РусEng
Sign in

Personal Data Protection and Processing Policy

  1. Purpose and scope of application
    1. This Policy in the field of personal data processing (hereinafter referred to as the Policy) has been developed on the basis of Article 18.1 of Federal Law No. 152—FZ "On Personal Data" and other regulatory legal acts of the Russian Federation in the field of personal data.
    2. This Policy applies to relations on processing and ensuring the security of restricted access information related to personal data in accordance with the legislation of the Russian Federation (hereinafter — PD).
    3. This Policy defines the principles, goals, procedure and conditions for processing PD of users of the sites of the All—Russian Public Organization "Russian Geographical Society" (hereinafter - the Society). This Policy is a publicly available document and is published on the Company's official website on the Internet.
    4. All employees of the Company are guided by the provisions of this Policy.
  2. Designations and abbreviations
    1. PD - Personal data.
    2. ISPDn is an information system of personal data.
    3. NSD - Unauthorized access.
  3. Principles of personal data processing. PD processing is carried out in the Company on the basis of the following principles:
    1. PD processing is carried out on a legal and fair basis;
    2. PD processing is limited to achieving specific, predetermined and legitimate goals;
    3. The Company does not process personal data incompatible with the purposes of personal data collection;
    4. The Company shares databases containing PD, the processing of which is carried out for purposes incompatible with each other;
    5. The Company processes only PD that meet the purposes of their processing;
    6. the content and volume of processed PD correspond to the stated processing goals;
    7. the processed PD is not redundant in relation to the stated purposes of their processing;
    8. when processing PD, the accuracy of PD, their sufficiency, and, if necessary, relevance in relation to the purposes of PD processing are ensured.
    9. the necessary measures are being taken or their adoption is being ensured to remove or clarify incomplete or inaccurate PD;
    10. PD storage is carried out in a form that allows you to determine the subject of PD, no longer than the purposes of PD processing require;
    11. the processed PD is destroyed or depersonalized upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.
  4. Purposes of personal data processing
    The Company processes personal data in order to carry out the Company's activities in accordance with the legislation of the Russian Federation and the Company's Charter.
  5. Categories of personal data subjects
    The subjects whose PD is processed in the Company using automation tools are persons whose PD processing is necessary for the Company to achieve the goals specified in section 4 of this Policy.
  6. Categories of personal data
    The Company processes publicly available PD.
  7. Processing and ensuring the security of personal data. PD processing in the Company is allowed in the following cases:
    1. PD processing is carried out with the consent of the PD subject to the processing of his PD.
    2. PD processing is necessary to exercise the rights and legitimate interests of the operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the PD subject are not violated.
    3. PD processing is carried out for statistical or other research purposes, subject to mandatory depersonalization of PD.
    4. as well as the processing of PD by the Company is possible in other cases provided for by federal legislation.
  8. The inclusion of the PD of subjects by the Company in publicly available PD sources is possible only if there are requirements of federal legislation, or if the written consent of the PD subject is obtained.
    The Company undertakes and obliges other persons who have access to the PD not to disclose to third parties and not to distribute the PD without the consent of the PD subject, unless otherwise provided by federal law.
    The processing of PD by the Company is terminated in the following cases:
    1. achieving the goals of PD processing;
    2. expiration of the PD processing period provided for by federal legislation;
    3. when a PD subject withdraws consent to the processing of his PD, in cases that do not contradict the requirements of federal legislation.
  9. The Company takes all necessary legal, organizational and technical measures when processing PD to protect PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions in relation to PD.
    Measures are being implemented to protect PD during their processing in PD information systems, including:
    1. the level of protection of PDNP during their processing in information systems is determined;
    2. the requirements for the protection of PD in PD information systems are met in accordance with certain levels of PD security;
    3. the necessary means of information protection are applied;
    4. the facts of the NSD to the PD are being discovered and the necessary measures are being taken;
    5. PD is being restored, modified or destroyed as a result of NSD to them;
    6. rules for access to PD processed in ISPDn are established;
    7. the measures taken to ensure the safety of PD and the level of protection of ISPDn are monitored.
  10. Policy violation and liability
    The Company is responsible for the compliance of the processing and security of personal data with the legislation. All persons processing personal data are responsible for compliance with this Policy and other local acts of the Company on the processing and security of personal data.
    Any violations of this Policy and other local acts of the Company on the processing and security of personal data will be investigated in accordance with the procedures in force in the Company.
    Persons found guilty of violating the established procedures and procedures for processing and ensuring the security of personal data may be brought to disciplinary, material, civil, administrative and criminal liability in accordance with the procedure established by the legislation of the Russian Federation.