QUESTIONS?

Please, leave your request, and we will contact you soon

Pushing the button you agree with the policy
of Personal data processing policy
PERSONAL DATA PROCESSING POLICY
1. General provisons
The Personal Data Processing Policy (hereinafter referred to as the “Policy”) was developed in accordance with Federal Law No. 152-ФЗ of July 27, 2006 On Personal Data (hereinafter — “Federal Law No. 152-ФЗ”).

This Policy defines the procedure for the processing of personal data and measures to ensure the security of personal data at ATO Events LLC (hereinafter referred to as the “Operator”) in order to protect the rights and freedoms of a person and citizen in the processing of his/her personal data, including the protection of privacy rights, personal and family secrets. The Policy uses the following basic concepts:

The Policy uses the following basic concepts:

  • automated processing of personal data — processing of personal data using computer equipment;
  • personal data blocking — temporary suspension of personal data processing (unless personal data processing is necessary to clarify personal data);
  • personal data information system — a set of personal data contained in databases, and information technologies and technical means that ensure their processing;
  • depersonalization of personal data — actions, as a result of which it is impossible to determine, without the use of additional information, that the personal data belong to a specific personal data subject;
  • personal data processing — any action (operation) or a set of actions (operations) performed with the use of automation tools or without using such tools with personal data, including the collection, recording, systematization, accumulation, storage, clarification (update, change), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
  • operator — a government authority, municipal body, legal entity or natural person, organizing and/or processing, independently or jointly with other persons, personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions / operations to be performed with personal data;
  • personal data — any information relating to an individual (subject of personal data), determined or being determined directly or indirectly;
  • provision of personal data — actions aimed at disclosing personal data to a specific person or a certain circle of persons;
  • distribution of personal data — actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or at getting familiarized with personal data of an unlimited number of persons, including public disclosure of personal data in the media, placement in information and telecommunication networks or access to personal data in some other way; cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a government authority of a foreign state, foreign natural person or foreign legal entity; destruction of personal data — actions, as a result of which it is impossible to restore the content of personal data in the information system of personal data and/or as a result of which the material carriers of personal data are destroyed.
2. Principles and conditions of personal data processing

2.1 Principles of personal data processing
The processing of personal data by the Operator is carried out on the basis of the following principles:

  • legality and fair basis;
  • inadmissibility of personal data processing that is incompatible with the purposes of collecting personal data;
  • inadmissibility of merging databases containing personal data that are processed for incompatible purposes;
  • processing only those personal data that correspond to the purposes of their processing;
  • conformance of the content and volume of processed personal data with the stated processing objectives;
  • inadmissibility of processing personal data which are redundant in relation to the stated purposes of their processing;
  • – ensuring that the accuracy, sufficiency and relevance of personal data correspond to the purposes of personal data processing;
  • destruction or depersonalization of personal data upon achieving the objectives of their processing or in case of loss of the need to achieve these objectives, or if it is impossible for the Operator to correct the violations of personal data, unless otherwise provided for by federal law.

2.2. Conditions for personal data processing
The Operator shall proceed to process personal data if at least one of the following conditions is available:

  • the consent of the subject of personal data to the processing of his/her personal data;
  • processing of personal data is necessary to achieve the goals stipulated by the international treaty of the Russian Federation or the law, for the implementation and fulfillment of the functions, powers and duties imposed by the legislation of the Russian Federation on the Operator;
  • processing of personal data is necessary for the administration of justice, the execution of a judicial act, an act of another body or official, subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
  • processing of personal data is necessary for the execution of a contract that the subject of personal data is a party to, the beneficiary or the guarantor, as well as for the conclusion of a contract initiated by the subject of personal data or a contract under which the subject of personal data is the beneficiary or the guarantor;
  • processing of personal data is necessary to exercise the rights and legitimate interests of the Operator or third parties, or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the subject of personal data;
  • processing is carried out of personal data, access of an unlimited number of persons to which is provided by the subject of personal data or at his/her request (hereinafter — “publicly available personal data”);
  • – processing of personal data subject to publishing or mandatory disclosure in accordance with federal law.

2.3. Confidentiality of personal data
The Operator and other persons who have obtained access to personal data are prohibited to disclose to third parties and to distribute personal data without the consent of the subject of personal data, unless otherwise provided for by federal law.

2.4. Generally accessible sources of personal data
In order to provide informational support, the Operator can create publicly accessible sources of personal data of subjects, including reference books and address books. With the written consent of the subject of personal data, publicly available sources of personal data may include his/her last name, first name, middle name, date and place of birth, position, contact telephone numbers, e-mail address and other personal data provided by the subject of personal data. Information about the subject shall be excluded from publicly available sources of personal data at any time at the request of the subject or by decision of a court or other authorized government body.

2.5. Special categories of personal data
The processing by the Operator of special categories of personal data relating to the race, nationality, political views, religious or philosophical beliefs, health status, intimate life is allowed in the following cases:

  • the subject of personal data has agreed in writing to the processing of his/her personal data;
  • personal data are made publicly accessible by the subject of personal data;
  • processing of personal data is carried out in accordance with the legislation on government social assistance, labor legislation, legislation of the Russian Federation on state pensions, and on labor pensions;
  • the processing of personal data is necessary to protect the life, health or other vital interests of the subject of personal data or the life, health or other vital interests of other persons, but it is impossible to obtain the consent of the subject of personal data;
  • the processing of personal data is carried out for medical and preventive purposes, in order to establish a medical diagnosis, the provision of medical and social services, provided that the processing of personal data is carried out by a person professionally engaged in medical activities and obligated in accordance with the legislation of the Russian Federation to keep medical secrecy;
  • the processing of personal data is necessary to establish or exercise the rights of the subject of personal data or third parties, as well as in connection with the administration of justice;
  • the processing of personal data is carried out in accordance with the legislation on mandatory types of insurance or with insurance legislation.
The processing of special categories of personal data shall be immediately terminated if the reasons for the processing of these data have been eliminated, unless otherwise provided for by federal law. The processing of personal data on criminal record may be carried out by the Operator only in cases and in the manner defined by federal laws.

2.6. Biometric personal data
Biometric personal data — information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his/her identity — can be processed by the Operator only with the written consent of the subject.

2.7. Assignment of personal data processing to another person
The Operator has the right to entrust the processing of personal data to another person / entity on the basis of an agreement with this person / entity with the consent of the subject of personal data, unless otherwise provided for by federal law. The person / entity that processes personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing provided for by Federal Law No. 152-ФЗ.

2.8. Cross-border transfer of personal data
Before such transfer, the Operator is obliged to ensure that the foreign state into whose territory it is supposed to transfer personal data ensures adequate protection of the rights of the subjects of personal data. Cross-border transfer of personal data to the territory of foreign states that do not provide adequate protection of the rights of personal data subjects may be carried out in the following cases:

  • written consent of the subject of personal data to the cross-border transfer of his/her personal data;
  • – execution of a contract to which the subject of personal data is a party.
3. Rights of the subject of personal data

3.1. Consent of the subject of personal data to the processing of his/her personal data
The subject of personal data makes a decision on the provision of his/her personal data and agrees to their processing freely, of his/her own will and in his/her interests. Consent to the processing of personal data may be given by the subject of personal data or his/her representative in any form that allows to confirm the fact of its receipt, unless otherwise established by federal law. The Operator is obliged to provide evidence of the consent of the subject of personal data to the processing of his/her personal data or proof of the existence of grounds specified in Federal Law No. 152-ФЗ.

3.2. Rights of the subject of personal data
The subject of personal data has the right to receive information from the Operator regarding the processing of his/her personal data, if such a right is not limited by applicable federal laws. The subject of personal data has the right to require the Operator to clarify his/her personal data, to block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect his/her rights. The processing of personal data for the purpose of promoting goods, works, services in the market by making direct contacts with a potential consumer using means of communication, as well as for political campaigning, is allowed only with the prior consent of the subject of personal data. This processing of personal data shall be deemed to be carried out without the prior consent of the subject of personal data, unless the Company proves that such consent was obtained. The Operator is obliged to immediately stop, at the request of the subject of personal data, the processing of his/her personal data for the above purposes. It is forbidden to make decisions based solely on automated processing of personal data that give rise to legal consequences in relation to the subject of personal data or otherwise affect his/her rights and legitimate interests, except in cases provided for by federal laws or if there is a written consent given by the subject of personal data. If the subject of personal data believes that the Operator is processing his/her personal data in violation of the requirements of Federal Law No. 152-ФЗ or otherwise violates his/her rights and freedoms, the subject of personal data has the right to appeal against the Operator’s actions or omissions to the Authorized Body for the Protection of Rights of Personal Data Subjects or to a court of law. The subject of personal data has the right to protect his/her rights and legitimate interests, including to demand compensation for damages and/or compensation for moral damage through legal action.
4. Assurance of personal data security

The security of personal data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary to meet the requirements of federal legislation on personal data protection. To prevent unauthorized access to personal data, the Operator applies a number of organizational and technical measures, namely:

  • appoints officials responsible for organizing the processing and protection of personal data;;
  • – limits the number of persons who have access to personal data;
  • familiarizes subjects of personal data with the requirements of federal legislation and regulatory documents of the Operator on the processing and protection of personal data;
  • organizes record-keeping, storage and circulation of information carriers;
  • identifies threats to the security of personal data during their processing, and builds threat models on their basis;
  • develops a personal data protection system based on the threat model;
  • verifies the readiness and effectiveness of the use of information security tools;
  • isolates user access to information resources, software and hardware for information processing;
  • registers and keeps records of actions of users of personal data information systems;
  • uses firewalling, intrusion detection, security analysis and cryptographic information protection tools where necessary;
  • – organizes access control to the territory of the Operator, and protection of premises with technical means for processing personal data.
5. Final provisions

Other rights and obligations of the Operator as an operator of personal data are defined by the legislation of the Russian Federation on personal data.

Operator officials who are guilty of violating the rules governing the processing and protection of personal data shall bear material, disciplinary, administrative, civil or criminal liability in the manner prescribed by applicable federal laws.
Made on
Tilda