1. General Provisions
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the “Policy”) of Gexa-Nonwoven Materials LLC , legal address: 143405, Moscow Region, Krasnogorsk District, Golyovo village, Tsentralnaya Street, Building 72A, Premises 2.11 (hereinafter referred to as the “Operator”), is an official document that defines the general principles, purposes, and procedures for processing the personal data of users of the Internet websites (www.gexa.ru, www.isospan.gexa.ru, www.geospan.gexa.ru, www.med.gexa.ru, www.agrotex.gexa.ru) (hereinafter referred to as the “Site”), as well as information about the implemented measures for protecting personal data.
1.2. The Policy is developed in accordance with the legislation of the Russian Federation in the field of personal data and the requirements of the European Union's General Data Protection Regulation (GDPR).
1.3. This Policy applies exclusively to the Site. The Operator does not control and is not responsible for the websites of third parties that the User may access via links available on the Site.
1.4. The processing of personal data of other categories of personal data subjects by the Operator is regulated by other local acts of the Operator.
1.5. This Policy comes into force from the moment of its approval and remains in effect indefinitely until replaced by a new Policy.
2. Key Terms and Definitions
2.1. The following terms are used in this Policy:
2.1.1. Personal Data Information System — a combination of personal data contained in databases and the information technologies and technical means that enable their processing.
2.1.2. Processing of Personal Data — any action (operation) or set of actions (operations) performed with personal data using or without using automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
2.1.3. Personal Data Operator (Operator) — a state body, municipal body, legal entity, or individual that independently or jointly with other persons organizes and/or processes personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.1.4. Personal Data — any information relating to a directly or indirectly identified or identifiable individual (personal data subject).
2.1.5. Site User — any individual visiting the site and using its information, materials, and services.
2.1.6. Site — a combination of interconnected web pages placed on the Internet at a unique address (URL) and its subdomains.
2.1.7. Cookies — a small piece of data sent by a web server and stored on the User’s computer, which the web client or web browser sends back to the web server in an HTTP request each time an attempt is made to open a page of the corresponding site.
2.1.8. IP Address — a unique network address of a node in a computer network through which the User accesses the site.
3. Procedure and Conditions for Processing Personal Data
3.1. The legal basis for processing the personal data of Site Users is consent to the processing of personal data. Site Users provide their consent to the processing of their personal data in the following cases:
– When filling out a feedback form / requesting a callback on the Site;
– When submitting reviews;
– When submitting a resume.
3.2. If a User does not agree with the terms of this Policy, the use of the Site and/or any Services available through the Site must be terminated immediately.
3.3. The personal data of Site Users are processed for the following purposes:
– Establishing feedback with the Site User, including sending notifications, inquiries, and processing them, as well as handling User requests and applications;
– Personnel selection;
– Maintaining statistics and analyzing Site operations.
3.4. The list of Site Users’ personal data processed on the Site using automated means includes:
– Name;
– Phone number;
– Email address;
– City/region;
– Information contained in a resume;
– Other information the user decides to provide.
3.5. For maintaining statistics and analyzing Site operations, the Operator processes the following data using the Yandex.Metrica analytics service:
– IP address;
– Browser information;
– Data from cookies;
– Access time;
– Referrer (address of the previous page).
3.6. The Yandex.Metrica service, available at http://api.yandex.com/metrika, enables various services and applications of the User to interact with the Yandex.Metrica service of Yandex LLC, registered at 119021, Moscow, Lva Tolstogo St., 16 (hereinafter referred to as “Yandex”). Yandex.Metrica works with cookies and creates pseudonymous usage profiles to analyze how Users interact with the Site. Information stored in such cookies (e.g., browser type/version, operating system used, referrer URL, hostname of the accessing computer, server request time) is typically transmitted and stored on Yandex servers. To block Yandex.Metrica, an add-on can be downloaded and installed via the following link: https://yandex.com/support/metrica/general/opt-out.html?lang=ru.Additional information can be found in Yandex’s privacy policy: https://yandex.ru/legal/confidential/?lang=ru.
3.7. When Yandex.Metrica is blocked, some Site features may become unavailable.
3.8. The processing of biometric personal data and special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status, or intimate life is not performed on the Site.
3.9. The Operator does not verify the accuracy of the information provided by the User and assumes that the User provides reliable and sufficient information, while also ensuring its relevance.
3.10. The Operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), blocking, deletion, destruction.
3.11. Personal data is stored in a form that allows identification of the personal data subject for no longer than required by the purposes of personal data processing.
3.12. Conditions for terminating the processing of personal data may include achieving the purposes of processing, expiration of the processing period, withdrawal of the Site User’s consent to the processing of their personal data, or identification of unlawful processing of personal data.
3.13. The retention period for Site Users’ personal data is 1 year from the last submission of data.
4. Measures for Ensuring the Security of Personal Data
4.1. The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, technical, and programmatic measures necessary and sufficient to meet the requirements of the legislation of the Russian Federation.
4.2. The Operator takes the following measures to ensure the security of personal data:
– Appointment of responsible persons for organizing the processing and ensuring the protection of personal data;
– Limiting the number of the Operator’s employees with access to personal data;
– Determining the level of protection for personal data during processing in personal data information systems;
– Establishing rules for access control to personal data processed in personal data information systems and ensuring logging and recording of all actions performed with personal data;
– Restricting access to premises housing the main technical means and systems of personal data information systems and where non-automated processing of personal data is conducted;
– Maintaining records of machine-readable media containing personal data;
– Organizing backup and recovery of the functionality of personal data information systems and personal data modified or destroyed due to unauthorized access;
– Establishing requirements for password complexity to access personal data information systems;
– Implementing antivirus control and preventing the introduction of malicious software (viruses) and software traps into the corporate network;
– Ensuring timely updates to software used in personal data information systems and information protection tools;
– Conducting regular assessments of the effectiveness of measures taken to ensure the security of personal data;
– Detecting instances of unauthorized access to personal data and taking measures to identify causes and eliminate possible consequences;
– Monitoring the measures taken to ensure the security of personal data and the protection levels of personal data information systems.
5. Rights of Site Users
5.1. The Site User has the right to obtain information regarding the processing of their personal data, including:
– Confirmation of the fact of processing of personal data by the Operator;
– The legal grounds and purposes of processing personal data;
– The purposes and methods of processing personal data used by the Operator;
– The name and location of the Operator, information about persons (except for the Operator’s employees) who have access to personal data or to whom personal data may be disclosed under an agreement with the Operator or based on federal law;
– The personal data being processed that relate to the respective personal data subject, their source, unless a different procedure for providing such data is established by federal law;
– The timeframes for processing personal data, including their retention periods;
– The procedure for exercising the rights of the personal data subject provided for by the Federal Law “On Personal Data”;
Information about completed or intended cross-border transfers of personal data;
The name or surname, first name, patronymic, and address of the person processing personal data on behalf of the Operator, if the processing is or will be entrusted to such person;
Other information provided for by the Federal Law “On Personal Data” or other federal laws.
5.2. The Site User has the right to require the Operator to clarify, block, or destroy their personal data if the personal data are incomplete, outdated, inaccurate, unlawfully obtained, or are not necessary for the stated purpose of processing, as well as to take legally provided measures to protect their rights.
5.3. The Site User has the right to request, in a structured, commonly used, and machine-readable format, a list of their personal data provided to the Operator for processing, and to instruct the Operator to transfer their personal data to a third party, provided the relevant technical capability exists. In this case, the Operator is not responsible for the subsequent actions of the third party with the personal data.
5.4. All inquiries regarding the processing of personal data should be sent to: ib@gexa.ru.
6. Liability
6.1. The User bears full responsibility for compliance with the requirements of the current legislation of the Russian Federation, including laws on advertising, on the protection of copyright and related rights, on the protection of trademarks and service marks, but not limited to the aforementioned, encompassing full responsibility for the content and form of materials in the event of quoting or otherwise using information obtained in connection with the use of the Site’s services.
7. Final Provisions
7.1. The Operator has the right to unilaterally amend this Policy in the event of changes in the regulatory legal acts of the Russian Federation, as well as at its own discretion.
7.2. Monitoring compliance with the requirements of this Policy is carried out by the person responsible for organizing the processing of personal data.
7.3. Persons guilty of violating the rules governing the processing and protection of personal data shall bear material, disciplinary, administrative, civil, or criminal liability in accordance with the procedure established by the legislation of the Russian Federation.
