PERSONAL DATA POLICY

PERSONAL DATA POLICY
Rules for the processing of personal data

General Provisions
1.1. The policy regarding the processing of personal data (hereinafter referred to as the Policy) has been published and applied by the Moscow Law Firm “Mogylnytsky and Partners” (hereinafter referred to as the M&P) in accordance with Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”.
The Policy uses the following basic concepts:
personal data – any information relating to a directly or indirectly identified or identifiable individual (subject of personal data);
processing of personal data - any action (operation) or set of actions (operations) performed using automation tools or without the use of such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
automated processing of personal data – processing of personal data using computer technology;
blocking of personal data - temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data);
depersonalization of personal data - actions as a result of which it is impossible to determine without the use of additional information the ownership of personal data to a specific subject of personal data;
independently or jointly with other persons, organizes and (or) carries out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
provision of personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons;
destruction of personal data - actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material media of personal data are destroyed;
1.2. The purpose of processing personal data is:
- ensuring the protection of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets;
- promotion of goods, works, services on the market by making direct contacts with potential consumers using means of communication.
1.3. Processing is organized by M&P on the principles:
- legality of the purposes and methods of processing personal data, integrity and fairness in activities;
- the reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data;
- compliance of the content and volume of processed personal data with the stated purposes of processing. The personal data processed should not be redundant in relation to the stated purposes of their processing;
- the inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
- ensuring the accuracy of personal data, their sufficiency, and, where necessary, relevance in relation to the purposes of processing personal data. The ICA takes the necessary measures or ensures that they are taken to remove or clarify incomplete or inaccurate data;
- storing personal data in a form that allows identifying the subject of personal data for no longer than required by the purposes of processing personal data.
1.4. Methods of processing personal data:
- using automation tools;
- without the use of automation tools.
Personal Data To Be Processed
2.1. The following personal data is processed in information systems owned by M&P:
- last name, first name, patronymic of the subject of personal data;
- email address of the subject of personal data;
- mobile phone number of the subject of personal data;
- conditions of the personal data subject’s application, registration number (for subjects who are lawyers);
- data on the time the subject of personal data visited the information system.
2.2. In accordance with the set goals and objectives, M&P, before starting the processing of personal data, appoints a person responsible for organizing the processing of personal data.
2.3. M&P employees directly involved in the processing of personal data must be familiarized with signature before starting work with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the M&P policy regarding the processing of personal data, local acts on issues of processing personal data, with this Regulation and amendments to it.
2.4. When processing personal data, M&P applies legal, organizational and technical measures to ensure the security of personal data.
2.5. M&P ensures the protection of personal data in accordance with the Personal Data Protection Policy.
2.6. The assessment of the harm that may be caused to subjects of personal data in the event of a violation by the M&P of the requirements of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” is determined in accordance with the provisions of the Civil Code of the Russian Federation.
2.7. When collecting personal data using information and telecommunication networks, M&P, before processing personal data, is obliged to publish in the relevant information and telecommunication network a document defining its policy regarding the processing of personal data and information about the implemented requirements for the protection of personal data.
2.8. M&P, on the basis of an agreement, may entrust the processing of personal data to a third party. An essential condition of such an agreement is the existence of the right of the person to process personal data, the obligation of the said person to ensure the confidentiality of personal data and the security of personal data during their processing.
2.9. Personal data must be stored in a form that makes it possible to identify the subject of personal data for no longer than required by the purposes of their processing, and they are subject to destruction upon achievement of the purposes of processing.
Procedure For Ensuring The Rights Of The Subject Of Personal Data
3.1. Subjects of personal data or their representatives have the rights provided for by the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” and other regulations governing the processing of personal data.
3.2. The authority of the representative to represent the interests of each subject of personal data is confirmed by a duly executed power of attorney, a copy of which is kept by M&P for at least three years, and if the storage period for personal data is more than three years, for at least the period for storing personal data.
3.3. The information requested by the subject of personal data is provided to the subject of personal data M&P in an accessible form without personal data relating to other subjects of personal data, except in cases where there are legal grounds for disclosing such personal data in electronic form. At the request of the subject of personal data, they can be duplicated on paper at the address indicated by the subject of personal data.
3.4. At the request of the subject of personal data, M&P is obliged to immediately stop processing his personal data.
3.5. M&P is obliged to provide, free of charge, the subject of personal data or his representative with the opportunity to familiarize himself with personal data relating to this subject of personal data.
Storage, Use and Transfer of Personal Data
4.1. Personal data is stored exclusively on electronic media and processed using automated systems, except in cases where non-automated processing of personal data is necessary in connection with compliance with legal requirements.
4.2. Personal data is not transferred to any third parties, except in cases expressly provided for by the legislation of the Russian Federation. Providing personal data of users at the request of government bodies (local government bodies) is carried out in the manner prescribed by law.
Closing Provisions
5.1. This Policy is subject to change and addition in the event of the emergence of new legislative acts and special regulations on the processing and protection of personal data, as well as in the event of a change in the M&P’s personal data processing policy.
5.2. This Policy is an internal document of the M&P and is subject to posting on the official website of the M&P.
Rules for the protection of personal data
This Personal Data Protection Policy applies to all Users of this site.
Personal data - any information relating directly or indirectly to a specific individual (personal data subject) - the Site User.
Processing of personal data means any action or set of actions performed using automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.
M&P as a personal data operator is responsible for the purposes of processing Users’ personal data and can transfer personal data or entrust their processing to any company in the manner prescribed by law.
Users agree to the processing of their personal data during registration on the Site.
M&P takes technical, organizational and legal measures to ensure the protection of the User’s personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions.
M&P and other persons who have access to the User’s personal data are obliged not to disclose to third parties or distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
M&P, offering its Products, needs information about the communication details of Users. At the same time, M&P requests a minimum amount of this information from the User in order to maintain contact with the User. This information includes:
- last name, first name, patronymic of the User;
- e-mail address;
- mobile phone number;
- conditions of the application, registration number (for lawyers);
- data about the time of visiting the Site.

In the process of processing applications (orders), M&P may collect and store the above personal information.
M&P may combine anonymized data with other information received from third parties and use it to improve and personalize services, content and advertising.
M&P may also provide personal data of Users:
- service providers who provide contractual assistance in providing Products (for example, fraud investigation, payment collection, customer service, consultant services);
- third parties to whom Users directly ask M&P to send their personal data;
- law enforcement agencies, other government agencies or third parties as part of the investigation of criminal cases, other illegal activities or any activity that may lead to liability for M&P or its Users.

M&P guarantees the User that it will not provide his personal data to any persons, including government agencies, without a request made in strict accordance with the legislation of the Russian Federation.
Personal data of Users is stored in M&P information systems and saved in various ways (passwords, encryption, access restrictions, physical security) to protect against unauthorized access and disclosure.
Information systems that collect, record, systematize, accumulate, store, clarify, update, change and retrieve personal data of Users are located in Russia; cross-border transfer of personal data is not carried out.
The use, transfer, distribution, provision, access, depersonalization, blocking, deletion and destruction of Users’ personal data is carried out exclusively in accordance with the requirements of applicable law and the legitimate interests of Users.
M&P does not make decisions affecting the rights and legitimate interests of Users based solely on automated processing of personal data, except in cases of providing information as a result of a request made by the User himself.
In the event of loss or disclosure of personal data, M&P immediately informs the User of the loss or disclosure of personal data.
M&P, together with the subject of personal data, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User’s personal data.
M&P is constantly improving the way it collects, stores and processes data, including security measures. In this regard, as well as in cases of changes in legislation on personal data, M&P may change this Policy at any time by notifying Users by posting relevant information on the Site. Such changes take effect immediately after they are posted on the Site. If the User, after making such changes, continues to use the Site Products, he is deemed to have agreed to such changes. In this case, the User’s separate consent is not required.