This personal data processing policy is drafted in accordance with the requirements of Federal Law No. 152-FZ dated 27.07.2006 “On Personal Data” (hereinafter referred to as the Personal Data Law) and defines the procedure for personal data processing and measures to ensure personal data security taken by Denis Vyacheslavovich Gorelkin (hereinafter referred to as the Operator).
1.1. The Operator's most important goal and condition for carrying out its activities is the observance of human and civil rights and freedoms when processing personal data, including protection of the rights to privacy and personal and family secrecy.
1.2. This Operator policy regarding personal data processing (hereinafter referred to as the Policy) applies to all information that the Operator may obtain about visitors to the website https://whatsgate.org.
2.1. Automated personal data processing means processing of personal data using computer technology.
2.2. Blocking of personal data means temporary suspension of personal data processing (except where processing is required to clarify personal data).
2.3. Website means a set of graphic and informational materials, as well as software and databases, ensuring their availability on the Internet at https://whatsgate.org.
2.4. Personal data information system means a set of personal data contained in databases, and information technologies and technical means ensuring their processing.
2.5. Depersonalization of personal data means actions resulting in impossibility to determine, without additional information, whether personal data belongs to a specific User or another personal data subject.
2.6. Personal data processing means any action (operation) or set of actions (operations) performed with or without automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator means a state authority, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or performs personal data processing, as well as determines purposes of personal data processing, the composition of personal data subject to processing, and actions (operations) performed with personal data.
2.8. Personal data means any information relating directly or indirectly to an identified or identifiable User of the website https://whatsgate.org.
2.9. Personal data permitted by the personal data subject for distribution means personal data to which an unlimited number of persons are granted access by the personal data subject by giving consent to process personal data permitted for distribution in the manner provided by the Personal Data Law (hereinafter referred to as personal data permitted for distribution).
2.10. User means any visitor to the website https://whatsgate.org.
2.11. Provision of personal data means actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Distribution of personal data means any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or making personal data available to an unlimited group of persons, including publication in mass media, placement in information and telecommunications networks, or provision of access to personal data by any other means.
2.13. Cross-border transfer of personal data means transfer of personal data to a foreign state's territory to a foreign authority, foreign individual, or foreign legal entity.
2.14. Destruction of personal data means any actions resulting in irreversible destruction of personal data with impossibility of further restoration of personal data content in the personal data information system and/or destruction of physical media containing personal data.
3.1. The Operator has the right to:
- receive from the personal data subject reliable information and/or documents containing personal data;
- if the personal data subject withdraws consent to personal data processing, continue processing personal data without such consent if grounds specified in the Personal Data Law exist;
- independently determine composition and list of measures necessary and sufficient to ensure fulfillment of obligations provided by the Personal Data Law and normative legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Operator shall:
- provide the personal data subject, at their request, with information concerning processing of their personal data;
- organize personal data processing in accordance with applicable legislation of the Russian Federation;
- respond to appeals and requests of personal data subjects and their legal representatives in accordance with requirements of the Personal Data Law;
- provide necessary information to the authorized authority for protection of rights of personal data subjects upon request of such authority within 30 days from receipt of such request;
- publish or otherwise provide unrestricted access to this Policy regarding personal data processing;
- take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions regarding personal data;
- stop transfer (distribution, provision, access) of personal data, stop processing, and destroy personal data in the procedure and cases provided by the Personal Data Law;
- perform other obligations provided by the Personal Data Law.
4.1. Personal data subjects have the right to:
- receive information concerning processing of their personal data, except in cases provided by federal laws. Information is provided by the Operator in an accessible form and must not include personal data related to other personal data subjects, except where legal grounds for disclosure of such personal data exist. The list of information and procedure for obtaining it are established by the Personal Data Law;
- require from the Operator clarification of their personal data, blocking or destruction of such data if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the declared processing purpose, and take measures provided by law to protect their rights;
- impose a condition of prior consent when processing personal data for promotion of goods, works, and services on the market;
- withdraw consent to personal data processing;
- appeal to the authorized authority for protection of rights of personal data subjects or to court against unlawful actions or inaction of the Operator in processing their personal data;
- exercise other rights provided by legislation of the Russian Federation.
4.2. Personal data subjects shall:
- provide the Operator with reliable data about themselves;
- inform the Operator about clarification (update, modification) of their personal data.
4.3. Persons who provided the Operator with inaccurate information about themselves or information about another personal data subject without that subject's consent are liable in accordance with legislation of the Russian Federation.
5.1. Last name, first name, patronymic.
5.2. Email address.
5.3. Phone numbers.
5.4. The website also collects and processes depersonalized visitor data (including “cookie” files) using Internet statistics services (Yandex Metrica, Google Analytics, and others).
5.5. The above data is hereinafter referred to collectively as Personal Data.
5.6. The Operator does not process special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, intimate life.
5.7. Processing of personal data permitted for distribution from among special categories of personal data specified in Part 1 Article 10 of the Personal Data Law is allowed if prohibitions and conditions provided by Article 10.1 of the Personal Data Law are observed.
5.8. User consent to processing of personal data permitted for distribution is formalized separately from other consents to processing of their personal data. Conditions provided, in particular, by Article 10.1 of the Personal Data Law are observed. Requirements for content of such consent are established by the authorized authority for protection of rights of personal data subjects.
5.8.1 User provides consent to processing of personal data permitted for distribution directly to the Operator.
5.8.2 The Operator shall, no later than three business days from receipt of the specified User consent, publish information about processing conditions, as well as prohibitions and conditions for processing personal data permitted for distribution by an unlimited number of persons.
5.8.3 Transfer (distribution, provision, access) of personal data permitted for distribution by the personal data subject must be terminated at any time at the request of the personal data subject. Such request must include last name, first name, patronymic (if any), contact information (phone number, email address, or postal address) of the personal data subject, as well as the list of personal data whose processing must be terminated. Personal data specified in such request may be processed only by the Operator to whom the request was sent.
5.8.4 Consent to processing of personal data permitted for distribution terminates from the moment the Operator receives the request specified in Clause 5.8.3 of this Personal Data Processing Policy.
6.1. Personal data processing is carried out on a lawful and fair basis.
6.2. Personal data processing is limited to achieving specific, predetermined, and lawful purposes. Processing of personal data incompatible with purposes of personal data collection is not allowed.
6.3. Combining databases containing personal data processed for purposes incompatible with each other is not allowed.
6.4. Only personal data that meets purposes of its processing is subject to processing.
6.5. Content and scope of processed personal data correspond to declared processing purposes. Excessive processing of personal data in relation to declared purposes is not allowed.
6.6. When processing personal data, accuracy, sufficiency, and where necessary relevance of personal data to processing purposes are ensured. The Operator takes necessary measures and/or ensures their taking to delete or clarify incomplete or inaccurate data.
6.7. Storage of personal data is carried out in a form that allows identification of the personal data subject for no longer than required by personal data processing purposes, unless personal data storage period is established by federal law or contract to which the personal data subject is a party, beneficiary, or guarantor. Processed personal data is destroyed or depersonalized upon achievement of processing purposes or in case of loss of necessity to achieve these purposes, unless otherwise provided by federal law.
7.1. Purpose of User personal data processing:
- informing the User by sending emails;
- conclusion, execution, and termination of civil law contracts;
- providing User with access to services, information, and/or materials contained on website https://whatsgate.org.
7.2. The Operator also has the right to send User notifications about new products and services, special offers, and various events. User can always opt out of informational messages by sending an email to service@whatsgate.org with subject “Opt-out of notifications about new products and services and special offers”.
7.3. Depersonalized User data collected through Internet statistics services is used to collect information about User actions on the website and improve the quality of the website and its content.
8.1. Legal grounds for personal data processing by the Operator are:
- contracts concluded between the Operator and personal data subject;
- federal laws and other normative legal acts in the field of personal data protection;
- User consents to processing of their personal data, including personal data permitted for distribution.
8.2. The Operator processes User personal data only if the User fills in and/or submits such data independently through special forms located on website https://whatsgate.org or sent to the Operator by email. By filling in relevant forms and/or sending personal data to the Operator, the User expresses consent to this Policy.
8.3. The Operator processes depersonalized User data if this is allowed in User browser settings (saving “cookie” files and using JavaScript technology is enabled).
8.4. The personal data subject independently decides to provide their personal data and gives consent freely, of their own will, and in their own interest.
9.1. Personal data processing is carried out with consent of the personal data subject to processing of their personal data.
9.2. Personal data processing is necessary to achieve purposes provided by an international treaty of the Russian Federation or law, for exercising functions, powers, and duties imposed on the Operator by legislation of the Russian Federation.
9.3. Personal data processing is necessary for administration of justice, execution of a judicial act, act of another authority or official subject to execution under legislation of the Russian Federation on enforcement proceedings.
9.4. Personal data processing is necessary for execution of a contract to which the personal data subject is a party, beneficiary, or guarantor, as well as for conclusion of a contract at the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor.
9.5. Personal data processing is necessary for exercising rights and legitimate interests of the Operator or third parties, or for achieving socially significant purposes, provided that rights and freedoms of the personal data subject are not violated.
9.6. Processing of personal data is carried out where access to such data is granted to an unlimited number of persons by the personal data subject or at their request (hereinafter referred to as publicly available personal data).
9.7. Processing of personal data subject to publication or mandatory disclosure in accordance with federal law is carried out.
Security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary for full compliance with applicable legislation in the field of personal data protection.
10.1. The Operator ensures safety of personal data and takes all possible measures to prevent access to personal data by unauthorized persons.
10.2. User personal data will never, under any circumstances, be transferred to third parties, except in cases related to compliance with applicable law or if the personal data subject has given consent to transfer data to a third party for performance of obligations under a civil law contract.
10.3. If inaccuracies in personal data are identified, User may update them independently by sending notification to the Operator at service@whatsgate.org with subject “Personal data update”.
10.4. Personal data processing period is determined by achievement of purposes for which personal data was collected, unless another period is provided by contract or applicable legislation. User may at any time withdraw consent to personal data processing by sending notification to the Operator via email to service@whatsgate.org with subject “Withdrawal of consent to personal data processing”.
10.5. All information collected by third-party services, including payment systems, communication means, and other service providers, is stored and processed by those parties (Operators) according to their User Agreement and Privacy Policy. The personal data subject and/or User shall independently and timely review those documents. The Operator is not liable for actions of third parties, including service providers specified in this clause.
10.6. Prohibitions set by personal data subject on transfer (except access provision), as well as on processing or conditions of processing (except access provision) of personal data permitted for distribution, do not apply in cases of personal data processing in state, public, and other public interests determined by legislation of the Russian Federation.
10.7. When processing personal data, the Operator ensures confidentiality of personal data.
10.8. The Operator stores personal data in a form allowing identification of personal data subject for no longer than required by processing purposes, unless storage period is established by federal law or contract to which personal data subject is a party, beneficiary, or guarantor.
10.9. A condition for termination of personal data processing may be achievement of processing purposes, expiration of consent validity period, withdrawal of consent by personal data subject, as well as detection of unlawful personal data processing.
11.1. The Operator performs collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
11.2. The Operator performs automated personal data processing with receipt and/or transfer of received information via information and telecommunications networks or without such transfer.
12.1. Before starting cross-border transfer of personal data, the Operator shall ensure that the foreign state to whose territory transfer of personal data is planned provides reliable protection of rights of personal data subjects.
12.2. Cross-border transfer of personal data to territories of foreign states not meeting the above requirements may be performed only if there is written consent of personal data subject for cross-border transfer of their personal data and/or execution of a contract to which the personal data subject is a party.
The Operator and other persons who obtained access to personal data shall not disclose to third parties or distribute personal data without consent of personal data subject, unless otherwise provided by federal law.
14.1. User may obtain any clarifications on issues of interest regarding processing of their personal data by contacting the Operator via email at service@whatsgate.org.
14.2. This document will reflect any changes to the Operator's personal data processing policy. The Policy is valid indefinitely until replaced by a new version.
14.3. Current version of the Policy is publicly available on the Internet at https://whatsgate.org/docs/law/politika-konfidencialnosti.