Date: December 26, 2018
In this Policy we openly explain all methods of personal data processing when using the Contractor's platform. The Policy was developed by the Company in compliance with Federal Law No.152-FZ On Personal Data of July 27, 2006 (hereinafter the Law). As an international company, we take into account provisions of other regulatory acts on personal data, including the General Data Protection Regulation (GDPR).
1. General provisions
1.1. Personal data is any information relating to an identified or identifiable natural person. For instance, a person's last name, first name, middle name, or patronymic, his or her job title, company name, email address, phone number, and other information shall be deemed personal data.
Technical information shall be deemed personal data too, if it can be referred to an individual. For instance, IP address, type of operating system, type of device (computer, cell phone, tablet), browser type, geolocation, web form fill-in, Internet provider.
If we can not in any way refer information to an individual, we shall not consider this information personal data.
1.2. You understand that the Company is the operator only for personal data we get from you as an individual, using the platform of the contractor Ex Ordo Ltd (hereinafter the Services).
1.3. This document determines the Company’s personal data policy and can be found at https://www.phdays.com/en/privacy-policy-cfp/. Also the Company grants unlimited access to the Policy for any individual making a respective request in person.
1.4. Primary goal of the Company is to ensure protection of the citizen's rights and freedoms during processing of personal data, including protection of one's right to personal and family privacy, clear and strict compliance to the requirements primarily of the Russian legialtion on personal data.
1.5. This Policy applies to all personal data of individuals processed by the Company, as well as to processes related to personal data processing. The Company may process personal data with or without automated data processing tools. The processes may include, without limitation, gathering, recording, classification, accumulation, storage, rectification (updating, editing), making electronic copies, retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of persona data.
1.6. The Company processes personal data, including data storage, on servers located in the Russian Federation. Copies of data you leave on the platform of the contractor Ex Ordo Ltd shall be stored at the latter's server located in the Federal Republic of Germany.
1.7. The Company has the right to update this Policy as necessary. The Policy must be revised in case of significant changes in the international or national legislation on personal data. If we process personal data, we undertake to notify you of any such changes by email.
1.8. The Company does not check validity of personal data or the legal capacity of the person providing such data. You guarantee that all data is valid, up-to-date, compliant with Russian and applicable EU legislation on personal data protection.
2. Third-party services (Contractor)
Ex Ordo Ltd
2.2. We use Ex Ordo services to arrange your participation as a speaker. Therefore we process only the data collected by Ex Ordo which we can access through the platform of Ex Ordo.
3. Purpose of personal data processing
The Company shall be guided by sufficiency, reasonableness, and feasibility when processing personal data. We carry out processes related to personal data processing in cases and for purposes listed in this section.
3.1. When accessing Services, for proper performance of obligations by the Company, proper provision of services, receipt and processing of requests for such services, registration on the Services, identification of a Service user, recovery of Service password, and in any other cases related to such actions. Your use of the Services shall mean unconditional acceptance of this Policy and personal data processing conditions stated therein. If you disagree with this policy, stop using the Services immediately.
3.3. When contacting you, to receive feedback and to provide you with any accurate and complete information related to the Company's activities. Including, but not limited to, provision of information of the Services and services, emailing information on Services, events and promotional activities arranged by the Company and/or by authorized third parties. The Company shall have the right to use the phone number and/or email you provide to contact you.
3.4. When receiving your feedback for the following purposes:
- receiving information on loyalty and satisfaction with Services and services, for further review and processing of that information4
- analysis to improve quality of Services;
- performance of any type of study.
3.5. When ensuring protection and confidentiality of your personal data, to ensure operability and security of Services, to confirm actions you perform, for actions aimed at preventing fraud, cyberattacks, and other abuse, as well as for investigation of such cases.
4. List of processed personal data
4.1. Depending on your status, we can use the Contractor's platform to process the following personal data:
4.1.1. General personal data: full name, email address, phone number.
4.1.2. Other personal data: gender, date and place of birth, a photo, citizenship, place of residence, ID, primary and additional education, job title, employer, work experience, skills, professional achievements, presentations, and articles.
4.2. Other information processed by the Company and Contractor:
4.2.1. Data on devices: IP address, type of operating system, type of device (computer, cell phone, tablet), browser type, geolocation, web form fill-in, and Internet provider.
4.2.3. Information obtained as a result of your actions, including data on submitted comments, inquiries, replies, and questions.
5. Principles of personal data processing
Sufficiency is the main principle we follow when processing personal data. Your personal data will not be processed unless really necessary.
When processing personal data, we are also governed by the following principles:
5.1. Lawfulness, fairness and transparency of personal data processing (“lawfulness, fairness and transparency”).
5.2. Processing of personal data in compliance with specified, explicit and legitimate purposes (“purpose limitation”).
5.3. Prevention of merging of databases containing personal data processed for incompatible reasons.
5.4. Processing of only such types of personal data that fit the purpose of their processing including their volume and content (“data minimization”).
5.5. Accuracy, applicability, and reliability of personal data (“accuracy”).
5.6. Lawfulness of technical measures aimed at personal data processing. Processing of personal data in a secure manner, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
5.7. Reasonableness and feasibility of personal data processing.
5.8. Storage of personal data in a format allowing to identify the individual is possible only for the time required for their processing, or for as long as the individual's consent is valid (“storage limitation”).
5.9. Processed personal data shall be destroyed or depersonalized immediately in cases listed in the Policy.
6. Processing personal data
6.1. Personal data collection
Personal data can be collected in the following ways:
- You provide personal data by filling in forms, including online forms on the Services.
- Data is collected automatically using technologies and services, such as web protocols, cookies, web markers launched only when you fill in your data.
- You provide personal data in writing, including the use of communication means.
6.2. Storage and use of personal data.
- Personal data shall be stored only on properly secured media, including electronic media, and processed with or without automated data processing tools.
- The Company performs automated processing of personal data, using databases located in the Russian Federation.
- The Contractor performs automated processing of personal data, using databases located in the Federal Republic of Germany.
6.3. Handover of personal data
- Personal data is provided to Consultants in order to achieve the goals stated earlier and data transfer shall be based on the agreement with the respective Consultant. Consultants undertake to use personal data strictly in compliance with this Policy to achieve the stated goals and to provide services under an agreement.
6.4. Destroying personal data
The Company shall destroy personal data if copies of such data are stored in the Company, or send a request to third parties, including Contractor, to remove the data in the following cases:
- there is a threat to security of Services;
- the goal of personal data processing is achieved, or it is no longer necessary to achieve it;
- you violated the Policy;
- personal data storage period has expired;
- the agreement has expired or was terminated;
- at your request or if the individual revokes his/her consent for personal data processing.
7. Your rights
7.1. You have the right to receive information on processing of your personal data, including the following:
- confirming the fact of your personal data processing;
- legal grounds for your personal data processing;
- purposes and methods the Company uses to process your personal data;
- what personal data of yours we process and where we get it from;
- time of your personal data processing, including storage time;
- procedure for exercising the rights provided for by the legislation of the Russian Federation;
- information on actual or planned cross-border data transfer;
- information on persons to whom your personal data may be provided under an agreement with the Company or in compliance with the legislation of the Russian Federation;
- name of the entity or full name and address of the individual processing personal data at the Company's request, if such entity or individual is tasked or will be tasked with processing;
- other information provided for by the legislation of the Russian Federation.
You have the right to receive such information any number of times. Just send a request to the Company as provided for by Section 12 of this Policy.
8. Obligations of the Company
8.1. As required by the Law, the Company is obligated to do the following:
8.1.1. At your request, provide information on processing of your personal data listed in Item 7.1 of the Policy, or a justified refusal.
8.1.2. Take necessary and sufficient measures to fulfill obligations provided for by the Law.
8.1.3. At your request, update processed personal data, block or remove it if it's incomplete, outdated, obtained illegally or not required for the stated purpose of processing.
8.1.4 Ensure that personal data is processed with due diligence. If personal data cannot be processed with due diligence, the Company shall destroy or ensure destruction of personal data within 10 (ten) workdays after discovering that data was processed without due diligence, by sending an appropriate request to third parties, including the Contractor.
8.1.5. If the agreement with you expires of your consent for personal data processing is revoked, we stop processing your personal data and destroy it immediately. Exception can be made when processing continues by virtue of legislation.
9. Information on personal data protection
9.1 All personal data you provide shall be confidential by default. Protection of personal data processed by the Company is ensured by implementation of legal, organizational, and technical measures necessary and sufficient to ensure compliance with requirements of the Russian Federation legislation on personal data protection. However, we always strive to ensure maximum protection of your data and apply more measures to protect personal data than required by legislation. Here are some of the measures the Company takes to protect personal data.
9.2. Legal measures
9.2.1. Development of local Company regulations to fulfill requirements of the Russian legislation, including this Personal Data Processing and Protection Policy, and placing it at https://www.phdays.com/en/privacy-policy-cfp/.
9.2.2. Refusal to use any personal data processing methods not fit for the purpose predetermined by the Company.
9.3. Organizational measures
9.1. Assigning a person responsible for arrangement of personal data processing. You can contact that person using the following email: email@example.com.
9.3.2. Limiting the number of Company employees having access to personal data, and arranging a system of permits for access.
9.3.3. Regular assessment of risks related to personal data processing.
9.3.4. Internal investigations to identify any facts related to unauthorized access to personal data.
9.3.5. Using encryption when processing personal data.
9.3.6. Monitoring and security assessment of the Company's network infrastructure.
9.3.7. Educating Company employees on provisions of the Russian Federation legislation on personal data, the EU legislation on personal data, including personal data protection requirements, local regulations of the Company on personal data protection. Training the employees.
9.3.8. Arranging security of premises storing media with personal data, to prevent unauthorized access or presence of individuals who have no right to access such premises.
9.3.9 Arranging trainings for Company employees in various aspects of personal data processing.
9.4. The Company undertakes, and obligates third parties if they are given the right to process personal data, to maintain confidentiality of personal data and not use personal data without a legal basis for its processing.
10. Cross-border data transfer
10.1. We are an international company. Therefore, for purposes stated in this Policy, we may transfer your personal data to countries other than those where it was originally obtained. This is called cross-border data transfer. Before cross-border data transfer the Company shall ensure that the country to which personal data is transferred will provide adequate protection of your rights as a personal data subject . In case of cross-border personal data transfer, we protect your data in compliance with this Policy.
11. Limitation of Policy effect
11.1. You must also be reasonable and responsible when making your personal data publicly available, including feedbacks and comments on the Services.
11.2. The Company shall not be responsible for actions of third parties who gain access to your personal data as a result of your actions.
12. Inquiries of personal data subject
12.1 You have the right to send inquiries to the Company, including inquiries regarding the use of your personal data^
12.1.1. In writing to Preobrazhenskaya Sq. 8, Moscow, 107061
12.1.2. Electronically by emailing to firstname.lastname@example.org
12.2. To respond to your inquiry, including inquiries regarding the use of your personal data, the Company must first confirm your identity to avoid unauthorized transfer of data to third parties. Therefore, your inquiry must contain the following information.
12.2.1. Number of your ID
12.2.2. Date of ID issue and issuing authority
12.2.3. Information confirming your participation in dealings with the Company
12.2.4. Your signature
12.3. The Company undertakes to process your inquiry and respond within 30 (thirty) calendar days of inquiry receipt.
12.4. All correspondence received by the Company (written or electronic inquiries) is considered restricted information and will not be disclosed without your written consent.