Personal Data Processing Policy

PERSONAL DATA PROCESSING POLICY

1. General provisions of the policy


1.1. This Personal Data Processing Policy (hereinafter referred to as the “Policy”) was developed and implemented by MIDEXPO – exhibitions and fairs LLC (OGRN (Primary State Registration Number) 1027739071348, located at: 4 Shelepikhinskaya embankment, building 1, office II, room No. 7, Moscow, 123290) (hereinafter referred to as the “Operator”) according to Federal Law as of 27/07/2006 No. 152-ФЗ “On Personal Data”.


1.2. This Policy shall specify the Operator’s conduct regarding processing of the personal data accepted for processing, processing procedure and terms of individual persons, who transferred their personal data to the Operator for processing (hereinafter referred to as the “Personal Data Owner” or the “User”), shall determine procedures aimed at preventing violations of legislation of the Russian Federation, elimination of consequences of such violations connected with personal data processing.


1.3. Use of any Operator’s websites and available services (including services related to the registration at the Operator’s exhibition) thereon by the User shall mean the User’s unconditional consent to this Policy and conditions of processing of the User’s personal data specified herein. In case of disagreement with these conditions the User shall refrain from using the Operator’s websites and available services.


1.4. This Policy shall be an integral part of the User Agreement (available at https://en.cstb.ru)


1.5. Terms and Definitions:


The Operator's exhibition event – an event organized by the Operator in which exhibitors are participating with the exhibition stands.


The Exhibitor – an entity who participates in the Operator's exhibition event with the exhibition stand. The list of exhibitors of the event is available at https://en.cstb.ru


2. Personal and other data to be processed by the Operator


2.1. Within the scope of this Policy, the User’s personal data shall be understood as the personal information submitted by the User independently in the course of using Operator’s website services, such as: first name, last name, country / region, city, company, seniority level (position), company website, e-mail, telephone. The information required to provide services is marked in a special way.


2.2. When using the website services, the Operator shall also process other de-identified data automatically transferred in the course of the Website use by means of the software installed on computer: data on the browser used (or other programme using which the website is accessed); IP address; cookie file data, specifications of the equipment and software used by the User, date and time of access to services, addresses of the requested pages and other similar information.


2.3. This Policy shall apply only to the information processed in the course of using the Operator’s websites and services available thereon. The Operator shall not control and shall bear no responsibility for the information processing by websites of third parties, where the User can go by links available on the Operator’s websites, including as a result of search.


2.4. The Operator shall not check reliability of the personal data submitted by the User and does not have an opportunity to evaluate the User’s legal capacity, however, the Operator shall proceed from the assumption that the user provides true and sufficient personal information and keeps this information updated. Consequences of providing unreliable or insufficient information are given in the User Agreement (available at https://en.cstb.ru)


3. Purposes of the Users’ personal data processing


3.1. The Operator shall process the User’s personal data for the purposes of processing orders, requests and other actions of the User related to the registration at the Operator’s exhibition arrangements and visiting such events for the purposes connected with the opportunity to provide the User with the information on events which may potentially be of interest for the User; for the purposes of collecting and processing statistical information and carrying out marketing researches.


3.2. In case of expressed consent of the User to receive news (advertising) – for the purposes of sending informational messages to the User, including advertisement (advertising) for the Operator’s services promotion at the market and informing the Operator about activities held.


3.3. In case of expressed consent of the User to scan his badge by Exhibitor at the Operator's exhibition event – for the purposes of subsequent contacts between the User and this Exhibitor directly by e-mail to obtain information that could potentially be of interest to the User.


3.4. The data specified in point 2.2. of this Policy are processed for the purposes of executing the Website analytics, following and understanding principles of the Website use by visitors, improving of the Website operation, solving technical problems of the Website, developing new products, extending services, determining events popularity and advertising campaign effectiveness.


4. Consent of the User to scan the badge at the exhibition event


4.1. If during a visit to an exhibition event the User expresses his interest in the particular Exhibitor and expresses his consent to scan his badge by this Exhibitor with the portable badge scanner, such consent signifies that the User confirms the possibility of transferring his data specified while his registration to the exhibition (such as: first name, last name, country / region, city, company, seniority level (position), company website, e-mail, telephone as well as the additional information that the User filled in about himself in the relevant form) to this Exhibitor with the purpose of subsequent contacts by e-mail between the User and this Exhibitor directly to obtain information that could potentially be of interest to the User. Subsequently, the User has the right to refuse to receive this information by sending the e-mail to the Exhibitor.


5. Consent for receiving news (advertisement)


5.1. Subscription to receive news by ticking the corresponding web-page by the Personal Data Owner means the consent of the latter to receive informational messages, including advertising information (advertisement) specified in point 3.2. of the this Policy from the Operator to the User’s e-mail.


5.2. Giving consent specified in point 5.1. of the this Policy, the Personal Data Owner confirms that he/she acts on his/her own free will and on his/her behalf as well as that the specified personal data are true.


6. Conditions and rules of the Users’ personal data processing


6.1. When processing the Users’ personal data, the Operator is governed by the Federal Law of the Russian Federation No. 152-ФЗ On Personal Data as of 27/07/2006.


6.2. The User’s personal data shall be kept confidential, except in case when the User voluntary shares the personal information to the public at large. When using separate services of the Operator’s websites, the User agrees with the fact that certain part of the personal information comes into the public domain.


6.3. The Operator processes personal data by executing any action (operation) or a complex of actions (operations), including the following:


  • collection;
  • recording;
  • systematization;
  • accumulation;
  • storage;
  • specification (updating, change);
  • extraction;
  • use;
  • transmission (dissemination, presenting, access);
  • depersonalization;
  • blocking;
  • deletion;
  • elimination.

6.4. The Operator receives and begins processing User’s personal data from the moment of receiving consent from the latter.


6.5. The Owner’s personal data are received by the Operator by means of transfer of the Personal Data Owner when entering data to registered forms in electronic form on the website.


6.6. Consent for personal data processing may be given by the Personal Data Owner in any form, allowing to confirm the fact of receiving consent, including committing implicative actions by the Personal Data Subject.


Consent for personal data processing is considered to be provided by committing any action or a complex of the following actions by the Personal Data Subject:


  • Undergoing registration on the Operator’s website;
  • Making a mark about consent for personal data processing in scope, for purposes and according to the procedure specified in the proposed before receiving consent for review text in the corresponding form on the Operator’s website.

6.7. Giving consent, the Personal Data Owner confirms that he/she acts freely, of his/her own free will and in his/her interest, as well as that the indicated by him/her personal data are true.


6.8. Consent is considered to be received according to the established order and is valid till the moment of sending by the Personal Data Owner the corresponding statement on termination of personal data processing to the Operator’s location.


6.9. The Personal Data Owner can withdraw his/her consent for personal data processing at any time provided that the similar procedure does not violate any requirements of the legislation of the Russian Federation. For withdrawing consent for personal data processing, the Personal Data Owner needs to send a written notification by the recommended post with content description to the address: 4 Shelepikhinskaya embankment, building 1, office II, room No. 7, Moscow.


6.10. In case of the Personal Data Subject’s withdrawal of consent for the personal data processing, the Operator shall stop the processing or ensure termination of such processing (if processing is carried out by other person acting on the Operator’s behalf) and in case personal data storage is not needed any more for purposes of their processing, destroy personal data or ensure their liquidation (if personal data are processed by other person acting on the Operator’s behalf) within the term not exceeding 30 (thirty) days from the date of receipt of the specified feedback, unless otherwise specified in the agreement, whereof beneficial owner or guarantor is the Personal Data Subject, other agreement between the Operator and the Personal Data Subject, or if the Operator is not entitled to process personal data without consent of the Personal Data Owner on the grounds specified by Federal Law No. 152-ФЗ On Personal Data as of 27/07/2006 or other federal laws.


6.11. According to this Policy, the Operator can process personal data independently and also with engagement of the third persons which are attracted by the Operator and carry out processing for achievement of the specified in this Policy purposes.


6.12. In case of instruction for personal data processing to the third person, scope of the transferred to the third person for personal data processing and quantity of the used by this person processing ways shall be strictly required and for fulfilment of their obligations against the Operator. Regarding personal data processing by the third person, obligation of such person to hold personal data confidential and ensure safety of personal data by their processing is established.


7. Measures taken to protect the User’s personal data


7.1. The Operator’s activity on personal data processing is closely connected with confidentiality protection of the received information.


7.2. The Operator’s employees shall ensure confidentiality of the personal data as well as other information specified by the Operator, unless it is contrary to the applicable law of the Russian Federation.


7.3. For ensuring safety of personal data by their procession, the Operator takes the required and sufficient legal, organizational and technical measures to protect personal data from illegal or accidental access to them, destroy, changes, blockings, copies, presentations, disseminations of personal data as well as from their illegal actions in relation thereof. The Operator ensures that all applied measures on organizational and technical protection of personal data shall be carried out on legal grounds, including according to the requirements of the legislation of the Russian Federation in regards to personal data processing.


7.4. The Operator takes all necessary and sufficient legal, organizational and technical measures to ensure safety of personal data, including:


  • Determination of safety risks to personal data by their processing in the information personal data systems;
  • Application of organizational and technical measures to ensure safety of personal data on their processing in the information personal data systems required for meeting requirements to personal data protection, fulfilment of which ensures the personal data security levels specified by the Government of the Russian Federation;
  • Application of information protection means which underwent compliance verification procedure in accordance with the established standards;
  • Estimation of efficiency of the measures taken for ensuring personal data safety before commissioning information personal data system;
  • Accounting of personal machine data storage media;
  • Detecting facts of unauthorized access to personal data and taking measures;
  • Personal data restoration modified or destroyed due to unauthorized access to them;
  • Taking measured aimed at preventing unauthorized access to personal data and (or) their transfer to persons without the right of access to such information;
  • Timely detection of the facts of unauthorized access to personal data and taking the necessary measures;
  • Avoiding effect on technical means of automated personal data processing as a result of which their functioning can be disturbed;
  • Establishing rules of access to personal data processed in the information personal data system as well as ensuring registration and accounting of all actions committed with personal data in the information personal data system;
  • Control over the taken measures of ensuring safety of personal data and security level of the information personal data system.

7.5. The Operator shall not disclose information received from the Personal Data Owner. Providing information by the Operator to agents and third persons acting on the basis of agreement with the Operator for fulfilment of obligations against the Personal Data Owner shall not be considered as a violation. The transfer of personal data by the Operator to third parties in cases specified in clause 3.4 is not considered a violation of this Policy. Information disclosure according to reasonable and applicable legal requirements shall not be considered a breach of obligations.


8. Change of the Policy. Applicable legislation


8.1. The Operator shall be entitled to introduce alterations to this Policy. By introducing alterations, date of the last updating shall be specified in the latest version. Updated version of the Policy shall come into effect from the moment of its posting unless otherwise specified in the updated version of the Policy. The current version is always available on the page at: https://en.cstb.ru.


8.2. Legislation of the Russian Federation shall be applied to this Policy and relations between the User and Operator arising in connection with the Policy application.


Publication date: October 28, 2019