Privacy Policy

  1. GENERAL PROVISIONS

1.1       The current Policy on the processing of personal data of IT Innovations Fund (TIN 7813292056) (hereinafter referred to as the “Policy”) was developed in accordance with the requirements of the Federal Law of the Russian Federation No. 152 from July 27, 2006 “On Personal Data” (as amended by the Federal Law of 31.12.2017 No. 498) (hereinafter - the “Federal Law”).

1.2.      The purpose of the Policy is to ensure the protection of the rights and freedoms of a person and a citizen in the processing of his personal data by IT Innovations Fund (hereinafter referred to as the “Fund” or “Operator”), including the protection of privacy rights, personal and family secrets, as well as the fulfillment of the obligations of the Fund as a subject that processes personal data under the instruction, as part of the provision of services to companies: LLC X5 Corporate Center, PJSC VimpelCom, LLC МVМ, and LLC Home Interior, (hereinafter each separately - “Company”). When processing personal data, the Companies are guided by their own policies for the processing and protection of personal data posted on the websites of the Companies:

1.3.      Main terms used in the Policy:

  • personal data - any information relating to a directly or indirectly determined or designated individual (subject of personal data);
  • personal data operator (operator) - a state body, municipal body, legal or natural person, organizing and (or) processing personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, independently or together with other persons, actions (operations) performed with personal data;
  • personal data processing - any action (operation) or set of actions (operations) performed using automation means or without using such means with personal data. The processing of personal data includes: collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction;
  • automated processing of personal data - processing of personal data using computer equipment;
  • distribution of personal data - actions aimed at disclosing personal data to an indefinite circle of persons;
  • provision of personal data - actions aimed at disclosing personal data to a specific person or a certain circle of persons;
  •  personal data blocking - temporary suspension of personal data processing (unless it is necessary to process personal data);
  • destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
  • de-identification of personal data - actions, as a result of which it becomes impossible without the use of additional information to determine the ownership of personal data to a specific subject of personal data;
  •  personal data information system - a set of personal data contained in databases and information technologies and technical means ensuring their processing;
  • cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to the authority of a foreign state, foreign natural person or foreign legal entity.
  • Fund’s information portal (Portal) - information resource on the Internet, located at: www.rita.vc.

1.4.      Basic responsibilities of the Operator

The operator must:

- provide the subject of personal data with information concerning the processing of his personal data upon his request or legally provide a refusal;

  • at the request of the subject of personal data specify the processed personal data, block or delete, if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
  • keep a register of requests for personal data subjects, in which the requests of personal data subjects to receive personal data should be recorded, as well as the facts of providing personal data on these requests;
  • to ensure the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located in the territory of the Russian Federation, except for the cases provided for by paragraph 2, 3, 4, 8, part 1 of art. 6 of the Federal Law;
  • notify the subject of personal data about the processing of personal data in the event that personal data were not obtained from the subject of personal data;
  • in the event that the goal of processing personal data is achieved, immediately stop processing personal data and destroy the relevant personal data for a period not exceeding 30 days from the date of the goal of processing personal data, unless otherwise provided by federal laws, and notify the subject of personal data or his legal representative, and if the appeal or request was sent to the authorized body for the protection of the rights of personal data subjects, also notify the specified body;
  • in the event that the subject of the personal data revokes the consent to the processing of his personal data, stop processing the personal data and destroy the personal data within a period not exceeding 30 days from the date of receipt of the specified recall;
  •  notify the subject of personal data about the destruction of his personal data;
  • in the event that the subject of personal data requests the termination of the processing of his personal data in order to promote the Fund’s services on the market or fulfill the Fund’s obligations under civil law contracts, immediately stop processing personal data.

1.5.      Basic rights of the subjects of personal data:

The subject of personal data has the right to:

  • decide on the provision of his personal data to the Operator;
  • withdraw consent to the processing of their personal data;
  • enter, add or change the processed personal data;
  • require the exclusion of their personal data from publicly available sources of personal data;
  • to receive information concerning the processing of his personal data, including the information containing:
  1. confirmation of the fact of personal data processing by the Operator;
  2. legal grounds and purposes for the processing of personal data;
  3. objectives and methods of personal data processing applied by the Operator;
  4. the name and location of the Operator, information about persons (except for Operator’s employees) who have access to personal data or who may disclose personal data on the basis of an agreement with an operator or on the basis of Federal Law;
  5. processed personal data relating to the relevant subject of personal data, the source of their receipt, unless a different procedure for the provision of such data is provided for by Federal Law;
  6. terms of personal data processing, including the periods of their storage;
  7. the procedure for the subject of personal data to exercise the rights provided for by the Federal Law;
  8. information on completed or intended cross-border data transfer;
  9. name or full name, address of the person who processes personal data on behalf of the Operator, if processing is entrusted to or will be entrusted to such person;
  10. other information stipulated by the Federal Law or other federal laws of the Russian Federation;
  • appeal against the Operator’s actions or inaction to the Authorized Body for the Protection of the Rights of Personal Data Subjects or in court if the Personal Data Subject believes that the Operator processes its personal data in violation of the requirements of the Federal Law or otherwise violates its rights and freedoms;
  • to protect their rights and legitimate interests, including damages and (or) compensation for non-pecuniary damage.


2. PURPOSE OF PERSONAL DATA COLLECTION
 

2.1. The Fund collects and stores personal data of visitors to the Portal, including participants of the selection, pitch sessions and other events organized and held by the Fund, representatives of legal entities, as well as personal data of other personal subjects data received from counterparties of the Fund, necessary for the execution of agreements or treaties to which or on which the beneficiary is the subject of personal data.

2.2. The Fund carries out the processing of personal data in order to:

  • execute the organization and holding of exhibitions, conferences, congresses, competitions and other events for the support and development of innovations (hereinafter referred to as “Events”);
  • disseminate information aimed at drawing attention to the Events held in accordance with the objectives of the Fund, as well as dissemination of information about the sponsors of these Events;
  • gather information about potential participants / participants and experts of the Events, determine the compliance of potential participants / participants of the Events with the stated requirements, provisions for the relevant Event;
  • communicate with employees, representatives of counterparties, potential participants / participants, experts of the Event by e-mail, telephone;
  • determine the participants of the Event, organization of the accommodation and travel, award the winners of the competition, publish lists of the selected participants of the Event, as well as participants of the Events in the public domain;
  • execute the formation of a data bank of potential participants / participants of the Events;
  • promote Fund’s services on the market through direct contacts with the subjects of personal data, including informing about the events held (invitation to the Events);
  • execute the implementation of joint activities with counterparties of the Fund of Events and projects

2.3. The collection of personal data of potential participants / participants of the Events through the Portal is carried out by self-filling the personal information field on the Portal with the relevant subject, including when he completes a contact form for filing an application for registration at the Event, and entering data about his last name, first name and patronymic (if available), age, contact phone number, e-mail address.

The collection of personal data of other subjects of personal data provided for in this Policy is carried out in direct interaction with the relevant subject of personal data.

3. LEGAL BASIS OF PERSONAL DATA PROCESSING

The Fund processes the personal data of the subjects guided by:

  • Constitution of the Russian Federation,
  • Labor Code of the Russian Federation, Civil Code of the Russian Federation, Tax Code of the Russian Federation, Federal Law, Federal Law from January 12, 1996 No. 7 “On Non-Profit Organizations”, and adopted regulations governing relations associated with the activities of the Fund;
  • Federal Law from July 27, 2006 No. 149 “On Information, Information Technologies and Information Protection”;
  • Decree of the President of the Russian Federation from March 6, 1997 No. 188 “On Approval of the List of Confidential Information”;
  • Decree of the Government of the Russian Federation from September 15, 2008 No. 687 “On Approval of the Regulation on Peculiarities of Processing Personal Data Performed Without the Use of Automation Tools”;
  • Decree of the Government of the Russian Federation from November 01, 2012 No. 1119 “On approval of requirements for the protection of personal data when they are processed in personal data information systems”;
  • Order of Roskomnadzor from September 05, 2013 No. 996 “On approval of requirements and methods for depersonalization of personal data”;
  • Order No. 21 of the FSTEC of Russia from February 18, 2013 “On Approving the Composition and Content of Organizational and Technical Measures for Ensuring the Security of Personal Data During Their Processing in Personal Data Information Systems”;
  • Chapter of the Fund;
  • the consent to the processing of personal data.

4. VOLUME AND CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF PERSONAL DATA SUBJECTS

4.1. The Fund processes personal data of the following categories of subjects:

  • persons who have a civil legal nature of contractual relations with the Fund, or who are at the stage of pre-contractual or fulfilled relations of a similar nature;
  • individuals - potential participants / participants of events organized and held by the Fund, both consisting of and non-civil law relations with the Fund;
  • representatives of potential participants / participants of events organized and conducted by the Fund;

4.2. The Fund processes personal data in the following categories and in the following scope:

  • personal data of individuals - potential participants / participants of events organized and held by the Fund, who are not in civil law relations with the Fund, as well as representatives of potential participants / participants of events organized and held by the Fund provide personal data to the Fund when filling out information fields on the Portal, including when completing the contact form to submit an application for registration to the Events. The personal data of the subjects of personal data collection received over the Internet and processed by the Fund includes data on: last name, first name, patronymic (if available), age, contact telephone number, e-mail address.
  • personal data and other information contained in messages that the subject of personal data sends to the Fund;
  • technical data that is automatically transmitted by the device through which the personal data subject uses the Portal, including the technical characteristics of the device, the IP address, information stored in cookies that were sent to the personal data subject device, browser information, date and time of access to the Portal, addresses of the requested pages and other similar information.

Special categories of personal data are not processed by the Fund.


5. ORDER AND TERMS OF PROCESSING OF PERSONAL DATA

5.1. The Fund carries out the processing of personal data in the presence of at least one of the following conditions:

  • the processing of personal data is carried out with the consent of the personal data subject to the processing of his personal data;
  • the processing of personal data is necessary to achieve the goals stipulated by the international agreement of the Russian Federation or the law, to perform the functions, powers and duties assigned to the Fund by the legislation of the Russian Federation;
  • the processing of personal data is necessary for the administration of justice, the execution of a judicial act, an act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
  • processing of personal data is necessary for the execution of the contract, of which either the beneficiary or the guarantor for which is the personal data subject, as well as for the conclusion of the contract on the initiative of the personal data subject or the contract for which the personal data Subject is the beneficiary or guarantor;
  • the processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject, and at the same time, the consent of the subject is impossible;
  • the processing of personal data is necessary for the exercise of the rights and legitimate interests of the Fund or third parties or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the subject of personal data;
  • processing of personal data is carried out, access of an unlimited number of persons to which is provided by the personal data subject or at his request (hereinafter - publicly available personal data);
  • the processing of personal data is subject to publication or mandatory disclosure in accordance with Federal Law;

5.2. When processing of personal data is being executed by the Fund, confidentiality of personal data is respected: personal data is not disclosed to third parties, is not otherwise distributed without the consent of the personal data subject, except as required by the current legislation of the Russian Federation.
The inclusion by the Fund of personal data of the subjects in publicly accessible sources of personal data is possible only if there are requirements of federal legislation, or if the subject of personal data is obtained.

5.3. The Fund does not process special categories of personal data relating to race, nationality, political views, religious and philosophical beliefs, health status, intimate life of personal data subject.
5.4. Biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established and which are used by the Fund to identify the identity of the subject of personal data) is not processed by the Fund.

5.5. The Fund collects, records, organizes, accumulates, stores, refines (updates, changes), retrieves, uses, transfers (distributes, provides, accesses), remodel, blocks, deletes and destroys personal data.

5.6. The processing of personal data by the Fund is carried out in the following ways:

  • non-automated processing of personal data;
  • automated processing of personal data with or without transferring the information received through information and telecommunication networks;
  • mixed processing of personal data.

5.7. The Fund has the right to entrust the processing of personal data to another person only with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person (hereinafter referred to as the Fund’s instructions). At the same time, the Fund obliges the person who performs the processing of personal data on behalf of, to comply with the principles and rules for the processing of personal data provided for by federal law. If the Fund entrusts the processing of personal data to another person, the responsibility to the subject of personal data for the actions of the said person lies with the Fund. The person who processes personal data on behalf of the Fund is responsible to the Fund.

5.8. The provision of the processed personal data by the Fund is carried out in accordance with the legislation of the Russian Federation.

5.8.1. In order to fulfill the Fund's civil liabilities, it is intended to carry out cross-border transfer of personal data to individuals-participants (representatives of participating organizations) of Events organized and conducted by the Fund on the basis of transactions, of which (the Customer) is a foreign legal entity. Cross-border transfer of personal data is carried out in order to select candidates for passing the relevant stage of the Event, as well as to determine the winner of the relevant Event. Cross-border transmission can be made in respect of personal data provided to the Fund when the personal data subjects fill out information fields on the Portal, including when filling out a contact form, as well as submitting an application for registration to participate in the Events. The composition of such personal data includes data on: surname, name, patronymic (if available), age, contact telephone number, e-mail address.


In the case of a cross-border transfer of personal data by a person who received personal data, they are collected, recorded, organized, accumulated, stored, updated (modified, modified), used, deleted and destroyed personal data.

Prior to the commencement of the cross-border transfer of personal data, the Fund is obliged to ensure that the foreign state, to the territory of which the transfer of personal data is carried out, ensures adequate protection of the rights of personal data subjects.

Cross-border transfer of personal data on the territory of foreign countries that do not provide adequate protection of the rights of personal data subjects may be carried out by the Fund in the following cases:

  • the consent in writing of the subject of personal data on the cross-border transfer of his personal data;
  • execution of the contract to which the subject of personal data is a party.

5.9. The Fund has the right to transfer personal data to bodies of inquiry and investigation, other authorized bodies on the grounds stipulated by the legislation of the Russian Federation.
5.10. Access to processed personal data is provided only to those employees of the Fund who need it in connection with the performance of their official duties and in compliance with the principles of personal responsibility.

5.11. The Fund provides separate storage of personal data and their material carriers, which are processed for different purposes and which contain different categories of personal data.

5.12. The processing of personal data by the Fund is terminated in the following cases:

  • upon the occurrence of conditions for the termination of the processing of personal data or upon the expiration of the established deadlines;
  • on achieving the goals of their processing or in case of loss of the need to achieve these goals;
  • at the request of the subject of personal data, if the personal data being processed are unlawfully obtained or not necessary for the stated purpose of processing;
  • in case of unlawful processing of personal data, if it is impossible to ensure the legality of processing;
  • upon expiration of the consent of the subject of personal data to the processing of personal data or in the case of the withdrawal of personal data by the subject of such consent, unless there are other legal grounds for the processing of personal data provided for by the legislation of the Russian Federation;
  • in case of liquidation of the Fund.

5.13. Personal data, the processing time (storage) of which has expired, must be destroyed, unless otherwise provided by federal law. Storage of personal data after the termination of their processing is allowed only after their anonymization.

When storing personal data, the Fund is obliged to ensure the use of databases located on the territory of the Russian Federation, except for the cases provided for in paragraph 2, 3, 4, 8, part 1 of art. 6 of the Federal Law.

The retention period for personal data is:

  • personal data received in connection with the conclusion and execution of contracts, agreements (civil law, labor and others) - 5 years from the date of execution, termination of the relevant agreement (contract);
  • personal data specified in the consent to the processing of personal data - within 24 months from the date of the end of the relevant event, the offer of participation in which was accepted by the potential participant / participant of the Event.

5.14. The rules for working with personal data and their material carriers without the use of automation tools are defined in accordance with the “Provision on peculiarities of personal data processing carried out without the use of automation tools”, Decree of the Government of the Russian Federation from February 15, 2008 No. 687.

The processing of personal data of the personal data subject is considered implemented without the use of automation tools, if such actions with personal data, such as use, clarification, distribution, destruction of personal data in relation to each of the personal data subjects, are carried out with the direct participation of a person. A document containing personal data is a tangible medium with information recorded in it in any form containing personal data in the form of text (or) their combination.
5.14.1. The processing of personal data is carried out in respect of personal data and must be separated from other information by fixing them on separate material carriers, in special sections or in the form fields.

When recording personal data on tangible media, it is not allowed to record personal data on one tangible medium, the processing purposes of which are not compatible. Standard forms of documents should be designed in such a way that each of the subjects of personal data contained in the document has the opportunity to get acquainted with their personal data contained in the document without violating the rights and legitimate interests of other subjects of personal data.
Documents containing personal data are stored in cabinets locked with a key.

5.14.2. When working with documents containing personal data, an employee of the Fund is obliged to exclude the possibility of familiarization, viewing of these documents by other persons who are not authorized to work with them. When transferring documents containing personal data outside the Fund for business purposes, the Fund employee must take all possible measures to prevent the loss (loss, theft) of such documents.

When working with personal data of personal data subjects, as well as with their carriers, the Fund:

  • limits the number of employees allowed to work with specific personal data;
  • performs work with personal data carriers in special dedicated premises.


6. ACTUALIZATION, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS OF PERSONAL DATA.

6.1. In the event of confirmation of the fact of inaccuracy of personal data or the illegality of their processing, personal data are subject to updating by the Fund and processing must be terminated, respectively.
6.2. The Fund provides the subject of personal data or his legal representative information relating to the processing of his personal data, withdrawal of consent and access of the subject of personal data to his data, on the relevant request or request of the subject of personal data or his legal representative.

6.3. The information is provided in an accessible form and does not contain personal data relating to other subjects of personal data, except in cases where there are legal grounds for disclosing such personal data.

6.4. The request of the subject of personal data to receive information concerning the processing of his personal data by the Fund must contain:

  • information confirming the participation of the subject of personal data in relations with the Fund, or information otherwise confirming the fact of the processing of personal data by the Fund;
  • the signature of the subject of personal data or his legal representative.

The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

6.5. The Fund considers the appeal of the subject of personal data and provides an answer to it within 30 days from the date of receipt of the corresponding request in a form similar to the form of the received request.

6.6. When achieving the purposes of processing personal data, as well as in the case of a withdrawal by the subject of personal data of consent for their processing, personal data are subject to destruction, in the terms established by the legislation of the Russian Federation

  • unless otherwise provided by the contract to which the subject of personal data is a party;
  • unless otherwise provided by another agreement between the Fund and the subject of personal data.
  • if the Fund is not entitled to process without the consent of the subject of personal data on the grounds provided for by the Federal Law or other federal laws.

6.7. Destruction at the end of the processing of personal data on electronic media is carried out by mechanical violation of the integrity of the media, which does not allow reading or restoring personal data, or by removing electronic media from electronic media using methods and means of guaranteed removal of residual information.

6.8. Destruction at the end of the processing of personal data on paper media is carried out by grinding into small parts using a Schröder, which eliminates the possibility of subsequent recovery of information.


7. FINAL PROVISIONS

7.1. This Policy may be revised in the event of changes in the norms of the current legislation of the Russian Federation, processes and methods for processing personal data, categories of personal data subjects, as well as goals for processing personal data.

7.2. All employees of the Operator must be familiar with this Policy.

7.3. In order to ensure unrestricted access to this Policy, it is subject to publication - posting on the Portal.