Personal data processing policy

We respect privacy and care about protecting the personal information that you provide to us.

We respect privacy and care about protecting the personal information that you provide to us. We would like to acquaint you with the following principles on which we base our policy concerning confidential information and your personal data, in particular.

Personal data is any information that can identify you as an individual, such as your name and surname, postal address or passport number, phone number, profession, or personal interests.

1. General provisions

1.1 In the course of its business, DOMAIN Co Ltd processes the personal data of individuals, or the subjects of personal data. In order to maintain its business reputation and ensure full compliance with the standards of federal legislation, DOMAIN Co Ltd (hereinafter the Operator) considers its most important objective to be ensuring the legality, fairness, confidentiality, and security of personal data processing.

1.2 This document describes the policy regarding the processing and protection of personal data in order to protect the rights and freedoms of an individual and citizen in the processing of the individual’s personal data, including the protection of privacy rights as well as personal and family secrets. The policy is a public document that sets forth the conceptual basis of the Operator’s activities when processing personal data.

1.3 This Policy is applicable to all cases involving the processing of personal data by the Operator or on behalf of the Operator regardless of whether it is performed manually or automatically (semi-automatically).

1.4 The Operator shall be guided by the Federal Law No. 152-FZ «On Personal Data» dated 27 July 2006 (the Law) when processing data.

2. Processing of personal data

2.1 The Operator shall process personal data in order to perform the functions assigned to the Operator by regulatory legal acts, execute the obligations of contracts to which one of the subjects of the personal data is a party, and also for other purposes specified by the law.

2.2 The Operator may collect and process the personal data of its employees, candidates for vacation positions as well as its clients, their representatives, beneficiaries, and other individuals who have contractual and other civil relations with the Operator, and may also process the personal data of other individuals if such processing is ordered in accordance with the requirements of the Law. When collecting and subsequently processing personal data, the Operator shall observe the main principles and conditions for processing specified by the Law.

2.3 The Operator shall process personal data to the extent and within the period required to perform contractual obligations, the requirements of federal legislation, and also for its own purposes of doing business and rendering services. In cases prescribed by the Law, the Operator shall reserve the right to request the relevant consent from the subjects of personal data to process their personal data and to deny the provision of services if such consent is not obtained.

2.4 Personal data may only be processed by the Operator’s authorized employees following the adoption of sufficient security measures ensuring the protection of personal data and in accordance with regulatory documents governing the processing and protection of personal data. Personal data may be processed and stored both in hard copy and electronic form with or without means of automation.

2.5 The Operator may resort to hiring third parties to process personal data only if justified. The Operator shall take all the necessary measures to ensure that third parties hired to process personal data act in accordance with this Policy and do not jeopardize the confidentiality of the personal data.

2.6 The Operator may transmit the personal data of the subjects of personal data to third parties provided that this transmission is based on the requirements of federal legislation or the conditions of contracts concluded with the subject, or permitted with the relevant consent of the subject. Personal data shall be transferred securely using protected data transmission channels. Personal data may only be transferred to a third party based on a contract with the Operator that contains the requirements on the protection of the transmitted personal data as well as the obligations and liability of the third party to meet these requirements unless otherwise stipulated by federal legislation.

3. Protection of personal data

3.1 The Operator shall not distribute or disclose personal data to third parties without the consent of the subject of the personal data unless otherwise stipulated by federal legislation.

3.2 The security of the personal data processed by the Operator shall be ensured by the implementation of legal, organisational, technical, and software measures that are necessary and sufficient to meet the requirements of federal legislation as regards the protection of personal data.

3.3 The main measures for the protection of the personal data used by the Operator are:

  • appointing officials who are responsible for organizing the processing and protection of personal data;
  • restricting and controlling the employees who have access to personal data;
  • acquainting employees with the requirements of federal legislation and the Operator’s regulatory documents concerning the processing and protection of personal data;
  • organizing a mode to ensure the physical security of premises, media, and equipment;
  • controlling user access to information resources as well as software and hardware for the processing and protection of information;
  • registering and recording events in information systems;
  • employing means of cryptographic information protection to ensure the security of personal data when transmitting it via open communications channels;
  • ensuring anti-virus protection;
  • protecting information systems against attacks at the network level;
  • performing periodic control of the sufficiency and completeness of protection measures;
  • conducting internal control and/or an audit of the compliance of personal data processing with Federal Law No. 152-FZ «On Personal Data» dated 27 July 2006 and the regulatory legal acts, requirements for the protection of personal data as well as the Operator’s local acts adopted in accordance the Law.
4. Rights of subjects of personal data

4.1 The subjects of personal data may (in accordance with Chapter 3 of the Law):

  • obtain information about the Operator, its location, and whether the Operator has personal data concerning the relevant subject of personal data, and also review such personal data;
  • clarify their personal data, block it, or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated purpose of processing;
  • stop the processing of its personal data performed for direct marketing processing;
  • withdraw their consent for the processing of personal data or demand that their personal data stop being processed (in which case the Operator may refuse to provide services to the subject or perform its contractual obligations if it is impossible without processing the personal data);
  • obtain information concerning the processing of their personal data, including information containing:
  1. confirmation of the processing of personal data as well as the purpose of such processing;
  2. methods for the processing of personal data by the Operator;
  3. information about individuals who have access to the personal data or whom may be provided with such access;
  4. a list of the processed personal data and the source of its receipt;
  5. the period required to process the processing of personal data, including the storage period;
  6. information about what legal implications the processing of the personal data may entail for the subject of the personal data.

4.2 The right of the subjects of personal data to access their personal data may be restricted in accordance with federal laws if:

  • the personal data, including personal data obtained as a result of investigative, counterintelligence and intelligence activities, is processed for the purposes of a country’s defence, national security, or the protection of law and order;
  • the personal data is processed by authorities that detailed the subject of the personal data on suspicion of committing a crime, charged the subject of the personal data in a criminal case, or imposed preventive measures against the subject of the personal data prior to the filing of charges, except for cases envisaged by the criminal procedural legislation of the Russian Federation if the suspect or defendant is permitted to review such personal data;
  • the personal data is processed in accordance with anti-money laundering and anti-terrorist financing legislation;
  • the access of the subject of the personal data to its personal data violates the rights and legitimate interests of third parties;
  • the personal data is processed in cases envisaged by the legislation of the Russian Federation on transport security in order to ensure the sustainable and safe operation of the transportation industry, protect the interests of the individual, the public, and the government in the transport industry against acts of unlawful interference.

4.3 In order to obtain information about the special features of the processing of personal data, the subject must send a relevant request to the Operator. The request must contain the number of the main identity document of the subject of the personal data or its representative, information about the issue date of this document and the issuing authority, information confirming the participation of the subject of the personal data in relations with the operator (contract number, contract data, the conditional verbal designation and/or other information), or information that otherwise confirms the processing of the personal data by the Operator, and the signature of the subject of personal data or its representative. The request may be sent in the form of an electronic document and be signed by electronic signature in accordance with the legislation of the Russian Federation.

4.4 If the subject of the personal data believes that the Operator is processing its personal data in violation of the requirements of the Law or otherwise violating its rights and freedoms, the subject of the personal data may complain about the Operation’s actions or inaction to the authorized body for the protection of the rights of subjects of personal data or in court.

4.5 The subject of the personal data may protect its rights and legitimate interests, including the reimbursement of losses and/or compensation for moral damages in court.