Provisions of this Confidentiality Policy cover any information provided through the websites http://www.rusregister.ru, http://www.academyrusregister.ru, http://www.rr-info.ru, https://www.edu-rr.ru and/or received in the course of the services provided by Certification Association “Russian Register” (hereinafter — Association Russian Register).
Certification Association “Russian Register” perfectly understands how important it is for you in what way we will process your data. We thank you for your confidence in our ability to do it in a careful and rational manner. In this document you will find our Confidentiality Rules.
The Confidentiality Policy is designed to define your rights and respond to all requests which may arise in respect of your personal data. For additional information please contact us: email@example.com.
If you have concluded the contract with one of our affiliate companies, than the Operator/Controller of your data will be Certification Association “Russian Register” and a company stated in your contract (“Russian Register – Volga-Kaspiy” Ltd., “Russian Register – Far East” Ltd., “Russian Register – Ural Quality” Ltd., “Russian Register – Ural inspectorate” Ltd., “Russian Register-Povolzhye” Ltd., “Russian Register-Privolzhye” Ltd., “Russian Register – Moscow inspectorate” Ltd., “Russian Register – Сivil Aviation” Ltd., “Russian Register – Moskoviya” Ltd., “Russian Register – Siberia” Ltd., “Russian Register – Volga” Ltd., “Russian Register – Baltic inspectorate” Ltd., “Russian Register – International certification” Ltd., “Russian Register – Certification” Ltd., “Russian Register – SouthWest” Ltd., “Russian Register- Sakhalin” Ltd., “Russian Register – Eurasia” Ltd., “Russian Register- Azerbaijan” Ltd., “Russian Register-Westgeorgia” Ltd., “Russian Register – Bel” Ltd., “Russian Register- Central Asia” Ltd., “Russian Register – Transcaucasia” Ltd., ANPO FPE “TC “Russian Register – Baltic inspectorate”, “Russian Register – Industrial expert assessment” Ltd., “Russian Register – Avia Standard” Ltd., “Russian Register – Expert” Ltd., “Russian Register – NordWest” Ltd.). In all other cases Certification Association “Russian Register” will be the Operator /Controller of your data.
The Policy and procedures for personal data processing were developed in accordance with the requirements of Federal Law dated 27.07.2006 No. 152-ФЗ “On personal data” (hereinafter 152-ФЗ), Federal Law dated 27.07.2006 No. 149-ФЗ “On information, information technologies and information protection”, Regulation No 2016/679 of the European Parliament and of the European Union Council “On the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter EU Regulation), and applicable national legislation for personal data subjects.
Association Russian Register understands that its activities will be focused on personal data subjects, including those in the European Union (hereinafter EU).
The use of Association Russian Register website means unreserved acceptance of this Confidentiality Policy and all conditions for personal data processing of a personal data subject stated in it by a user.
In case of disagreement with the conditions of the Confidentiality Policy a subject of personal data shall stop using websites http://www.rusregister.ru, http://www.academyrusregister.ru, http://www.rr-info.ru, https://www.edu-rr.ru
This Confidentiality Policy applies only to websites http://www.rusregister.ru, http://www.academyrusregister.ru, http://www.rr-info.ru, https://www.edu-rr.ru. An Operator/Controller does not control and is not responsible for third party websites to which a personal data subject can go using the links available on websites http://www.rusregister.ru, http://www.academyrusregister.ru, http://www.rr-info.ru, https://www.edu-rr.ru. We call on you to study their provisions on confidentiality.
An Operator/Controller does not verify credibility of personal data provided by a subject of personal data.
All personal data provided or acquired by an affiliate Company is primarily controlled by Association Russian Register, (address (location) – 45/8A, office 6N, Liteynyi prospect 191014 St. Petersburg).
Association Russian Register takes all commercially reasonable efforts to keep all disclosed personal information secure. Information collected by tracing and registration will not be provided and sold to third parties for any purposes without your direct consent, with the exception of the cases provided for by this Confidentiality Policy, a contract concluded between Certification Association “Russian Register” and you.
When you visit our website, we receive and can collect two types of information: (1) Information about the use of the website, cookies, IP-addresses, and (2) personal information which you knowingly provide and which is gathered on the individual basis.
You may also apply to us by post to the address: Certification Association “Russian Register”, 101 Rimskogo-Korsakova, office 1, St. Petersburg 190121, Russia.
The following terms and definitions are used in this confidentiality policy:
Personal data (under 152- ФЗ) – any information related to a directly or indirectly identified or identifiable individual (subject of personal data);
Personal data (under the EU Regulation) means any information relating to an identified or identifiable natural person (‘data subject’);
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The criterion “all the means can reasonably be used for identification” provide for by Directive 95/46/EU remains;
Operator (under 152- ФЗ) – a public authority, municipal authority, natural or legal person, which alone or jointly with others arranges and (or) perform processing of personal data, as well as determines the purposes of the processing of personal data, contents of personal data subjected to processing, actions (operations) performed on personal data;
Controller (under the EU Regulation) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
Processor (under the EU Regulation) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Processing of personal data – any action (operation) or set of actions (operations) which is performed by automated means or not by automated means on personal data, such as collection, recording, organization, structuring, storage, adaptation (updating, alteration), retrieval, use, disclosure (transmission, dissemination, making available), anonymization, blocking, erasure or destruction of personal data;
Automated processing of personal data – processing of personal data by computer means;
Dissemination of personal data – actions aimed at disclosure of personal data to the indefinite range of persons;
Making personal data available – actions aimed at disclosure of personal data to a definite person of a definite range of persons;
Blocking of personal data – temporary stoppage of personal data processing (except for the cases when processing is required for clarification of personal data);
Erasure of personal data – actions resulting in the impossibility to retrieve the contents of personal data in the personal data information system and (or) in destruction of physical media with personal data;
Anonymization of personal data – actions resulting in the impossibility to attribute personal data to a specific personal data subject without the use of additional information
Personal data information system – a set of personal data contained in the database and information technologies and hardware which ensure their processing;
Cross-border transfer of personal data – transfer of personal data to a foreign state to a public authority of a foreign state, a foreign natural or foreign legal entity;
Cookies — small portion of data sent by a web-server and stored on a user’s computer which a web client or a web browser always sends to the web server in an HTTP request at the attempt to open a page of an appropriate website.
IP address — a unique network address of a host in a computer network built based on IP protocol.
Under this Confidentiality Policy Certification Association “Russian Register” acts as the Operator and Controller.
Certification Association “Russian Register” has appointed a representative, the personal data processing Controller of Certification Association “Russian Register” in the European Union – RR Branch office in Lithuania, located at: 3-3 Malūnininkų str., Klaipėda, LT 92264, Lithuanian Republic.
Elena Ryazanova, head of the branch in Lithuania, is appointed as the Inspector for protection of EU subjects personal data, she can be reached via e-mail firstname.lastname@example.org.
The Representative acts on behalf of the Controller/Operator.
The Controller/Operator keeps a record of processing operations under his/her responsibility, cooperates with supervisory authorities and makes records upon their requests for the purposes of monitoring of such processing operations.
Taking into account the current condition, costs for implementation and the nature, scope of application, processing context and objectives, as well as the risk to harm rights and freedoms of a natural person, the Controller/Operator shall take appropriate technical and organizational measures to ensure the security level which is adequate to the risks, including, in particular:
- pseudonymization and encryption of personal data;
- assurance of continual confidentiality, integrity, accessibility and sustainability of processing systems and services;
- ability to timely recover accessibility and access to the personal data in case of a physical or a technical incident;
- process of regular testing, assessment and effectiveness evaluation of technical and organizational measures to ensure security of processing.
Certification Association “Russian Register” has appointed the official for the personal data protection, this official has expert knowledge in the scope of legislation and data protection practice.
Information which we gather
Association Russian Register collects personal data of those who visit this website and register in the web-service of Association Russian Register, natural persons who are employees/workers of the services Customers, during activities on collection and processing of information and objective data (evidence) relevant to operation of Customers’ management systems.
When a Client registers in the web-service “Russian Register”, we require them to provide (i) a user name, (ii) password, (iii) e-mail address, (iv) first name and last name.
We can also ask Clients to provide us with additional personal information, such as: (i) name of a company, (ii) position, (iii) education (iv) and (v) other personal data, provision of which a Client could avoid by not stating them in a request. We use the Client registration form for authentication of users and provision of access to the Services of Association Russian Register.
We also use e-mail addresses provide with the registration information for contacts with our Clients.
During activities on conformity assessment of a Client’s management system (-s) /production processes/ activities and receipt of objective evidence we can collect the following data of the Client’s employees:
- biographical information;
- working and general experience;
- occupied position;
- contents of the employment agreement (in the part not relevant to financial aspects);
- information from originals or copies of staff orders;
- information in personal files and labor record books of employees;
- in files containing materials on qualification improvement and retraining of employees, their attestation, internal investigations;
- special data, i.e., data about health related strictly to the present work activities, e.g.: records on mandatory medical examinations, investigation of incidents, occupational diseases, health certificates, personal medical record sheets etc.
At times Association Russian Register can contact to you via e-mail to inform you about changes in the services, scheduled preventive activities, about changes in the information about Association Russian Register and information materials from Association Russian Register. We will retain your information until your account is active or until it is required for provision of the services to you. We will retain and use your data to the extent required for fulfillment of our legal obligations towards you, settlement of disputes and execution of our agreements.
You agree and accept that your data collected from this website or in connection with the provided Services of Association Russian Register, can be transferred across the national borders, retained and processes by third parties, in accordance with the requirements of 152-ФЗ and EU Regulation.
Disclosure of your data
Association Russian Register will not transfer, rent out or sell your personal information, otherwise then it is disclosed within the framework of the Confidentiality Policy.
We reserve the right to disclose your personal information, as required by the legislation, and in the cases when we are confident that disclosure of the information is needed for protection of your rights and/or execution of legal proceedings, decisions of the court or other court rulings presented to us.
We involve third parties such as accreditation bodies which perform control over our activities. When you agree to our services, you confirm that you do not object against transfer of your data to such third parties upon their request. The third parties are prohibited to use your personal information for promotion purposes.
Information about use of the website
Our server automatically collects information about the use of the website every time you visit our website.
The information about use of the website includes, in particular, the following aspects: domain names, the used operation system (e.g., macOS, Windows), browser (Mozilla Firefox, Internet Explorer) and their versions, website from which you reached us, and other similar information. This information is collected to identify the number of visits, average time spent on our website, viewed pages, time and date of visits, and other similar information. We can use and disclose the information about use of the website, for example, to identify the degree of using of our website, improve its content, explain the usefulness of our website and services we provide, as well as to enhance functionality of the website.
We use this information which does not identify individual users for analysis of trends, administration of the website, identification of users travelling on the website and for collection of demographic information about our basic user population in general. We do not classify this automatically collected information as the personal data.
Similar to other commercial websites, the cookies technology may be used for provision of clearly selected information to you. Cookies files are a small portion of the data which the website can send to your browser, and which can further be stored on your hard disk so that we could identify you during your next visit. You can set your browser in such a way that it will notify you when you receive cookie files. Our cookie files collect general information which enhances our capabilities for work for you and for determination of our website significance. We do not classify the information which we store in cookie files as any personal data which you provide on the website.
The information which we collect can be used to improve your use of the website, provision of the required services to you, arrangement of our website in a more client friendly manner, communication of special proposals and important issues and/or response to your questions or proposals.
In case of consent the personal information includes the data which identify you as a particular individual, i.e. your name, e-mail address, phone number, postal address and/or name and address of your company. This information is used for completion of the account registration process, a request for receipt of the client information and/or verification of the request validity.
We will use this information exclusively for the purpose of contacting you.
Association Russian Register collects only the personal information which you agree to provide, by voluntary registration in the web-service of Association Russian Register. Association Russian Register will inform you of what information is mandatory for provision and what you are not obliged to provide.
Special note in respect of children
This website is not intended for children under the age of 13 years old. Children can use this website only under direct supervision of their parents.
Mail distribution policy
When you send us an e-mail, we use your e-mail address for comments and/or answers to your questions, and retain your message and our response for further communication. Beyond the scope of our initial response we will never use your e-mail address to send you spam messages or information and will not disclose or sell it to third parties to be used for such purposes. When you agree to receive information about our services, promotional offers, news, press releases and/or new offers, we use your e-mail address and any other information which you submit to us to provide information or services until you request to cease (using the subscription withdrawal guidelines contained in each e-mail).
When you request us to provide information or other services, we use your e-mail address and other information which you submit to us to provide you with information or services until you request to cease (using the subscription withdrawal guidelines contained in each e-mail and/or on the website, where you registered and/or in an otherwise manner defined by us) or until the information or services are no longer available.
We will never use your e-mail address to send you any spam letters or information (except for the cases when it is part of a service you request for), and will not disclose or sell it, rent it out for short or long term to any third party to be used for such purposes.
Personal client information policy
Association Russian Register acknowledges the need to respect personal lives of those who decide to entrust their personal information to us. We make all efforts to ensure their security. Association Russian Register will never use information about you acquired under the provision of Association Russian Register Services, except for the information which was voluntarily provided by you, and will not share this information or sell it to third parties for use.
We declare that storage of the personal data is one of our main duties.
We limit the access to the personal information about you by only the employees and other individuals who need this information to support us in operation of our business, or to provide you with goods or services. We protect personal information, in accordance with the adopted security standards and procedures, through provision of physical, electronic and process security assurance in respect of the personal data.
all information of our clients and their employees, not only private information mentioned above, is limited for distribution in our offices. Only the employees who need this information to perform certain activities (e.g., an expert performing an audit or a representative of the marketing and international activity department) personally receive access to the private information.
All servers of Association Russian Register are maintained and supported to prevent unauthorized access, and have protection of the data against unauthorized use.
We cannot ensure security of your data at the moment of its transfer via the Internet and servers beyond our control. We strive to protect your personal information, but Association Russian Register cannot ensure or guarantee security of any information which you transfer to our website or during the use of Association Russian Register Services. Any transfer of data which you perform via Internet is performed under your responsibility. When we receive the data, we make all efforts to ensure security and safety of these data in our system.
If you operate a blog or use a forum on the website, you should understand that any personal information which you provide there can be read, collected or used by other users of these blogs or forums, as well as can be used for sending spam to you. We do not bear responsibility for the personal information which you decide to publish in these blogs and forums.
Widgets of social networking services
Our website includes such Add-ins for Social services as buttons “Linkedin”, “Facebook”, “Vkontakte”, “Youtube”, “Instagram” or interactive mini-programs which are launched on our website. Such Add-ins can collect information about your IP address, pages which you visit on our website, and install cookie files for correct operation of Add-ins. The Add-ins for Social Services are either published by a third person, or published directly on our Website. Your interaction with such Capacities falls under the effect of a confidentiality policy of a company which provides them.
We publish client feedbacks /reviews which may contain personal information on our website. We unfailingly receive consent of clients by e-mail to publish their names along with feedbacks/reviews prior to publish a feedback/review.
Preview, change and erasure of information
You may change or delete your personal information at any time, by applying to email@example.com. Please contact us, if you need assistance in updating or revision of your data. The support service will respond within 20 days.
The deleted information can be retained in backup copies for up to 30 days, but will be unavailable for others.
We may change this Confidentiality Policy at any time. Unless otherwise is established, our current Confidentiality Policy applies to all information which we have about you and your account. If we make changes to the Confidentiality Policy, we will inform you about it by publishing an appropriate notification on our website.
If we make significant changes or intend to use the personal information of the users in a manner that differs from the one as at the date of the information collection, we will notify the users via our website prior to implementation of such changes. The users will have an opportunity to provide us with their consent to use their information is such manner or decline it. However in case if users stop using our website or remove their accounts, there will be no further contacts with such users, and their information will not be used in such new manner.
Subjects of personal data have the right to require the Operator/Controller to clarify their personal data;
Subjects of personal data have the right to require to bloc their personal data, as well as to delete them if the personal data are incomplete, obsolete, incorrect, illegitimately derived or not needed for the applicable processing objective, as well as to take legally prescribed measures on protection of their rights;
Subjects of personal data have the right to receive information related to processing of their personal data, including the information which includes:
- ascertaining of the fact that the personal data are processed by the Operator;
- legal basis and objectives of the personal data processing;
- objectives and methods of the personal data processing used by the operator;
- name and location of the Operator, information about persons (except for the employees of the operator) who have access to the personal data or to whom the personal data can be disclosed on the basis of a contract with the operator or on the basis of the legislation;
- the processed personal data relevant to an appropriate subject of the personal data, sources of their receipt, unless a different procedure for their provision is provided for by law;
- period of the personal data processing, including the period of their retention;
- procedure for exercising of the legally provided rights by a subject of personal data;
- information about the existing or possible cross-border transfer of data;
- name or last name, first name, father’s name and address of a person who performs processing of the personal data under commission of the Operator, if processing is or will be commissioned to such person;
- other data provided for by the Federal Law dated 27.07.2006 No. 152-ФЗ “On personal data” or Regulation N 2016/679 of the European Parliament and the European Union Council or another legislation.
1 The Regulation applies to Association Russian Register, as an organization which has establishments in the European Union (EU), where personal data are processed “in the context of the organization” of such establishment, i.e. irrespective of whether the actual data processing takes place in EU or not. An establishment means efficient and real conduction of activities through “stable agreements”, irrespective of their legal form – be it through a branch, representative office or an affiliate company.
© Certification Association “Russian Register”
ND № 001.00-850
Version 2: 10.03.2020