Personal Data Processing Policy

1. Key Terms and Definitions

For the purposes of this document, which sets forth the personal data processing policy of TatProm-Holding Group Limited Liability Company (TPH Group LLC), TIN: 7730298382, OGRN [1]: 1237700084434, Address: Room 52-11, Office 3.05, Building 3, 6 Barklaya St., Moscow, 121087 (hereinafter referred to as the "Company" or the "Operator"), the following terms and definitions shall apply:

  • Personal Data shall mean any information related to a directly or indirectly identified or identifiable natural person (a "Data Subject").
  • Operator shall mean a state body, municipal body, legal entity, or individual that, independently or jointly with others, organizes and/or performs personal data processing, and also determines the purposes of personal data processing, the content of personal data to be processed, as well as the actions (operations) to be performed with personal data.
  • Personal Data Processing shall mean any action (operation) or a set of actions (operations) performed with personal data, whether or not by automated means, such as collection, recording, organization, accumulation, storage, updating or alteration, retrieval, use, disclosure (by dissemination, transmission, or granting access), anonymization, blocking, erasure or destruction of personal data.
  • Automated Personal Data Processing shall mean the processing of personal data by means of computer technology.
  • Disclosure of Personal Data shall mean actions aimed at disclosing personal data to the public at large.
  • Transmission of Personal Data shall mean actions aimed at disclosing personal data to a specific person or a specific group of persons.
  • Blocking of Personal Data Processing shall mean the temporary suspension of personal data processing (except for cases where processing is necessary to update personal data).
  • Destruction of Personal Data shall mean actions resulting in the impossibility to restore the content of personal data in the personal data information system and/or in the destruction of physical personal data storage media.
  • Anonymization of Personal Data shall mean actions resulting in the impossibility to establish whether personal data belongs to a specific Data Subject without the use of additional information.
  • Personal Data Information System shall mean the aggregate of personal data contained in databases, and the information technologies and technical means that enable their processing.
  • Cross-Border Transfer of Personal Data shall mean the transfer of personal data to the territory of a foreign state to a foreign state's authority, a foreign individual, or a foreign legal entity.
  • Threats to Personal Data Security shall mean a set of conditions and factors that create a risk of unauthorized, including accidental, access to personal data, which may result in the destruction, alteration, blocking, copying, submission, dissemination of personal data, as well as other unlawful actions during their processing in the personal data information system.
  • Personal Data Security Level shall mean an integrated indicator characterizing the requirements that must be fulfilled to neutralize certain threats to the personal data security during their processing in personal data information systems.

2. General Provisions

This Personal Data Processing Policy adopted by TPH Group LLC (hereinafter, the "Policy") has been developed in compliance with Clause 2, Part 1, Article 18.1 of the Federal Law No. 152-FZ of July 27, 2006, "On Personal Data." The Policy defines the core principles, purposes, conditions, and methods of processing the personal data of users visiting the website https://gk-tph.ru/ (hereinafter, the "Website"), the rights of the Data Subjects who use the Website, as well as the Company's obligations related to processing such personal data.

This Policy serves as the basic framework for managing the processing and protection of users' personal data collected via the Website by the Company.

The Policy shall apply to all processes within the Company where the Website users' personal data is processed using computer technology, inter alia, via information and telecommunication networks.

The provisions of this Policy shall be mandatory for all employees of the Company.

This Policy shall become effective once it is approved by the General Director of TPH Group LLC and shall remain in effect until the termination of the Company's business.

Unrestricted access to this Policy is arranged by its publication on the Company's Website.

The Company reserves the right to update and amend this Policy, including in the event of changes to the legislation of the Russian Federation governing the processing and security of personal data, as well as in case of changes to the in-house personal data processing procedures within the Company.

3. Personal Data Processing Conditions

The legal grounds for the processing of Data Subjects' personal data are established with reference to the processing conditions defined by Part 1, Article 6 of the Federal Law No. 152-FZ of July 27, 2006, "On Personal Data."

The legal ground for personal data processing within the Company is the Data Subject's consent to the processing of their personal data, which shall be provided and/or submitted by the Data Subject independently through special forms on the Website.

By completing the relevant forms and/or submitting their personal data to the Operator, the Data Subject acknowledges that they have accepted this Policy and consented to the processing of their personal data.

The Data Subjects' personal data may be processed for the following purposes:

  • fulfilling obligations of TPH Group LLC under orders and contracts, as well as other obligations of TPH Group LLC;
  • providing users with information about the Company and its partners, inter alia, the goods, work and the services offered by the company;
  • collecting data for marketing purposes (for contacting via email or telephone in order to offer services, send newsletters, or register for events);
  • analyzing user activity using the Yandex.Metrica service.

Category of Personal Data Subjects: visitors to the Operator's website (Operator's employees, representatives or employees of clients and counterparties).

Category of Personal Data Processed: other.

Scope of Processed Personal Data:

For the purpose of fulfilling the obligations of TPH Group LLC under orders and contracts, as well as other obligations of TPH Group LLC:

  • Last Name, First Name, Patronymic;
  • telephone number;
  • email address;
  • company name.

For the purpose of providing users with information about the Company and its partners, inter alia, the goods, work and the services offered by the company;

  • Last Name, First Name, Patronymic;
  • telephone number;
  • email address;
  • company name.

For the purpose of collecting data for marketing purposes (for contacting via email or telephone in order to offer services, send newsletters, or register for events);

  • Last Name, First Name, Patronymic;
  • telephone number;
  • email address.

For analyzing user activity using the Yandex.Metrica service: cookies.

Methods of Processing Personal Data: Personal data of Data Subjects is processed using automation tools.

Operations Performed on Personal Data: the Operator performs the following operations on personal data of Data Subjects: collection, recording, organization, accumulation, storage, updating or alteration, retrieval, use, disclosure (by dissemination, transmission, or granting access), blocking, and deletion.

Period of Personal Data Processing: the processing of Data Subjects' personal data shall continue until the purposes of the personal data processing are achieved.

Procedure for the Destruction of Personal Data

Personal data processed for the purposes specified above shall be destroyed in the following instances:

  • the purposes of personal data processing have been achieved or are no longer relevant;
  • the Data Subject has withdrawn their consent to processing, or submitted a valid request to cease their personal data processing (where complying with such a request requires the destruction of personal data);
  • the term of the Data Subject's consent has expired;
  • a legal order is received from the competent data protection authority mandating data destruction;
  • unlawful processing of the personal data is identified.

If it is impossible to destroy personal data within the period stipulated by Federal Law No. 152-FZ of July 27, 2006, "On Personal Data," the Operator shall block or ensure such data is blocked from any further processing (if personal data is processed by a third party acting on the Operator's instructions). The Operator shall also ensure the data is physically destroyed within a maximum of six months, unless otherwise stipulated by federal law.

The fact of personal data destruction must be documented in accordance with the requirements established by the authorized body for the protection of the rights of personal data subjects.

4. Procedure for Personal Data Processing

The Data Subject freely, by their own will, and in their own interest, makes the decision to provide their personal data and gives consent to the processing thereof.

The Data Subject may at any time withdraw their consent to personal data processing by submitting a written request to the Operator at the following postal address: Room 52-11, Office 3.05, Building 3, 6 Barklaya St., Moscow, 121087, Russia, in accordance with the procedure established by Article 14 of the Federal Law of the Russian Federation No. 152-FZ of July 27, 2006 "On Personal Data," or by sending an electronic document to the following email address: info@gk-tph.ru. The electronic document must be signed with a qualified electronic signature pursuant to the legislation of the Russian Federation and bear the notation "Withdrawal of Consent to the Personal Data Processing."

Any request or communication submitted to the Company for the purpose of exercising the Data Subject's rights must contain the following data:

  • Last name, first name, and patronymic of the Data Subject or their representative;
  • Number of the primary identity document of the Data Subject or their representative;
  • Date of issue of the said document and the issuing authority;
  • Information confirming the Data Subject's relationship with the Company, or information that may be indicative of the Company's processing of the relevant Data Subject's personal data;
  • Signature of the Data Subject (or their representative).

A withdrawal of consent to personal data processing or a demand to cease personal data processing submitted to the Company must specify, inter alia, the following:

  • Last name, first name, and patronymic of the Data Subject or their representative, and the address of the Data Subject;
  • Information confirming the Data Subject's relationship with the Company, or information that may be indicative of the Company's processing of the relevant data Subject's personal data;
  • Signature of the Data Subject (or their representative).

The obligation to provide proof of obtaining the Data Subject's consent to the processing of their personal data, or proof of compliance with other conditions for processing, shall rest with TPH Group LLC.

In the event the Data Subject is legally incapacitated, consent to the processing of their personal data shall be provided by the Data Subject's legal representative.

5. Transfer/Disclosure of Personal Data

TPH Group LLC does not engage in the cross-border transfer of personal data.

In the course of its business, the Company is entitled to disclosing personal data to third parties for the purposes of running its operations or to comply with the requirements of the legislation of the Russian Federation. The Data Subject has the right to freely access a list of third parties granted access to their personal data. Such third parties may include:

  • Entities legally entitled to data processing, for instance, if data is disclosed to such persons with the User's consent, including where the data is necessary for providing the relevant service to the User;
  • Any public authority or local self-government body to which the Company shall mandatorily provide information in accordance with applicable law upon receipt of a relevant lawful request.

The Company shall disclose personal data to third parties only to the extent necessary to achieve the stated purposes of processing.

An essential condition of agreements with third parties, under which personal data is disclosed, shall be the parties' obligation to ensure the confidentiality and security of the personal data.

6. Processing of Cookies

A cookie is a small text file containing data that is stored on the device (e.g., a computer or smartphone) used to access the Website. The information the Operator obtains through cookies helps the Operator to provide its services in the manner most convenient for the Website visitor (for instance, cookies enable quick and efficient navigation between the Website's pages and sections).

For the purposes of this Policy, the term "cookies" shall also mean any other similar technologies, including pixel tags, web beacons, etc.

The Operator may use cookies received from the Website visitors' devices for the following purposes, inter alia, to maintain the Website's functionality:

  • Strictly Necessary Cookies — are essential for the correct operation and display of the Website. These cookies do not store personal data that could identify the Website visitor as an individual;
  • tatistics/Analytics Cookies — are used to collect statistical information about the interaction with the Website, including the total number of visitors and bounce rate metrics, in order to enhance the user experience, i.e. offer better navigation and correct errors.

The Operator uses the information contained in cookies solely for the purposes specified above and, subsequently, continues storing collected data on the Website visitor's device for a period which may vary depending on the respective type of cookie.

Based on their storage period, cookies are categorized as follows:

  • Session Cookies — are active only for the duration of the web browser session in which the visitor accessed the Website and are deleted once the browser is closed;
  • Persistent Cookies — are stored on the Website visitor's computer and remain there even after the browser is closed. In most cases, the validity period of such cookies does not exceed two years.

Most web browsers are initially configured to accept cookies automatically. You may at any time change your web browser settings to block the use of cookies on your device.

The Operator utilizes the Yandex.Metrica web analytics service on the Website to analyze user activity through the use of cookies, evaluate how Users interact with the Website, and for general Website improvement. Cookies are collected by the Operator through the Yandex.Metrica tracking code.

The following personal data categories are processed via cookies: username, region, language, information about the device used, details of the User's browser, and the User's navigation pattern on the Website.

7. Company’s Obligations in Processing Personal Data

When processing personal data, the Company shall:

  • Comply with the requirements of the legislation of the Russian Federation on the processing and protection of personal data;
  • Provide the Data Subject, upon their request, with the information set out in Part 7 of Article 14 of the Federal Law No. 152-FZ "On Personal Data" of July 27, 2006; ensure recording, organization, accumulation, storage, updating or alteration, and retrieval of personal data of Data Subjects (citizens of the Russian Federation) using databases, located within the Russian Federation, with the exception of cases provided for by the legislation of the Russian Federation;
  • Take measures aimed at fulfilling the obligations stipulated by Federal Law No. 152-FZ "On Personal Data" of July 27, 2006, and the regulatory legal acts adopted in accordance therewith;
  • Take measures to ensure the security of personal data during their processing;
  • Fulfill the obligations binding on Personal Data Operators in case of receiving inquiries and/or requests regarding personal data from the Data Subject and/or their representative and/or from an authorized body for the protection of the rights of Data Subjects;
  • Fulfill the obligations to update, block, and destroy personal data in the cases provided for by Federal Law No. 152-FZ "On Personal Data" of July 27, 2006;
  • Cooperate with the authorized body for the protection of the rights of personal data subjects on matters related to the processing and protection of personal data in the cases provided for by Federal Law No. 152-FZ "On Personal Data" of July 27, 2006;
  • Perform other obligations stipulated by the legislation of the Russian Federation.

8. Rights of Data Subjects

Data Subjects are entitled to the following rights:

  • The right to obtain information relating to the processing of their personal data, except in cases stipulated by Part 8 of Article 14 of the Federal Law No. 152-FZ "On Personal Data" of July 27, 2006;
  • The right to appeal the actions or omissions of the Company to the official body authorized for the protection of the rights of Data Subjects or in a court of law, if the Data Subject believes that the Company processes their personal data in violation of the requirements of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006, or otherwise infringes upon their rights and freedoms;
  • The right to protect their rights and legitimate interests;
  • The right to request that the Company update, block, or destroy their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or is not necessary for the stated purpose of processing, as well as to request that the Company provide notification of the changes made and measures taken by third parties to whom the relevant Data Subject's personal data were previously disclosed;
  • The right to withdraw their consent to the processing of personal data in accordance with Article 9 of the Federal Law No. 152-FZ "On Personal Data" of July 27, 2006.

9. Measures to ensure the security of personal data during their processing

The security of personal data is achieved, inter alia, through the implementation of measures necessary and sufficient to guarantee the fulfillment of obligations stipulated by Federal Law No. 152-FZ of 27 July 2006 "On Personal Data", the regulations adopted in accordance therewith, and the obligations envisaged by the said Federal Law, including the following:

  • the Company appoints a person responsible for arranging the processing of personal data;
  • the Company adopts in-house regulations on the processing of personal data, as well as in-house regulations establishing procedures for preventing and identifying breaches of the legislation of the Russian Federation and remedying the consequences of such breaches;
  • legal, organizational, and technical measures shall be implemented to ensure the security of personal data in accordance with Article 19 of Federal Law No. 152-FZ of 27 July 2006 "On Personal Data";
  • the Company conducts in-house inspections and/or audits to verify the compliance of personal data processing with Federal Law No. 152-FZ of 27 July 2006 "On Personal Data", the regulations adopted pursuant thereto, the personal data protection requirements, the Company's policy regarding the processing of personal data, and the Company's in-house regulations;
  • the Company assesses potential harm to personal Data Subjects in the event of a violation of Federal Law No. 152-FZ of 27 July 2006 "On Personal Data" in accordance with the requirements established by the authorized body for the protection of the rights of personal data subjects, and such harm shall be weighted against the measures implemented by the Company to ensure compliance with the obligations stipulated by this Federal Law;
  • familiarizing the Operator's employees directly involved in the processing of personal data with the provisions of the Russian Federation legislation on personal data, including the data protection requirements, documents establishing the Operator's policy regarding the processing of personal data, and in-house regulations on the processing of personal data, and/or providing training to such employees.

When processing personal data, TPH Group LLC takes the necessary legal, organizational and technical measures or ensures that such measures are taken to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, submission, dissemination, as well as from other unlawful actions with respect to personal data, including:

  • identifying threats to the security of personal data during their processing;
  • ensuring compliance with requirements that prevent unauthorized access to the physical media, on which personal data is stored, and ensure the integrity of personal data;
  • detecting incidents of unauthorized access to personal data and taking remedial measures;
  • assessing the effectiveness of the measures taken to ensure personal data security prior to the commissioning of the personal data information system;
  • backing up personal data using specialized software and hardware tools, enabling the restoration of altered or destroyed personal data resulting from unauthorized access;
  • establishing rules for access to personal data, and ensuring that all actions performed with personal data processed within the personal data information system are logged and recorded;
  • maintaining a register of machine-readable media containing personal data;
  • monitoring compliance with the measures for ensuring personal data security and the security level of personal data information systems.

10. Final Provisions

For any clarifications regarding the processing of personal data, the Personal Data Subject may contact the Operator via email info@gk-tph.ru.

This Policy shall remain in effect indefinitely until it is replaced by a new version.

The current version of this Policy is freely available on the Internet at: https://gk-tph.ru/.


[1] OGRN – an abbreviation for Primary State Registration Number

We use cookies to improve the services providedBy continuing the navigation through the site, you agree to the rules for the use of cookiesMore in the Confidentiality policy
Agree

Contact us

I consent to personal data processing in accordance with the requirements of 152-FZ and accept the terms of the privacy policy

Спасибо за заявку!

В ближайшее время мы свяжемся с вами!