See also:
Hotel blacklist

Privacy Policy

  1. Home
  2. Privacy Policy

Policy "Processing of Personal Data

in Bronevik Company LLC"

 

Responsible for Implementation - Director of Comprehensive Security

Responsible for Development - Security Department

 

DOCUMENT INFORMATION

 

Purpose of the Document - Protection of the rights and legitimate interests of personal data subjects; Ensuring Bronevik Company LLC's compliance with personal data legislation requirements.

Brief Description - The Policy "Processing of Personal Data in Bronevik Company LLC" (hereinafter – the "Policy") defines the principles, procedure, and conditions for the processing of personal data of clients, employees of Bronevik Company LLC, and other individuals whose personal data is processed by Bronevik Company LLC, as well as by persons on behalf of Bronevik Company LLC.

Access Restriction  - None

Review Frequency - 3 years

 

RESPONSIBILITY AND SCOPE OF APPLICATION

 

This document regulates the activities of the following departments and officials, including those acting in relevant roles:

 

Name of Department/Position/Role - All departments and officials of Bronevik Company LLC involved in the processing of personal data.

 

DEFINITION OF TERMS AND ABBREVIATIONS

 

Term Name | Definition (Explanation of Abbreviation) :

Client** | An individual or legal entity with whom and/or for whose benefit a civil law contract of any nature is concluded, or who intends to conclude such a contract.

Personal Data (PD) | Any information relating directly or indirectly to an identified or identifiable individual (personal data subject).

Personal Data Authorized by the Subject for Dissemination | Personal data, access to which by an unlimited number of persons is provided by the personal data subject by giving consent to the processing of personal data authorized by the subject for dissemination in accordance with the procedure established by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".

Biometric Personal Data** | Information that characterizes the physiological and biological characteristics of an individual, on the basis of which their identity can be established and which is used by the operator to identify the personal data subject.

Special Categories of Personal Data| Information concerning race, ethnicity, political views, religious or philosophical beliefs, health status, intimate life.

|Personal Data Operator |  Operator - a state body, municipal body, legal entity, or individual, independently or jointly with other persons, organizing and/or carrying out the processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data.

Processing of Personal Data | Any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

Dissemination of Personal Data | Actions aimed at disclosing personal data to an indefinite circle of persons.

Provision of Personal Data | Actions aimed at disclosing personal data to a specific person or a specific circle of persons.

Blocking of Personal Data | Temporary cessation of personal data processing (except for cases where processing is necessary to clarify personal data).

Destruction of Personal Data | Actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or which result in the destruction of material carriers of personal data.

Depersonalization of Personal Data | Actions as a result of which it becomes impossible, without the use of additional information, to determine the belonging of personal data to a specific personal data subject.

Personal Data Information System (PDIS) | A set of personal data contained in databases and information technologies and technical means ensuring their processing.

Cross-Border Transfer of Personal Data| Transfer of personal data to the territory of a foreign state to a foreign state authority, foreign individual, or foreign legal entity.

 

GENERAL PROVISIONS

 

The activities of Bronevik Company Limited Liability Company (hereinafter referred to as Bronevik Company LLC, the Operator) under this Policy "Processing of Personal Data in Bronevik Company LLC" (hereinafter referred to as the Policy) primarily aim to ensure the protection of the rights and freedoms of personal data subjects during the processing of their PD, including the protection of the rights to privacy, personal and family secrets.

This Policy is developed in accordance with the provisions of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (hereinafter referred to as Law No. 152-FZ), as well as other by-laws and regulations in the field of personal data.

The provisions of the Policy apply to all PD processed by the Operator and form the basis for organizing PD processing activities in Bronevik Company LLC, including for the development of other internal regulatory documents governing the PD processing process in Bronevik Company LLC. The Policy applies to PD processed by the Operator that were obtained both before and after the enactment of this Policy. The procedure for processing PD in Bronevik Company LLC is regulated by this Policy in accordance with the requirements of the current legislation of the Russian Federation in the field of PD and sectoral legislation of the Russian Federation, if it establishes the procedure for processing PD.

 

* This Policy applies to all processes of Bronevik Company LLC related to the processing of PD of subjects and is mandatory for all employees of Bronevik Company LLC who process PD as part of their job responsibilities.

*   In accordance with clause 2, part 2, article 1 of Law No. 152-FZ, the handling of documents transferred for storage in accordance with the legislation on archiving in the Russian Federation is not regulated by this Policy.

*   In all cases not regulated by this Policy, it is necessary to be guided by the current legislation of the Russian Federation. If an international treaty of the Russian Federation establishes rules other than those provided for by Law No. 152-FZ, then Bronevik Company LLC applies the rules of the international treaty.

 

PRINCIPLES OF PERSONAL DATA PROCESSING

 

The processing of PD in Bronevik Company LLC is carried out based on the following principles:

*   Processing of PD is carried out on a lawful and fair basis;

*   Processing of PD is limited to the achievement of specific, predetermined, and lawful purposes. Processing of PD that is incompatible with the purposes of PD collection is not permitted;

*   Combining databases containing PD, the processing of which is carried out for incompatible purposes, is not permitted;

*   Only PD that meet the purposes of their processing are subject to processing;

*   The content and volume of processed PD must correspond to the stated purposes of processing. Processed PD must not be excessive in relation to the stated purposes of their processing;

*   During PD processing, the accuracy of PD, their sufficiency, and, where necessary, their relevance in relation to the purposes of PD processing must be ensured. Bronevik Company LLC takes necessary measures or ensures their adoption to delete or clarify incomplete or inaccurate data;

*   Storage of PD is carried out in a form that allows identification of the PD subject no longer than required by the purposes of PD processing, unless the storage period for PD is established by federal law, an agreement to which the PD subject is a party, beneficiary, or guarantor;

*   Processed PD are subject to destruction or depersonalization upon achievement of the processing purposes or in case of loss of the necessity to achieve these purposes, unless otherwise provided by federal law.

 

CONCEPT, COMPOSITION, AND CATEGORIES OF PERSONAL DATA

 

Within the framework of this Policy, personal data means any information relating directly or indirectly to a specific or identifiable individual (personal data subject).

PD is information of limited access (confidential) in accordance with the legislation of the Russian Federation. PD can be processed independently or as part of other confidential information, the processing procedure of which is established by sectoral federal laws, in particular, on commercial secrets (commercial secret), on tourism, on banks (banking secrecy), on archiving, and others.

Bronevik Company LLC, within the framework of its activities, has the right to process special categories of PD only in cases expressly provided for by the current legislation of the Russian Federation in the field of PD and/or in the presence of legal grounds. Bronevik Company LLC also has the right to process information about criminal records only in cases expressly provided for by the current legislation of the Russian Federation.

Bronevik Company LLC, within the framework of its activities, has the right to process biometric PD to establish the identity of the PD subject only with their written consent, except for cases of processing biometric PD provided for in part 2 of article 11 of Law No. 152-FZ. The form and procedure for obtaining written consent must comply with the requirements of part 4 of article 9 of Law No. 152-FZ.

Bronevik Company LLC, within the framework of its activities, has the right to process PD authorized by the PD subject for dissemination, in the form and procedure provided for by the provisions of article 10.1 of Law No. 152-FZ, taking into account the prohibitions and restrictions established by the PD subject.

 

Bronevik Company LLC processes PD of the following categories of personal data subjects:

*   Current employees;

*   Dismissed employees;

*   Close relatives of employees;

*   Interns;

*   Employees of counterparties;

*   Candidates for vacant positions;

*   Clients – individuals;

*   Users of mobile applications and services;

*   Individuals with whom civil law contracts are concluded;

*   Individuals who have contacted the contact center;

*   Visitors to the office of Bronevik Company LLC;

 

SOURCES OF OBTAINING PERSONAL DATA

 

The obtaining of PD in Bronevik Company LLC is organized in such a way as not to violate the confidentiality of the collected PD.

The personal data processed by Bronevik Company LLC can be obtained both directly from the PD subject and from other third parties who are counterparties of Bronevik Company LLC.

When obtaining PD directly from the PD subject, Bronevik Company LLC undertakes to ensure the existence of legal grounds provided for by the current legislation of the Russian Federation in the field of personal data. In cases where the legal basis for PD processing is the consent of the PD subject, such consent can be obtained in any form that allows confirmation of the fact of its receipt, but such consent must meet the requirements of specificity, informedness, and consciousness. In cases expressly provided for by federal law, the processing of personal data is allowed only with the written consent of the PD subject, the form and procedure for obtaining which must comply with the requirements of part 4 of article 9 of Law No. 152-FZ.

 

In case of incapacity of the PD subject, written consent to the processing of their PD is obtained from their legal representative.

 

When obtaining PD not from the PD subject, Bronevik Company LLC, before starting the processing of such PD, undertakes to provide the PD subject with the following information:

*   The name or surname, first name, patronymic (if any) and address of the operator or its representative;

*   The purpose of PD processing and its legal basis;

*   The list of PD;

*   The intended users of the PD;

*   The rights of the PD subject established by Law No. 152-FZ;

*   The source of obtaining the PD.

 

Bronevik Company LLC is released from the obligation to inform the PD subject about the receipt of PD from third parties in the following cases:

*   The PD subject is notified by the person who commissioned the processing of the PD subject's PD about the processing of their PD by Bronevik Company LLC;

*   PD are obtained by Bronevik Company LLC on the basis of a federal law or in connection with the execution of a contract to which the PD subject is a party, beneficiary, or guarantor;

*   The processing of PD authorized by the PD subject for dissemination is carried out in compliance with the prohibitions and conditions provided for in article 10.1 of Law No. 152-FZ;

*   Bronevik Company LLC processes PD for statistical or other research purposes, provided that the rights and legitimate interests of the PD subject are not violated;

*   Informing the PD subject violates the rights and legitimate interests of third parties.

 

When collecting PD, including via the Internet information and telecommunications network, the recording, systematization, accumulation, storage, clarification (updating, modification), retrieval of PD of citizens of the Russian Federation must be carried out in Bronevik Company LLC using databases located on the territory of the Russian Federation, except for cases provided for by Law No. 152-FZ.

 

METHODS OF PROCESSING PERSONAL DATA

 

*   The processing of PD in Bronevik Company LLC can be carried out both with and without the use of automation tools, including by performing the following actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of PD.

*   Automated processing of PD must be carried out in the PDIS of Bronevik Company LLC in strict accordance with this Policy.

*   Automated processing of personal data is carried out using computer technology, both installed locally and combined into a PDIS.

*   Access to the PDIS is granted to authorized employees only for the performance of their functions and job duties.

 

During automated processing, personal data are contained on machine-readable media. The recording of personal data on a machine-readable medium is carried out using computer technology (copying personal data to any removable or non-removable machine-readable medium, entering personal data into a database, etc.).

*   Non-automated processing of PD must be carried out in such a way that PD are separated from other information, in particular by recording them on separate material carriers of PD, in special sections or fields of forms and in other ways.

*   When non-automated processing of PD involves the use of standard document forms, the nature of the information in which implies or allows the inclusion of PD (hereinafter – standard form), the following conditions must be met:

    a) The standard form or related documents (instructions for its completion, cards, registers, and journals) must contain:

    *   Information about the purpose of PD processing carried out without the use of automation tools;

    *   Details of Bronevik Company LLC (name and address);

    *   Surname, first name, patronymic (if any) and address of the PD subject;

    *   Source of PD, terms of PD processing;

    *   List of actions with PD that will be performed during their processing;

    *   General description of the processing methods used by the operator;

    b) The standard form must provide a field where the PD subject can mark their consent to the processing of PD carried out without the use of automation tools - if it is necessary to obtain written consent for PD processing;

    c) The standard form must be drawn up in such a way that each of the PD subjects contained in the document has the opportunity to familiarize themselves with their PD contained in the document without violating the rights and legitimate interests of other PD subjects;

    d) The standard form must exclude the combination of fields intended for entering PD, the processing purposes of which are obviously incompatible.

 

*   Persons processing PD without the use of automation tools (employees of Bronevik Company LLC and other persons processing PD on behalf of Bronevik Company LLC) must be informed about the fact that they are processing PD, which is carried out by Bronevik Company LLC without the use of automation tools, the categories of processed PD, as well as the features and rules for such processing established by regulatory legal acts of federal executive bodies, executive bodies of constituent entities of the Russian Federation, as well as regulatory documents of Bronevik Company LLC.

*   When storing PD on material carriers (including machine-readable carriers), it is not allowed to store on one material carrier PD, the processing purposes of which are obviously incompatible. If the processing purposes of personal data recorded on one material carrier are incompatible, and if the material carrier does not allow processing personal data separately from other personal data recorded on the same carrier, measures must be taken to ensure separate processing of personal data. For processing various categories of PD carried out without the use of automation tools, a separate material carrier should be used for each category of PD.

*   Bronevik Company LLC has the right to make decisions that give rise to legal consequences for the PD subject or otherwise affect their rights and legitimate interests, based solely on automated processing of their PD, only with the written consent of the PD subject or in cases provided for by federal laws that also establish measures to ensure the observance of the rights and legitimate interests of the personal data subject.

*   Processing of PD for the purpose of promoting goods, works, services on the market by means of direct contacts with a potential consumer via communication means is allowed only subject to the prior consent of the PD subject. Bronevik Company LLC is obliged to immediately terminate, upon the demand of the PD subject, the processing of their PD for the aforementioned purposes.

 

PURPOSES OF PROCESSING PERSONAL DATA

 

Bronevik Company LLC is a PD operator, independently or jointly with other persons, organizes and/or carries out the processing of PD, and also determines the purposes of PD processing, the composition of PD to be processed, actions (operations) performed with PD.

 

The processing of PD of PD subjects is carried out in Bronevik Company LLC for the following purposes:

Ensuring the labor rights and provided labor guarantees for employees of Bronevik Company LLC, labor and production processes, including the execution of the labor legislation of the Russian Federation and other acts containing labor law norms, assisting employees in employment, education, and career advancement, ensuring personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property, information support;

*   Consideration of candidates for vacant positions;

*   Maintaining accounting records and preparing tax reporting;

*   Fulfillment of the legislation of the Russian Federation on limited liability companies;

*   Registration and accounting of visitors to the office of Bronevik Company LLC, implementation of access control;

*   Search and booking of hotel, excursion, transport, and other services;

*   Ensuring compliance with the legislation of the Russian Federation in the field of transport and tourism;

*   Carrying out service and information support for the Client;

*   Provision of services and service offerings;

*   Providing access (including registration) to Internet sites, platforms, marketplaces, mobile applications;

*   Conducting advertising and marketing activities and campaigns, including advertising and marketing activities and campaigns of third parties;

*   Participation of the personal data subject in testing products, services, and service offerings of Bronevik Company LLC, subject to the consent of the personal data subject, or in the presence of other legal grounds provided for by the current legislation of the Russian Federation;

*   Execution of a contract to which the personal data subject is a party, or a beneficiary or guarantor under which is the personal data subject, as well as conclusion of a contract on the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor;

*   Interaction with counterparties and partners during procurement activities and contract work, during the execution of contracts and agreements;

*   Carrying out pre-trial and judicial work, including for the purpose of debt collection;

*   Processing of messages by the contact center;

*   Fulfillment and ensuring compliance with the requirements of laws and other regulatory legal acts of the Russian Federation and international and foreign legislation applicable to Bronevik Company LLC;

*   Charitable activities.

 

CONFIDENTIALITY OF PERSONAL DATA

 

Bronevik Company LLC, in the course of its activities, is obliged to ensure the confidentiality of the processed PD, in particular, Bronevik Company LLC undertakes not to disclose to third parties and not to distribute PD without the consent of the PD subject, unless otherwise provided by the current legislation of the Russian Federation.

 

TRANSFER AND INSTRUCTION FOR PROCESSING OF PERSONAL DATA

 

The processing of PD in Bronevik Company LLC can be carried out by:

*   Employees of Bronevik Company LLC;

*   Other persons processing PD on behalf of Bronevik Company LLC.

 

*   The processing of PD by other persons can be carried out on the basis of an appropriate agreement with Bronevik Company LLC, which contains an instruction for the processing of PD with the consent of the personal data subject, unless otherwise provided by Law No. 152-FZ. The instruction must define the list of actions (operations) with PD that will be performed by the person processing the PD, the purposes of processing, must establish the obligation of such person to maintain the confidentiality of PD and ensure the security of PD during their processing, and must also indicate the requirements for the protection of the processed PD in accordance with Article 19 of Law No. 152-FZ.

 

*   When transferring PD to a third party, the following conditions must be met:

*   Transfer (provision of access) of PD to a third party is carried out on the basis of a contract, an essential condition of which is the third party's ensuring the confidentiality of PD and the security of PD during their processing;

*   Transfer (provision of access) of PD to a third party is carried out on the basis of the current legislation of the Russian Federation;

*   Presence of the PD subject's consent to the transfer of their PD to a third party, except for cases provided for by law.

 

Bronevik Company LLC, in the course of its activities, has the right to carry out cross-border transfer of PD. Cross-border transfer of PD to the territory of foreign states can be carried out by Bronevik Company LLC in accordance with the provisions of Article 12 of Law No. 152-FZ.

 

For information support purposes, publicly available sources of data (including specialized directories, telephone books, address books, etc.) containing PD may be created in Bronevik Company LLC, to which access may be provided to an unlimited number of persons with the written consent of the PD subject. Information about the PD subject may be excluded by Bronevik Company LLC from public sources of PD at any time at the request of the PD subject or by a court decision or other authorized state bodies.

 

FEATURES OF PROCESSING PERSONAL DATA AUTHORIZED BY THE SUBJECT FOR DISSEMINATION

 

Bronevik Company LLC, within the framework of its activities, may disseminate personal data of PD subjects only with the appropriate consent of the PD subject and in strict accordance with the requirements of Article 10.1 of Law No. 152-FZ.

 

Consent to the processing of PD authorized by the PD subject for dissemination must be executed separately from other consents of the PD subject to the processing of their PD. Bronevik Company LLC undertakes to provide the PD subject with the opportunity to determine the list of PD for each category of PD specified in the consent to the processing of PD authorized by the PD subject for dissemination.

The form and content of the consent to the processing of PD authorized by the PD subject for dissemination must comply with the requirements established by the authorized body for the protection of the rights of PD subjects regarding such consent. Silence or inaction of the PD subject under no circumstances can be considered consent to the processing of PD authorized by the PD subject for dissemination.

In the consent to the processing of PD authorized by the personal data subject for dissemination, the PD subject has the right to establish prohibitions on the transfer (except for providing access) of these personal data by the Operator to an unlimited number of persons, as well as prohibitions on the processing or conditions for processing (except for obtaining access) of these PD by an unlimited number of persons.

Bronevik Company LLC undertakes to publish, no later than three business days from the receipt of the corresponding consent of the PD subject, information on the conditions of processing and on the presence of prohibitions and conditions for the processing by an unlimited number of persons of PD authorized by the PD subject for dissemination.

Bronevik Company LLC undertakes to stop the transfer (distribution, provision, access) of PD authorized by the PD subject for dissemination in case of receipt of a corresponding demand from the PD subject. This demand must include the surname, first name, patronymic (if any), contact information (phone number, email address, or postal address) of the PD subject, as well as a list of PD whose processing is to be terminated.

 

RIGHTS AND OBLIGATIONS OF THE PERSONAL DATA SUBJECT

 

The PD subject has the right to:

*   Receive information concerning the processing of their PD, in the manner, form, and within the timeframes established by the legislation of the Russian Federation in the field of PD;

*   Demand the clarification of their PD, their blocking or destruction if the personal data are incomplete, outdated, inaccurate, illegally obtained, are not necessary for the stated purpose of processing, or are used for purposes not previously stated when the PD subject provided consent to the processing of personal data;

*   Take measures provided by law to protect their rights;

*   Demand the termination of the processing of their PD;

*   Withdraw their consent to the processing of personal data.

 

To exercise their right to receive information concerning the processing of their PD, the PD subject or their representative must apply to Bronevik Company LLC, at the details specified in Section 18 of this Policy, with a written application, which must contain:

*   Number of the main identity document of the PD subject or their representative;

*   Information on the date of issue of the specified document and the issuing authority;

*   Information confirming the participation of the PD subject in relations with the operator (contract number, date of conclusion of the contract, conditional verbal designation and/or other information), or information otherwise confirming the fact of PD processing by the operator,

*   Signature of the PD subject or their representative.

 

Within the framework of the current legislation of the Russian Federation in the field of PD, Bronevik Company LLC undertakes to provide the PD subject, upon their request, with the following information:

*   Confirmation of the fact of PD processing;

*   Legal grounds and purposes of PD processing;

*   Purposes and methods of PD processing applied by Bronevik Company LLC;

*   Name and location of Bronevik Company LLC;

*   Information about persons (except for employees of Bronevik Company LLC) who have access to PD or to whom PD may be disclosed on the basis of an agreement with Bronevik Company LLC or on the basis of federal law;

*   Processed PD relating to the respective PD subject, the source of their receipt, unless a different procedure for presenting such data is provided for by federal law;

*   Terms of PD processing, including their storage periods;

*   Procedure for the exercise by the PD subject of the rights provided for by Law No. 152-FZ;

*   Information about the carried out or intended cross-border data transfer;

*   Name or surname, first name, patronymic, and address of the person processing PD on behalf of Bronevik Company LLC, if processing is or will be entrusted to such a person;

*   Information on the methods of fulfillment by Bronevik Company LLC of the obligations established by Article 18.1 of Law No. 152-FZ;

*   Other information provided for by Law No. 152-FZ or other federal laws.

 

Within the framework of exercising the right to withdraw their consent to the processing of PD, the PD subject has the right to apply to Bronevik Company LLC with a statement on the withdrawal of previously given consent to the processing of personal data. However, Bronevik Company LLC reserves the right to continue the processing of personal data without the consent of the PD if such processing will be carried out in the presence of the grounds specified in clauses 2-11 of part 1 of article 6, part 2 of article 10, and part 2 of article 11 of Law No. 152-FZ.

 

The PD subject, for the purpose of clarifying and updating their PD, is obliged to promptly provide Bronevik Company LLC with information about changes in their PD.

 

TERMS OF PROCESSING (STORAGE) OF PERSONAL DATA

 

The procedure for storing PD processed in Bronevik Company LLC is determined by the regulatory documents of Bronevik Company LLC in accordance with the provisions of Law No. 152-FZ.

 

The terms of processing (storage) of PD are determined in accordance with the term of the contract with the PD subject, the Order of Rosarkhiv dated December 20, 2019 No. 236 "On Approval of the List of Typical Administrative Archive Documents Generated in the Course of Activities of State Bodies, Local Self-Government Bodies and Organizations, with Indication of Their Storage Periods", the statute of limitations, as well as other terms established by the legislation of the Russian Federation and the regulatory documents of Bronevik Company LLC.

 

PD whose processing (storage) period has expired must be destroyed, unless otherwise provided by federal law or the regulatory documents of Bronevik Company LLC. Storage of PD after the expiration of the storage period is allowed only after their depersonalization.

 

UPDATING, CORRECTION, DELETION, AND DESTRUCTION OF PERSONAL DATA. PROCEDURE FOR CONSIDERING REQUESTS FROM PERSONAL DATA SUBJECTS

 

In cases expressly provided for by Article 14 of Law No. 152-FZ, Bronevik Company LLC informs the PD subject or their representative about the availability of PD relating to the respective PD subject, and also provides an opportunity to familiarize themselves with these PD when the PD subject or their representative applies or within thirty days from the date of receipt of the request from the PD subject or their representative. This period may be extended, but not more than by five business days, provided that Bronevik Company LLC sends a motivated notification to the PD subject indicating the reasons for extending the period for providing the requested information.

 

Within the framework of fulfilling the requirements of Law No. 152-FZ, Bronevik Company LLC provides the PD subject or their representative with the opportunity to familiarize themselves with the PD relating to this personal data subject free of charge. Within a period not exceeding seven business days from the date the PD subject or their representative provides information confirming that the PD are incomplete, inaccurate, or outdated, Bronevik Company LLC makes the necessary changes to them. Within a period not exceeding seven business days from the date the PD subject or their representative provides information confirming that such PD were illegally obtained or are not necessary for the stated purpose of processing, Bronevik Company LLC destroys such PD. At the same time, Bronevik Company LLC undertakes to notify the PD subject or their representative about the changes made and measures taken and take reasonable measures to notify third parties to whom the PD of this subject were transferred.

 

In case of identification of unlawful processing of PD upon application/request of the PD subject, their representative, or the authorized body for the protection of the rights of PD subjects, the Operator undertakes, from the moment of application/request for the period of verification, to block the unlawfully processed PD relating to this PD subject, or ensure their blocking (if the processing of PD is carried out by another person acting on behalf of the Operator). In case of identification of inaccurate PD upon application/request of the PD subject, their representative, or the authorized body for the protection of the rights of PD subjects, the Operator undertakes to block the PD relating to this PD subject, or ensure their blocking (if the processing of PD is carried out by another person acting on behalf of the operator) from the moment of such application/request for the period of verification, if blocking the PD does not violate the rights and legitimate interests of the PD subject or third parties. In case of confirmation of the fact of inaccuracy of PD, Bronevik Company LLC, on the basis of information provided by the PD subject, their representative, or the authorized body for the protection of the rights of PD subjects, undertakes to clarify the PD or ensure their clarification (if the processing of PD is carried out by another person acting on behalf of the Operator) within 7 (seven) business days from the date of submission of such information and remove the blocking of PD.

 

Bronevik Company LLC also terminates the processing of PD or ensures the termination of PD processing by a person acting on its behalf:

*   In case of withdrawal by the PD subject of consent to the processing of their PD by Bronevik Company LLC within a period not exceeding 30 (thirty) days from the date of receipt of the said withdrawal, unless another period is established by the contract, other agreement, federal legislation, and in the absence of other legal grounds for PD processing;

*   In case of achievement of the purpose of PD processing, within a period not exceeding 30 (thirty) days from the date of achievement of the purpose, unless another period is established by the contract, other agreement, federal legislation, and in the absence of other legal grounds for PD processing;

*   In case of submission by the PD subject, their representative of information confirming that such PD were illegally obtained or are not necessary for the stated purpose of processing, within a period not exceeding 7 (seven) business days from the date of submission of such information;

*   In case of impossibility to ensure the lawfulness of PD processing, within a period not exceeding 10 (ten) business days from the date of identification of unlawful PD processing.

 

In the absence of the possibility to destroy PD within the specified period, Bronevik Company LLC blocks such PD or ensures their blocking, if the processing of PD is carried out by another person acting on behalf of Bronevik Company LLC, and ensures the destruction of PD within a period of no more than six months, unless another period is established by federal laws.

 

ENSURING THE SECURITY OF PERSONAL DATA DURING THEIR PROCESSING

 

When processing PD, Bronevik Company LLC takes legal, organizational, and technical measures to protect PD from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other unlawful actions regarding PD.

 

Ensuring the security of PD is carried out within the framework of establishing an information security regime for confidential information in Bronevik Company LLC.

 

Ensuring the security of PD, in particular, is achieved by:

*   Identifying threats to the security of PD during their processing in the PDIS;

*   Applying organizational and technical measures to ensure the security of PD during their processing in the PDIS, necessary to fulfill the requirements for the protection of PD, the fulfillment of which ensures the levels of PD protection established by the Government of the Russian Federation;

*   Applying information protection means that have passed the conformity assessment procedure in the prescribed manner;

*   Assessing the effectiveness of the measures taken to ensure the security of PD before putting the PDIS into operation;

*   Accounting for machine-readable carriers of PD;

*   Detecting facts of unauthorized access to PD;

*   Restoring PD modified or destroyed as a result of unauthorized access to them;

*   Establishing rules for access to PD processed in the PDIS, as well as ensuring the registration and accounting of all actions performed with PD in the PDIS;

*   Monitoring the measures taken to ensure the security of PD and the level of protection of PD in the PDIS.

 

The levels of protection of PD during their processing in the PDIS of Bronevik Company LLC, the requirements for the protection of PD ensuring the levels of protection of PD, are determined depending on the current threats to the security of personal data, taking into account the possible harm to the PD subject, the volume and content of the processed PD, the type of activity in the course of which PD are processed, in accordance with the requirements of Decrees of the Government of the Russian Federation, by-laws of FSTEC, FSB, and the Ministry of Digital Development of Russia, as well as agreements between Bronevik Company LLC, other PD operators, and PD subjects.

 

Ensuring the security of PD during cross-border processing of PD is carried out in accordance with the requirements and recommendations of international legal acts on ensuring the security of PD, international standards on information security, and the legislation of the countries in whose territory the PD are processed.

 

The use and storage of biometric PD outside the PDIS is carried out only using material information carriers and storage technologies that ensure the protection of biometric PD from unlawful or accidental access, destruction, modification, blocking, copying, provision, and distribution.

 

Protection of PD during non-automated processing is carried out in accordance with the requirements of the by-laws of the Russian Federation and the regulatory documents of Bronevik Company LLC on working with material information carriers.

 

COOKIE FILES

This section describes the rules for processing "cookie" files and similar technologies when visiting the website www.bronevik.com (hereinafter in this Section 17 – the "Site"). By using the Site, the PD Subject confirms their consent to the use of "cookie" files in relation to their requests. The consent remains valid until the PD Subject decides to delete the saved "cookie" files and/or restrict (prohibit) their collection.

 

Cookies, Tags, and Similar Technologies.

A cookie is a small text file that is sent by a web server and stored on a computer, mobile phone, or any other device with Internet access when visiting the Site or a mobile application.

Each time a page of the Site is opened, the PD Subject's web client (web browser) sends the specified text file to the web server as part of an HTTP request to provide such web server with information about the PD Subject's actions or preferences on the Internet. To ensure the security and integrity of the PD Subject's data, their web client (web browser), as a rule, does not transmit cookies intended for one website or mobile application to other resources.

The PD Subject can delete already saved cookies at their discretion, as well as restrict (prohibit) their collection by setting the appropriate settings in their web client (web browser).

For the purposes of this Policy, the term "cookie" hereinafter also refers to any other similar technologies.

 

Use of "Cookie" Files.

Bronevik Company LLC uses "cookie" files for the following purposes:

- Ensuring the functioning and security of the Site;

- Improving the Site's performance;

- Registering an account on the Site and simplifying the subsequent authorization procedure;

- Collecting information about the user session, generating statistics on the use of the Site (for example, counting Site visitors, identifying peak user activity hours), analyzing the user interaction experience with the Site (for example, determining the individual user "path" when using the Site), i.e., for optimizing the design and structure of the Site from the perspective of usability, efficient search for needed information, and overall improvement of the user experience;

- Improving the products and/or services of Bronevik Company LLC and for developing new products and/or services of Bronevik Company LLC.

- Other collected information may be used to generate an "interest list" of the PD Subject, consisting of a random identifier, an interest category, and a timestamp to display internet content and advertisements relevant to your interests.

 

Types of "Cookie" Files Used.

Depending on the browser and device used, different sets of "cookie" files are used, including:

(a) Essential "cookie" files - are necessary to ensure the basic functioning of the Site. In particular, they allow users to register and log in to the Site, navigate through it and view its content, and also allow "recognizing" the user to provide the service they requested (for example, saving previously entered login data to subsequently speed up the authorization procedure);

(b) Performance "cookie" files - these "cookie" files collect information about how the user uses the Site (for example, which web client (web browser) they use to visit the Site), which allows us to improve navigation on the Site, make it more convenient and responsive to user needs, as well as correct technical errors as they arise and ensure the security of the Site. For instance, this type of cookie helps us understand how the user accesses the Site, views, or uses the Site, and identify ways to optimize the Site;

(c) Targeting "cookie" files - these "cookie" files collect information about the user's search preferences and are used to deliver advertisements and content most relevant to the user's interests. Furthermore, they are used to limit the number of ad impressions and to evaluate the effectiveness of advertising campaigns (conversion evaluation). They remember the user's session on the Site and transmit this information to other organizations, for example, advertisers.

(d) Functional "cookie" files - these "cookie" files help customize the Site's content according to the preferences of a specific user. They remember the user's choices (for example, changing text size), language, and the country from which the user visits the Site. The information collected by these cookies is anonymous, and the user's activity on other sites is not tracked.

(e) "Session" "cookie" files - these "cookie" files are stored in the web client (web browser) only for the duration of the active session on the Site, i.e., until the PD Subject leaves the Site.

(f) "Persistent" "cookie" files - these cookies are stored in the web client (web browser) after the session on the Site ends, unless the PD Subject deletes them.

 

Opting Out of "Cookie" Files.

The PD Subject can regulate the collection of information by "cookie" files by making the appropriate settings in their web client (web browser). To get instructions on how to block or delete any "cookie" files, go to the "Help" or "Support" section of the web client (web browser). If the "cookie" function is disabled or blocked, Bronevik Company LLC cannot guarantee the operability of the Site and the full availability of its functionality.

 

Updates and Changes.

Changes and/or additions may be made periodically to this section of the Policy. If changes are made to this section of the Policy, the updated version of the Policy will be posted on the Site, and Bronevik Company LLC will not inform Site users about such changes by sending them any special notifications. The user is recommended to regularly review this page to have up-to-date information. Any changes to this section of the Policy come into force from the moment of its posting on the Site.

 

LIABILITY FOR VIOLATION OF NORMS REGULATING THE PROCESSING OF PERSONAL DATA

 

Bronevik Company LLC and/or employees of Bronevik Company LLC found guilty of violating the requirements of the legislation of the Russian Federation in the field of PD, as well as the provisions of this Policy, shall bear responsibility as provided for by the legislation of the Russian Federation.

Moral harm caused to the PD Subject as a result of the violation of their rights, violation of PD processing rules, as well as PD protection requirements, shall be compensated in accordance with the legislation of the Russian Federation.

 

FINAL PROVISIONS

 

This Policy is publicly available. The public availability of the Policy is ensured by its publication on the Internet website of Bronevik Company LLC at: www.bronevik.com

This Policy is subject to revision in accordance with the regulatory documents of Bronevik Company LLC.

PD Subjects whose PD are processed by Bronevik Company LLC can receive clarifications on the processing of their PD, as well as exercise their rights and legitimate interests, by sending a corresponding written request to the postal address: 620014, Sverdlovsk Region, Yekaterinburg, Vaynera St., bld. 40, room 605A.