This Personal Data Confidentiality Policy (hereinafter — the Confidentiality Policy) has been developed in accordance with the requirements of Russia’s Federal Law No.152-FZ (ФЗ) dated 27 July 2006 “On Personal Data”, as well as the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC" (General Data Protection Regulation, hereinafter, GDPR), and applies to all the information relating to the User, which can be collected by the website https://icc.moscow/ (hereinafter, the Website) while the User is using the Website.
1. Terms and Definitions
1.1. This Confidentiality policy uses the following terms:
1.1.1. The Website Administration (Administration) are legal entities bound by contractual relations as part of organising and holding the International Cybersecurity Congress. Such legal entities are: Sberbank, BI.Zone LLC. As part of the event organisation, the Website Administration processes the personal data of the users of https://icc.moscow/ website.
1.1.2. Personal data shall mean any information that refers — directly or indirectly — to an identified or identifiable individual (personal data subject).
1.1.3. Processing of personal data means any action (transaction) or a number of actions (transactions) performed with or without automated technologies in regards to such personal data, including collection, recording, systematisation, accumulation, storage, rectification (updating, changes), retrieval, use, transfer (distribution, provision, access), depersonalisation, blocking, deletion, and destruction of personal data;
1.1.4. Confidentiality of personal data shall mean obligatory compliance of the Operator, User or another entity granted with access to personal data with the requirement of preventing its dissemination without the consent of the personal data subject, or any legal ground thereto.
1.1.6. The Website User (the User) is a person who has registered on the Website and has access details to the Website (login and password).
1.1.7. A cookie is a small fragment of data which a website requests from the browser used on your PC or mobile device. Cookies allow the website to “remember” your actions or preferences. Cookies are stored locally on your PC or on a mobile device. The users can delete saved cookie files at their own wish.
1.1.8. IP address is a unique network address of the host on the computer network through which the User accesses the website.
2. General Provisions
2.1. The use of the Website by the User shall mean the User’s consent to this Confidentiality policy, and the terms and conditions of processing the User’s personal data.
2.2. Should the User disagree with this Confidentiality policy, the User must stop using the Website.
2.3. This Confidentiality Policy shall apply to the Website. The Website Administration does not control and is not responsible for the sites (and their content) of third parties to which the User can go using the links available on the Website.
2.4. Administration does not check and does not guarantee the authenticity of personal data provided by the User.
3. Subject of the Confidentiality Policy
3.1. This Confidentiality Policy establishes the obligations of the Administration not to disclose and provide a regime for protecting the confidentiality of personal data that the User provides upon the request of the Administration during the registration or when using of the Website or when subscribing to an email newsletter.
3.2. Categories of personal data to be processed may include the following:
3.2.1 User email address;
3.2.2 Information on the actions effected on the Website, and data on the devices used (IP-addresses, cookies).
3.3.1. Cookies, information about actions taken by the user on the website, information about the user’s equipment, the date and time of the session are processed by the Administration (including by using Yandex.Metrika, Google Analytics) in order to improve the functioning of the website, the data on users’ actions is processed to improve the functioning of the Website, determine a user’s preferences.
3.3.2. The User may switch off cookies, after doing so the User may find out that some sections of the Website do not function properly.
The instructions on managing cookies can usually be found in the query service of the browser (Help option).
4. Objectives and methods of personal data processing
4.1. Processing of the User’s personal data shall be performed for the following purposes:
4.1.1. Informing the User by email on the date of the International Cybersecurity Congress in 2020-2021 as well as news related to the above Congress on behalf of the Website;
4.1.2. Maintenance and support for the Website.
4.2. Processing of the User’s personal data by the Administration is carried out only if the User has given consent to the processing of his/her personal data for one or more specific purposes.
4.3. Personal data processing shall be carried out automatically, and include the following activities: collection, recording, arrangement, accumulation, storage, specification (updating, amending), retrieval, use, transfer (provision, access), depersonalisation, blocking, removal, and destruction of personal data.
5. Period of collecting personal information
5.1. Processing of personal data is carried out in order to send notifications, information and news messages about cybersecurity-related events for 5 years or until withdrawal of such consent by the User.
5.3. The processing of the User’s personal data may be carried out after the deletion of the User Account in cases provided for by the legislation of the Russian Federation and GDPR.
6. Rights and obligations of the Parties
6.1. The User may:
6.1.1. Grant consent to the processing of his or her personal data, by free will and for his or her benefit during registration on the Website.
6.1.2. Request the confirmation of his or her personal data processing. In case of such processing the User has a right to familiarise himself or herself with the personal data being processed, as well as with information about the purposes of processing, the categories of data being processed, the actions with the data, the receivers of the data and the guarantees when the data is transferred to third parties, the period of processing, the sources of the data, and whether decision-making is fully automated, inclusion of the User in the marketing mailouts by the Administration. The User may also obtain the list of the personal data being processed.
6.1.3. The User may demand changes in his or her personal data if there are inaccuracies in personal data processed by the Administration. Taking into account the purposes of data processing, the User may supplement the personal data, including by submitting an additional application.
6.1.4. The User may initiate limitations on processing of all or a part of his or her personal data if one of the following conditions is met:
- the accuracy of personal data is being contested by the User (limitation for the period necessary for the Administration to confirm the accuracy of the personal data);
- unlawful personal data processing has been revealed, the User opposes deleting the personal data and demand limiting the use thereof instead;
- the Administration does not need the personal data for the purposes of processing anymore, but the User needs the personal data for the purpose of substantiation, performance or as part of legal proceedings;
- the User opposes his or her personal data processing (limitation for a period necessary for the Administration to confirm whether the Administration’s legal grounds for personal data processing prevail over the lawful claims of the User).
6.1.5. The User has a right to demand deletion of his or her personal data from the Website and/or other existing tangible media, if one of the following conditions is met:
- the personal data is no longer required for the purposes for which they have been obtained;
- the User withholds the consent on the basis of which the processing has been carried out, if there are no other legal grounds for processing;
- the personal data is being processed unlawfully;
- the personal data must be deleted to ensure compliance with a legal obligation in accordance with legislative requirements;
- the personal data was obtained while delivering information society services.
6.1.6. The User has a right to demand the list of his or her personal data provided to the Administration for the processing thereof in a structured, uniform and machine-readable format, and to instruct the Administration to transfer his or her personal data to a third party if the Administration has the technical possibility to do so. In this case the Administration shall not be responsible for further actions of a third party related to the personal data.
6.1.7. The User has a right to oppose processing of all or a part of the list of his or her personal data for the purposes indicated when the personal data was provided for the Administration, except for the cases where the legal grounds for personal data processing prevail over the interests, rights and freedoms of the User or where the processing of the personal data is necessary for substantiation, execution or defense in legal proceedings.
6.1.8. The User has a right to demand to limit his or her personal data processing for the purpose of marketing activities carried out by the Administration.
6.1.9. The User has a right to bring a complaint to the supervisory authority if the Administration in any way violates his or her rights in relation to personal data processing.
6.1.10. To facilitate communication on legal matters between the Administration and the User, the email address firstname.lastname@example.org was created.
6.2. The User shall:
6.2.1. Abstain from uploading any email addresses of other people when subscribing to newsletter, except for when such consent is not required according to Article 152.1 of the Civil Code of the Russian Federation.
6.3. The Administration shall:
6.3.1. Use the received Personal Data of Users only for the purposes specified in cl. 4 of this Confidentiality Policy.
6.3.2. Ensure the storage of Personal Data of Users in secret, not disclose it without the consent of the User, and also not sell, exchange, publish or disclose in other possible ways the personal data of the User transferred, except for the transfer to authorised state authorities of the Russian Federation only for reasons and in order, established by the legislation of the Russian Federation.
6.3.3. Process the personal data of the User, and ensure the confidentiality and protection of the processed personal data in accordance with the requirements of the Federal Law No.152-FZ “On Personal Data” of July 27, 2006, as well as GDPR. When processing personal data, take required legal, organisational and technical measures to protect personal data received from the User from unauthorised or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data received from the User.
7.1. Administration and Users who violate their obligations to protect Personal Data are liable for damage caused by the misuse of personal data in accordance with the legislation of the Russian Federation.
8.1. The Administration may introduce amendments to this Confidentiality Policy without the User’s consent.
8.2. This Confidentiality Policy shall come into effect upon its publication on the Website, unless otherwise is stipulated by the new version of the Confidentiality Policy.
8.3. Please, send your suggestions or inquiries regarding this Confidentiality Policy to: email@example.com.
9. Contact details
9.1. If the User has any questions, suggestions or intends to exercise one or more rights of the User with regard to personal data processing, the User can contact the Administration using the following contact details:Sberbank
Address: 19 Vavilova street, Moscow
The Website Administration representative in the European Union
Address: Vienna, Austria, 1010, 3 Schwarzenbergplatz
Tel.: +43 (0)1 22732-0
The contact responsible for managing of processing and protection of personal data
Tel.: +7 (495) 665-56-00 ext. 64969
Address: 4/2 Olkhovksaya street, Moscow 105066, Russia