Confidentiality policy

Confidentiality policy

This personal data privacy policy (the Privacy Policy) complies with the requirements of the Russian Federal Law No. 152-FZ dated 27 July 2006 'On Personal Data' and Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR), and applies to all the information relating to the User, which can be collected by the website (the Website) in the course of the User's interaction with the Website.

1. Terminology

1.1. In this Privacy Policy, the following terms have the following meanings:

1.1.1. Administration means the legal entities, which are bound by contractual relations for the purpose of organising and holding the International Cybersecurity Congress (ICC), namely PJSC Sberbank and 'BiZone' LLC. As part of the event organisation, the Administration processes the Personal Data of Website users.

1.1.2. Personal Data means any information that refers — directly or indirectly — to an identified or identifiable individual (personal data subject).

1.1.3. Processing means any automated or non-automated operation(s)/method(s) applied to Personal Data, including collection, recording, systematisation, accumulation, storage, verification (updates, modifications), retrieval, utilisation, transmission (dissemination, provision, accessing), depersonalisation, blocking, erasure and destruction.

1.1.4. Privacy means a requirement, which is placed upon the Administration, the User or another party that has been granted access to the Personal Data, to prevent its dissemination without the consent of the User or any legitimate grounds to do so.

1.1.5. Website means a number of interconnected web pages hosted on the Internet at a unique URL:

1.1.6. User means a person who has registered on the Website and holds respective credentials (login and password).

1.1.7. Cookie is a tiny fragment of data which a website requests from your desktop or mobile browser. These files allow a website to remember your actions or preferences. Cookies are stored locally — on your desktop or mobile device. Users may delete the saved cookies at their own discretion.

1.1.8. IP Address is a unique network address of a node in the computer network through which the User accesses the Website.

2. General Provisions

2.1. The User's interaction with the Website constitutes their consent to this Privacy Policy and the terms of Personal Data Processing.

2.2. If the User disagrees with the terms of this Privacy Policy, they should stop using the Website.

2.3. This Privacy Policy shall apply to the Website. The Administration does not control and bears no responsibility for third-party websites (and their content) whereto the User can be redirected through the links on the Website.

2.4. The Administration neither verifies nor guarantees the accuracy of the Personal Data provided by the User.

3. Scope of the Privacy Policy

3.1. This Privacy Policy sets out the non-disclosure and confidentiality obligations of the Administration with respect to the Personal Data provided by the User upon the request of the Administration when signing up on or interacting with the Website as well as subscribing to email newsletters.

3.2. Categories of Personal Data being processed:

3.2.1 the User's email address

3.2.2 information about the User's activity on the Website and devices being used (IP Addresses, Cookies)

3.3. Use of Cookies.

3.3.1. The Administration processes Cookies, information about the User's devices, activity on the Website, session date and time (including by means of Yandex.Metrica, Google Analytics) with the purpose of improving the operation of the Website and identifying the User's preferences.

3.3.2. The User may opt out of Cookies, however, they should keep in mind that after doing so, some of the Website sections may become unavailable. You can manage Cookies by referring to your browser's Help page.

4. Purposes and Methods of Data Processing

4.1. Personal Data may be processed for the following purposes:

4.1.1. to email ICC newsletters to the User on behalf of the Website such as updates on the ICC 2020 and 2021 dates, etc.

4.1.2. to provide maintenance and support for the Website.

4.2. The Administration may handle the User's Personal Data strictly by virtue of the User's consent to the Processing of Personal Data for one or more specific purposes.

4.3. Personal Data is processed automatically with the following methods applied: collection, recording, systematisation, accumulation, storage, verification (updates, modifications), granting access, retrieval, utilisation, blocking, erasure and destruction.

5. Period of Data Processing

5.1. Personal Data which is used for the purposes of sending notifications and newsletters about cybersecurity events is processed for 5 years or until the respective consent is withdrawn by the User.

5.2. The User’s Personal Data may be processed after the deletion of the User's account in cases provided for by the law of the Russian Federation and GDPR.

6. Rights and Obligations of the Parties

6.1. The User may:

6.1.1. grant their consent to the Processing of Personal Data on their free will and in their own interest when signing up for newsletters on the Website.

6.1.2. obtain from the Administration the confirmation of whether or not their Personal Data is being processed. In the event that such Processing takes place, the User has a right to know what Personal Data is being processed (including the categories of data), the purposes, methods and period of Processing, data recipients, guarantees related to data transmission to third parties, data sources, whether solely automated decision-making is applied and whether the User is on the marketing mailing list. The User may also obtain a list of the Personal Data being processed.

6.1.3. demand from the Administration to make changes to their Personal Data in case the Personal Data being handled by the Administration is found to have inaccuracies. Taking into account the purposes of Processing, the User may supplement the Personal Data, including by submitting an additional application.

6.1.4. demand from the Administration the restriction of the Processing of their Personal Data (in full or in part) if one of the following conditions apply:

  • The User contests the accuracy of the Personal Data. In such cases, the Processing will be restricted for a period enabling the Administration to verify the accuracy of the Personal Data.
  • The Processing is unlawful, but the User opposes the erasure of the Personal Data and requests instead the restriction of its use.
  • The Administration no longer needs the Personal Data for the purposes of the Processing, however, the User needs it for the establishment, exercise or defence of legal claims.
  • The User objects to the Processing of the Personal Data. In such cases, the Processing will be restricted for a period enabling the Administration to verify whether the legitimate grounds of the Administration override those of the User.

6.1.5. demand from the Administration the erasure of their Personal Data from the Website and/or other tangible media, if one of the following conditions apply:

  • The Personal Data is no longer required for the purposes for which they have been obtained.
  • The User withdraws the consent to the Processing of Personal Data and there are no overriding legitimate grounds for the Processing.
  • The Personal Data is being processed unlawfully.
  • The Personal Data must be destroyed for compliance with a legal obligation.
  • The Personal Data was obtained in the course of information society services.

6.1.6. The User has the right to receive their Personal Data, which has been provided to the Administration, in a structured, uniform and machine-readable format as well as to instruct the Administration to transfer their Personal Data to a third party provided that the Administration has the technical capability to do so. In this case, the Administration shall not be liable for further actions of a third party related to the Personal Data.

6.1.7. The User has the right to object to the Processing of their Personal Data, in part or in full, for the purposes indicated at the time the Personal Data was provided to the Administration, except where the legitimate grounds for the Processing of Personal Data override the interests, rights and freedoms of the User or where such Processing is necessary for the establishment, exercise or defence of legal claims.

6.1.8. The User has the right to demand from the Administration to restrict the Processing for marketing purposes.

6.1.9. The User has the right to lodge a complaint to a supervisory authority if the Administration breaches their rights in relation to the Processing of Personal Data.

6.1.10. All legal communications between the Administration and the User shall be emailed to:

6.2. The User shall:

6.2.1. refrain from uploading any third-party email addresses when subscribing to newsletters, except where third-party consent is not required under Article 152.1 of the Civil Code of the Russian Federation.

6.3. The Administration shall:

6.3.1. use the Personal Data obtained from the User solely for the purposes specified in Article 4 of this Privacy Policy.

6.3.2. ensure that the Personal Data is kept confidential and not disclosed without the consent of the User; avoid selling, exchanging, publishing or disclosing Personal Data in other ways, the exception being its disclosure to competent authorities of the Russian Federation on the grounds and in the manner prescribed by the law of the Russian Federation.

6.3.3. process, keep confidential and secure the User's Personal Data being handled under the Federal Law No.152-FZ dated 27 July 2006 'On Personal Data' and GDPR; take appropriate legal, organisational and technical measures to protect the Personal Data from unauthorised or accidental access, destruction, modification, blocking, copying, provision, dissemination and other illegitimate actions.

7. Liability

7.1. The Administration and Users who are in breach of their Personal Data obligations shall be held liable for the damage incurred through the misuse of the Personal Data as per the law of the Russian Federation.

8. Miscellaneous

8.1. The Administration may amend this Privacy Policy without the User’s consent.

8.2. This Privacy Policy shall come into effect upon its publication on the Website, unless a new version of this Privacy Policy provides otherwise.

8.3. Please, send your suggestions or questions regarding this Privacy Policy to:

9. Contact Details

9.1. The User can address their questions, suggestions or intention to exercise one or more rights with regard to Personal Data Processing, to the Administration using the following contact details:

PJSC Sberbank

Address: 19 Vavilova Street, Moscow 117997, Russia


Personal Data Officer


Tel: +7 (495) 665-56-00 ext. 64969

'BiZone' LLC

Address: 4 Olkhovskaya St., Bld. 2, Moscow 105066, Russia


We use cookies (files with data on past visits to the site) to personalize the services and the convenience of website users. By using this website, you confirm your consent to the use of cookies and other similar technologies. If you do not agree to our use of this type of files, you must set your browser settings accordingly