Dear visitor of our Internet portal,
Compliance with data protection requirements is very important to OOO “zeb.rolfes.schierenbeck.associates” (“Company”).
In this data protection policy, the Company defines the categories of personal data to be processed, types of data processing methods (operations) as well as purposes, rules and legal grounds for the personal data processing according to the Constitution of the Russian Federation and the Federal law of the Russian Federation dated July 27, 2006 No. 152-FZ “On personal data”.
1. TERMS AND DEFINITIONS
In this data protection policy the following terms and definitions are used:
The personal data—all information relating directly or indirectly to certain or determinable natural person (the subject of personal data).
The processing of personal data—every action (every operation) or a complex of actions (operations) which deal with personal data by collecting, recording, systematizing, accumulating, storing, revising (updating, changing), extracting, using, transferring (disseminating, disclosing, access providing), anonymizing, blocking, deleting, destroying personal data by using automation or without using such means.
Website—webpage of the company in the information and communication network “Internet” with the link: www.zeb.com.ru.
User—every natural person who uses the Website.
Blocking personal data—the temporary cessation of processing personal data (excluding cases in which processing is required for revising of personal data).
Destroying personal data—actions which make restoration of the content of personal data in the information system of personal data impossible and/or actions due to which the material data storage devices for personal data are destroyed.
Anonymizing personal data—actions that make it impossible, without using additional information, to determine to which subject of personal data the personal data belongs to.
Cross-border transferring of personal data—transmitting personal data in a foreign territory to a foreign authority, a foreign natural or legal person.
Staff members—employees of the Company who, by order of the managing director of the Company, have permitted access to personal data and/or who work directly with processing personal data.
The other terms and definitions used in this data protection policy are identical to the terms and definitions provided by the Federal law of the Russian Federation dated July 27, 2006 No. 152-FZ “On personal data” by their content and meaning.
2.1. The limited liability company “zeb.rolfes.schierenbeck.associates” Primary National Registration Number (OGRN) 5137746217527, Individual Taxpayer’s Identification Number (INN) 7708803978, with its registered address in 123112, Moscow, Testowskaja Str., 10, floor 24, office room I, room section 1, is the personal data operator.
2.2. This data protection policy is published for unlimited access on the website: zeb.com.ru
2.3. The aims of this data protection policy are:
- protecting the rights and freedoms of individuals and citizens while processing their personal data, including protecting their rights to privacy, private and family secrets;
- ensuring protection of personal data from unauthorized access, loss, misuse or unlawful dissemination;
- ensuring that actions of staff who deal with processing of personal data comply with legislation of the Russian Federation.
2.4. The categories of personal data and purposes for processing are specified in data protection policy. The company does not process special categories of personal data and or biometric personal data.
2.5. Each subject of personal data decides on the provision of their personal data and gives consent to the processing of the data acting voluntarily, willingly and out of their own interests.
3. USE OF THE WEBSITE
3.1. The Company processes personal data of users of the Website.
3.2. AUTOMATIC LOGGING
3.2.1. When using the website, temporary usage data, is stored as a log on the company’s web server for statistical purposes in order to improve the quality of the Website. This data record, in particular, consists of:
• the page from which the data was requested,
• the content of the request (name and address of the file),
• the date and time of the request,
• the data volume transmitted,
• the access status (file transmitted, file not found),
• the description of the type of web browser used,
• the IP address of the requesting computer, omitting the final three digits.
3.2.2. The above mentioned protocol data is saved anonymously only. They are required for the website to run properly: the website does not work without log data.
3.3.2. The Company uses website session cookies and permanent cookies to optimize or enable user guidance and to adjust the presentation of our website.
The user can set their browser to inform about the placement of cookies. The user can also delete cookies at any time via the corresponding browser setting and block the placement of new cookies. Please note that the website may then not be optimally displayed and some functions may no longer be technically available.
3.4. GOOGLE ANALYTICS
3.4.1. The website uses the services of Google Analytics. When the user visits the website, the browser sends certain information to Google: the website address and the user IP address.
In addition, the user can prevent Google from collecting and processing cookie-generated data relating to the website use (including the IP address) by downloading and installing the browser plug-in available under the following link.
3.5. ONLINE SURVEY
3.5.1. The Company can create special forms for conducting online survey of users of the Website.
3.5.2. The categories of processed personal data as well as the purposes and conditions for their processing are specified through the conditions of each online survey.
3.5.3. The legal basis for processing personal data is the consent by the subject of personal data, provided the conditions of the online survey do not require something else.
4. USE OF THE SOCIAL MEDIA PLATFORM
4.1. The company runs the following pages on social media platforms:
Facebook (recruiting + consulting)
4.2. In this context, the company receives access to the personal data of users of social media platforms as provided by the users themselves and processed by the respective social media platform, which is the operator of personal data, according to the guidelines for processing personal data of this social media platform.
4.3. The legal basis for processing personal data is the user’s consent during registration in each social media platform.
4.4. Personal data and information that users of the social media platform publish to the social media pages of the company in the form of comments, videos, images, likes (and such) or public messages, are published by the social media platform for an unlimited number of people and made accessible to the company. The company can share the user’s contents on its pages and communicate with the users via the social media platform if these functions are provided in a certain social media platform. The Company can delete the user’s content from its pages if this is required.
4.5. If the user of the social media platform wants to object to a certain form of data processing that the company can influence, then they can contact the people named in the Legal Notes/Imprint. If necessary, the company will forward the request to the social media platform.
4.6. The company does not process personal data of users in any other ways without obtaining consent from the user of the social media platform, except when permitted by the functionality of the respective social media platform. In particular, the company does not gather, process, save and forward this information to third parties. The company does not use the social media platform for advertising purposes. The company does not use the demographic, interest-based, behavior-based or location-based target group definitions for advertising that the operator of the social media platform make available. The company receives statistical information from the social media platform that cannot be refused.
5. REQUIREMENTS FOR PROCESSING PERSONAL DATA
5.1. The company is only authorized to process personal data when they have corresponding consent from the subject of personal data. If they do not have consent, the company may process personal data when legislation of the Russian Federation allows this.
5.2. The Staff is not permitted to process personal data that does not match the aims of processing. The scope of processed personal data must match the aims of processing. The processing of redundant personal data is not permitted.
5.3. The company provides recording, systematizing, accumulating, storing, revising (updating, changing), extracting personal data of the citizens of the Russian Federation by using databases within the territory of the Russian Federation.
5.4. In order to create unfavorable conditions and hurdles for anybody who tries to gain unauthorized access to personal data, the Company uses the following technical and organizational measures:
- nomination of a staff member who is responsible for the organization of data processing and personal data protection;
- limitation of the number of employees who have access to personal data;
- familiarization of the employees with legal requirements and internal documents of the Company in terms of personal data processing and protection with written acknowledgment thereof;
- providing storage of data storage devices and their circulation in a manner which excludes their unauthorized removal, falsification, unauthorized duplication or destruction;
- password protection of access to the personal data information system;
- use of means of access control to communication ports, input/output devices, removable data storage devices and external information storage;
- conducting antivirus checks, preventative measures against the distribution of malware and backdoors in the corporate network;
- backups of information;
- providing restoration of personal data that has been modified or deleted due to unauthorized access;
- familiarization of the employees with personal data operating instructions;
- investigation of breaches of personal data safety regulations;
- placing technical means for personal data processing within the secured premises;
- conducting access control on the Company premises;
- providing data transfer using state-of-the-art encryption methods via HTTPS.
5.5. Personal data will cease to be processed upon the achievement of aims of processing, the impossibility of achieving the aims of processing, the withdrawal of consent for data processing and in case of impossibility to rectify the breaches of data processing. The general term for processing personal data: until the time of liquidation or reorganization of the Company or until withdrawal of consent for processing by the subject of personal data.
5.6. Personal data is to be destroyed or anonymized after its processing is ceased.
5.7. The Company is entitled to nominate another person for personal data processing, including service partners and post service providers. The person assigned with processing personal data is obliged to follow the principles and rules for processing personal data according to legislation of the Russian Federation.
5.8. The company conducts a cross-border data transfer to exchange information and improve the quality of the website. The data is transferred to zeb.rolfes.schierenbeck.associates GmbH in the Federal Republic of Germany. The Federal Republic of Germany is contractual party for the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, ETS no.108 and ensures appropriate levels of data protection.
6. RIGHTS OF THE SUBJECT OF PERSONAL DATA
6.1. The subject of personal data is entitled to withdraw his/her consent for processing of personal data. In this case, the Company ceases processing the personal data of the subject within 10 days after receipt of the withdrawal; the Company informs the subject of personal data about this by sending an e-mail to the address specified by the subject of personal data.
6.2. The subject of personal data is entitled to receive information about the processing of his/her personal data. The subject of personal data is entitled to demand the Company to update, block or destroy his/her personal data if personal data is incomplete, outdated, imprecise, collected in breach of laws or not required for the specified aim of processing, as well as to take the measures to protect their rights provided by the law. The Company is required to respond to the request within 10 days upon its receipt.
6.3. All requests of the subject of personal data, withdrawal of consent and questions to the responsible persons are to be sent to the e-mail address: firstname.lastname@example.org.