PERSONAL DATA PROCESSING AND PROTECTION POLICY
Current version (since 1 April 2017)
Updated on 14 October 2021
This Personal Data Processing and Protection Policy (hereinafter referred to as the “Policy”) was adopted and is in force in the company ACG Yans – Audit (is hereinafter referred as the “Company” or “we”).
We process personal data you submit to us when you use our websites and mobile applications (hereinafter referred to as the “Websites”) from any device and contacting us in any fashion under this Policy.
Using our websites and submitting your personal data, you acknowledge that your personal data is processed in compliance with this Policy.
- General definitions
“Personal data” is understood as any information related to an individual identified or to be identified directly or indirectly.
“Personal data processing” is understood as any action (operation) or actions (operations) taken using or without using the means of automation, including the collection, recording, systematisation, accumulation, storage, rectification (updating and/or changing), retrieving, using, transmission (distribution and/or submission and/or making available), anonymisation, blocking, deletion and destruction of personal data.
- Principles of personal data processing
We have strong views about the confidentiality and protection of personal data. Key rules we observe when we process your personal data are represented below:
- We answer any questions concerning the processing of your personal data without delay and within the timeframe established by the applicable law.
- We ensure that your personal data is used in compliance with the applicable data protection law.
- We will be fair and open with you about how we use your personal data: we are ready to inform you about the information we use, how we use it, who we exchange the information with and persons you may contact if you have any questions or concerns.
- If you find our marketing messages annoying, you may say STOP at any time.
- We provide equal protection of data collected and processed in any other fashion both online and offline.
- We take all necessary steps to prevent unauthorised persons from accessing your personal data.
- Who is responsible for what happens to your personal data?
As a personal data operator, company the ACG Yans – Audit (is hereinafter referred as the “Company” or “we”) are responsible for the processing of your personal data in connection with the provision of services. Should you have any questions, you can contact us by mail: 1, 8 Marta St., building 12, block 3, business-center ‘TRIO’, 4th floor, 127083 Moscow, Russia, by phone: +7 (495) 103 10 51 and/or email: email@example.com.
- When do we request your consent?
By using our services and websites, you agree to the processing of your personal data. If you do not want us to process your personal data, please do not use our services or websites or do not submit your personal data in any other fashion.
- Which personal data do we collect?
- personal data you provide us with when filling in information fields on our websites, which includes filling in the contact form, subscribing to our newsletter and event registration, such as: surname, name, patronymic, email, telephone number, job position and place of employment. Other information may also be understood as personal data.
- personal data and other information contained in messages you send to us;
- personal data you submit via our website of job opportunities and traineeships;
- technical data, which is automatically transmitted by the device you use for visiting our websites, including technical features of the device, such as: information on your browser, details of web pages you visited, IP address and the location of your device, cookie ID, hyperlinks you opened, your username, your gender, your contacts, web pages you visited before opening our websites, information collected using cookies or similar device tracking technologies and any other information you decided to submit using websites of third parties, e.g. when visiting our web pages in social media (Facebook, in particular). Our websites use simple links to social media; when you open such link, we do not transmit your personal data to an owner of such social media.
- other information about you that you wished to provide on our websites.
- Purposes of data processing
We process your personal data for the declared purposes only, including:
- your registration on our websites to provide you with the access to particular sections;
- providing you with information about the Company, our services and events;
- communication with you when you contact us;
- organising your participation in events and inquiries we conduct;
- forwarding our news to you;
- provision you with an individual content, including the advertisement of services and products the most relevant to your interests;
- exercise of rights given to and fulfilment of obligations imposed on the Company by the laws of the Russian Federation;
- for other purposes with your consent.
We process the technical data for:
- ensuring the operation and safety of our websites;
- improving the quality of our websites.
We do not disclose your personal data in open access resources. We do not make decisions that lead to legal consequences for you or affect, in any other fashion, your rights and legal interests exclusively on the basis of the automated processing of personal data.
- Information about recipients of your personal data
We are ready to provide you, at your request, with more information about third parties involved in the processing of your personal data, i.e.: their names, addresses and the purpose of the transmission of your personal data to them.
- How long do we process your personal data?
We will store your personal data exclusively till the aforementioned data processing purposes we collected or received your personal data for are achieved and till the expiration of the data retention period established by the applicable law.
- How we process your personal data (data processing methods and how your personal data is handled)
Your personal data is processed, both manually and automatically, by means of collection, recording, systematisation, accumulation, storage, rectification (updating and/or changing), retrieving, using, transmission (distribution and/or submission and/or making available), anonymisation, blocking, deletion and destruction of personal data in compliance with the applicable data protection law.
- Your rights
Protection of your rights and freedoms related to personal data is the essential condition of the operation of our Company.
In order to protect your rights and freedoms, we, at your request, will:
- confirm whether we process your personal data and provide you with the opportunity to familiarise yourself with it within 30 days from the date of your request;
- inform you of the source and contents of your personal data we process;
- inform you of legal grounds and timeframes for and methods of the processing of your personal data;
- make necessary amendments to your personal data, if your confirm, within 7 business days from the date of receipt of the confirmation, that such data is incomplete, inaccurate or outdated, and we will inform you about the amendments made;
- inform you of an anticipated cross-border transmission of your personal data;
- let you know names and locations of organisations that have an access to your personal data and those your personal data may be disclosed to with your consent;
- let you know company names or surnames, names, patronymics and addresses of persons that may be appointed to process your personal data with your consent;
- inform you of the procedure for exercising your rights in the processing of your personal data;
- exclude you from our mailing list;
- stop your personal data processing within 30 days from the date of receipt of the withdrawal of your consent unless we have other legal grounds for personal data processing provided by the laws of the Russian Federation;
- stop your personal data processing, if we have a confirmation that we unlawfully process it, and we will inform you of the steps taken;
- destroy your personal data, if we have a confirmation that such data was unlawfully received or does not comply with the declared purposes of the personal data processing; your personal data will be destroyed within 3 business days from the date of receipt of the relevant confirmation, and we will inform you of the steps taken;
- answer all your questions related to your personal data we process.
- How you can contact us
You may submit a request related to your personal data processing by sending a letter/email with the subject: “Request concerning the personal data” (or “Withdrawal of the consent for the personal data processing”, if you wish to withdraw your consent for the processing of your personal data) to our email address: firstname.lastname@example.org or mailing address: 1, 8 Marta St., building 12, block 3, business-centre ‘TRIO’, 4th floor, 127083 Moscow, Russia.
- Safety of your personal data
In order to ensure the safety of your personal data, we, in the course of the personal data processing, take necessary and sufficient legal, organisational and technical measures for the protection of personal data against an unlawful or accidental access to it, destruction, changing, blocking, copying, submission and distribution of the data and against any other unlawful actions concerning the personal data.
Our website is hosted on Timeweb.com that provides us an online platform that makes it possible for us to sell you our products and services. Your data may be placed in the data warehouse of Timeweb.com, databases and general applications of Timeweb.com.
Timeweb.com stores all data on protected servers behind a firewall, so the data are inaccessible to unauthorised persons.
In order to adequately protect your personal data, we assess the harm that may be done, if the safety of your personal data is violated. We also identify threats to your personal data safety in the processing of such data in information systems.
Our Company adopted in-house regulations concerning the safety of personal data. Our employees who have an access to the personal data have read and understood this Policy and the in-house regulations related to the safety of personal data.
- Cross-border transmission of personal data
We can transmit your personal data to territories of foreign countries. It is vital for us to ensure the safety of your personal data in the cross-border transmission. We take all necessary steps to guarantee the confidentiality and safety of your personal data.
It is possible to carry out cross-border transmission of personal data to territories of foreign states that are parties to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and other foreign countries that provide an adequate protection of rights of data subjects. If it is necessary to carry out cross-border transmission of personal data to territories of foreign countries that do not provide an adequate level of protection of rights of data subjects, we will, when it is necessary under the applicable law on personal data protection, ensure an adequate protection of data using particular legal arrangements recognised, e.g. certification of EU – US Privacy Shield, Standard Contractual Clauses issued by the European Commission or Binding Corporate Rules.
When your personal data is transmitted to EU/EEA countries and to Great Britain, we will be governed by the General Data Protection Regulation (GDPR) approved and adopted by the European Union (EU).
- Termination of personal data processing
We terminate the processing of your personal data:
- in case of the occurrence of conditions of termination of personal data processing or when the established period expires;
- when the purposes of personal data processing are achieved or if it is no longer necessary to achieve such purposes;
- at your request, if the personal data processed is illegally obtained or is not necessary for the declared purpose of the personal data processing;
- in case of the detection of illegal processing of personal data, if it is not possible to ensure the legality of the processing;
- on the expiry of your consent for your personal data processing or if you withdraw such consent unless there are other legal grounds for the personal data processing established by the laws of the Russian Federation;
- if the Company is liquidated.
- Links to websites of third parties
Our websites may contain links to third-party websites and services we do not control. We are not responsible for the safety or confidentiality of any information collected by third-party websites or services.
- Changes in this Policy
We may update this Policy as and when necessary. We suggest that you check the relevance of this Policy from time to time. By continuing to use our websites after this Policy is changed, you confirm that you agree with the amendments made.
Should you have any questions regarding this Policy, please do not hesitate to contact the person responsible for the organisation of the personal data processing in the Company by sending an email/mail marked Personal Data Inquiry to: email@example.com or: 1, 8 Marta St., building 12, block 3, business-centre ‘TRIO’, 4th floor, 127083 Moscow, Russia.
This Personal Data Processing and Protection Policy was developed in compliance with the Federal Law of the Russian Federation No.152-FZ On Personal Data dated 27.07.2006 and the General Data Protection Regulation (GDPR) approved and adopted by the European Union (EU).