Calendar of Events
+7 (812) 240 40 40
About the company
About the company
Portfolio
For organizers
Participants
Media Centre
Work in the company
Documents
Reviews
For Visitors
Partners
About the complex
About the Complex
Infrastructure of the Complex
Map of the complex
How to get there
Services
Маркетинговые
услуги
Кейтеринговые
услуги
туристические
услуги
Exhibition development services
Customs and Logistics Services
Technical and engineering services
EXPOFORUM»Confidentiality Policy

Confidentiality Policy

Personal Data Processing Policy

Order No. 126 dated September 10, 2024 «On Approval of the Personal Data Processing Policy»

 

1. General Provisions

1.1. This Personal Data Processing Policy (hereinafter – the Policy) is developed and applied by ExpoForum International Limited Liability Company (abbreviated name is EF International LLC, legal address: 196605, St. Petersburg, settlement Shushary, Peterburgskoe shosse, 64, unit 1, lit. А (hereinafter referred to as the Operator), is an official document determining the general principles, goals and procedure for processing of personal data of the website (hereinafter referred to as the Website) users, as well as the information on the implemented measures for personal data protection.

1.2. The Policy has been developed in compliance with the legislation of the Russian Federation in the field of personal data and the requirements of the General Data Protection Regulation of the European Union (GDPR).

1.2.1. This Policy applies to all personal data that may be received by the Operator from individuals during the time they visit websites, use the information, materials and services of the websites, register as visitors or participants of the events held at EXPOFORUM Convention and Exhibition Center located at: 196605, St. Petersburg, settlement Shushary, Peterburgskoe shosse, 64, unit 1, lit. A, and of other events organized by EF International LLC (Operator), via the Operator’s official websites: expoforum-center.ru, expoforum.ru, gas-forum.ru, cbc-spb.com, as well as exhibition websites, the domain name of which includes the second-level domain expoforum.ru, as well as any websites, the domain names of which belong to EF International LLC (hereinafter – the Websites), that may be expressly related to a specific individual and his/her personal data.

1.3. The Operator has not control over and is not liable for the third party websites the User may go to using the links available at the Website.

1.4. Processing by the Operator of personal data of other personal data subject categories is regulated by other local policies and procedures of the Operator.

1.5. This Policy becomes effective when approved and и remain in force indefinitely until replaced with a new Policy.

 

2. Basic terms and their definitions

2.1. In this Policy, the following terms are used:

2.1.1. Personal Data Information System is a totality of personal data contained in the databases and the information technologies and technical means ensuring processing thereof.

2.1.2. Personal data processing is any action (operation) or a set of actions (operations) with personal data performed using automation equipment or without such equipment, including collection, recording, systematization, accumulation, storing, refinement (updating, modification), retrieval, use, transmission (distribution, provision, access), anonymization, blocking, deletion, elimination of personal data.

2.1.3. Personal data operator (operator) is a public or municipal authority, a legal entity or an individual, who, either independently or jointly with other parties, organize and (or) perform personal data processing, and determine the goals of personal data processing, the structure of personal data to be processed, actions (operations) carried out involving personal data.

2.1.4. Personal data is any information that directly or indirectly relates to the identified or identifiable individual (personal data subject);

2.1.5 Website user is any person visiting the Website and using the Website information, materials and services.

2.1.6. Website is a set of the interrelated webpages posted in the Internet at a unique address (URL) and its subdomains.

2.1.7. Cookies are a small fragment of data sent by the webserver and stored on the User’s computer which a web client or a web browser each time sends to the web server in the HTTP request when attempting to open a relevant website page.

2.1.8. IP address is a unique web address of the host in the computer networks through which the User is provided access to the website.

 

3. Receipt, procedure and terms for personal data processing

3.1. A consent to personal data processing is deemed the basis for processing of the Website users’ personal data.

3.2. The consent to personal data processing may be given by the Subject in any form that allows to certify the consent receipt unless otherwise set forth by the federal law: in written, oral or another form provided for by applicable laws, including by taking implicative actions by the Subject. If there is no consent of the Subject to processing his/her personal date, such processing shall not be carried out.

3.3. The Subject personal data shall be obtained by the Operator:

— by personal transfer of personal data by the Subject when entering information electronically in the recording forms on the Operator’s websites;

— by personal transfer of personal data by the Subject when referencing to the Operator;

— by other ways that do not contradict the laws of the Russian Federation and requirements of international law on personal data protection.

3.4. The Website Users shall give their consent to processing of their personal data in the following cases: when registering in the personal account on the Website;

— upon authorization via the social media;

— when completing the feedback form / ordering a call back on the Website;

— when subscribing to the mailout;

— when sending testimonials;

— when sending a resume.

3.5. In the event the User disagrees with the terms hereof, the use of the Website and/or any Services available when using the Website should be immediately terminated.

3.6. The Website Users’ personal data shall be processed for the following purposes:

— promoting goods, works and services;

— informing on the activities and events held by the Operator;

— establishing feedback with the Website User including forwarding of notices, requests and processing thereof, as well as processing of requests and applications from the User for further entrance into and execution of the agreement;

— providing technical support services to the Users;

— receipt and publishing the testimonials;

— staff recruitment;

— maintaining statistic records and analyzing the Website operation.

3.7. The list of the users’ personal data processed on the Website using automation means:

— surname, name, patronymic;

— date of birth;

— telephone number;

— e-mail address;

— delivery address;

— information contained in the resume;

— information about services rendered or to be rendered to the personal data User, including the User’s order history;

— history of the User’s references, including documents sent by the User when referencing to the Operator;

— marketing information that relates directly or indirectly to the person surveyed – the personal data Subject.

— any other information that the User decided to present.

3.8. To maintain statistic records and analyze the Website operation, the Operator shall, process, using Yandex.Metrika metric services, such data as:

— IP address;

— information on the browser;

— cookies data;

— access time;

— reference (address of the previous page).

3.9. Yandex.Metrika service available at the address http://api.yandex.com/metrika, which enables various services and applications of the User to interact with Yandex.Metrika service of Yandex LLC, is registered at: 119021, Moscow, 16 Lev Tolstoy street (hereinafter – Yandex). Yandex.Metrika works with cookie files and creates pseudonymous usage profiles allowing to analyze Website usage by the Users. The information contained in such cookie files (for example, a type / version of a browser, the operating system used, URL-address of the referrer, host name of a computer that is granted the access, server request time) shall be generally transferred and stored on the Yandex servers. To block Yandex.Metrika one can download and install an add-in by link https://yandex.com/support/metrica/general/opt-out.html?lang=ru. Any additional information is available in the Yandex Confidentiality Policy: https://yandex.ru/legal/confidential/?lang=ru.

3.10. If Yandex.Metrika is blocked, some functions of the Website can become inaccessible.

3.11. The Website shall not process biometric personal data and special categories of personal data relating to ethnicity, nationality, political views, religious or philosophical beliefs, state of health, intimate life.

3.12. The Operator shall not verify the reliability of the information provided by the User and proceeds from the premise that the User presents the reliable and sufficient information and controls its relevance.

3.13. The Operator shall perform the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction.

3.14. Personal data shall be stored in the form enabling to identify the personal data Subject not longer than it is required by the personal data processing goals.

3.15. The terms for termination of personal data processing may be achievement of the goals of personal data processing, expiration of the term for personal data processing, withdrawal of the Website User’s consent to processing of his/her personal data, and detecting unlawful processing of personal data.

3.16. The storage period of the personal data of the Website Users is unlimited, unless the consent is withdrawn by the User.

 

4. Personal Data Transfer to Third Parties

For the purposes of services provision and improving the quality thereof, we transfer the information to the following third parties:

Processing goal

Third parties, their location and reference to the confidentiality policy / website, if applicable

Transfer goal

Third party address

Collecting web-analytics

Yandex LLC (Russia)

Web-analytics services provider (Yandex Metrika)

119021, Moscow, 16 Lev Tolstoy street

Authentication

Yandex LLC (Russia)

Authentication (SSO Provider)

119021, Moscow, 16 Lev Tolstoy street

Application processing

Zhivoy Site LLC (Russia)

Receipt of applications and responding to the application using Jivo business messenger

115280, Moscow, 19 Leninskaya sloboda, office 21g1

Advertising and Marketing Messaging

UniSender Rus LLC
(Russia)

Messaging with the use of the Unisender service

127015, Moscow, 23 Bolshaya Novodmitrovskaya street, f/premises 2/46.

Transaction mailing

U-Consult LLC

Transaction mailing

119017, Moscow, 44 Bolshaya Ordynka street, bldg. 2, floor 2/premises 11

Authentication

Operator Gazprom ID LLC

Authentication (SSO Provider)

191028, St. Petersburg, 26 Liteiny prospect, liter А, floor 4 office 425

 

5. Personal Data Security Arrangements

5.1. Security of personal data processed by the Operator shall be provided by implementing legal, organizational, technical and software measures that are necessary and sufficient to meet the requirements established by the legislation of the Russian Federation.

5.2. The Operator shall take the following measures to ensure personal data security:

— appointing persons responsible for arrangement of processing and ensuring protection of personal data;

limiting the number of the Operator’s employees having access to the personal data;

determining the level of personal data security during processing in personal data information systems;

identifying actual threats to personal data security during processing in personal data information systems;

establishing the rules differentiation of access to personal data processed in the personal data information system, as well as ensuring the registration and recording of all actions taken to personal data;

— restricting access to the premises where the primary technical facilities and systems of personal data information systems are placed and where non-automated processing of personal data is carried out;

— keeping record of personal data machine storage media;

— arranging for backup and restoration of operation of the personal data information systems and of personal data modified or destructed due to unauthorized access to them;

— establishing requirements to complexity of a password to get access to the personal data information systems;

— use the information protection means that passed compliance assessment procedure as per the established form;

— ensuring anti-virus control, preventing malicious software (software viruses)and implant tools from being penetrated into the corporate network;

— organizing timely updating of the software used in the personal data information systems and information protection means;

— regular assessment of efficiency of measures taken to provide for the personal data security;

— detecting cases of unauthorized access to the personal data and taking actions to identify the reasons and eliminate any possible effects;

— control over the measures to be implemented for ensuring personal data security and personal data information system protectability levels.

 

6. Website Users’ Rights

6.1. The Website User shall be entitled to get information related to processing of his/her personal data, including that containing:

— proof of personal data processing by the Operator;

— legal grounds and purposes of the personal data processing;

— goals and methods of personal data processing applied by the Operator;

— name and location of the Operator, information on the persons (except for the Operator’s employees) having access to the personal data or to whom the personal data may be disclosed under the agreement with the Operator or subject to the federal law;

— personal data processed that relate to the relevant personal data Subject, the source of receipt thereof, unless any other procedure for presenting of such data is provided for by the federal law;

— term for the personal data processing, including their storage period;

— procedure of exercising by the personal data Subject of the rights stipulated by the Federal Law «On Personal Data»;

— information about the personal data cross-border transferring made or expected to be made;

— name or surname, name, patronymic and address of the person who processes the personal data upon the Operator’s instruction, if such person is or will be assigned to process such data;

— other information stipulated by the Federal Law «On Personal Data» or by other federal laws.

6.2. The Website User may require the Operator to rectify, block or destruct his/her personal data in case the personal data are incomplete, outdated, inaccurate, unlawfully received or are not necessary for the stated goal of processing, as well as take any measures to protect his/her rights prescribed by law.

6.3. The Website User may request the list of his/her personal data in the well-structured, universal and machine-readable format, that were presented to the Operator for processing, and instruct the Operator to transfer his/her personal data to a third party if technically feasible. In this case, the Operator shall not be liable for the actions of the third party that are subsequently made with the personal data.

6.4. Any issues on personal data processing should be communicated at the address: 196605, St. Petersburg, settlement Shushary, Peterburgskoe shosse, 64, unit 1.

6.5. The User may at any time withdraw his/her consent to personal data processing, provided that such procedure does not violate the legislative requirements of the Russian Federation.

To withdraw the consent to personal data processing, the User shall send a written notification to the address: 196605, St. Petersburg, settlement Shushary, Peterburgskoe shosse, 64, unit 1.

If the personal data User applies to the Operator seeking to cease processing of the personal data within the term not exceeding 10 working days following receipt by the Operator of the relevant request, the personal data processing shall be ceased, unless otherwise provided for by the Law on Personal Data. The term specified may be extended, but for no more than five working days. For this purpose, the Operator is required to forward a reasonable notice to the personal data Subject specifying the grounds for the term extension.

 

7. The consent to receive advertising information by public data networks

7.1. When registering as a visitor or a participant of the exhibition or another event, submitting an application to receive mailings, subscribing to receive advertising information:

— by filling in a respective document on paper at the Operator’s office;

— on the Operator’s Websites (by ticking on the respective webpage by the Personal Data Subject),

The Subject thereby gives consent to process his/her personal data and receive the information messages from the Operator and third parties engaged by the Operator, including information of commercial promotional nature (advertising) specified in clause 1.7.2. hereof by public data networks (by the provided cell phone number and e-mail address).

7.2. When giving the consent as per clause 5.1. hereof, the Personal Data Subject thereby confirms that he/she acts willfully and in own interests, as well as that the personal data indicated is true.

 

8. Responsibility

8.1. The User shall be fully responsible for compliance with the requirements of the applicable legislation of the Russian Federation, including, but not limited to, of the laws on advertising, protection of copyrights and related rights, on protection of trade marks and service marks, including full responsibility for the content and form of materials in case of citing or any other use of the information received in connection with the use of the Website services.

 

9. Final Provisions

9.1. The Operator shall have the right to amend this Policy on a unilateral basis if there are any changes in the legal regulations of the Russian Federation, and at his/her own discretion.

9.2. Implementation of this Policy requirements shall be supervised by the person in charge of organization of personal data processing.

9.3. Persons guilty of violating the regulations governing processing and protection of personal data shall bear material, disciplinary, administrative, civil or criminal liability subject to the procedure prescribed by the legislation of the Russian Federation.