Privacy Policy

The Privacy Policy (hereinafter referred to as the Policy) determines the procedure for processing and protecting personal information about Users, which the ASSOCIATION FOR THE DEVELOPMENT OF ENTREPRENEURSHIP AND SUPPORT OF BUSINESS RELATIONS “INDIAN BUSINESS COUNCIL”, TIN: 9717108854, KPP: 771701001, PSRN: 1217700610874, legal address: 1217700610874, OKRN: 1217700610874, Location: 129226, Moscow, Selskokhozyaystvennaya st., 4, building 7, floor 2, office С-21/5 (hereinafter referred to as the Administration) may be obtained during the use of the site https://ibcrussia.org/ by Users (hereinafter referred to as the Site).

1. Basic provisions

1.1 Registration on the Site means the User’s unconditional consent to this Policy and the conditions for processing personal information specified therein. In case of disagreement with these conditions, the User must refrain from using the Services.

1.2 This Policy has been developed in accordance with the current legislation of the Russian Federation on personal data.

1.3 This Policy applies to all processing processes, namely the collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data carried out with the use of automation tools and without the use of such tools.

2. Personal data of users

2.1 For the purposes of this Policy, “personal data” of the User means:

2.1.1 Data that the User provides about himself independently when creating an application, subscribing to a newsletter or in the process of using the site, including the User’s personal data.

2.1.2 Data that is automatically transmitted to the Site Administration in the course of their use using the software installed on the User’s device, including IP address, cookie data, information about the User’s browser (or other program that accesses the Services ), technical characteristics of the equipment and software used by the User, date and time of access to the Services, addresses of the requested pages and other similar information.

2.1.3 Other information about the User, the processing of which is provided for by the terms of services provided by the Site Administration.

2.2 The site administration proceeds from the fact that the User provides reliable and sufficient personal data and keeps this data up to date.

2.3 The site administration has the right to make changes to this Personal Data Processing Policy. The new version of the Policy comes into force from the moment it is posted. The current version is permanently available on the page at: https://ibcrussia.org/privacy-policy.

3. Purposes of personal data processing

3.1 The site administration collects and stores only those personal data that are necessary to provide services to the User.

3.2 The site administration processes personal data of Users for the following purposes:

3.2.1 Identification of the party.

3.2.2 Providing the User with personalized offers and execution of agreements and contracts.

3.2.3 Communication with the User, including sending notifications, requests and information, as well as processing requests from the User.

3.2.4 Improving the quality of the site, services and services provided by the Site Administration, development of new services.

3.2.5 Conducting statistical and other research based on depersonalized data.

4. Principles of personal data processing

4.1 The processing of personal data is carried out on a lawful and fair basis;

4.2 The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. It is not allowed to process personal data that is incompatible with the purposes of collecting personal data;

4.3 It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;

4.4 Only those personal data that meet the purposes of their processing are subject to processing;

4.5 The content and scope of the processed personal data correspond to the stated purposes of processing. The processed personal data is not excessive in relation to the stated purposes of processing;

4.6 When processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the stated purposes of their processing, are ensured.

4.7 The storage of personal data is carried out in a form that allows you to determine the subject of personal data no longer than required by the purposes of processing personal data, if the period of storage of personal data is not established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. The processed personal data is subject to destruction or depersonalization upon reaching the goals of processing or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

5. Conditions for the processing of personal data

5.1 The processing of personal data is carried out in compliance with the principles and rules established by the Federal Law “On Personal Data”. The processing of personal data is allowed in the following cases:

5.1.1 the processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;

5.1.2 the processing of personal data is necessary to achieve the goals stipulated by an international treaty of the Russian Federation or the law, to exercise and fulfill the functions, powers and duties assigned to the operator by the legislation of the Russian Federation;

5.1.3 the processing of personal data is necessary for the administration of justice, the execution of a judicial act, an act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;

5.1.4 the processing of personal data is necessary for the performance of an agreement to which the subject of personal data is a party or beneficiary or guarantor, as well as to conclude an agreement on the initiative of the subject of personal data or an agreement under which the subject of personal data will be the beneficiary or guarantor;

5.1.5 the processing of personal data is necessary to protect the life, health or other vital interests of the subject of personal data, if obtaining the consent of the subject of personal data is impossible;

5.1.6 the processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated;

5.1.7 the processing of personal data is carried out for statistical or other research purposes, subject to the mandatory depersonalization of personal data. The exception is the processing of personal data for the purpose of promoting goods, works, services on the market by making direct contacts with a potential consumer using means of communication, as well as for the purposes of political campaigning;

5.1.8 processing of personal data is carried out, access of an unlimited number of persons to which is provided by the subject of personal data, or at his request (hereinafter referred to as personal data made public by the subject of personal data);

5.1.9 processing of personal data subject to publication or mandatory disclosure in accordance with federal law is carried out.

5.2 Biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity and which is used by the operator to identify the subject of personal data) is not processed by the Site Administration.

5.3 The site administration does not carry out cross-border transfer of personal data.

5.4 Based on exclusively automated processing of personal data, decisions that give rise to legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests are not made.

5.5 If there is no need for the subject’s written consent to the processing of his personal data, the fact of the voluntary provision of such data by the subject or his representative is recognized by the parties as the fact of providing personal data with the consent of the subject.

5.6 The site administration has the right to entrust the processing of personal data to another person, unless otherwise provided by federal law, on the basis of an agreement concluded with this person (hereinafter referred to as the operator’s instruction). At the same time, the Site Administration in the contract obliges the person who processes personal data on behalf of the Site Administration to comply with the principles and rules for the processing of personal data provided for by federal law.

5.7 If the Site Administration entrusts the processing of personal data to another person, the Site Administration is responsible to the subject of personal data for the actions of the specified person. The person who processes personal data on behalf of the Site Administration is responsible to the Site Administration.

5.8 The site administration undertakes and obliges other persons who have gained access to personal data not to disclose to third parties and not to distribute personal data without the consent of the subject

6. Responsibilities of the site administration

6.1 In accordance with the requirements of Federal Law No. 152-FZ “On Personal Data”, the Site Administration is obliged to:

– Provide the subject of personal data, at his request, with information regarding the processing of his personal data, or legally provide a refusal.

– At the request of the subject of personal data, clarify the processed personal data, block or delete if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing.

Notify the subject of personal data about the processing of personal data in the event that personal data was not received from the subject of personal data, except for the following cases:

1) The subject is notified of the processing of his personal data by the relevant operator;

2) Personal data was obtained by the Site Administration on the basis of federal law or in connection with the execution of an agreement to which the subject of personal data is a party or beneficiary or guarantor;

3) Personal data is made public by the subject of personal data or obtained from a public source;

4) The site administration processes personal data for statistical or other research purposes, for the professional activities of a journalist or scientific, literary or other creative activities, if the rights and legitimate interests of the subject of personal data are not violated;

5) Providing the subject of personal data with the information contained in the Notice on the processing of personal data violates the rights and legitimate interests of third parties.

– If the goal of processing personal data is achieved, immediately stop processing personal data and destroy the relevant personal data within a period not exceeding thirty days from the date of achieving the goal of processing personal data, unless otherwise provided by the contract, the party to which, the beneficiary or guarantor of which is the subject of personal data, another agreement between the Site Administration and the subject of personal data, or if the Site Administration is not entitled to process personal data without the consent of the subject of personal data on the grounds provided for by No. 152-FZ “On Personal Data” or other federal laws.

– If the subject of personal data withdraws consent to the processing of his personal data, stop processing personal data and destroy personal data within a period not exceeding thirty days from the date of receipt of the said withdrawal, unless otherwise provided by an agreement between the Site Administration and the subject of personal data. The Site Administration is obliged to notify the subject of personal data about the destruction of personal data.

– In the event of a request from the subject to stop processing personal data in order to promote goods, works, services on the market, immediately stop processing personal data.

7. Measures to ensure the security of personal data during their processing

7.1 When processing personal data, the Site Administration takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.

7.2 Ensuring the security of personal data is achieved, in particular:

7.2.1 determining threats to the security of personal data during their processing in personal data information systems;

7.2.2 the application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to fulfill the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Russian Federation;

7.2.3 the use of information security tools that have passed the conformity assessment procedure in accordance with the established procedure;

7.2.4 evaluating the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;

7.2.5 detection of facts of unauthorized access to personal data and taking measures;

7.2.6 recovery of personal data modified or destroyed due to unauthorized access to them;

7.2.7 control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.

8. Final provisions

8.1 In the event of any disagreement or dispute between the Parties under this Privacy Policy, a prerequisite is to file a claim for a voluntary settlement of the dispute before going to court.

8.2 The recipient of the claim, within 10 (ten) working days from the date of its receipt, notifies the claimant in writing of the results of the consideration of the claim.

8.3 If it is impossible to resolve the dispute on a voluntary basis, disputes under the Privacy Policy or in connection with it are subject to consideration in court at the location of the Administration in accordance with the current procedural law of the Russian Federation.

8.4 This Privacy Policy, the procedure for its conclusion and execution, as well as issues not regulated by this Policy, is governed by the current legislation of the Russian Federation

8.5 This Privacy Policy may be changed by the Administration without any special notice to the User. The new version of the Privacy Policy comes into force from the moment it is posted on the Site.

8.6 The User has the right to withdraw consent to the processing of his personal information at any time by sending a corresponding request to the following email address: info@ibcrussia.org from the email address that was specified by the User when providing personal information. At the same time, the deletion of data may result in the inability to use some or all of the Services of the Site by the User.

8.7 Users have the right to send requests to the Administration regarding this Policy by e-mail at info@ibcrussia.org.