1. GENERAL PROVISIONS
1.1. This document defines the policy of Yalta International Economic Forum Foundation (hereinafter referred to as the Foundation) regarding personal data processing and enforcement of personal data protection requirements (hereinafter referred to as the Policy) in accordance with Article 18.1 of Federal Law 152 On Personal Data of the Russian Federation dd 27.07.2006.
2. BASIC CONCEPTS
2.1. The present Policy uses the following basic concepts:
2.1.1. Personal data - any information related directly or indirectly to a specific or identifiable individual (owner of personal data);
2.1.2. Operator - state or municipal body, legal entity or individual who independently or jointly with other persons organizes and (or) processes personal data, determines the purposes of personal data processing, composition of personal data to be processed, actions (operations) performed with personal data;
2.1.3. Personal data processing - any action (operation) or a set of actions (operations) performed with personal data, with or without automation tools, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion or destruction of personal data;
2.1.4. Automated personal data processing - processing of personal data using computing technology;
2.1.5. Non-automated personal data processing - processing of personal data contained in the personal data information system or extracted from such a system, during which the use, clarification, dissemination, destruction of personal data of each of the owners of personal data is carried out with the direct human participation;
2.1.6. Processing of paper-based personal data - processing of personal data, including non-automated processing, carried out by the Foundation by recording the personal data of each of the owners of personal data on paper(s);
2.1.7. Use of personal data - the use of personal data to achieve the purposes of their processing;
2.1.8. Dissemination of personal data - actions aimed at disclosing personal data to an indefinite group of persons;
2.1.9. Personal data provisioning - actions aimed at disclosing personal data to a certain person or a group of persons;
2.1.10. Blocking of personal data - temporary termination of personal data processing (except when processing is necessary for personal data update);
2.1.11. Annulment of personal data - actions as a result of which it becomes impossible to restore personal data in the personal data system and (or) as a result of which tangible media of personal data are destroyed;
2.1.12. Anonymization of personal data - actions as a result of which it becomes impossible to determine the affinity of personal data with a specific personal data owner without using additional information;
2.1.13. Personal data system - a set of personal data contained in databases, as well as information technologies and technical means used for their processing;
2.1.14. Cross-border transfer of personal data - the transfer of personal data to the territory of a foreign state to an authority of a given state, a foreign individual or a foreign legal entity.
3. PERSONAL DATA PROCESSING PHILOSOPHY
3.1. The processing of personal data is allowed in the cases defined by federal law;
3.2. Processing of personal data is limited to the achievement of specific, predetermined and legitimate goals. Processing of personal data that is not related to the purposes of personal data collection is prohibited. Personal data processing purposes:
- relationships between the users of web-site https://yalta-forum.com/ (hereinafter referred to as the Site) and the owner and the operator of web-site https://yalta-forum.com/ - by the Foundation, for the purpose of fulfilling the terms of the agreement, as well as the relations of the user of web-site https://yalta-forum.com/ with other users of web-site https://yalta-forum.com/ (participants, speakers, volunteers and other persons who have access to the member area of web-site https://yalta-foum.com/).
3.3. Only personal data that meet the processing purposes are subject to processing.
3.4. The content and volume of personal data processed must correspond to the declared processing purposes. The processed personal data should not exceed the declared processing purposes.
3.5. Personal data accuracy must be guaranteed in the course of processing, as well as data sufficiency, and, if necessary, relevance to the purposes of personal data processing. The Foundation must take the necessary measures or ensure their taking to delete or to update incomplete or inaccurate data.
3.6. Personal data storage method shall allow personal data owner identification, not longer than it is required by the purposes of personal data processing, unless the period of personal data storage is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor.
4. PERSONAL DATA OWNERS AND SCOPE
4.1. The Foundation shall process the following personal data:
- last name, first name, patronymic;
- mobile phone;
- e-mail;
- gender, date and place of birth;
- passport details;
- registration and residence address;
- place of work/study, photo;
- current position;
- biometric data.
5. PERSONAL DATA PROCESSING
5.1. Personal data processing may be done by the computing system using automation tools and without them, as well as in paper format.
5.2. Personal data processing is allowed in the following cases:
5.2.1. as authorized by the personal data owner;
5.2.2. for the performance of the contract to which the personal data owner is a party.
6. RIGHTS OF THE PERSONAL DATA OWNER
6.1. The personal data owner is lawful:
6.1.1. to receive information from the Foundation regarding processing of one's own personal data;
6.1.2. to request the Foundation to update one's own personal data, block or annul them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as take measures provided for by law to protect one's own rights;
6.1.3. to request the Foundation to stop personal data processing.
7. PERSONAL DATA PRIVACY
7.1. Information related to personal data, access to which is obtained by the Foundation in accordance with the procedure established by law, is subject to disclosure to third parties only in the cases specified in paragraph 3.2 of this policy.
7.2. Employees of the Foundation and other persons who have received access to personal data and process them are informed about possible disciplinary, administrative, civil and criminal liability in case of violation of the current legislation of the Russian Federation in terms of personal data processing.
8. PERSONAL DATA SECURITY MEASURES
8.1. The Foundation takes the necessary and sufficient measures to ensure fulfillment of obligations provided for by the Federal Law of the Russian Federation on Personal Data and the legal acts adopted on their basis.
8.2. In particular, the Foundation takes the following measures to ensure personal data security:
- an official responsible for the processing of personal data has been appointed;
- the Privacy Policy has been approved and posted on the web-site;
- other local acts have been approved establishing procedures aimed at prevention and detection of violations of the legislation of the Russian Federation related to personal data processing and elimination of consequences;
- sufficient legal, organizational and technical measures have been taken to protect personal data from unauthorized access, destruction, modification, blocking, copying, provisioning and distribution, as well as against other illegal actions;
- internal control is carried out for compliance of personal data processing with the Federal Law of the Russian Federation On Personal Data and legal acts adopted on the basis of personal data protection requirements, the given Policy and other local acts of the Foundation related to personal data processing;
- the employees of the Foundation directly engaged in the personal data processing are familiarized with the provisions of the legislation of the Russian Federation on personal data, including personal data protection requirements, documents on the Foundation policy in the area of personal data processing, local acts on personal data processing, and (or) training of the employees in subject.
Accept
