Moscow, the Russian Federation
Effective Date: 28.06.2019
The personal data processing policy (hereinafter: the “Policy”) is developed in accordance with Federal Law “On Personal Data” No. 152-FZ dated 27 July 2006 (hereinafter: “FZ - 152”).
This Policy establishes the procedure for personal data processing and measures to ensure security of the personal data to be applied at “AWAD Ticket”, limited liability company; 115114, Moscow, Derbenevskaya naberezhnaya, 7, bld. 12, 2nd floor; TIN 7704719450; OGRN 1097746010724 (hereinafter: the “Operator”) in order to protect rights and liberties of an individual and a citizen while processing the personal data thereof, inter alia, a right to privacy, personal and family secrets.
The following basic terms and definitions are used in this Policy:
automated processing of personal data means the personal data processing using computer technology;
blocking of personal data means temporary interruption of the personal data processing (except where the processing is necessary to adjust the personal data);
information system of personal data means a combination of the personal data included into personal data databases and information technologies and hardware used to procure processing thereof;
anonymization of personal data means actions making it impossible to identify the personal data as related to a certain personal data subject without any additional information;
personal data processing means any action (operation) or a series of actions (operations) performed with the personal data, with or without automation facilities, including collection, recording, systematization, accumulation, storage, adjustment (updating, alteration), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion and destruction of the personal data;
operator means a state authority, municipal authority, legal or private person which (alone or jointly with other persons) organizes and (or) performs the personal data processing and defines purposes of the personal data processing, content of the personal data to be processed, and actions (operations) to be made with the personal data;
personal data means any information related (directly or indirectly) to an identified or identifiable individual (the personal data subject);
provision of personal data means actions aimed to disclose the personal data to a certain person or certain group of persons;
distribution of personal data means actions aimed to disclose the personal data to the public (personal data transfer) or to familiarize the general public with such data including disclosure of the personal data in mass media, posting thereof in information and telecommunication networks or granting access to the personal data in any other way;
trans-border transfer of personal data means the personal data transfer to a foreign country, foreign government authority, foreign individual or foreign legal person;
destruction of personal data means actions making it impossible to restore the personal data content in the information system of personal data and (or) resulting in destruction of tangible carriers of the personal data.
The Operator shall be obliged to publish or otherwise provide unrestricted access to this Personal Data Processing Policy in accordance with para 2 of Article 18.1 of FZ-152.
2.1 Principles of Personal Data Processing
The Operator shall process the personal data based on to the following principles:
2.2 Terms of Personal Data Processing
The Operator shall process the personal data where at least one of the following terms is met:
2.3 Confidentiality of Personal Data
The Operator and other persons who have obtained an access to the personal data shall not disclose the personal data to any third parties or distribute the personal data without the personal data subject’s consent unless otherwise provided for by a federal law.
2.4 Publicly Available Sources of Personal Data
For the purposes of information support, the Operator may create publicly available sources of personal data of the personal data subjects including directories and address books. The publicly available sources of personal data, with the written consent of the personal data subject, may include the subject's surname, first name, patronymic, date and place of birth, title, contact phones, email address and any other personal data provided by the personal data subject.
The information on the personal data subject shall be removed, at any time, from the publicly available sources of personal data whenever this is requested by the personal data subject, a body authorized to protect the personal data subjects’ rights or required by a court order.
2.5 Special Categories of Personal Data
The Operator may process special categories of personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, state of health, intimate life where:
The processing of special categories of personal data which has been performed in cases provided for by item 4 of Article 10 of FZ-152 shall be immediately terminated where the processing reasons have been eliminated unless otherwise prescribed by a federal law.
The Operator may process personal data regarding criminal convictions only in cases and according to procedures set forth by federal laws.
2.6 Biometric Personal Data
The Operator may process details which characterize physiological and biological features of a person based on which he/she may be identified (biometric personal data) only with the written consent of the personal data subject.
2.7 Assignment of Personal Data Processing to Other Persons
The Operator may authorize and instruct any other person to process the personal data with the personal data subject’s consent unless otherwise prescribed by a federal law, based on an agreement to be entered into with this person. A person processing the personal data upon the Operator’s instruction shall observe the principles and rules of the personal data processing set forth by FZ-152 and this Policy.
2.8 Processing of Personal Data of Russian Federation Citizens
Pursuant to Article 2 of Federal Law No. 242-FZ “On amendments to certain legislative acts of the Russian Federation related to adjustment of the procedure for personal data processing in information and telecommunication networks» dated 21 July 2014, when collecting personal data, inter alia, when using the information and telecommunication network Internet, the operator shall ensure recording, systematization, accumulation, storage, adjustment (updating, alteration), extraction of the personal data of the Russian Federation citizens using databases located within the Russian Federation except as follows:
the personal data processing is necessary to comply with purposes established by an international treaty of the Russian Federation or under law, to enable the operator to perform and fulfill functions, powers and obligations imposed on the operator under the legislation of the Russian Federation;
the personal data processing is necessary to administer justice, to execute a judicial act or an act issued by any other authority or an officer which are enforceable under the legislation of the Russian Federation on enforcement proceedings (hereinafter: execution of a judicial act);
the personal data processing is necessary to fulfill powers imposed on federal executive authorities, authorities of state non-budget funds, executive government authorities of federal subjects of the Russian Federation, local authorities and functions of organizations involved in provision of state and municipal services, accordingly, under Federal Law No. 210-FZ “On organization of provision of state and municipal services” dated 27 July 2010, including registration of the personal data subject on the unified portal for state and municipal services and (or) regional portals for state and municipal services;
the personal data processing is neсessary to conduct professional activity as journalist and (or) legal activity as mass media, or to perform scientific, literary or other creative activity provided that the rights and legitimate interests of the personal data subject are not infringed.
2.9 Trans-Border Transfer of Personal Data
The Operator shall make sure that any foreign state where the personal data are to be transferred ensures adequate protection of the personal data subjects’ rights before commencing such transfer.
The trans-border transfer of personal data to foreign states which do not ensure adequate protection of the personal data subjects’ rights may be carried out in the following cases:
3.1 Consent of the Personal Data Subject to Processing of his/her Personal Data
The personal data subject shall, freely, willingly and in his/her own interest, make a decision to provide his/her personal data and give his/her consent to processing thereof. The consent to personal data processing may be given by the personal data subject or his/her representative in any form which makes it possible to confirm receipt thereof unless otherwise prescribed by a federal law.
3.2 Rights of the Personal Data Subject
The personal data subject shall be entitled to obtain from the Operator information relating to processing of his/her personal data if such right is not limited under federal laws. The personal data subject may require the Operator to adjust his/her personal data, to block or destroy them where such personal data are incomplete, outdated, inaccurate, illegally obtained or inessential for the declared purpose of processing, and also to take statutory actions to protect his/her rights.
The personal data processing for marketing goods, works, services by making direct contacts with the personal data subject (a potential consumer) using communication means and for political agitation shall be permitted only subject to a prior consent of the personal data subject.
The Operator shall, upon request by the personal data subject, immediately terminate processing of his/her personal data for the above-mentioned purposes.
It shall be prohibited to make decisions which cause legal consequences for the personal data subject or otherwise affect his/her rights and legitimate interests only based on the automated processing of personal data except for cases contemplated by federal laws or subject to a written consent of the personal data subject.
Where the personal data subject believes that the Operator violates the requirements set forth in FZ-152 in processing his/her personal data or otherwise infringes his/her rights and liberties, the personal data subject may appeal against actions or omissions of the Operator to a body authorized to protect the personal data subjects’ rights or through legal action.
The personal data subject shall have the right to protect his/her rights and legitimate interests including the right to indemnity for losses and/or compensation for moral injury.
When processing the personal data, the Operator shall ensure security of the personal data by taking legal, organizational and technical measures necessary to observe federal laws concerning personal data security.
The Operator shall take the following organizational and technical measures to prevent unauthorized access to the personal data:
Any other rights and obligations of the Operator connected with the personal data processing shall be established by the legislation of the Russian Federation concerning personal data.
The Operator’s employees who violate the personal data processing rules and security thereof shall bear financial, disciplinary, administrative, civil or criminal liability under federal laws.
This document is made in Russian. The translation hereof in any other language shall be additional and placed for convenience of the User only. Should any discrepancies between the Russian version and translations hereof arise, the Russian version shall prevail.