1. General Provisions
This policy of personal data processing is drawn up in accordance with Federal Law dated 27.07.2006. No. 152-FZ «On Personal Data» (hereinafter — the Personal Data Law) and defines the procedure for processing personal data, measures to ensure the security of personal data undertaken by KB Management and Consulting LLC (hereinafter — the Operator).
1.1. The primary objective and condition of the Operator’s activities are to ensure the adherence to human and citizen’s rights, freedoms in processing of personal data. This includes safeguarding the rights to privacy and personal as well as family secrecy.
1.2. This Operator’s policy regarding the processing of personal data (hereinafter — the Policy) applies to all information that the Operator may obtain about visitors to the code-maritime.ru website.
2. Terms and Definitions
2.1. Automated processing of personal data — processing of personal data with computers.
2.2. Blocking of personal data — temporary suspension of personal data processing (except for cases when processing is necessary to clarify personal data).
2.3. Website — a set of graphic and informational materials, as well as computer programs and databases, ensuring their availability at the following address: code-maritime.ru.
2.4. Personal data information system — a set of personal data contained in databases, as well as information technologies and technical means.
2.5. Depersonalization — actions that make it impossible to determine the ownership of personal data without additional information.
2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.
2.7. Operator — a state authority, municipal authority, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out processing of personal data, as well as determining the purposes of processing, composition of personal data subject to processing, actions (operations) performed with personal data.
2.8. Personal Data — any information relating (directly or indirectly) to a specific or identifiable User of the code-maritime.ru website.
2.9. Personal data authorized for dissemination — Personal data that can be accessed by an unlimited number of persons and authorized for dissemination by the personal data subject, who has given consent for the processing of personal data in accordance with the Personal Data Law. Hereinafter, such data is referred to as authorized for dissemination.
2.10. User — any visitor to the code-maritime.ru website.
2.11. Provision of personal data — actions aimed at disclosure of personal data to a certain person/circle of persons.
2.12. Dissemination of personal data — any action that aims to disclose personal data to an indefinite number of people, including transferring or making personal data available through mass media, information and telecommunication networks, or any other means.
2.13. Cross-border transfer of personal data — transfer of personal data to a foreign country/government authority/individual/legal entity.
2.14. Destruction of personal data — any action that results in the permanent and irreversible destruction of personal data in an information system or on material carriers, making it impossible to recover the content.
3. Main Rights and Obligations of the Operator
3.1. The Operator may:
— receive reliable information and/or documents containing personal data from the subject of personal data;
— If the personal data subject revokes their consent to personal data processing, the Operator may continue processing their personal data without such consent only if there are grounds specified in the Personal Data Law;
— independently determine the composition and the list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on personal data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Operator shall:
— provide the personal data subject, upon their request, with information regarding the processing of personal data;
— organize the processing of personal data in accordance with the procedure established by relevant laws of the Russian Federation;
— respond to appeals and requests of personal data subjects and their legal representatives in accordance with Personal Data Law;
— if requested by the authorized body for protection of personal data subjects, provide the necessary information within 30 days of receiving the request;
— publish or otherwise provide unrestricted access to the Personal Data Processing Policy;
— take legal, organizational and technical measures to protect personal data from unlawful or accidental access thereto, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions concerning the personal data;
— cease transfer (dissemination, provision, access), stop processing and destroy personal data in the manner and cases stipulated by Personal Data Law;
— fulfill other obligations stipulated by Personal Data Law.
4. Main Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects may:
— receive information regarding the processing of their personal data, except in cases provided for by federal laws. The Operator shall provide information to the data subject in a clear and accessible manner. Such information should not include personal data of other subjects, unless there are legitimate reasons for doing so. The list of information and the procedure for obtaining it is established by Personal Data Law;
— demand from the Operator to clarify their personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing; take measures provided for by law to protect their rights;
— Require prior consent when processing personal data for the purpose of marketing goods, works, and services.
— withdraw consent to the processing of personal data;
— appeal to the authorized body for protection of the rights of personal data subjects or in court against unlawful acts/omissions of the Operator in the processing of their personal data;
— exercise other rights provided for by relevant laws of the Russian Federation.
4.2. Personal data subjects shall:
— provide the Operator with true data about themselves;
— inform the Operator about clarification (update, change) of their personal data.
4.3. Persons who provide the Operator with false information about themselves or someone else’s personal data without their consent shall be liable according to relevant laws of the Russian Federation.
5. The Operator may process the following personal data
5.1. Last name, first name, patronymic.
5.2. E-mail.
5.3. The website also collects and processes anonymized data about visitors (including cookies) using Internet statistics services (Yandex Metrics, Google Analytics, and others).
5.4. Hereinafter, the aforementioned data will be referred to as Personal Data.
5.5. The Operator shall not process special categories of personal data concerning race, nationality, political opinions, religious or philosophical beliefs, intimate life.
5.6. Personal data, authorized for dissemination, from among the special categories specified in Part 1, Article 10 of the Personal Data Law, may be processed, if the prohibitions and conditions stipulated in Article 10.1 of the Personal Data Law are complied with.
5.7. The User’s consent to the processing of personal data authorized for dissemination shall be executed separately from other consents to the processing of their personal data. At the same time, Article 10.1 of the Personal Data Law shall be complied with. The authorized body for protection of the rights of personal data subjects establish the requirements for such consent.
5.7.1 The User shall provide consent directly to the Operator for processing and dissemination of their personal data.
5.7.2 The Operator shall publish information about the conditions and prohibitions for processing personal data authorized for dissemination by an unlimited number of persons within three working days of receiving the User’s consent.
5.7.3 The subject of personal data may request to terminate the transfer, dissemination, provision, or access of their personal data at any time. This requirement shall include the last name, first name, patronymic (if available), contact information (telephone number, e-mail address or postal address) of the personal data subject, as well as a list of personal data whose processing is subject to termination. The personal data specified therein may only be processed by the Operator to whom it is addressed.
5.7.4 Consent to the processing of personal data, authorized for dissemination, will expire when the Operator receives the request mentioned in clause 5.7.3 hereof.
6. Principles of Personal Data Processing
6.1. Personal data are processed on a lawful and fair basis.
6.2. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of collection is prohibited.
6.3. Databases containing personal data processed for incompatible purposes may not be merged.
6.4. Only personal data that fulfills the purposes will be processed.
6.5. The content and scope of processed personal data correspond to the stated purposes of processing. The personal data processed may not be redundant in relation to the stated purposes.
6.6. When processing personal data, the accuracy, sufficiency and, where necessary, relevance are ensured. The Operator shall take the necessary measures and/or ensure that they are taken to remove or clarify incomplete or inaccurate data.
6.7. Personal data should only be stored for as long as necessary for the purposes of processing, unless federal law or an agreement to which the subject is a party, beneficiary or guarantor requires a longer storage period. It’s important to ensure that personal data is stored in a form that allows for the identification of the subject. Processed personal data shall be destroyed or anonymized when the purposes of processing have been achieved or when it’s no longer necessary to achieve these purposes, unless otherwise provided for by federal law.
7. Purposes of Personal Data Processing
7.1. Purpose of processing the User’s personal data:
— informing the User by sending e-mails.
7.2. Also, the Operator may send the User notifications about new products and services, special offers and various events. To stop receiving messages, the User may send an email to
newcb@complexbar.ru with the line 'Opt-out of notifications about new products, services, and special offers'.
7.3. The anonymized data of Users collected via Internet statistics services are used to collect information about Users' actions on the website, to improve its quality and content.
8. Legal Basis for Processing Personal Data
8.1. The Operator processes personal data based on the following legal grounds:
— Please provide a list of legal acts that regulate the relationships pertaining to your specific activity. For instance, if your activity is related to IT, specifically the creation of websites, you may consider referencing the Federal Law "On Information, IT, and Information Protection" of 27.07.2006 (No. 149-FZ);
— statutory documents of the Operator;
— contracts concluded between the Operator and the subject of personal data;
— federal laws, other regulations in the field of personal data protection;
— Users' consent to the processing of their personal data, to the processing of personal data authorized for dissemination.
8.2. The Operator processes the User’s personal data only if it’s filled in and/or sent by the User via special forms located on the code-maritime.ru website or sent to the Operator by e-mail. By completing the relevant forms or submitting personal data to the Operator, the User is giving their consent to this Policy.
8.3. If cookies and JavaScript technology are enabled in the User’s browser settings, the Operator processes anonymized data about the User.
8.4. The subject of personal data may independently decide whether to provide their personal data and provides consent willingly, freely, and in their own best interest.
9. Conditions of Personal Data Processing
9.1. Personal data are processed with the consent of subject whose personal data are being processed.
9.2. Processing of personal data is necessary to achieve the purposes stipulated by international treaty of the Russian Federation or by law, to fulfill the functions, powers, and duties assigned to the operator by relevant laws of the Russian Federation.
9.3. Processing of personal data is necessary for justice, execution of a judicial act, act of another body or official subject to execution in accordance with applicable laws of the Russian Federation on enforcement proceedings.
9.4. Processing of personal data is necessary for the execution of a contract to which the personal data subject is a party or a beneficiary or guarantor, as well as for the conclusion of a contract at the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor.
9.5. Processing of personal data is necessary for the exercise of rights and legitimate interests of the operator/third parties or for the achievement of socially important purposes, provided that the rights and freedoms of personal data subject are not violated.
9.6. Processing of personal data is carried out where access to which is granted by the personal data subject or at their request (hereinafter — publicly available personal data).
9.7. Processing of personal data subject to publication or mandatory disclosure in accordance with federal law is carried out.
10. Procedure for Collection, Storage, Transfer and Other Types of Personal Data Processing
The Operator ensures the security of personal data by implementing legal, organizational, and technical measures to fully comply with the requirements of applicable legislation in the field of personal data protection.
10.1. The Operator ensures personal data safety and takes all possible measures to prevent unauthorized access.
10.2. The Operator will never, under no circumstances, transfer the User’s personal data to third parties, except in cases where it is required by applicable laws or with the User’s consent for the fulfillment of obligations under a civil law contract.
10.3.
In case of identifying inaccuracies in personal data, the User may update them independently by sending a notice to the Operator via newcb@complexbar.ru with the note "Personal Data Update".10.4. The period of personal data processing is determined by the purposes for which the data were collected. If a contract or applicable law stipulates another period, such period shall apply.The User may withdraw their consent to the processing of personal data at any time by sending a notice to the Operator via newcb@complexbar.ru marked "Withdrawal of Consent to the Processing of Personal Data".
10.5. All information that is collected by third-party services, including payment systems, communications and other service providers, is stored and processed by mentioned parties (Operators) in accordance with their User Agreement and Privacy Policy. The Personal Data Subject and/or User must familiarize themselves with these documents promptly. The Operator shall not be liable for actions of third parties, including the service providers mentioned herein.
10.6. The transfer of personal data subject to prohibitions (except for granting access), as well as the processing or conditions of processing (except for obtaining access) of personal data authorized for dissemination, do not apply in cases of processing personal data in the state, public, and other interests defined by applicable laws of the Russian Federation.
10.7. When processing personal data, the Operator shall ensure its confidentiality.
10.8. The Operator shall store personal data for as long as necessary for the purposes of processing, unless federal law or an agreement to which the subject is a party, beneficiary or guarantor requires a longer storage period. It’s important to ensure that personal data is stored in a form that allows for the identification of the subject.
10.9. Personal data processing may be terminated when the purposes of processing have been achieved, the personal data subject’s consent has expired or been withdrawn, or when unlawful processing of personal data has been detected.
11. List of Actions Performed by the Operator with the Received Personal Data
11.1. The Operator shall collect, record, systematize, accumulate, store, clarify (update, change), extract, use, transfer (disseminate, provide, access), depersonalize, block, delete and destroy personal data.
11.2. The Operator processes personal data automatically, with or without transmitting the information via information and telecommunication networks.
12. Cross-Border Transfer of Personal Data
12.1. Before transferring personal data across borders, the operator must ensure that the foreign state receiving the data provides reliable protection for the rights of personal data subjects.
12.2. If personal data is to be transferred to foreign territories that do not meet the above requirements, the personal data subject must provide written consent for the transfer of their personal data and/or the fulfillment of an agreement to which they are a party.
13. Confidentiality of Personal Data
The operator and other individuals with access to personal data may not disclose or distribute personal data to third parties without the consent of the data subject, except as provided by federal law.
14. Final Provisions
14.1. To obtain clarifications on the processing of personal data, the User can contact the Operator via email
at newcb@complexbar.ru.14.2. This document will reflect any changes to the Operator’s personal data processing policy. The policy will remain in effect until a new version replaces it.
14.3. The current version of the Policy is freely available at httpsː//code-maritime.ru/privacy/.