1. General statements
1.1. The present Policy on personal data processing (hereinafter, the “Policy”) of Gexa-Nonwoven materials OOO, domiciled at Tsentralnaya ul. 3 a, a1, a2, a3, office 304, Goljevo, Krasnogorsk, Moscovskaya oblast, 143405, Russia (hereinafter, the “Operator”), is an official document defining the general principles, the goals and the procedures of processing the personal data of visitors to www.gexa.ru, www.isospan.gexa.ru, www.geospan.gexa.ru, www.med.gexa.ru, www.agrotex.gexa.ru websites (hereinafter, the “Site” and the “User/s”), and providing details of the personal data protection measures to be taken.
1.2. The Policy is developed in accordance with the laws of the Russian Federation with regard to the personal data and the requirements of the General directives on protection of personal data in the European Union (GDPR).
1.3. The present Policy is applicable exclusively to the Site. The Operator will take neither control nor responsibility over any third-party sites the User may visit using the links available within the Site.
1.4. The Operator’s processing of personal data of the personal data subjects of other categories will be guided by the Operator’s other local acts.
1.5. The Policy takes effect immediately upon its approval and will be valid until it has been replaced by a new Policy.
2. Basic concepts and definitions
2.1. The following terminology is used in the Policy.
2.2. Personal data information system – a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2.3. Personal data processing – any action (operation) or a series of actions (operations) performed with or without the use of automated means in relation to personal data, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.4. Personal data operator – a state authority, a local authority, a legal entity or an individual who, independently or jointly with others, organizes and/or carries out the processing of personal data, determines the purposes of personal data processing, the contents of personal data that are subject to processing, and the actions (operations) with regard to personal data.
2.5. Personal data – any information directly or indirectly related to a particular or identifiable person (personal data subject).
2.6. Site user – any person visiting the Site and using the information, materials and services of the Site.
2.7. Site – a set of interrelated webpages placed on the Internet at a dedicated network address (URL), as well as its subdomains.
2.8. Cookies – a small fragment of data sent by a webserver and stored by the User’s computer that the webclient or the webbrowser sends to the webserver in HTPP request every time an attempt is made to open a page of the corresponding site.
2.9. IP-address – a dedicated network address of a node in the computer network through which the User gains access to a site.
3. Procedures and conditions of personal data processing
3.1. The Site users’ consent to personal data processing shall be the grounds for any processing of personal data. The Site users grant consent to their personal data processing in the following cases:
– filling in a feedback form / ordering a return call at the Site;
– providing feedback;
– submission of a CV.
3.2. Should a User disagree with the Policy terms and conditions, the use of the Site, and/or any of the Services available during the Site use, shall be immediately terminated.
3.3. The Site Users’ personal data shall be processed for the following purposes:
– to establish feedback with the Site User, including submission of notifications, enquiries and their processing, as well as the processing of the User’s enquiries and requests;
– personnel screening;
– statistical updates and analysis of the Site performance.
3.4. The list of the users’ personal data that are subject to the Site processing with the use of automated means shall be limited to
– name;
– telephone number;
– email address;
– city/region;
– information available in CV;
– other information the user has chosen to provide.
3.5. For the purposes of statistics and analysis of the Site performance, the Operator may process, using Yandex.Metrics, such data as
– IP address;
– browser information;
– data from cookie files;
– time of access;
– the referrer (address of previous page).
3.6. The service Yandex.Metrics, accessible at the address http://api.yandex.com/metrika, that allows the User’s various services and applications to interrelate with the service Yandex.Metrics of Yandex OOO, is registered at the address 16, Ul. Lva Tolstogo, Moscow, 119021. Yandex.Metrics uses cookie files and creates pseudonymous usage profiles that allow analysis of the Site use by the Users. The information stored in such cookie files (for example, browser type / model, the operating system used, the referrer’s URL address, the name of the host of the computer obtaining access, the time of an enquiry to the server) is usually transferred and stored at Yandex servers. An add-in can be downloaded and installed following the link https://yandex.com/support/metrica/general/opt-out.html?lang=ru to block Yandex.Metrics. Further information may be found in the confidentiality policy of Yandex https://yandex.ru/legal/confidential/?lang=ru.
3.7. Should Yandex.Metrics be blocked, some functions of the Site may become inaccessible.
3.8. The Site does not perform processing of biometrics personal data and personal data of special categories relating to race, nationality, political views, religious and philosophic beliefs, health conditions and private life.
3.9. The Operator does not check the authenticity of the information provided by the User and proceeds from the belief that the User has provided true, sufficient and valid information.
3.10. The Operator performs the following actions related to personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transmission (distribution, provision, access), blocking, deletion, destruction of personal data.
3.11. The storage of personal data is carried out in the form allowing identification of a personal data subject no longer than required by the purposes of processing personal data.
3.12. The achievement of the purposes of processing personal data, the expiry of the term of processing personal data, the withdrawal of the consent to processing personal data by the Site user, and the discovery of the unlawful processing of personal data may be the reason for the termination of the personal data processing.
3.13. The period of storage of the Site users’ personal data is not limited.
4. Personal data safety measures
4.1. The safety of the personal data processed by the Operator is ensured by taking legal, organizational, technical and software-related measures that are necessary and sufficient to meet the requirements of the Russian Federation law.
4.2. The Operator will take the following measures to ensure the safety of the personal data:
– appointment of managers responsible for the organization of processing and the ensuring of the safety of the personal data;
– limitation of the Operator’s employees having access to the personal data;
– definition of the level of protection of the personal data processed by the personal data information systems;
– establishment of the rules of differentiating the access to the personal data processed by the personal data information systems and necessitation of registration and accounting of all the actions with personal data;
– limitation of access to the rooms where the main technical means and systems of personal data information systems are located and where the unautomated processing of personal data is carried out;
– keeping track of mechanical carriers of personal data;
– arrangement of redundancy and recovery of the personal data information systems and the personal data modified or destroyed as a consequence of the unsanctioned access to them;
– establishment of requirements to the composition of the codes accessing the information systems of personal data;
– anti-virus control, prevention of harmful programs (virus software) and software bugs penetrating the corporate network;
– timely updating of the software used in the information systems of personal data and the information protection means;
– regular assessment of efficiency of the measures taken to secure the safety of personal data;
– identification of the facts of unsanctioned access to the personal data and taking measures to reveal the reasons and mitigate the possible consequences thereof;
– control of the measures taken to ensure the safety of personal data and the levels of protection of the personal data information systems.
5. The rights of the site users
5.1. The Site user has a right to receive the information related to processing his/her personal data, including without limitation
– confirmation of a fact of the Operator’s processing of personal data;
– the legal grounds and the purposes of personal data processing;
– the purposes and the means of the Operator’s processing of personal data;
– the Operator’s name and domicile, details of the persons (excluding the Operator’s employees) who have access to the personal data or who can be entrusted with the personal data in pursuance of a contract with the Operator or in compliance with a federal law;
– the processed personal data related to the corresponding data subject and the source of receipt thereof, unless a different procedure of submission of such data is specified under a federal law;
– the relevant periods of the personal data processing, including the period of their storage;
– the procedure of execution of the personal data subject’s rights specified under the Federal law “On personal data”;
– information concerning the executed or proposed cross-border transmission of the personal data;
– the name and address of the company, or the surname, first name, patronymic and address of a person, processing the personal data on behalf of the Operator, if the processing is delegated, or will be delegated, to such a party;
– other information specified under the Federal Law “On personal data” or other federal laws.
5.2. The Site User is entitled to demand that the Operator clarifies, blocks or destroys his/her personal data if the personal data are incomplete, obsolete, unprecise, unlawfully received or unnecessary for the declared purpose of processing, and to take legitimate measures to protect his/her rights.
5.3. The Site User is entitled to require that the Operator provides a structured, multipurpose, computer-readable formatted list of his/her personal data submitted to the Operator for processing, and direct the Operator to transmit his/her personal data to a third party, if it is technically possible. In such an event, the Operator will not take responsibility for the third party’s actions eventually committed in relation to the personal data.
5.4. Any question with regard to the personal data processing should be addressed in a written form at Tsentralnaya ul. 3 a, a1, a2, a3, office 304, Goljevo, Krasnogorsk, Moscovskaya oblast, 143405, Russia, or sent electronically to ib@gexa.ru.
6. Responsibility
6.1. The User is fully responsible for compliance with the valid legislation of the Russian Federation, including, without limitation, the laws on advertising, copyright protection, protection of trademarks and service marks, including the full responsibility for the content and the form of the materials in the event of quoting or another use of the information received in connection with the use of the Site services.
7. Final provisions
7.1. The Operator has a right to unilaterally modify the present Policy either in the event of a change in the Russian Federation laws, or at its own discretion.
7.2. The compliance with the requirements of the Policy will be controlled by the person responsible for organization of the personal data processing.
7.3. The persons responsible for breaching the provisions that guide the processing and the protection of the personal data will have financial, disciplinary, administrative, civil or criminal liability in accordance with the Russian Federation laws.
