Personal Data Processing Policy

1. General provisions

This personal data processing policy has been drawn up in accordance with the requirements of Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data taken by an Autonomous non-profit Organization for the preparation and implementation of measures for the development of international cooperation of the Bashkortostan Convention Bureau (hereinafter referred to as the Operator).

1.1. This Operator's policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator can receive about the visitors of the following website: https://ibw-bashkortostan.com.

1.2. In compliance with the requirements of Part 2 of Article 18.1 of Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data", the Policy is published in free access on the Internet on the Operator's Website: https://ibw-bashkortostan.com (hereinafter referred to as the Website).

1.3. The present Policy applies only to the Website. The Operator does not control and is not responsible for third-party websites attended by the User by clicking on the links available on the Website.

1.4. The concepts contained in Article 3 of Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" are used in the Policy with a similar meaning.

2. Basic concepts used in the Policy

2.1. A Website is a collection of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet at a network address https://ibw-bashkortostan.com and its subdomains.

Website Services are interactive (dialogue) software components on Website pages that are used to integrate with information systems and provide the Website users with certain opportunities to access information on the Website.

2.2. A user is any visitor to the Website https://ibw-bashkortostan.com and its subdomains.

2.3. Personal Data is any information related directly or indirectly to a specific or identifiable User of the Website https://ibw-bashkortostan.com

2.4. Personal data allowed for dissemination by the personal data owner is personal data to which an unlimited number of persons have access by the personal data owner by giving consent to the processing of personal data for dissemination by the personal data owner in accordance with the procedure provided for by the Law on Personal Data (hereinafter referred to as personal data authorized for Dissemination).

2.5. Operator is a state body, municipal body, legal entity or individual who independently or jointly with other persons organize and (or) process personal data, as well as determine the purposes of personal data processing, the composition of personal data to be processed, and actions (operations) performed with personal data.

2.6. The personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing.

2.7. Personal data processing is any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.8. Automated personal data processing is the processing of personal data using computer technology.

2.9. Depersonalization of personal data is an action that makes it impossible to determine whether personal data belongs to a specific User or another personal data subject without using additional information.

2.10. Blocking of personal data is the temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data).

2.11. Providing personal data is an action aimed at disclosing personal data to a certain person or a specific range of persons.

2.12. Dissemination of personal data is any action aimed at disclosing personal data to an unspecified group of people (transfer of personal data).

2.13. Cross–border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

2.14. Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

3. The Operator processes the following personal data of the User:

3.1. Last name, first name, patronymic; gender, date and place of birth, photo of the visitor, region of residence, citizenship, e-mail address; phone number; place of study/work and position; field of activity.

3.2. The Website also collects and processes depersonalized visitor data (including cookies) using Internet statistics services (Yandex.Metrica, etc).

3.3. Further on the content of the Policy the above-mentioned types of data are merged by the general concept of Personal Data.

4. Purposes of personal data processing

4.1. Purpose of processing the User's personal data:

– providing the User with access to the services, information and/or materials posted on the website https://ibw-bashkortostan.com.

– informing the User by sending emails.

4.2. Depersonalized User data collected using Internet statistics services is used to collect information about User's actions on the site, improve the quality of the site and its content.

5. Grounds and conditions of personal data processing

5.1. The processing of personal data is carried out with the consent of the personal data owner to the processing of owner's personal data.

5.2. The Operator processes the User's personal data only if it is filled in and/or sent by the User independently via special forms located on the website https://ibw-bashkortostan.com or sent to the Operator by e-mail. By filling out the appropriate forms and/or sending their personal data to the Operator, the User agrees with the present Policy.

Personal data is also collected automatically when a User views or uses the Website, for example by using cookies.

The Operator uses cookies for:

a) Identification — cookies provide a permission to recognize a User's device and Account if they have entered a log-in and password and not request them every time they visit another page;

b) Statistics — cookies provide a permission to collect data about browsing certain pages.

5.3. The personal data owner decides on the provision of his personal data and agrees to their processing freely, voluntarily and in owner's own interests. Consent to the processing of personal data may be given by the personal data owner or his representative in any form that allows to confirm the fact of its receipt, unless otherwise established by federal law.

5.4. When processing personal data, the accuracy of personal data, its sufficiency, and, if necessary, its relevance to the purposes of personal data processing is ensured. The Operator takes the necessary measures and/or ensures that they are taken to deletion or clarification of incomplete or inaccurate data.

5.5. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection is not allowed.

5.6. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other.

5.7. Only personal data that meets the purposes of their processing is subject to processing.

5.8. Persons who have provided the Operator with false information about themselves or information about another personal data owner without the latter's consent are liable in accordance with the legislation of the Russian Federation.

6. Collecting, storing, transferring procedures and other types of personal data processing.

6.1. The security of personal data processed by the Operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.

6.2. The Operator ensures the safety of personal data and takes all possible measures to exclude access to personal data of unauthorized persons.

6.3. The User's personal data will never, under any circumstances, be transferred to third parties, except in cases related to the implementation of current legislation or if the personal data owner consents to the Operator to transfer data to a third party.

The Operator may disclose the User's personal data within the framework of the law or in order to protect the rights and interests, if such disclosure is necessary to comply with the law, protect the rights of the Operator or third parties, as well as protect property and/or interests (for example, compliance with the terms of the User Agreement) or fraud prevention.

The Operator may share personal data with third parties in order to provide the User with individual advertising, analyse and monitor its effectiveness.

6.4. In case of inaccuracies in personal data, the User can update them independently by sending a notification to the Operator's email address MNB@congressrb.com marked "Updating personal data".

6.5. The duration of personal data processing is determined by the achievement of the purposes for which personal data was collected, unless another period is stipulated by the contract or applicable legislation.

The User can revoke his consent to the processing of personal data at any time by sending an e-mail notification to the Operator's e-mail address MNB@congressrb.com marked "Withdrawal of consent to the processing of personal data".

6.6. All information collected by third-party services, including payment systems, communication facilities, and other service providers, is stored and processed by above mentioned persons (Operators) in accordance with their User Agreement and Privacy Policy. The subject of personal data and/or the User is obliged to familiarize themselves with the specified documents in a timely manner. The Operator is not responsible for the actions of third parties. The present Policy applies only to the website of the Autonomous Non-Profit Organization Bashkortostan Convention Bureau. Bashkortostan Convention Bureau does not control and is not responsible for the information of third parties posted on websites to which the user can click on the links available on the website of ANO Bashkortostan Convention Bureau. Other personal information may be collected or requested from the user, as well as other actions may be performed on such websites. ANO Bashkortostan Convention Bureau does not control such third-party sites and is not responsible for their privacy policies.

6.7. The prohibitions established by the personal data owner on the transfer (other than granting access), as well as on the processing or conditions of processing (other than gaining access) of personal data permitted for dissemination, do not apply in cases of processing personal data in the state, public and other public interests defined by the legislation of the Russian Federation.

6.8. The operator ensures the confidentiality of personal data when processing personal data.

6.9. Personal data is stored in a form that makes it possible to identify the subject of personal data for no longer than the purposes of personal data processing require. The personal data being processed is destroyed or depersonalized upon achievement of the processing objectives or in case of loss of the need to achieve these objectives, unless otherwise provided by federal law.

6.10. The condition for termination of personal data processing may be the achievement of the purposes of personal data processing, the expiration of the consent of the personal data owner or the withdrawal of consent by the personal data owner, as well as the identification of unlawful processing of personal data.

7. List of actions performed by the Operator with the received personal data

7.1. Оператор осуществляет сбор, запись, систематизацию, накопление, хранение, уточнение (обновление, изменение), извлечение, использование, передачу (распространение, предоставление, доступ), обезличивание, блокирование, удаление и уничтожение персональных данных.

7.2. The Operator processes personal data with or without receiving and/or transmitting the information received via information and telecommunication networks. The processing of personal data is carried out by the Operator both in an automated manner in personal data information systems and without the use of automation tools (on paper).

8. Confidentiality of personal data

The operator and other persons who have obtained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the personal data owner, unless otherwise provided by federal law.

9. Final provisions

9.1. The User can receive any clarifications on issues of interest related to the processing of his personal data by contacting the Operator via e-mail MNB@congressrb.com

9.2. The Operator makes amendments to the Policy at its discretion, including, but not limited to, in cases where the relevant changes are related to changes in applicable law, as well as when the relevant changes are related to changes in the operation of the site and Services. This document will reflect any changes to the Operator's personal data processing policy. The Policy remains in force indefinitely until it is replaced by a new version.