided personal data.
3.2. The Operator is obliged to:
— Process personal data solely for the purposes specified in this Policy, in accordance with the applicable legislation of the Russian Federation, and take the necessary and sufficient measures to ensure fulfillment of obligations established by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" and regulatory acts adopted in accordance with it;
— Not disclose personal data without the User’s consent, unless otherwise provided by the legislation of the Russian Federation;
— Process personal data in compliance with the principles and rules provided for by the Federal Law "On Personal Data";
— Organize the protection of personal data in accordance with the requirements of the legislation of the Russian Federation;
— Review requests from the User (or their legal representative) regarding the processing of personal data and provide reasoned responses;
— Provide the User (or their legal representative) with free access to their personal data;
— Take measures to clarify, block, or delete the User’s personal data in cases established by the Federal Law "On Personal Data";
— Provide the authorized body for the protection of personal data subjects' rights, upon request, with the necessary information within 10 days from the date of receiving such a request;
— Publish or otherwise provide unrestricted access to this Policy regarding the processing of personal data;
— Cease the transfer (distribution, provision, access) of personal data, cease processing, and destroy personal data in the manner and cases provided by the Law on Personal Data;
— Fulfill other obligations established by the Law on Personal Data.
3.3. The Operator also has other rights and bears other obligations provided by the legislation of the Russian Federation.
4. Basic Rights and Obligations of Personal Data Subjects
4.1. The User has the right to:
— Receive complete information regarding the processing of their personal data by the Operator, except in cases provided for by the legislation of the Russian Federation. Such information shall be provided to the User by the Operator in an accessible form and must not contain personal data relating to other personal data subjects, except where there are legal grounds for disclosing such personal data. The list of such information and the procedure for obtaining it are established by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data";
— Request the rectification, blocking, or deletion of their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing. In case of identifying inaccuracies in their personal data, the User may update it independently by sending a notification to the Operator’s email address info@expomanage.ru with the note "Personal Data Update";
— Withdraw their consent to the processing of personal data, as well as submit a demand to cease the processing of personal data;
— Take measures provided by law to protect their rights;
— Lodge complaints with the authorized body for the protection of the rights of personal data subjects or in court against unlawful actions or omissions of the Operator in the processing of their personal data;
— Set a condition of prior consent when their personal data is processed for the purpose of promoting goods, works, or services on the market.
4.2. The User is obliged to:
— Ensure the accuracy of the personal data provided to the Operator, as required for the purposes of processing specified in clause 5.2 of this Policy;
— Provide the Operator, if necessary, with information for clarifying (updating, modifying) the personal data previously provided.
4.3. Persons who provide the Operator with false information about themselves, or information about another personal data subject without the latter’s consent, shall bear responsibility in accordance with the legislation of the Russian Federation.
4.4. Users also have other rights and bear other obligations provided for by the legislation of the Russian Federation.
5. Principles of Personal Data Processing
5.1. The processing of personal data shall be carried out on a lawful and fair basis.
5.2. The content and scope of the personal data processed shall correspond to the stated purposes of processing. The processing of personal data that is excessive in relation to the stated purposes of its processing is not permitted.
5.3. The processed personal data must not be redundant in relation to the stated purposes of its processing.
5.4. When processing personal data, the accuracy, sufficiency, and, where necessary, the relevance of personal data in relation to the purposes of its processing shall be ensured. The Operator shall take necessary measures and/or ensure that such measures are taken to delete or clarify incomplete or inaccurate data.
5.5. The Operator processes the User’s personal data for the following purposes:
5.5.1. Identifying the User registered on the Website;
5.5.2. Informing about the operation of the Website (Services), monitoring, and improving the quality of the Services;
5.5.3. Providing the User with access to personalized resources of the Website;
5.5.4. Establishing feedback with the User, including sending notifications, requests regarding the use of the Website, the provision of services, the performance of work, and processing requests and applications from the User;
5.5.5. Determining the User’s location to ensure security and to prevent fraud involving the User’s personal data on the Website;
5.5.6. Creating an account, if the User has consented to the creation of an account;
5.5.7. Providing the User with effective customer and technical support in case of problems related to the use of the Website;
5.5.8. Sending advertising to the User with their prior consent;
5.5.9. As well as for other purposes provided for and not prohibited by the current legislation of the Russian Federation.
6. Legal Grounds for the Processing of Personal Data
6.1. The legal grounds for the processing of personal data by the Operator are:
— The Constitution of the Russian Federation;
— The Civil Code of the Russian Federation;
— Federal Law of July 27, 2006 No. 152-FZ "On Personal Data";
— Federal Law of July 27, 2006 No. 149-FZ "On Information, Information Technologies and the Protection of Information";
— Federal Law of December 26, 2008 No. 294-FZ "On the Protection of the Rights of Legal Entities and Individual Entrepreneurs in the Exercise of State Control (Supervision) and Municipal Control";
— Decree of the President of the Russian Federation of March 6, 1997 No. 188 "On Approval of the List of Confidential Information";
— Resolution of the Government of the Russian Federation of November 1, 2012 No. 1119 "On Approval of the Requirements for the Protection of Personal Data During Their Processing in Personal Data Information Systems";
— Order of the Federal Service for Technical and Export Control of Russia of February 18, 2013 No. 21 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data During Their Processing in Personal Data Information Systems";
— The User’s consent to the processing of personal data on the Website.
7. Scope and Categories of Processed Personal Data, Categories of Personal Data Subjects
7.1. The Operator may process the personal data of the following Users: visitors of the Operator’s Website.
7.2. The personal data processed by the Operator includes:
— User's surname, first name, and patronymic;
— Place of residence (region/city);
— Mobile phone number;
— Email address;
— Data automatically transmitted to the Website Services in the course of their use through the software installed on the User’s device, namely: IP address, cookie data, information about the User’s browser (or other software used to access the Services), technical characteristics of the User’s hardware and software, date and time of access to the Services, addresses of requested pages, history of queries and views on the Website and its Services.
7.3. The Operator ensures that the content and scope of the processed personal data correspond to the declared purposes of processing specified in Section 5 of this Policy.
7.4. The Operator does not process biometric personal data or special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, or personal life.
8. Procedure and Conditions of Personal Data Processing
8.1. The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary to fully comply with the requirements of the applicable legislation in the field of personal data protection. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by such parties (Operators) in accordance with their User Agreements and Privacy Policies. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this clause.
The processing of personal data by the Operator is carried out in accordance with the requirements of the legislation of the Russian Federation in the following ways:
— Non-automated processing of personal data;
— Automated processing of personal data with or without the transfer of the obtained information through information and telecommunication networks;
— Combined processing of personal data.
8.2. The list of actions performed by the Operator with the User’s personal data for the purposes specified in clause 5.2 of this Policy includes: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction.
8.3. The processing of personal data by the Operator shall be carried out subject to obtaining the User’s consent (hereinafter — Consent), obtained in accordance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data," except in cases established by the legislation of the Russian Federation where the processing of personal data may be carried out without such Consent.
8.4. The User decides to provide their personal data and gives Consent freely, by their own will, and in their own interest.
8.5. The period of processing of personal data is determined by the achievement of the purposes for which the personal data was collected, unless another period is provided for by the agreement with the User or by applicable legislation.
The condition for terminating the processing of personal data may be the achievement of the purposes of processing personal data or the loss of necessity in achieving these purposes, the expiration of the Consent validity period or withdrawal of Consent by the User, as well as the detection of unlawful processing of personal data.
8.6. The User may at any time withdraw their consent to the processing of personal data by sending a notification to the Operator via email at info@expomanage.ru with the note "Withdrawal of Consent to the Processing of Personal Data."
8.7. The Operator carries out the dissemination of personal data authorized by the User for dissemination, i.e., actions aimed at disclosing such data to an indefinite number of persons, in compliance with the requirements, restrictions, and conditions established by part 9 of article 9 and article 10.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data." Disclosure to third parties and dissemination of personal data without the User’s consent is not permitted unless otherwise provided by federal law. Consent to the processing of personal data authorized by the User for dissemination shall be executed separately from other consents of the User to the processing of their personal data, taking into account the Requirements for the content of consent to the processing of personal data authorized by the data subject for dissemination, approved by the Order of Roskomnadzor of February 24, 2021 No. 18. Restrictions established by the User on transfer (except for granting access), as well as on processing or processing conditions (except for granting access) of personal data authorized for dissemination, do not apply in cases of processing personal data in state, public, and other public interests defined by the legislation of the Russian Federation.
8.8. In processing personal data, the Operator takes or ensures the adoption of necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as from other unlawful actions with respect to personal data.
8.9. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized persons from gaining access to personal data. Personal data is stored in a form that allows the User to be identified, for no longer than is required for the purposes of processing personal data, except in cases where a storage period for personal data is established by federal law or by an agreement to which the User is a party, beneficiary, or guarantor.
8.10. When processing personal data, the Operator complies with the requirements of article 18 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data."
8.11. When processing personal data, the Operator undertakes to maintain the confidentiality of personal data.
8.12. In the event of unlawful or accidental transfer (provision, dissemination, access) of personal data, the Operator shall inform the User of this within 3 (three) calendar days.
8.13. The Operator, together with the User, shall take all necessary measures to prevent losses or other negative consequences caused by unlawful or accidental transfer (provision, dissemination, access) of the User’s personal data.
9. Blocking, Rectification, and Destruction of Personal Data. Responses to User Requests for Access to Personal Data
9.1. In the event that unlawful processing of personal data is identified upon a request from the User (or their representative) or upon a request from the authorized body for the protection of the rights of personal data subjects, the Operator shall block the unlawfully processed personal data relating to the respective User, or ensure their blocking, from the moment of such request or receipt of the User’s request, for the period of verification.
If inaccurate personal data is identified upon a request from the User or their representative, or upon their request or the request of the authorized body for the protection of the rights of personal data subjects, the Operator shall block the personal data relating to the respective User, or ensure their blocking, from the moment of such request or receipt of the User’s request, for the period of verification, unless the blocking of such personal data violates the rights and legitimate interests of the User or third parties.
9.2. If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information provided by the User (or their representative) or the authorized body for the protection of the rights of personal data subjects, or other necessary documents, shall rectify the personal data or ensure their rectification within seven (7) business days from the date such information is provided.
9.3. If unlawful processing of personal data is identified, the Operator shall, within a period not exceeding three (3) business days from the date of such identification, cease the unlawful processing of personal data or ensure the cessation of unlawful processing of personal data. If it is impossible to ensure the lawful processing of personal data, the Operator shall, within a period not exceeding ten (10) business days from the date of identification of unlawful processing of personal data, destroy such personal data or ensure their destruction.
9.4. In the event that the purpose of processing personal data has been achieved, the Operator shall destroy the personal data or ensure their destruction within a period not exceeding thirty (30) days from the date the purpose of processing was achieved, unless otherwise provided for by a contract to which the User is a party, beneficiary, or guarantor, or by another agreement between the Operator and the User, or if the Operator is not entitled to process the personal data without the User’s consent on the grounds provided for by Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" or other federal laws.
9.5. In the event of the User’s withdrawal of consent to the processing of their personal data, and if the retention of such personal data is no longer required for the purposes of processing, the Operator shall destroy the personal data or ensure their destruction within a period not exceeding thirty (30) days from the date of receipt of such withdrawal, unless otherwise provided for by a contract to which the User is a party, beneficiary, or guarantor, or by another agreement between the Operator and the User, or if the Operator is not entitled to process the personal data without the User’s consent on the grounds provided for by Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" or other federal laws.
9.6. Within a period not exceeding seven (7) business days from the date on which the User (or their representative) provides information confirming that such personal data was unlawfully obtained or is not necessary for the stated purpose of processing, the Operator shall destroy such personal data.
9.7. The personal data being processed shall be subject to destruction if the necessity of achieving the purposes of processing is lost, unless otherwise provided for by federal law.
10. Cross-Border Transfer of Personal Data
10.1. Prior to commencing activities related to the cross-border transfer of personal data, the Operator is obliged to notify the authorized body for the protection of the rights of personal data subjects of its intention to carry out such cross-border transfer (this notification shall be submitted separately from the notification of intent to process personal data).
10.2. Before submitting the above-mentioned notification, the Operator is obliged to obtain from the authorities of the foreign state, foreign individuals, or foreign legal entities to which the cross-border transfer of personal data is planned, the relevant information.
11. Liability of the Parties
11.1. The Operator shall be liable for violation of the requirements of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" in accordance with the legislation of the Russian Federation.
11.2. The User has the right to claim compensation for damages and/or moral harm in court. Moral harm caused to the User as a result of violation of their rights, violation of the rules for processing personal data, as well as the requirements for the protection of personal data established in accordance with the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data," and the provisions of this Policy, shall be compensated in accordance with the legislation of the Russian Federation. Compensation for moral harm shall be provided regardless of compensation for property damage and losses incurred by the User.
12. Dispute Resolution
12.1. In the event of disputes and/or disagreements arising from the relationship between the User and the Operator, such matters shall be resolved in accordance with the applicable legislation of the Russian Federation.
12.2. The applicable legislation of the Russian Federation shall govern this Policy and the relationship between the User and the Operator.
13. Confidentiality of Personal Data
13.1. The Operator and other persons who have gained access to personal data are obliged not to disclose or disseminate personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.
14. Final Provisions
14.1. The Operator has the right to amend this Policy without the User’s consent.
14.2. The new version of the Policy enters into force from the moment it is published on the Website, unless otherwise provided by the new version of the Policy.
14.3. The new version of the Policy applies to relations that arise after it has entered into force.
14.4. The current version of the Policy is freely available on the Internet at: https://expomanage.ru/privacy.