Privacy Policy

POLICY REGARDING THE PROCESSING OF PERSONAL DATA OF ROBOTIC SOLUTIONS LLC

1. GENERAL STATEMENTS

This Policy defines the procedure for processing personal data and measures to ensure the security of personal data of Robotic Solutions CJSC (hereinafter referred to as the Operator) in order to protect civil rights and liberties in the processing of personal data, including the protection of privacy rights, personal and family secrecy.

The following terms are used in the Policy:

“automated processing of personal data” - processing of personal data using computer technology;

“blocking of personal data” - temporary termination of personal data processing (unless the processing is necessary to clarify personal data);

“personal data information system” – a complex of personal data contained in databases, and sets of information technologies and technical means ensuring its processing;

“depersonalization of personal data” - actions, resulting in impossible determination of the personal data ownership without the use of additional information;

“personal data processing” - any action (operation) or a combination of actions (operations) with personal data carried out wholly or partly by automated means, including collection, systematization, accumulation, storage, clarification (updating, changing), retrieval, use, transmission (distribution, provision, access), depersonalization, blocking, removal, annihilation of personal data;

“operator” - a state body, municipal body, legal entity or private individual, independently or jointly with other individuals, organizing and (or) processing personal data, as well as determining the purposes of personal data processing, the structure of personal data to be processed, actions (operations) performed with personal data;

“personal data” - any information related to a directly or indirectly determined or designated private individual (subject of personal data);

“personal data submission” - actions aimed at the disclosure of personal data to a specific individual or a specific group of individuals;

“personal data distribution” - actions aimed at disclosing personal data to an indefinite group of individuals (transmission of personal data) or aimed at studying personal data by an unlimited number of individuals, including divulgation of personal data in the media, posting on telecommunication networks or providing access to personal data in any other way;

“cross-border transmission of personal data” - the transmission of personal data into the territory of a foreign state to a foreign authority, to a foreign private individual or foreign legal entity.

“annihilation of personal data” - actions, as a result of which it is impossible to restore the personal data in the personal data information system and (or) as a result of which physical storage media of personal data are destroyed;

The company is obliged to publish or otherwise provide unlimited access to this Policy for the processing of personal data.

2. PRINCIPLES AND TERMS OF PROCESSING PERSONAL DATA

2.1 Principles of processing personal data

The processing of personal data by the Operator is based on the following principles:

legitimacy and fair basis;
personal data processing in accordance with specific, predetermined and legitimate goals;
preventing personal data processing incompatible with the purposes of collecting personal data;
preventing the integration of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
processing only those personal data that meet the purposes of their processing;
compliance of the content and processed personal data amount with the declared processing goals;
preventing the processing of personal data that is excessive in relation to the declared processing purposes;
ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
annihilation or depersonalization of personal data upon achievement of the purposes of their processing or in case of loss of necessity to achieve these goals, if it is impossible to eliminate the committed violations of personal data by the Operator.

2.2 Terms of processing personal data

The Operator processes personal data granting at least one of the following conditions:

personal data processing is carried out with the consent of the personal data subject to the processing of his/her personal data;
personal data processing is necessary for the administration of justice, the implementation of a judicial act or an act of another body or official;
personal data processing is necessary for the execution of a contract to which either one of the Parties or beneficiary is a personal data subject, as well as for the conclusion of a contract upon the initiative of the personal data subject or the contract under which the personal data subject will be either one of the Parties or the beneficiary;
personal data processing is necessary to implement the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the personal data subject;
the processing of personal data, commonly accessible for an unlimited number of individuals because of the permission of the subject of personal data or at his request (hereinafter referred to as commonly accessible personal data) is carried out;
personal data processing, that is a subject to publication or mandatory disclosure in accordance with law, is carried out.

2.3 Confidentiality of personal data

The Operator and other individuals who have the access to personal data are required not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by law.

2.4 Public Sources of Personal Data

For the purposes of information support, the Operator may create commonly accessible sources of subjects of personal data, including directories and address books. With the written consent of the subject, commonly accessible sources of personal data may include his surname, name, patronym, date and place of birth, occupation, contact phone numbers, email address and other personal data provided by the subject of personal data.

Information about the subject must be excluded from public sources of personal data at any time at the request of the subject of personal data or by court order or other authorized state bodies.

2.5 Special categories of personal data

Processing of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health condition, intimate life is allowed in cases if:

with the written consent of the subject of personal data to process his personal data;
personal data is made commonly accessible by the subject of personal data;
personal data processing is necessary to protect life, health or other vital interests of the subject of personal data or life, health or other vital interests of other individuals, and obtaining the written consent of the subject of personal data is impossible;
personal data processing is carried out for medical and preventive purposes, in order to make a medical diagnosis, provide medical and social services, provided that the processing of personal data is carried out by medical personnel;
the processing of personal data is necessary to establish or implement the rights of the subject of personal data or third parties, as well as in the purpose of justice administration;
personal data processing is carried out in accordance with the legislation on compulsory insurance.

Processing of special categories of personal data must be ceased immediately if the reasons that led to their processing have been eliminated, unless otherwise provided by law.

Processing of personal data on a criminal record may be carried out by the Operator exclusively in cases and in the manner that are determined in accordance with law.

2.6 Biometric personal data

Information that characterizes the physiological and biological specialities of an individual, on the basis of which it is possible to establish his identity (biometric personal data) can be processed by the Operator only with the written consent of the subject.

2.7 Instruction for processing personal data to another individual

The Operator has the right to entrust personal data processing to another individual with the consent of the subject of personal data, on the basis of a contract concluded with this individual, unless otherwise provided by law. A person who processes personal data on behalf of the Operator is required to comply with the principles and rules for the processing of personal data provided for in General Data Protection Regulation.

2.8 Cross-border transfer of personal data

The Operator is obliged to make sure that the foreign state, where it is supposed to transmit personal data, provides adequate protection of the rights of the subjects of personal data before such transfer begins.

Cross-border transmission of personal data on the territory of foreign states that do not provide adequate protection of the rights of subjects of personal data may be carried out in the following cases:

with the written consent of the personal data subject to the cross-border transmission of his personal data;
contract performance, one of the Party of which is the subject of personal data.

3. RIGHTS OF A SUBJECT OF PERSONAL DATA

3.1 Consent of the subject of personal data to his personal data processing

The personal data subject decides to provide his personal data and agrees to its processing freely, by his will and in his interest. Consent to the processing of personal data may be given by the subject of personal data or his representative in any form allowing confirming the fact of its receipt, unless otherwise provided by law.

The obligation to provide the consent of the personal data subject to the processing of his personal data or evidence of the existence of the grounds specified in General Data Protection Regulation rests with the Operator.

3.2 Rights of the subject of personal data

The personal data subject has the right to receive the information regarding the processing of his personal data from the Operator, if such a right is not restricted in accordance with federal laws. The personal data subject has the right to require the Operator to clarify his personal data, block it or delete it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated processing purposes. The personal data subject has also the right to take legally provided measures to protect his/her rights.

Personal data processing in order to promote goods, works, services on the market through direct contacts with a potential consumer using communication means, as well as for political campaigning, is allowed only with the prior consent of the subject of personal data. Such processing of personal data is recognized as being carried out without the prior consent of the subject of personal data, unless the Company proves that such consent was obtained.

The Operator is obliged to immediately stop the processing of personal data for the above purposes at the request of the subject of personal data.

It is forbidden to make decisions on the basis of wholly automated processing of personal data that create legal consequences relating to the subject of personal data or affect in any other way his/her rights and legitimate interests, unless otherwise provided by law, or with the written consent of the subject of personal data.

If the subject of personal data considers that the Operator is processing his personal data violating the requirements of General Data Protection Regulation or is violating his rights and freedoms in any other way, the subject of personal data has the right to appeal the actions or omissions of the Operator to the authorized body for the protection of the rights of subjects of personal data or by judicial process.

The personal data subject has the right to protect his/her rights and legitimate interests in court, including compensation for losses and (or) compensation for moral damages.

4. SECURITY OF PERSONAL DATA

The security of personal data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary to ensure the requirements of General Data Protection Regulation.

To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:

the assignment of officials, responsible for organizing the processing and protection of personal data;
limiting the number of individuals having access to personal data;
informing the subject of personal data about the requirements of legislation and Operator’s regulatory documents for the processing and protection of personal data;
organization of accounting, storage and operation of information carriers;
searching of threats to the security of personal data during their processing, the formation of threat models on the basis of the information compiled;
development of a personal data protection system based on the threat model;
readiness and effectiveness verification of the of the use of information security tools;
differentiation of user access to information resources and software-hardware information processing;
registration and accounting of operations of users of personal data information systems;
use of antivirus and recovery tools for personal data protection;
the use of necessary means of firewalling, intrusion detection, security analysis and cryptographic protection of information;
organization of access control to the Operator’s territory, security of premises with technical means for personal data processing.

5. FINAL PROVISIONS

Other rights and obligations of the Operator as the operator of personal data are determined by the General Data Protection Regulation. The Operator’s officials guilty of violating the rules governing the processing and protection of personal data bear financial, disciplinary, administrative, civil or criminal liability in the manner prescribed by General Data Protection Regulation.