Privacy Policy regarding the processing of personal data on www.EDS.ru
PLEASE READ THIS POLICY CAREFULLY. IT DESCRIBES THE TERMS AND CONDITIONS FOR THE PROCESSING OF YOUR PERSONAL DATA ON THE WEBSITE WWW.EDS.RU.
1. General Provisions
1.1. This Policy regarding the processing of personal data on EDS.ru has been prepared in accordance with Clause 2, Part 1, Article 18.1 of the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ dated July 27, 2006, and defines the position of Limited Liability Company “ENKA DATA CENTER SOLUTIONS” regarding the processing and protection of personal data, and the observance of the rights and freedoms of each personal data subject within the framework of the operation of the website www.EDS.ru.
1.2. Limited Liability Company “ENKA DATA CENTER SOLUTIONS”, established under the laws of the Russian Federation (OGRN: 1257700486284, INN: 9702078580) and registered at the legal address: 127051, Moscow, Meshchansky Municipal District, Tsvetnoy Blvd, 16/1, premises 3/1, is the personal data operator.
1.3. The Policy of LLC “ENKA DATA CENTER SOLUTIONS” regarding the processing of personal data is that personal data must be processed only in cases and in the manner established by applicable law on a legal and fair basis. Compliance with and protection of the rights and legitimate interests of personal data subjects is a top priority for LLC “ENKA DATA CENTER SOLUTIONS”.
1.4. For the purposes of this Policy regarding the processing of personal data on www.EDS.ru, the terms listed below are used, which may be indicated with a capital or small letter.
“Updating of personal data” – actions to clarify, update, and change personal data aimed at ensuring the relevance of personal data in relation to the purposes of their processing.
“Blocking of personal data” – temporary termination of the processing of personal data (except for cases where processing is necessary to clarify personal data).
“Data” – personal data processed by the Company according to this Policy.
“Web analytics data” – information about websites previously visited by Users, versions and types of browsers, operating systems and devices of Users, language settings, time zone, displays and other settings of Users’ devices, supported version of the Flash plugin, presence and support of JavaScript, content of cookies, geographical regions from which Users access the Site, assumed interests of Users, page views, time spent on the Site, file downloads, and other similar data collected using Web Analytics Services.
“Law” – Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data”.
“Information system” – a set of personal data contained in databases and information technologies and technical means ensuring their processing.
“Company” – Limited Liability Company “ENKA DATA CENTER SOLUTIONS”, which is the Data operator.
“Confidentiality of personal data” – a mandatory requirement for a person who has gained access to personal data not to transfer such information to third parties without the consent of its owner.
“Processing of personal data” – any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data.
“Operator” – a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, and actions (operations) performed with personal data.
“Personal data” – any information relating to a directly or indirectly identified or identifiable natural person (personal data subject).
“Users” – personal data subjects whose Data is subject to collection or other processing using the Site.
“Policy” – this Policy regarding the processing of personal data on www.EDS.ru.
“Provision of personal data” – actions aimed at disclosing personal data to a specific person or a specific circle of persons.
“Roskomnadzor” – the authorized body for the protection of the rights of personal data subjects.
“Site” – the website owned by the Company, accessible via the domain name www.EDS.ru.
“Collection of personal data” – a purposeful process of obtaining personal data from a personal data subject.
“Web Analytics Services” – web analytics tools, online ratings, and other tools used to assess Site traffic, the popularity of the Site as a whole and its individual sections among the target audience, study consumer preferences, select relevant advertising, and solve other similar marketing and analytical tasks.
“Personal data subject” – a natural person to whom the personal data relates.
“Cross-border transfer of personal data” – transfer of personal data to the territory of a foreign state to a foreign operator.
“Destruction of personal data” – actions as a result of which it becomes impossible to restore the content of personal data in the information system and (or) as a result of which material carriers of personal data are destroyed.
“Storage of personal data” – a process involving the presence of personal data in a systematized form at the disposal of the Company.
1.5. The User possesses the following main rights:
- The right to receive information regarding the processing of their Data;
- The right to demand clarification of Data, its blocking or destruction if it is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing;
- The right to appeal against the actions (inaction) of the Company to the authorities, including in court;
- The right to protect rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court or according to another procedure provided by applicable law;
- The right to demand the termination of personal data processing in cases established by law;
- Other rights established by applicable law.
1.6. The Company, as the Data operator, is entitled to process Data only in cases, to achieve purposes, and in compliance with other conditions established by the Law.
1.7. The Company is assigned the following main duties:
- Upon collection of Data, provide the User, at their request, with the information provided for in Part 7, Article 14 of the Law;
- Explain to the User the legal consequences of refusing to provide their Data if the provision of Data is mandatory in accordance with the law;
- Take measures necessary and sufficient to ensure the fulfillment of duties provided for by the Law and regulatory legal acts adopted in accordance with it;
- Publish this Policy on the Internet, information on the implemented requirements for the protection of personal data, and ensure the possibility of access to the specified document using the Internet;
- Take necessary legal, organizational, and technical measures or ensure their adoption to protect Data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful actions in relation to Data;
- Respond to User inquiries and requests from Roskomnadzor and provide them with information regarding the processing of Data in the manner prescribed by the Law;
- Eliminate violations of the law committed during the processing of Data, clarify, block, and destroy Data (or ensure the performance of these actions by a person acting on behalf of the Company);
- Notify the authorized body for the protection of the rights of personal data subjects in cases and within the timeframes established by the legislation of the Russian Federation, from the moment the Company, the authorized body, or another interested person identifies the fact of unlawful or accidental transfer (provision, distribution, access) of personal data that resulted in a violation of the rights of personal data subjects;
- Before starting the processing of personal data, notify Roskomnadzor of its intention to carry out the processing of personal data, except for cases established by law;
- Appoint a person responsible for organizing the processing of personal data;
- The Company bears other duties provided by law in connection with the processing of Data.
2. Purposes and Legal Grounds for Data Processing
2.1. The processing of Data must be limited to the achievement of specific, predetermined, and lawful purposes. Processing of Data that is incompatible with the purposes of collecting personal data is not permitted.
2.2. The legal basis for the processing of personal data is the set of legal acts in pursuance of which and in accordance with which the operator carries out the processing of personal data.
2.3. The Company processes Data on legal grounds and for the purposes specified in Clause 3.3 of the Policy.
3. Scope and Categories of Processed Data, Categories of Data Subjects
3.1. The content and scope of the processed Data must correspond to the stated purposes of processing. The processed Data must not be excessive in relation to the stated purposes of their processing.
3.2. The Company does not process special categories of Users’ personal data (for example, information regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, or health status).
3.3. Below is information regarding the main categories and scope of processed User Data in relation to the purposes, legal grounds, and terms of processing.
Categories of Users (personal data subjects) | Categories of User Data | Purposes of processing | Terms of processing | Legal grounds for processing |
Users | – Full Name; – Phone number; – Email address; – Resume/CV data; – Content of the cover message | Reviewing candidates for vacant positions | Until a decision is made on hiring or refusal of employment (but in any case, no longer than 90 days) | Consent of the personal data subject: Subparagraph 1, Part 1, Article 6 of the Law |
Users | – Full Name; – Email address; – Phone number; – Content of the message | Business correspondence | Until the end of business correspondence (no longer than 90 days from the date of receipt of the last message from the user) | Consent of the personal data subject: |
Users | – Web analytics data | Marketing | Until the moment the User withdraws consent for the processing of their Data | Consent of the personal data subject: Subparagraph 1, Part 1, Article 6 of the Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data”; |
Users | – Web analytics data | Ensuring the functioning of the Site (veya Ensuring Site functionality) | Until the moment the User withdraws consent for the processing of their Data | Consent of the personal data subject: Subparagraph 1, Part 1, Article 6 of the Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data”; |
Aşağıda metnin hukuki terminolojiye uygun İngilizce çevirisi bulunmaktadır:
4. Procedure and Conditions for Data Processing
4.1. For all of the above purposes (except for web analytics Data), the Company processes Data using automated means (including computers) and without the use of automated means (including on paper). The Company processes web analytics Data using automated means. The Company may perform the following actions (operations) and/or sets of actions (operations) with the Data:
• collection;
• recording;
• systematization;
• accumulation;
• storage;
• clarification (updating, modification);
• retrieval;
• use;
• transfer (provision, access);
• blocking;
• deletion;
• destruction.
4.2. The Company always proceeds from the following:
• all Data belongs personally to the User;
• the User is legally capable and of full age;
• the User has provided accurate and up-to-date Data.
4.3. User Data is processed until the purpose of processing is achieved or until the User withdraws their consent to the processing of their Data, provided there are no other grounds established by law for continuing the processing of Data.
4.4. The Company may entrust the processing of Data (within the scope set out in Clause 3.3 above) to third parties through the conclusion of a data processing assignment agreement, provided that the User has given the appropriate consent.
4.5. Subject to the conditions established by law, the Company may transfer web analytics data to the owners of the respective social networks and other web resources that provide web analytics services, for further independent processing in accordance with their personal data processing policies (privacy policies).
4.6. The Company may use the User’s phone number and/or email address to make direct contact with the User for the purpose of correspondence related to the User’s inquiry, provided the User has given the appropriate consent.
4.7. The Company may transfer Data to courts, law enforcement bodies, supervisory authorities, other authorized state bodies, and officials when there are grounds provided for by applicable law.
4.8. The Company recognizes Data as strictly confidential information. The Company and other persons who have gained access to the Data do not disclose or distribute the Data to third parties without the consent of the respective personal data subject, unless otherwise provided by federal law.
4.9. In accordance with Part 2, Article 18.1 of the Law, the Company publishes this Policy as well as information on the implemented personal data protection requirements (Appendix No. 1 to the Policy) on the Site and ensures constant, free, and unrestricted access to them for all Users.
4.10. The Company takes necessary legal, organizational, and technical measures or ensures their implementation to protect the Data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, and other unlawful actions involving the Data. Data security is ensured, in particular, through:
• identifying threats to Data security during processing in information systems;
• applying organizational and technical measures to ensure Data security in personal data information systems, necessary to meet Data protection requirements ensuring the levels of protection established by the Government of the Russian Federation;
• using information security tools that have undergone conformity assessment as required;
• using information security tools with built-in data destruction functions that have undergone conformity assessment when destroying Data;
• assessing the effectiveness of measures taken to ensure Data security before personal data information systems are put into operation;
• maintaining records of Data storage media;
• identifying incidents of unauthorized access to Data and taking measures, including measures for detecting, preventing, and mitigating the consequences of cyberattacks on Information Systems, and responding to cyber incidents;
• restoring Data that has been modified or destroyed due to unauthorized access;
• establishing rules for access to Data processed in personal data information systems and ensuring the registration and logging of all actions performed with Data within these systems;
• monitoring the measures taken to ensure Data security and the level of protection of personal data information systems.
4.11. Grounds for the termination of Data processing may include the achievement of the processing objectives, the expiration of the term of consent, the withdrawal of consent by the personal data subject (where applicable), as well as the detection of unlawful Data processing.
4.12. Data shall be stored in a form that allows identification of the personal data subject no longer than required by the purposes of Data processing, unless a different storage period is established by federal law or a contract to which the personal data subject is a party, beneficiary, or guarantor.
4.13. When collecting Data, the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of citizens of the Russian Federation using databases located outside the Russian Federation are not permitted.
4.14. The Company ensures storage conditions that prevent unlawful or accidental access to Data by implementing physical Data protection measures and conducting corresponding organizational measures.
Aşağıda metnin hukuki terminolojiye uygun İngilizce çevirisi yer almaktadır:
5. Web Analytics Data
5.1. The connection of the Site to Web Analytics Services is carried out strictly in the standard manner provided by the rules of the respective Web Analytics Service. In most cases, this involves adding into the Site’s source code a script provided by the Web Analytics Service. The script enables the Web Analytics Service to directly collect the information necessary for its operation. The Company does not independently collect or transmit information to Web Analytics Services in any other way.
5.2. The principle of operation of Web Analytics Services is based on collecting information about visits to the Site and Users’ activities.
5.3. Web analytics Data must be collected only in a depersonalized form and processed in an aggregated (generalized) manner, meaning that web analytics Data cannot be attributed to a directly or indirectly identified or identifiable individual. To prevent the possibility of identifying Users as specific individuals, the Company never discloses to Web Analytics Services any personal data of Users that may be known to the Company.
5.4. The Company may access web analytics Data through personal accounts provided by Web Analytics Services. In such cases, the web analytics Data is provided to the Company in processed and aggregated (generalized) form as reports.
5.5. Web Analytics Services may use various technical tools to obtain web analytics Data, including cookies and other similar technologies (web beacons, IP addresses, Java scripts, etc.). Cookies are small text files stored on the device used by the User to interact with the Site (personal computer, smartphone, tablet, etc.). These files may contain information necessary for the operation of Web Analytics Services or the Site, such as browser settings, viewed pages, interface settings of the Site, etc. Web Analytics Services typically use cookies for technical purposes (ensuring the functionality of the analytics service) and analytical purposes (studying the behavior and interests of the Site’s audience, as well as other indicators characterizing the Site’s position on the market). More detailed reference information on cookies is available here: https://yandex.ru/support/browser/personal-data-protection/cookies.html.
5.6. Below is information about the main cookies that may be accepted by the User’s device when visiting the Site:
Type of cookie file | Description | Owner | How to refuse its receipt / storage |
Analytics | Description: https://yandex.ru/support/metrica/general/cookie-usage.html | LLC “YANDEX” | Information on opting out of Yandex.Metrica is available here: https://yandex.ru/support/metrica/general/opt-out.html |
5.7. The User is entitled, at their own discretion, to refuse the acceptance of cookies on their device. To do so, the User may follow the instructions provided in the links in the table above, refrain from using the Site, or configure the appropriate settings in their browser. Most modern browsers and Internet security software support the possibility of full, partial, or selective blocking of cookies and other technical means used to obtain web analytics Data, as well as the deletion of previously stored cookies. In this regard, the User is advised to review the security settings on their device and independently select the preferred options. The way such settings are implemented may differ in each browser. The User should refer to the “Help” section of their browser and also check the settings of any firewall software (if applicable). In case of refusal to accept cookies and the use of other technical means, for technical reasons the Company cannot guarantee Users that they will have continuous access to all functions of the Site.
Descriptions of settings for the most popular browsers are available at the following links:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=ru&co=GENIE.Platform=Desktop
Microsoft Edge: https://support.microsoft.com/ru-ru/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy
Yandex Browser: https://browser.yandex.ru/help/personal-data-protection/personal-data-protection.html
Aşağıda metnin hukuki terminolojiye uygun İngilizce çevirisi yer almaktadır:
6. Updating, Correction, Deletion, and Destruction of Data; Responses to Data Subject Requests for Access to Data
6.1. If inaccuracies in the Data are identified, the Data must be updated. If the fact of unlawful Data processing is established, such processing must be terminated.
6.2. If the fact of unlawful or accidental transfer (provision, distribution, access) of Data resulting in a violation of the rights of personal data subjects is established, the Company is obliged, from the moment such an incident is identified by the Company, Roskomnadzor, or another interested party, to notify Roskomnadzor:
within twenty-four hours — about the incident, the presumed causes leading to the violation of the rights of personal data subjects, the presumed harm caused to the rights of personal data subjects, the measures taken to eliminate the consequences of the incident, and provide information about the person authorized by the operator to interact with Roskomnadzor regarding issues related to the identified incident;
within seventy-two hours — about the results of the internal investigation of the identified incident, and provide information about the individuals whose actions caused the incident (if applicable).
6.3. Upon achieving the purposes of Data processing, and also in the event of the withdrawal by the personal data subject of their consent to the processing of their Data, the Data must be destroyed if:
– otherwise not provided by a contract to which the personal data subject is a party, beneficiary, or guarantor;
– the Company is not entitled to process Data without the consent of the personal data subject on grounds provided by the Law or other federal laws;
– otherwise not provided by another agreement between the Company and the personal data subject.
6.4. If a personal data subject submits a request to the Company demanding the termination of Data processing, the Company must, within a period not exceeding ten business days from the date of receipt of the request, cease Data processing or ensure its termination (if such processing is carried out by a person acting on behalf of the Company), except in cases established by the Law. This period may be extended by no more than five business days if the Company sends a reasoned notice to the personal data subject indicating the reasons for extending the period for providing the requested information.
6.5. The Company must provide the personal data subject or their representative with information on the processing of the personal data of such subject upon their request.
6.6. For each processing purpose specified in Clause 3.3 of the Policy, the following procedure for the destruction of personal data is established once the purposes of processing are achieved or other legal grounds arise. Personal data processed without the use of automated means shall be destroyed by shredding the physical media containing such personal data (e.g., documents). Personal data processed using automated means shall be destroyed by deleting them from the personal data information systems in which they are processed, using the standard tools of those systems.
Aşağıda 7. bölümün hukuki terminolojiye uygun İngilizce çevirisi yer almaktadır:
7. Regulations for Responding to Inquiries/Requests from Personal Data Subjects, Their Representatives, and Authorized Bodies Regarding Inaccuracies in Personal Data, Unlawfulness of Processing, Withdrawal of Consent, and Access to Data
7.1. Users, as personal data subjects, have the right to receive information regarding the processing of their Data, including:
- confirmation of the fact of Data processing by the Company;
- legal grounds and purposes of Data processing;
- methods of Data processing applied by the Company;
- the name and location of the Company, information about persons who have access to the Data (except for Company employees) or to whom Data may be disclosed based on a contract with the Company or based on federal law;
- the processed Data relating to the respective personal data subject and the source of its acquisition, unless a different procedure for providing such data is provided by federal law;
- terms of Data processing, including storage periods;
- the procedure for the exercise by the personal data subject of the rights provided for by the legislation of the Russian Federation in the field of Data;
- information on any actual or planned cross-border transfer of Data;
- the name of the organization or the full name and address of the person carrying out Data processing on behalf of the Company, if the processing is or will be entrusted to such an organization or person;
- information on the methods used by the operator to fulfill the obligations established by Article 18.1 of the Law;
- other information provided for by the legislation of the Russian Federation in the field of personal data.
To obtain this information, Users may contact the Company using the contact details specified in Clause 7.14 below. The Company shall provide the information specified above to the personal data subject or their representative in the same form in which the corresponding inquiry or request was sent, unless otherwise specified in the inquiry or request.
7.2. Personal data subjects have the right to demand that the Company clarify their Data, block it, or destroy it if the Data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights.
7.3. The information specified above must be provided to the personal data subject by the Company in an accessible form, and it must not contain Data relating to other personal data subjects, except in cases where there are legal grounds for disclosing such Data.
7.4. The information specified in this section shall be provided to the personal data subject or their representative, and they shall be given the opportunity to review the relevant Data upon request within ten business days from the date of the inquiry or receipt by the Company of the request from the personal data subject or their representative. This period may be extended by no more than five business days if the Company sends a reasoned notice to the personal data subject indicating the reasons for extending the period for providing the requested information. The request must contain:
- the number of the primary identity document of the personal data subject or their representative, information on the date of issue of the said document and the issuing authority;
- information confirming the participation of the personal data subject in legal relations with the Company, or information otherwise confirming the fact of personal data processing by the Company, and the signature of the personal data subject or their representative. The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
7.5. If the information specified in this section, as well as the processed Data, were provided for review to the personal data subject upon their request, the personal data subject has the right to contact the Company again or send a repeated request to obtain the specified information and review such Data no earlier than thirty days after the initial inquiry or request, unless a shorter period is established by federal law, a regulatory legal act adopted in accordance with it, or a contract to which the personal data subject is a party, beneficiary, or guarantor.
7.6. A personal data subject has the right to contact the Company again or send a repeated request to obtain the information specified above, as well as to review the processed Data before the expiration of the period specified in the previous clause, if such information and (or) processed Data were not provided to them for review in full following the consideration of the initial inquiry. A repeated request must contain a justification for sending the repeated request.
7.7. The Company has the right to refuse a personal data subject’s repeated request that does not meet the conditions established by law. Such a refusal must be reasoned.
7.8. The right of a personal data subject to access their Data may be restricted in accordance with federal laws, including if the personal data subject’s access to their Data violates the rights and legitimate interests of third parties.
7.9. The Company shall provide the necessary information to Roskomnadzor upon request of that body within the timeframes established by the legislation of the Russian Federation.
7.10. All incoming inquiries and requests are registered as incoming correspondence and are also recorded in the relevant logs of the Company.
7.11. Inquiries and requests are considered by the Person Responsible for Organizing the Processing of Personal Data. If questions arise or if there is a need to clarify the content of the request, the Person Responsible for Organizing the Processing of Personal Data shall contact the person who sent the request/inquiry using the contact details provided therein.
7.12. The response to the request/inquiry is issued in the same form in which the corresponding request/inquiry was received (for example, by email or in writing), unless otherwise expressly established by the legislation of the Russian Federation or another request is contained in the request/inquiry.
7.13. Responses to requests and inquiries are registered in the relevant logs of the Company.
7.14. A request/inquiry is sent in free form (taking into account the requirements specified in Clause 6.4 above) to the following address:
LLC “ENKA DATA CENTER SOLUTIONS”
Attn: Person Responsible for Organizing the Processing of Personal Data
Postal address: 127051, Moscow, Meshchansky Municipal District, Tsvetnoy Blvd, 16/1, premises 3/1
Aşağıda ek bölümün hukuki terminolojiye uygun İngilizce çevirisi yer almaktadır:
Appendix. Information on the Implemented Personal Data Protection Requirements
As necessary, and taking into account the threats relevant to the information system used by the Company for Data processing, the Company implements the Data protection requirements listed below at a level not lower than the third level of personal data protection and/or ensures their implementation by persons engaged in Data processing:
a) organizing a security regime for the premises in which the information system is located, preventing the possibility of uncontrolled entry or presence in these premises by persons who do not have authorized access;
b) ensuring the integrity and safekeeping of personal data storage media;
c) approval by the operator’s management of a document defining the list of persons whose access to personal data processed in the information system is necessary for them to perform their official (employment) duties;
d) use of information security tools that have undergone conformity assessment in accordance with the legislation of the Russian Federation in the field of information security, in cases when the use of such tools is required to neutralize relevant threats;
e) appointment of an official (employee) responsible for ensuring the security of personal data in the information system.
