ENG 汉语 RU
Become a member
Become a member

Privacy policy

Policy on Personal Data Processing

1. General Provisions

This Personal Data Processing Policy has been developed in accordance with the requirements of Federal Law No. 152‑FZ of July 27, 2006, On Personal Data (hereinafter referred to as the Personal Data Law). It defines the procedures for personal data processing and the measures taken by AITSEAC ORG (hereinafter referred to as the Operator) to ensure personal data security.

1.1. The Operator’s primary objective and a prerequisite for its operations is to respect the rights and freedoms of individuals in the processing of their personal data, including the protection of the right to privacy, personal and family secrets.

1.2. This Operator’s Personal Data Processing Policy (hereinafter referred to as the Policy) applies to all information that the Operator may obtain about visitors to the website https://aitseac.org.

2. Key Terms Used in the Policy

2.1. Automated personal data processing — processing personal data using computing equipment.

2.2. Blocking of personal data — temporary suspension of personal data processing (except when processing is required to clarify personal data).

2.3. Website — a collection of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet at the network address https://aitseac.org.

2.4. Personal data information system — a set of personal data contained in databases, along with the information technologies and technical means that enable their processing.

2.5. Anonymization of personal data — actions that make it impossible to identify the specific user or other data subject to whom the personal data belongs, without using additional information.

2.6. Personal data processing — any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, updating (refreshing, modifying), retrieval, use, transmission (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.

2.7. Operator — a state body, municipal body, legal entity, or individual who, alone or jointly with others, organizes and/or carries out personal data processing, and determines the purposes of processing, the scope of personal data to be processed, and the actions (operations) to be performed on personal data.

2.8. Personal data — any information relating directly or indirectly to a specific or identifiable user of the website https://aitseac.org.

2.9. Personal data authorized for distribution by the data subject — personal data whose access by an unlimited number of persons has been granted by the data subject through consent to process personal data authorized for distribution, in accordance with the procedure set forth in the Personal Data Law (hereinafter referred to as personal data authorized for distribution).

2.10. User — any visitor to the website https://aitseac.org.

2.11. Disclosure of personal data — actions aimed at revealing personal data to a specific person or a defined group of persons.

2.12. Distribution of personal data — any actions aimed at disclosing personal data to an undefined group of persons (transmission of personal data) or at making personal data available to an unlimited number of persons, including publication in mass media, posting on information and telecommunication networks, or providing access to personal data in any other way.

2.13. Cross‑border transfer of personal data — transfer of personal data to the territory of a foreign state, to a foreign state authority, a foreign individual, or a foreign legal entity.

2.14. Destruction of personal data — any actions resulting in the permanent destruction of personal data with no possibility of recovering their content in the personal data information system, and/or the destruction of physical media containing personal data.

3. Key Rights and Obligations of the Operator

3.1. The Operator has the right to:

  • obtain reliable information and/or documents containing personal data from the data subject;
  • continue processing personal data without the data subject’s consent after the withdrawal of such consent or upon receipt of a request to cease processing, if grounds provided by the Personal Data Law exist;
  • independently determine the set and scope of measures necessary and sufficient to fulfill obligations under the Personal Data Law and related regulatory acts, unless otherwise stipulated by the Personal Data Law or other federal laws.

3.2. The Operator is obliged to:

  • provide the data subject, upon request, with information concerning the processing of their personal data;
  • respond to requests and inquiries from data subjects and their legal representatives in accordance with the Personal Data Law;
  • provide the authorized body for the protection of data subjects’ rights with the necessary information within 10 days of receiving a request from that body;
  • publish or otherwise ensure unrestricted access to this Personal Data Processing Policy;
  • take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, and other unlawful actions;
  • cease the transmission (distribution, provision, access), processing, and destroy personal data in accordance with the procedures and cases stipulated by the Personal Data Law;
  • fulfill other obligations stipulated by the Personal Data Law.

4. Key Rights and Obligations of Personal Data Subjects

4.1. Personal data subjects have the right to:

  • receive information concerning the processing of their personal data, except in cases stipulated by federal laws. The information must be provided in an accessible form and must not include personal data relating to other data subjects, except when there are legal grounds for disclosing such data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
  • request the Operator to update, block, or destroy their personal data if the data are incomplete, outdated, inaccurate, illegally obtained, or unnecessary for the declared processing purpose, and to take measures to protect their rights as stipulated by law;
  • set a condition of prior consent for processing personal data for marketing purposes;
  • withdraw consent to personal data processing and submit a request to cease processing personal data;
  • appeal unlawful actions or omissions of the Operator in processing their personal data to the authorized body for the protection of data subjects’ rights or to court;

4.2. Personal data subjects are obliged to:

  • provide the Operator with reliable information about themselves;
  • inform the Operator about updates (modifications, changes) to their personal data.

5. Principles of Personal Data Processing

5.1. Personal data processing is carried out on a lawful and fair basis.

5.2. Personal data processing is limited to achieving specific, predetermined, and lawful purposes. Processing personal data that is incompatible with the purposes for which the data were collected is not permitted.

5.3. Merging databases containing personal data processed for incompatible purposes is not permitted.

5.4. Only personal data that meet the processing purposes are subject to processing.

5.5. The content and scope of processed personal data must correspond to the declared processing purposes. Excessive personal data processing relative to the declared purposes is not allowed.

5.6. Personal data accuracy, sufficiency, and, where necessary, relevance to the processing purposes must be ensured. The Operator takes necessary measures, or ensures their implementation, to remove or update incomplete or inaccurate data.

5.7. Personal data must be stored in a form that allows identifying the data subject for no longer than necessary to achieve the processing purposes, unless the storage period is stipulated by federal law or by a contract to which the data subject is a party, beneficiary, or guarantor. Processed personal data are destroyed or anonymized upon achieving the processing purposes or when the need for such purposes no longer exists, unless otherwise stipulated by federal law.

6. Purposes of Personal Data Processing

  • Purpose of processing: informing the User via email.
  • Personal data: surname, first name, patronymic; email address; phone numbers.
  • Legal basis: Federal Law On Information, Information Technologies, and Information Protection No. 149‑FZ of July 27, 2006.
  • Types of personal data processing: transmission of personal data.

7. Conditions for Personal Data Processing

7.1. Personal data processing is carried out with the data subject’s consent to process their personal data.

7.2. Personal data processing is necessary to fulfill a contract to which the data subject is a party, beneficiary, or guarantor, as well as to conclude a contract at the data subject’s initiative or a contract under which the data subject will be a beneficiary or guarantor.

7.3. Personal data processing is necessary to exercise the rights and legitimate interests of the Operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the data subject are not violated.

7.4. Processing of personal data is carried out when access to such data by an unlimited number of persons has been granted by the data subject or at their request (hereinafter referred to as publicly available personal data).

7.5. Processing of personal data that must be published or disclosed in accordance with federal law is carried out.

8. Procedures for Collection, Storage, Transmission, and Other Types of Personal Data Processing

The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary to fully comply with the requirements of current legislation on personal data protection.

8.1. The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized persons from accessing personal data.

8.2. The User’s personal data will never be transferred to third parties under any circumstances, except in cases related to compliance with applicable law or when the data subject has given the Operator consent to transfer data to a third party to fulfill obligations under a civil law contract.

8.3. If inaccuracies in personal data are identified, the User may update them independently by sending a notification to the Operator’s email address: office@aitseac.org, marked «Updating Personal Data».

8.4. The period for processing personal data is determined by the achievement of the purposes for which the personal data were collected, unless another period is stipulated by a contract or current legislation.

The User may withdraw their consent to personal data processing at any time by sending a notification to the Operator via email to office@aitseac.org, marked «Withdrawal of Consent to Personal Data Processing».

8.5. All information collected by third‑party services, including payment systems, communication tools, and other service providers, is stored and processed by those entities (Operators) in accordance with their User Agreement and Privacy Policy. The data subject should review these documents. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this clause.

8.6. The Operator ensures the confidentiality of personal data during processing.

8.7. The Operator stores personal data in a form that allows identifying the data subject for no longer than necessary to achieve the processing purposes, unless the storage period is stipulated by federal law or by a contract to which the data subject is a party, beneficiary, or guarantor.

8.8. Personal data processing may be terminated upon:

  • achieving the purposes of personal data processing;
  • expiration of the data subject’s consent;
  • withdrawal of consent by the data subject;
  • a request to cease personal data processing;
  • detection of unlawful personal data processing.

9. List of Actions Performed by the Operator with Collected Personal Data

9.1. The Operator carries out the collection, recording, systematization, accumulation, storage, updating (refreshing, modifying), retrieval, use, transmission (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.

9.2. The Operator performs automated personal data processing with or without the receipt and/or transmission of information via information and telecommunication networks.

10. Cross‑Border Transfer of Personal Data

10.1. Before commencing cross‑border transfer of personal data, the Operator must notify the authorized body for the protection of data subjects’ rights of their intention to carry out such transfer (this notification is sent separately from the notification of intent to process personal data).

10.2. Before submitting the above notification, the Operator must obtain relevant information from foreign state authorities, foreign individuals, or foreign legal entities to which cross‑border transfer of personal data is planned.

11. Confidentiality of Personal Data

The Operator and other persons who have accessed personal data are obliged not to disclose or distribute personal data to third parties without the data subject’s consent, unless otherwise provided by federal law.

12. Final Provisions

12.1. The User may obtain any clarifications on questions concerning the processing of their personal data by contacting the Operator via email: office@aitseac.org.

12.2. Any changes to the Operator’s Personal Data Processing Policy will be reflected in this document. The Policy remains in effect indefinitely until replaced by a new version.

12.3. The current version of the Policy is freely available online at: https://aitseac.org/privacy.