Privacy Policy and Processing Personal Data of Website Users https://forum-aspir.ru
The Privacy Policy and Processing Personal Data of Website Users: https://forum-aspir.ru (hereinafter referred to as the Privacy Policy) lays down the procedure for processing and protecting personal data of individuals (hereinafter referred to as Users) that may be obtained by the Personal Data Operator during the use of its services, which are provided via services, tools, programs owned by the Personal Data Operator and located on the website at https://forum-aspir.ru (hereinafter referred to as the Website).
1. General Provisions
1.1. The Personal Data Operator is the Association of Writers and Publishers Unions of Russia, OGRN 1207700500688; INN 9703024308, address: 121069, Russia, Moscow, Presnensky Municipal District, Povarskaya st., 52/55, bld. 1, phone: +7 (495) 632 00 29, authorized email address: info@aspi-russia.ru (hereinafter referred to as the Operator).
1.2. The User’s personal data is processed to achieve the purposes of data processing by any legal means, including personal data information systems with or without use of automation tools (mixed processing personal data). The User’s personal data is processed in accordance with Federal Law No. 152-FZ On Personal Data dated 27.07.2006.
1.3. The consent to processing personal data is valid from the moment it is provided to the Operator until the day the consent is withdrawn by the User in written form.
1.4. The general terms used in the Privacy Policy:
1.4.1. Personal data refers to personal datathat the User voluntarily provides about themselves while using the Website, including the User's personal data (information required to use the Services is specially marked, other information is provided at the User's discretion), as well as data automatically transmitted to the Website's services during their use through software installed on the User’s device, including IP address, cookie data, information about the User’s browser (or other software used to access the services), technical characteristics of the equipment and software used by the User, date and time of access to the services, addresses of requested pages, and other similar information about the User, the processing of which is provided for by this Privacy Policy;
1.4.2. Personal data processing, i.e. any action (operation) or a set of actions (operations) performed with personal data, with or without use of automation tools. Personal data processing includes collecting, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, usage, transfer (provision, distribution, and access), blocking, anonymization, deletion, destruction of personal data;
1.4.3. Automated personal data processing is the processing of personal data using computing equipment;
1.4.4. Personal data distribution implies actions aimed at disclosing personal data to the general public;
1.4.5. Personal data provision is aimed at disclosing personal data to a specific person or a specific group of people;
1.4.6. Blocking personal data is a temporary suspension of personal data processing (except for cases when processing is necessary for clarification of personal data);
1.4.7. Anonymization of personal data is actions that result in impossibility of determining the affiliation of personal data to a specific User without additional information;
1.4.8. Destruction of personal data is actions that result in impossibility of restoring the personal data content in the personal data information system and/or that lead to destruction of physical data carriers containing personal data.
1.5. The use of the Website services implies the User’s unconditional consent to the Privacy Policy and the terms of personal data processing specified therein; if the User disagrees with these terms, they must refrain from using the Website and its services.
1.6. The Website does not verify the accuracy of personal data provided by Users and does not control their legal capacity. However, the Website assumes that the User provides accurate and sufficient personal data in response to the questions proposed in the registration form and maintains relevant information.
1.7. The Operator has the right to make changes to the Privacy Policy without the User's consent. The new version of the Privacy Policy takes effect from the moment it is posted on the Website, unless otherwise provided for by the new version of the Privacy Policy. The text of the Privacy Policy is available to Users on the Internet at https://forum-aspir.ru/eng/policy.
1.8. This Privacy Policy applies only to the Website. The Website does not control and is not responsible for third-party websites that the User may access via links available on the Website.
2. Purposes of collecting and processing users' personal data
2.1. The Website collects and stores only the personal data necessary to provide and deliver services (to fulfill agreements and contracts with the User).
2.2. The Website may use the User's personal data for the following purposes:
2.2.1. Registration on the Website (full name, email address, phone numbers, all data indicated in the social network account (if registration is done through social network authorization or another electronic service);
2.2.2. Identification on the Website (full name, email address);
2.2.3. Establishing and maintaining communication between the User and the Operator (full name, phone number, email address, social network account data);
2.2.4. Sending advertising messages; targeting advertising materials (full name, phone number, email address, date of birth);
2.2.5. Improving the quality of User service and upgrading the Website (cookie files).
3. Conditions for processing users' personal data
3.1. The personal data allowed for processing under the Privacy Policy is provided by the User if the User:
• registers on the Website by filling out the registration form on the Website https://forum-aspir.ru and clicking the Register button. Consent is deemed given at the moment the Register button is clicked; or
• authorizes on the Website using social networks or other electronic services available for authentication purposes on the Website. Consent is deemed given at the moment the button corresponding to the selected social network or electronic service for authorization is clicked; or
• fills out feedback forms. The consent to personal data processing entered into the feedback form fields is deemed given at the moment the button confirming submission is clicked (buttons may be labeled Send or other similar terms).
• subscribes to receive informational and news materials from the Operator and fills out the corresponding form at https://forum-aspir.ru/eng/press. Consent is considered granted after checking the box “I hereby give consent for personal data processing” at the moment of pressing the Subscribe button.
4. Measures applied by the Operator during personal data processing
4.1. During personal data processing, the Operator, at his discretion, takes the necessary legal, organizational, and technical measures to protect the data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions regarding personal data, including the following:
4.1.1. identifies security threats to personal data during processing in personal data information systems;
4.1.2. applies organizational and technical measures to ensure personal data security, including during their processing in personal data information systems, necessary to meet the personal data protection requirements, ensuring the levels of personal data security established by the Government of the Russian Federation;
4.1.3. assesses effectiveness of the measures taken to ensure personal data security before commissioning the personal data information system;
4.1.4. ensures the timely detection of unauthorized access to personal data and takes necessary measures to prevent such cases and eliminate their consequences;
4.1.5. restores personal data modified or destroyed due to unauthorized access;
4.1.6. establishes rules for access to personal data processed in the personal data information system, as well as ensures registration and accounting of all actions performed with personal data in the personal data information system;
4.1.7. ensures monitoring the measures taken to ensure personal data security and the level of protection of personal data information systems;
4.1.8. publishes the Privacy Policy on the Website and provides unrestricted access to it;
4.1.9. conducts internal control over the compliance of personal data processing with the legislation on personal data;
4.1.10. determines the locations for personal data storage.
4.2. Access to personal data processed by the Operator is granted only to persons whose official duties include working with such information and documents. The Operator provides personal data to its employees in accordance with the procedures established by the legislation of the Russian Federation and limits this information to only the personal data necessary for the purposes of processing personal data.
4.3. The operator is entitled to provide access to users' personal data in the following cases:
4.3.1. It is provided for, permitted, or required in accordance with the legislation of the Russian Federation;
4.3.2. The user has given their consent to transfer of personal data to the recipient.
5. Prohibition of personal data transfer to protect citizens' rights
5.1. Roskomnadzor may decide to prohibit the cross-border transfer of personal data to protect morality, health, rights, and legitimate interests of citizens in the following cases:
• Foreign state authorities, foreign individuals or legal entities, to whom the cross-border transfer of personal data is planned, do not take measures to protect the transferred personal data, nor are the conditions for terminating its processing defined;
• The foreign legal entity to which the cross-border transfer of personal data is planned is an organization whose activities are prohibited in Russia based on a legally effective court decision;
• The foreign legal entity to which the cross-border transfer of personal data is planned is included in the list of foreign and international non-governmental organizations whose activities are deemed undesirable in Russia;
• The cross-border transfer of personal data and further processing of the transferred personal data are incompatible with the purposes of collecting personal data;
• The cross-border transfer of personal data is carried out in cases not provided for by Part 1 of Article 6 of Federal Law No. 152-FZ.
5.2. The grounds for restricting the cross-border transfer of personal data for the protection of morality, health, rights, and legitimate interests of citizens are:
• The content and scope of personal data planned for cross-border transfer do not correspond to the purpose of the cross-border transfer of personal data;
• The categories of subjects whose personal data is planned for cross-border transfer do not correspond to the purpose of the cross-border transfer of personal data.
6. Rights and Obligations of the Parties
6.1. The User has the right to:
6.1.1. receive information on their personal data processing;
6.1.2. clarify, block, or delete their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, and to take legally prescribed measures to protect their rights;
6.1.3. defend their rights and legal interests in court;
6.1.4. at their discretion, provide the Operator with personal data for processing under the conditions specified in the Privacy Policy;
6.1.5. upon request, receive information from the Operator regarding their personal data processing.
6.2. The User’s right to access their personal data may be restricted in accordance with federal laws, including cases where the User's access to their personal data infringes upon the rights and legal interests of third parties.
6.3. The Operator is obliged to:
6.3.1. use the obtained information exclusively for the purposes specified in the Privacy Policy;
6.3.2. ensure the information confidentiality, do not disclose it without the User's prior written consent, nor sell, exchange, publish, or otherwise disclose the User's personal data, except in cases provided for in the Privacy Policy;
6.3.3. take precautionary measures to protect the User's personal information;
6.3.4. block the personal data related to the respective User upon request from the User, their legal representative, or an authorized body for the protection of personal data subjects' rights, for the period of verification in case inaccurate personal data or illegal actions are identified;
6.3.5. before starting activities related to the cross-border transfer of personal data, notify Roskomnadzor of their intention to carry out such a transfer. This notification is sent separately from the notification of the intention to process personal data.
6.3.6. Prior to submitting the notification, the Operator is required to obtain from the authorities of a foreign state, as well as from foreign individuals and legal entities to whom the cross-border transfer of personal data is planned, the following information:
— on the measures taken by the authorities of the foreign state, and the foreign individuals and legal entities to whom the cross-border transfer of personal data is planned, to protect the transmitted data, and the conditions under which their processing is terminated;
— on the legal regulations concerning personal data in the foreign state under whose jurisdiction the authorities of the foreign state, as well as the foreign individuals and legal entities to whom the cross-border transfer of personal data is planned, operate (in the event that the personal data is transferred to a state that is neither a party to the Convention nor included in the list of foreign states providing viable defense of personal data subjects' rights);
— on the authorities of the foreign state, as well as foreign individuals and legal entities to whom the data is to be transferred (name or full name, contact phone numbers, postal addresses, and email addresses).
6.4. Roskomnadzor makes the decision to prohibit or restrict the cross-border transfer of personal data in order to protect morality, health, rights, and legitimate interests of citizens based on the results of reviewing the intention notification to carry out the cross-border transfer of personal data, in the manner thereby determined by the Government Decree of the Russian Federation No. 24 dated January 16, 2023 (hereinafter referred to as Decree No. 24).
If a decision is made to prohibit or restrict the cross-border transfer of personal data for the purposes of protecting morality, health, rights, and legitimate interests of citizens, and the Operator has not managed to eliminate the faults in time, they may submit the notification again.
The Government Decree of the Russian Federation No. 2526 dated December 29, 2022 also approved a list of cases where the requirements for cross-border transfer of personal data, as established by Article 12 of Law No. 152-FZ, do not apply.
7. Identification Files
7.1. The Website may use identification files stored on the client’s system (hereinafter referred to as Cookies).
7.2. Cookies are necessary for use of the Website, navigation on the Website, and proper functioning of its services.
7.3. Cookies may contain information about the User's actions on the Website, including information they entered, and are used in accordance with the provisions of the Privacy Policy. The data stored in these cookies is accessible only to the Website and cannot be used when the User visits other websites.
7.4. By using the Website, the User agrees to cookies storage by the Website via corresponding standard tools of the browser on their computer/smartphone.
8. Dispute Resolution
8.1. Before filing a lawsuit regarding disputes arising from the relations between the User and the Operator, a claim must be submitted (a written proposal for voluntary settlement of the dispute).
8.2. The recipient of the claim shall, within 10 (Ten) calendar days from the date of receipt of the claim, inform the claimant in writing of the results of the claim review.
8.3. If no agreement is reached, the dispute shall be transferred to court in accordance with the current legislation of the Russian Federation.
8.4. The Privacy Policy and the relations between the User and the Operator are governed by the current legislation of the Russian Federation.
9. Feedback
9.1. Any additional questions or suggestions regarding the Privacy Policy, as well as personal data processing, should be emailed to the address specified in Section 1.1 of the Privacy Policy.
1. General Provisions
1.1. The Personal Data Operator is the Association of Writers and Publishers Unions of Russia, OGRN 1207700500688; INN 9703024308, address: 121069, Russia, Moscow, Presnensky Municipal District, Povarskaya st., 52/55, bld. 1, phone: +7 (495) 632 00 29, authorized email address: info@aspi-russia.ru (hereinafter referred to as the Operator).
1.2. The User’s personal data is processed to achieve the purposes of data processing by any legal means, including personal data information systems with or without use of automation tools (mixed processing personal data). The User’s personal data is processed in accordance with Federal Law No. 152-FZ On Personal Data dated 27.07.2006.
1.3. The consent to processing personal data is valid from the moment it is provided to the Operator until the day the consent is withdrawn by the User in written form.
1.4. The general terms used in the Privacy Policy:
1.4.1. Personal data refers to personal datathat the User voluntarily provides about themselves while using the Website, including the User's personal data (information required to use the Services is specially marked, other information is provided at the User's discretion), as well as data automatically transmitted to the Website's services during their use through software installed on the User’s device, including IP address, cookie data, information about the User’s browser (or other software used to access the services), technical characteristics of the equipment and software used by the User, date and time of access to the services, addresses of requested pages, and other similar information about the User, the processing of which is provided for by this Privacy Policy;
1.4.2. Personal data processing, i.e. any action (operation) or a set of actions (operations) performed with personal data, with or without use of automation tools. Personal data processing includes collecting, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, usage, transfer (provision, distribution, and access), blocking, anonymization, deletion, destruction of personal data;
1.4.3. Automated personal data processing is the processing of personal data using computing equipment;
1.4.4. Personal data distribution implies actions aimed at disclosing personal data to the general public;
1.4.5. Personal data provision is aimed at disclosing personal data to a specific person or a specific group of people;
1.4.6. Blocking personal data is a temporary suspension of personal data processing (except for cases when processing is necessary for clarification of personal data);
1.4.7. Anonymization of personal data is actions that result in impossibility of determining the affiliation of personal data to a specific User without additional information;
1.4.8. Destruction of personal data is actions that result in impossibility of restoring the personal data content in the personal data information system and/or that lead to destruction of physical data carriers containing personal data.
1.5. The use of the Website services implies the User’s unconditional consent to the Privacy Policy and the terms of personal data processing specified therein; if the User disagrees with these terms, they must refrain from using the Website and its services.
1.6. The Website does not verify the accuracy of personal data provided by Users and does not control their legal capacity. However, the Website assumes that the User provides accurate and sufficient personal data in response to the questions proposed in the registration form and maintains relevant information.
1.7. The Operator has the right to make changes to the Privacy Policy without the User's consent. The new version of the Privacy Policy takes effect from the moment it is posted on the Website, unless otherwise provided for by the new version of the Privacy Policy. The text of the Privacy Policy is available to Users on the Internet at https://forum-aspir.ru/eng/policy.
1.8. This Privacy Policy applies only to the Website. The Website does not control and is not responsible for third-party websites that the User may access via links available on the Website.
2. Purposes of collecting and processing users' personal data
2.1. The Website collects and stores only the personal data necessary to provide and deliver services (to fulfill agreements and contracts with the User).
2.2. The Website may use the User's personal data for the following purposes:
2.2.1. Registration on the Website (full name, email address, phone numbers, all data indicated in the social network account (if registration is done through social network authorization or another electronic service);
2.2.2. Identification on the Website (full name, email address);
2.2.3. Establishing and maintaining communication between the User and the Operator (full name, phone number, email address, social network account data);
2.2.4. Sending advertising messages; targeting advertising materials (full name, phone number, email address, date of birth);
2.2.5. Improving the quality of User service and upgrading the Website (cookie files).
3. Conditions for processing users' personal data
3.1. The personal data allowed for processing under the Privacy Policy is provided by the User if the User:
• registers on the Website by filling out the registration form on the Website https://forum-aspir.ru and clicking the Register button. Consent is deemed given at the moment the Register button is clicked; or
• authorizes on the Website using social networks or other electronic services available for authentication purposes on the Website. Consent is deemed given at the moment the button corresponding to the selected social network or electronic service for authorization is clicked; or
• fills out feedback forms. The consent to personal data processing entered into the feedback form fields is deemed given at the moment the button confirming submission is clicked (buttons may be labeled Send or other similar terms).
• subscribes to receive informational and news materials from the Operator and fills out the corresponding form at https://forum-aspir.ru/eng/press. Consent is considered granted after checking the box “I hereby give consent for personal data processing” at the moment of pressing the Subscribe button.
4. Measures applied by the Operator during personal data processing
4.1. During personal data processing, the Operator, at his discretion, takes the necessary legal, organizational, and technical measures to protect the data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions regarding personal data, including the following:
4.1.1. identifies security threats to personal data during processing in personal data information systems;
4.1.2. applies organizational and technical measures to ensure personal data security, including during their processing in personal data information systems, necessary to meet the personal data protection requirements, ensuring the levels of personal data security established by the Government of the Russian Federation;
4.1.3. assesses effectiveness of the measures taken to ensure personal data security before commissioning the personal data information system;
4.1.4. ensures the timely detection of unauthorized access to personal data and takes necessary measures to prevent such cases and eliminate their consequences;
4.1.5. restores personal data modified or destroyed due to unauthorized access;
4.1.6. establishes rules for access to personal data processed in the personal data information system, as well as ensures registration and accounting of all actions performed with personal data in the personal data information system;
4.1.7. ensures monitoring the measures taken to ensure personal data security and the level of protection of personal data information systems;
4.1.8. publishes the Privacy Policy on the Website and provides unrestricted access to it;
4.1.9. conducts internal control over the compliance of personal data processing with the legislation on personal data;
4.1.10. determines the locations for personal data storage.
4.2. Access to personal data processed by the Operator is granted only to persons whose official duties include working with such information and documents. The Operator provides personal data to its employees in accordance with the procedures established by the legislation of the Russian Federation and limits this information to only the personal data necessary for the purposes of processing personal data.
4.3. The operator is entitled to provide access to users' personal data in the following cases:
4.3.1. It is provided for, permitted, or required in accordance with the legislation of the Russian Federation;
4.3.2. The user has given their consent to transfer of personal data to the recipient.
5. Prohibition of personal data transfer to protect citizens' rights
5.1. Roskomnadzor may decide to prohibit the cross-border transfer of personal data to protect morality, health, rights, and legitimate interests of citizens in the following cases:
• Foreign state authorities, foreign individuals or legal entities, to whom the cross-border transfer of personal data is planned, do not take measures to protect the transferred personal data, nor are the conditions for terminating its processing defined;
• The foreign legal entity to which the cross-border transfer of personal data is planned is an organization whose activities are prohibited in Russia based on a legally effective court decision;
• The foreign legal entity to which the cross-border transfer of personal data is planned is included in the list of foreign and international non-governmental organizations whose activities are deemed undesirable in Russia;
• The cross-border transfer of personal data and further processing of the transferred personal data are incompatible with the purposes of collecting personal data;
• The cross-border transfer of personal data is carried out in cases not provided for by Part 1 of Article 6 of Federal Law No. 152-FZ.
5.2. The grounds for restricting the cross-border transfer of personal data for the protection of morality, health, rights, and legitimate interests of citizens are:
• The content and scope of personal data planned for cross-border transfer do not correspond to the purpose of the cross-border transfer of personal data;
• The categories of subjects whose personal data is planned for cross-border transfer do not correspond to the purpose of the cross-border transfer of personal data.
6. Rights and Obligations of the Parties
6.1. The User has the right to:
6.1.1. receive information on their personal data processing;
6.1.2. clarify, block, or delete their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, and to take legally prescribed measures to protect their rights;
6.1.3. defend their rights and legal interests in court;
6.1.4. at their discretion, provide the Operator with personal data for processing under the conditions specified in the Privacy Policy;
6.1.5. upon request, receive information from the Operator regarding their personal data processing.
6.2. The User’s right to access their personal data may be restricted in accordance with federal laws, including cases where the User's access to their personal data infringes upon the rights and legal interests of third parties.
6.3. The Operator is obliged to:
6.3.1. use the obtained information exclusively for the purposes specified in the Privacy Policy;
6.3.2. ensure the information confidentiality, do not disclose it without the User's prior written consent, nor sell, exchange, publish, or otherwise disclose the User's personal data, except in cases provided for in the Privacy Policy;
6.3.3. take precautionary measures to protect the User's personal information;
6.3.4. block the personal data related to the respective User upon request from the User, their legal representative, or an authorized body for the protection of personal data subjects' rights, for the period of verification in case inaccurate personal data or illegal actions are identified;
6.3.5. before starting activities related to the cross-border transfer of personal data, notify Roskomnadzor of their intention to carry out such a transfer. This notification is sent separately from the notification of the intention to process personal data.
6.3.6. Prior to submitting the notification, the Operator is required to obtain from the authorities of a foreign state, as well as from foreign individuals and legal entities to whom the cross-border transfer of personal data is planned, the following information:
— on the measures taken by the authorities of the foreign state, and the foreign individuals and legal entities to whom the cross-border transfer of personal data is planned, to protect the transmitted data, and the conditions under which their processing is terminated;
— on the legal regulations concerning personal data in the foreign state under whose jurisdiction the authorities of the foreign state, as well as the foreign individuals and legal entities to whom the cross-border transfer of personal data is planned, operate (in the event that the personal data is transferred to a state that is neither a party to the Convention nor included in the list of foreign states providing viable defense of personal data subjects' rights);
— on the authorities of the foreign state, as well as foreign individuals and legal entities to whom the data is to be transferred (name or full name, contact phone numbers, postal addresses, and email addresses).
6.4. Roskomnadzor makes the decision to prohibit or restrict the cross-border transfer of personal data in order to protect morality, health, rights, and legitimate interests of citizens based on the results of reviewing the intention notification to carry out the cross-border transfer of personal data, in the manner thereby determined by the Government Decree of the Russian Federation No. 24 dated January 16, 2023 (hereinafter referred to as Decree No. 24).
If a decision is made to prohibit or restrict the cross-border transfer of personal data for the purposes of protecting morality, health, rights, and legitimate interests of citizens, and the Operator has not managed to eliminate the faults in time, they may submit the notification again.
The Government Decree of the Russian Federation No. 2526 dated December 29, 2022 also approved a list of cases where the requirements for cross-border transfer of personal data, as established by Article 12 of Law No. 152-FZ, do not apply.
7. Identification Files
7.1. The Website may use identification files stored on the client’s system (hereinafter referred to as Cookies).
7.2. Cookies are necessary for use of the Website, navigation on the Website, and proper functioning of its services.
7.3. Cookies may contain information about the User's actions on the Website, including information they entered, and are used in accordance with the provisions of the Privacy Policy. The data stored in these cookies is accessible only to the Website and cannot be used when the User visits other websites.
7.4. By using the Website, the User agrees to cookies storage by the Website via corresponding standard tools of the browser on their computer/smartphone.
8. Dispute Resolution
8.1. Before filing a lawsuit regarding disputes arising from the relations between the User and the Operator, a claim must be submitted (a written proposal for voluntary settlement of the dispute).
8.2. The recipient of the claim shall, within 10 (Ten) calendar days from the date of receipt of the claim, inform the claimant in writing of the results of the claim review.
8.3. If no agreement is reached, the dispute shall be transferred to court in accordance with the current legislation of the Russian Federation.
8.4. The Privacy Policy and the relations between the User and the Operator are governed by the current legislation of the Russian Federation.
9. Feedback
9.1. Any additional questions or suggestions regarding the Privacy Policy, as well as personal data processing, should be emailed to the address specified in Section 1.1 of the Privacy Policy.
