ru 
Policy regarding the processing of personal data that may be obtained from individuals in the process of their registration as visitors or participants of the project Patriotic Movement “Victory 9/45”.
1. General provisions
1.1 This Policy regarding the processing of personal data that may be received from individuals in the process of their registration as visitors or participants of the project Patriotic Movement “Victory 9/45” (hereinafter – the Policy) is developed and applied by the Autonomous Non-Profit Organization for the Promotion of International Cooperation “Eurasia” (abbreviated name – ANO “Eurasia”, OGRN 1247700291200, INN/KPP 9707028663/770701001, location: 127006, Moscow, ul. ter. Moscow, Tverskoy municipal district, 7, Krasnoproletarskaya St., b. 6, room. 4/n (hereinafter referred to as -Operator) in accordance with the Federal Law of July 27, 2006 №152-FZ “On Personal Data” and other regulations in the field of personal data protection in force in the territory of the Russian Federation.
1.2 This Policy applies to all personal data that may be received from individuals by the Operator in the process of their registration as visitors or participants of the project Patriotic Movement “Victory 9/45” (hereinafter – the Project) at the address: https://pobeda9-45.su (hereinafter – the Site), which can be unambiguously correlated with a particular individual and his/her personal data.
This Policy shall not apply to the relations
– arising from the processing of personal data of the Operator’s employees, as such relations are regulated by a separate local act of the Operator;
– to which Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” does not apply.
1.3 The Policy defines the Operator’s behavior with regard to the processing of personal data accepted for processing; the procedure and conditions of personal data processing of individuals who have transferred their personal data for processing to the Operator (hereinafter – Personal Data Subject, Subject) with and without the use of automation; establishes procedures aimed at preventing violations of the legislation of the Russian Federation and eliminating the consequences of such violations related to the processing of personal data.
1.4 The Policy is developed in order to ensure protection of the Subjects’ rights and freedoms during processing of their personal data, to inform the Personal Data Subjects and persons involved in the processing of personal data about the Operator’s compliance with the fundamental principles of legality, fairness, non-redundancy, compliance of the content and scope of processed personal data with the stated processing purposes, as well as to establish the responsibility of the Operator’s officials who have access to the Subjects’ personal data for failure to fulfill the requirements of the Policy.
1.5 The Operator processes the following personal data:
– surname, first name, patronymic (if there is a patronymic);
– address of residence (registration)
– date of birth (date/month/year);
– telephone number
– e-mail address;
– address of registration (residence);
– photos of the relative(s) – participant(s) of the Great Patriotic War, photos of his/her orders, medals and other awards, photos or scans of his/her military documents and a story (description) about his/her relatives – participants (only in case of voluntary self-posting on the Project website);
– histories of the Subject’s personal data requests, including documents sent by the Subject when contacting the Operator;
– marketing information that directly or indirectly relates to the person being questioned – the Personal Data Subject.
1.6 When using the Website services, the Operator also processes other anonymized data, which are automatically transferred during the use of the Website by means of the software installed on the computer:
– information about the browser used (or other program with the help of which the Site is accessed);
– information about the time of access
– address of the visited page
– address of the previous page;
– IP address;
– statistics on the User’s IP-addresses;
– cookie data.
The Operator processes such data using the web services “Yandex.Metrica” and Google Analytics. Upon receipt of personal data not specified in this section, such data shall be immediately destroyed.
1.7 The Operator shall process the Subjects’ personal data by maintaining databases in an automated, mechanical, manual manner in order to:
1.7.1. Processing of applications, requests or other actions of the Subject related to his/her registration as a visitor or participant of the Project;
1.7.2 In the case of expressing the Subject’s consent for the purpose of promoting the Operator’s goods, works and services on the market, notification of events, promotions, marketing campaigns of the Operator. 1.7.3;
1.7.3 For other purposes, if the relevant actions of the Operator do not contradict the applicable law, the Operator’s activities, and the consent of the Personal Data Subject has been obtained for such processing;
1.7.4. The data specified in paragraph 1.6. of this Policy is processed for the purposes of analyzing the Website, tracking and understanding the principles of Website usage by visitors, performing the functioning of the Website, solving technical problems of the Website, developing new products, expanding services, identifying the effectiveness of advertising campaigns, ensuring security and fraud prevention, providing effective customer support.
1.8. The Operator processes personal data by performing any action (operation) or a set of actions (operations), including the following:
– collection;
– recording;
– systematization;
– accumulation;
– storage;
– clarification (update, change);
– extraction;
– utilization;
– transfer (distribution, provision, access);
– blocking;
– deletion;
– destruction.
2. Receipt, use and disclosure of personal data
2.1 The Operator receives and starts processing the Subject’s personal data from the moment of receiving his/her consent.
Consent to the processing of personal data may be given by the Subject in any form that allows confirming the fact of obtaining consent, unless otherwise provided for by the federal law: in writing, orally or in any other form provided for by the applicable law, including through the Subject’s performance of conclusive actions. In the absence of the Subject’s consent to the processing of his/her personal data, such processing shall not be carried out.
2.2 The personal data of the Subjects shall be received by the Operator:
– by personal transfer of personal data by the Subject when entering information into the accounting forms electronically on the Operator’s Website;
– by personal transfer of personal data by the Subject when contacting the Operator;
– by other means not contradicting the legislation of the Russian Federation and requirements of international legislation on personal data protection.
2.3 Consent to the processing of personal data shall be deemed to be given by means of the Subject performing any action or a set of the following actions:
– filling out a hard copy document at the Operator;
– registering on the Operator’s website;
– marking the consent to the processing of personal data in the appropriate form on the Website in the amount, for the purposes and in the manner provided for in the form offered for familiarization and filling in prior to obtaining the consent;
– communicating personal data verbally when contacting the Operator during the registration process as a visitor or participant of the Project.
2.4 Consent shall be deemed to have been duly obtained and shall be valid until the Subject submits an application to the location of the Operator to cease processing of personal data.
2.5 The Subject may withdraw his/her consent to the processing of personal data at any time, provided that such procedure does not violate the requirements of the legislation of the Russian Federation.
To withdraw consent to the processing of personal data, the Subject shall send a written notice to the following postal address: 127006, Moscow, Tverskoy municipal district, 7, Krasnoproletarskaya St., b. 6, room. 4/n or to the e-mail address: info@pobeda9-45.su.
If the Subject revokes his/her consent to the processing of his/her personal data, the Operator is obliged to cease the processing or ensure the cessation of such processing (if the processing is performed by another person acting on behalf of the Operator) and, if the preservation of personal data is no longer required for the purposes of their processing, destroy the personal data or ensure their destruction (if the processing of personal data is performed by another person acting on behalf of the Operator) within a period not exceeding 30 (thirty) days from the date of receipt of the decree.
3. Rules and procedure of personal data processing
3.1 In order to achieve the goals of this Policy, only those employees of the Operator who are assigned such duty in accordance with their labor (job) responsibilities are allowed to process personal data. The Operator requires its employees to observe confidentiality and ensure security of personal data during their processing.
3.2 In accordance with this Policy, the Operator may process personal data independently, as well as with the involvement of third parties, which are engaged by the Operator and carry out processing for the purposes specified in this Policy.
3.3 In case of entrusting the processing of personal data to a third party, the amount of personal data transferred to the third party and the number of processing methods used by such third party shall be minimally necessary for the third party to fulfill its obligations to the Operator. With regard to the processing of personal data by third parties, the obligation of such persons to observe the confidentiality of personal data and ensure the security of personal data during their processing shall be established.
3.4 In the course of its activities, the Operator uses both automated processing of personal data (using computer facilities) and non-automated processing (using paper-based document flow).
The Operator does not make decisions that give rise to legal consequences in relation to the Personal Data Subject or otherwise affect his/her rights and legitimate interests based solely on automated processing of personal data.
3.5 The Subjects’ personal data shall be kept confidential, except for cases when the Subject voluntarily provides information about himself/herself for public access to an unlimited number of persons. In this case the Subject agrees that a certain part of his/her personal information becomes publicly available.
3.6 The Operator stops processing of personal data in the following cases:
– achievement of the processing purposes or maximum retention periods – within 30 days;
– no longer necessary to achieve the purposes of processing – within 30 days;
– provision by the Data Subject or his/her legal representative of information confirming that his/her personal data are illegally obtained or are not necessary for the stated purpose of processing – within 7 days;
– impossibility to ensure lawfulness of personal data processing – within 10 days;
– revocation of the Subject’s consent to the processing of his/her personal data – within 30 days.
3.7 In accordance with Article 21, Part 5 of the Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”, the Operator shall not stop processing of the Subject’s personal data and shall not destroy them in the following cases, unless otherwise provided for by the agreement to which the Subject is a party, beneficiary or guarantor, or the Operator has the right to process personal data without the Subject’s consent on the grounds provided for by federal laws, unless the time limits for processing of the Subject’s personal data established by the Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” have expired.
4. Information on implemented requirements to personal data protection
4.1 The Operator’s activity on personal data processing is inextricably linked to the protection of confidentiality of the received information by the Operator.
4.2 The Operator requires other persons who have access to personal data not to disclose to third parties and not to disseminate personal data without the consent of the Personal Data Subject, unless otherwise provided for by the federal law.
4.3 All Operator’s employees are obliged to ensure confidentiality of personal data, as well as other information established by the Operator, if it does not contradict the legislation of the Russian Federation.
4.4 In order to ensure security of personal data during their processing, the Operator shall take necessary and sufficient legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions with regard to them. The Operator shall ensure that all organizational and technical measures for personal data protection are carried out legally, including in accordance with the requirements of the legislation of the Russian Federation on personal data processing.
4.5 The Operator shall apply necessary and sufficient legal, organizational and technical measures to ensure personal data security, including:
– identification of threats to the security of personal data at their processing in the information systems of personal data;
– application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems, necessary to meet the requirements to the protection of personal data, the implementation of which ensures the levels of personal data protection established by the Government of the Russian Federation;
– application of duly approved procedures for conformity assessment of information protection means;
– assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;
– accounting of personal data carriers
– detection of facts of unauthorized access to personal data and taking necessary measures to eliminate the revealed facts;
– recovery of personal data modified or destroyed due to unauthorized access to them;
– taking measures aimed at preventing unauthorized access to personal data and (or) their transfer to persons who do not have the right of access to such information;
– timely detection of the facts of unauthorized access to personal data and taking necessary measures;
– prevention of impact on technical means of automated processing of personal data, as a result of which their functioning may be disturbed;
– establishing the rules of access to personal data processed in the information system of personal data, as well as ensuring the registration and accounting of all actions performed with personal data in the information system of personal data;
– control over the measures taken to ensure personal data security and the level of protection of personal data information systems.
The set of measures to ensure personal data security implemented by the Operator within the personal data protection system taking into account current threats to personal data security and applied information technologies includes:
– identification and authentication of access subjects and access objects;
– access control of access subjects’ access to access objects;
– limitation of the program environment;
– protection of machine data carriers on which personal data are stored and (or) processed;
– registration of security events;
– anti-virus protection;
– intrusion detection (prevention);
– ensuring the integrity of the information system and personal data;
– virtualization environment protection;
– protection of technical means;
– protection of the information system, its facilities, communication and data transmission system;
– identification of incidents (a single event or a group of events) that may lead to failures or disruption of the information system and (or) to the emergence of threats to personal data security, response to them;
– configuration management of the information system and personal data protection system.
4.6 In order to ensure compliance of the level of personal data protection with the requirements of the Federal Law dated 27.07.2006 No. 152-FZ “On Personal Data” and the Federal Law dated 27.07.2006 No. 149-FZ “On Information, Information Technologies and Information Protection”, the Operator does not disclose information on specific applied means, technologies and measures of personal data information security.
4.7 The Operator undertakes not to disclose personal data received from the Subject. It is not a violation for the Operator to provide personal information to agents and third parties acting on the basis of an agreement with the Operator to fulfill obligations to the Subject of personal data. It is not a violation of obligations to disclose information in accordance with the applicable requirements of the legislation of the Russian Federation.
5. Consent to receive promotional information via public networks
5.1 By registering as a visitor or participant in the Project or other event, leaving an application for a mailing list, signing up to receive promotional information:
– by filling in the relevant document on paper at the Operator;
– on the Operator’s website (by placing a check mark by the Data Subject on the relevant web page).
The Data Subject consents to the processing of his/her personal data and to receive from the Operator and third parties engaged by the Operator information messages, including information of commercial advertising nature (advertisements), specified in clause 1.7.2. of this Policy, via public access networks (via the provided cell phone number and e-mail address).
5.2 By giving the consent specified in clause 5.1. of this Policy, the Personal Data Subject confirms that he/she is acting of his/her own free will and in his/her own interests, as well as that the said personal data are true.
6. Final provisions
6.1 This Policy is approved by the order of the Director of ANO “Eurasia” and comes into force from the date of signing the order.
6.2 The Policy may be amended and supplemented, which are approved by the orders of the Director of ANO “Eurasia”.
6.3 The current version of the Policy is publicly available on the Internet at: https://pobeda9-45.su.