Innovations in medicine and pharmacy

Privacy policy

This Personal Data Privacy Policy (hereinafter referred to as the "Privacy Policy") applies to all personal data that the Personal Data Processor (hereinafter referred to as the "PDP") may obtain about the Personal Data Subject while using the Website with the domain name https://inovmedfarm.ru. The PDP requests that you carefully read the Privacy Policy and, if you disagree with any of its provisions, stop using the Website and immediately leave it.

 

1. MAIN TERMS

 

1. Key terms used in the Privacy Policy:

 

1.1. Automated processing of personal data - the processing of personal data using computer technology.

 

1.2. Blocking of personal data - the temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).

 

1.3. Personal data information system - the set of personal data contained in databases and the information technologies and technical means that support their processing.

 

1.4. Personal data confidentiality is a mandatory requirement for the Data Protection Authority (DPA) or any other person who has access to Personal Data to prevent its dissemination without the consent of the Personal Data subject or other legal grounds.

 

1.5. Depersonalization of Personal Data refers to actions that make it impossible to determine the attribution of Personal Data to a specific Data subject without the use of additional information.

 

1.6. Personal Data Processing refers to any action (operation) or set of actions (operations) performed by the DPA with or without the use of automated tools with Personal Data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of Personal Data.

 

1.7. Personal Data Processing Operator (PDPO) — an organization that, independently or jointly with other entities, organizes and/or processes Personal Data, and determines the purposes of processing Personal Data, the composition of Personal Data to be processed, and the actions (operations) performed with Personal Data.

 

1.8. Personal Data — any information relating to a directly or indirectly identified or identifiable individual (Personal Data Subject).

 

1.9. Personal Data Permitted for Dissemination by the Personal Data Subject — personal data to which the User (Personal Data Subject) has granted consent to the processing of personal data, permitted for dissemination by the Personal Data Subject in accordance with the procedure established by current Russian legislation.

 

1.10. Privacy Policy — this document, with all amendments and additions, is located online at https://inovmedfarm.ru/index.php/inov/privacypolicy.

 

1.11. The User is the subject of Personal Data, a legally competent individual using the Website for their own benefit. Throughout this Privacy Policy, the User is also referred to as the subject of Personal Data.

 

1.12. Provision of Personal Data refers to actions aimed at disclosing personal data to a specific person or group of persons.

 

1.13. Website refers to a collection of graphic and informational materials, as well as computer programs and databases, making them available online at the address https://inovmedfarm.ru

 

1.14. Dissemination of Personal Data refers to actions aimed at disclosing personal data to an unspecified group of persons.

 

1.15. Destruction of personal data - actions that make it impossible to restore the contents of personal data in a personal data information system and/or that result in the destruction of tangible media containing personal data.

 

1.16. Cookies - a small piece of data sent by a web server and stored on the User's device used to access the Website, which the web client or web browser sends to the web server in an HTTPS request each time an attempt is made to open a page of the corresponding website.

 

1.17. Personal Data Subject - a legally competent individual using the Website for their own benefit.

 

1.18. IP Address - a unique network address of a node in a computer network built using the IP protocol.

 

2. GENERAL PROVISIONS

 

2.1. The Privacy Policy defines the purposes, content, and procedure for processing Personal Data, as well as measures aimed at protecting Personal Data, as well as procedures aimed at identifying and preventing violations of Russian Federation legislation in the area of ​​personal data. This Privacy Policy sets forth the obligations of the Operator for the processing and protection of personal data, including ensuring the confidentiality of personal data provided to the Operator.

 

2.2. This Privacy Policy defines the Operator's policy regarding the processing and protection of personal data, as the operator responsible for processing personal data. The Operator processes personal data in compliance with the principles and conditions set forth in this Privacy Policy and Russian Federation legislation in the area of ​​personal data. The Operator's primary goal and condition for carrying out its activities is to respect the rights and freedoms of individuals and citizens when processing their personal data, including the protection of privacy, personal and family secrets.

 

2.3. This Privacy Policy applies only to information obtained through the use of the Website and in fulfilling the Operator's contractual obligations.

 

2.4. The User decides to provide their Personal Data and consents to its processing voluntarily, voluntarily, and in their own interests. Consent to the processing of Personal Data must be specific, objective, informed, conscious, and unambiguous. The OOPD does not verify the veracity of the Personal Data provided by the User.

 

2.5. Using the Website constitutes agreement with this Privacy Policy and the terms of processing Personal Data.

 

2.6. By accepting this Privacy Policy, the User thereby consents to the OOPD processing their Personal Data as specified in Section 3 of this Privacy Policy, including the collection, recording, accumulation, storage, clarification (updating, modification), retrieval, use, transfer to third parties (distribution, provision, access), depersonalization, blocking, deletion, and destruction of Personal Data for the purposes specified in Section 3.

 

2.7. By refusing to consent to the processing of their Personal Data by the OOPD for the purposes specified in Section 3, the personal data subject understands that they will not be able to take full advantage of the Website and its services, and that use of the Website will be limited.

 

2.8. A personal data subject who provides Personal Data that is incomplete or inaccurate compared to the requirements of the relevant section of the Website will not be able to take full advantage of the Website and its services, including certain services provided through the Website, and that use of the Website will be limited.

 

2.9. Rights of the OOPD:

 

- Collect Personal Data through forms on the Website

 

- Provide access to the Website

 

- Collect, record, accumulate, store, clarify (update, modify), retrieve, use, transfer (disseminate, provide, access), depersonalize, block, delete, and destroy Personal Data

 

- Transfer Personal Data to third parties based on agreements concluded to achieve the purposes specified in Section 3 of the Privacy Policy and personal data processing instructions.

 

- If the User revokes consent to the processing of Personal Data, the OOPD reserves the right to continue processing the Personal Data without the User's consent, subject to the grounds specified in current legislation.

 

- Refuse the User's repeated request for information regarding their Personal Data, which is processed by the OOPD in accordance with the terms of federal law, upon provision of a reasoned response.

 

- Disseminate Personal Data subject to separate consent to the dissemination of personal data.

 

2.10. Obligations of the OODP:

 

- Use the received Personal Data solely for the purposes specified in Section 3 of this Privacy Policy.

 

- Provide the User with information regarding their Personal Data upon receipt of a corresponding request or inquiry.

 

- In the event of loss or disclosure of confidential information, the OODP will not be liable if such confidential information:

 

- became publicly known prior to its loss or disclosure;

 

- was received from a third party prior to its receipt by the OODP;

 

- was disclosed with the consent of the User.

 

- Notify the Personal Data Subject or their representative of the processing of their Personal Data by the OODP upon their request.

 

- Not disclose or distribute Personal Data to third parties without the consent of the User, unless otherwise provided by law.

 

- Upon receipt of a request or inquiry from the User, provide them with the information and details specified in the request/inquiry in an accessible form without specifying the Personal Data related to other personal data subjects, except in cases where there are legal grounds for disclosing such Personal Data.

 

- Explain to the User the procedure for making a decision based solely on the Automated Processing of their personal data and the possible legal consequences of such a decision, provide the User with the opportunity to object to such a decision, and explain the procedure for protecting the User's rights and legitimate interests. The Automated Processing Authority is obligated to consider the objection specified in this clause within thirty days of its receipt and notify the personal data subject of the results of the objection review.

 

- Explain to the User the legal consequences of refusing to provide their Personal Data and/or consent to its processing, if, in accordance with federal law, the provision of Personal Data and/or the Automated Processing Authority's consent to the processing of Personal Data are mandatory.

 

- When collecting Personal Data, including via the Internet, the OOPD is obligated to ensure the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of Personal Data of citizens of the Russian Federation using databases located within the Russian Federation, except in cases specified in current Russian legislation.

 

- The OOPD is obligated to ensure reliable protection of Personal Data and the protection of its confidentiality.

 

2.11. User Rights:

 

- The right to request that the OOPD clarify, block, or destroy their Personal Data if the Personal Data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated purpose of processing, by sending an email to snimschikova@oreluniver.ru to the website editorial staff.

 

- The right to request information about the measures taken by the OOPD to protect their Personal Data.

 

- The right to submit a request to the OOPD regarding their Personal Data processed by the OOPD by sending a request to the OOPD by email to snimschikova@oreluniver.ru to the website editorial staff.

 

- The right to submit a follow-up request to the OOPD regarding their Personal Data processed by the OOPD no earlier than 30 (thirty) days after the initial request or submission of the initial request, unless a shorter period is established by federal law.

 

- The right to reapply to the OOPD or submit a follow-up request to obtain information regarding their Personal Data processed by the OOPD, as well as to review the Personal Data being processed, before the expiration of the 30 (thirty) day period if such information and/or the Personal Data being processed were not provided to the OOPD for review in full following the review of the initial request. The follow-up request must include a justification for the follow-up request.

 

- Has the right to revoke their consent to the processing of Personal Data and consent to the Dissemination of Personal Data.

 

- Has the right to protect their rights and legitimate interests, including compensation for damages and/or moral harm, in court.

 

- Has the right to appeal the actions or inactions of the ODPD to the authorized body for the protection of the rights of personal data subjects or in court.

 

2.12. User Responsibilities:

 

- Comply with the requirements specified in Section 1.11 of this Privacy Policy;

 

- Provide accurate Personal Data.

 

2.13. Databases containing Personal Data of citizens of the Russian Federation are located on the territory of the Russian Federation.

 

2.14. The ODPD processes Personal Data lawfully and fairly to fulfill the functions, powers, and obligations imposed by law, and to exercise the rights and legitimate interests of the ODPD and other persons. The transfer (dissemination, provision) and use of Personal Data shall be carried out only in cases and according to the procedure stipulated by federal laws, with the consent of the Personal Data Subject, if required by applicable law.

 

2.15. The OOPD receives Personal Data directly from the Personal Data Subject, except in cases where Personal Data is transferred within the framework of contractual relationships.

 

2.16. The OOPD processes the User's Personal Data with their consent, provided either in writing (where required by applicable Russian legislation) or through the performance of implied actions.

 

2.17. The principles of processing Personal Data established by this Privacy Policy:

 

2.17.1. The processing of Personal Data must be carried out lawfully and fairly.

 

2.17.2. The processing of Personal Data must be limited to achieving specific, predetermined, and legally binding objectives purposes. Processing of Personal Data incompatible with the purposes for which it was collected is prohibited. Processing of Personal Data that is excessive in relation to the stated purposes of processing is prohibited.

 

2.17.3. Combining databases containing Personal Data processed for incompatible purposes is prohibited.

 

2.17.4. Only Personal Data that is relevant for the purposes of its processing may be processed.

 

2.17.5. The content and volume of Personal Data processed must correspond to the stated purposes of processing. The Personal Data processed must not be excessive in relation to the stated purposes of processing.

 

2.17.6. When processing Personal Data, the accuracy, sufficiency, and, where necessary, relevance of the Personal Data in relation to the purposes of processing the Personal Data must be ensured. The DPO must take necessary measures or ensure their implementation to delete or rectify incomplete or inaccurate data.

 

2.17.7. Personal data must be stored in a form that allows identification of the personal data subject for no longer than required for the purposes of processing the personal data, unless the storage period for personal data is established by federal law or an agreement to which the personal data subject is a party, beneficiary, or guarantor. Processed personal data must be destroyed or anonymized upon achieving the processing purposes or when these purposes are no longer necessary, unless otherwise provided by federal law.

 

2.17.8. The OOPD is obliged to ensure that the foreign state to which the cross-border transfer of personal data is carried out ensures adequate protection of the rights of personal data subjects before commencing the cross-border transfer of personal data.

 

2.17.9. The OOPD carries out the cross-border transfer of personal data of authors of articles and media materials to international scientific publication databases (such as Scopus and Web of Science, PubMed, DOAJ, Dimensions, etc.). In accordance with Part 2 of the List of Cases in Which the Requirements of Parts 3-6, 8-11 of Article 12 of the Federal Law "On Personal Data," approved by Russian Government Resolution No. 2526 of December 29, 2022, Do Not Apply to Operators Carrying Out Cross-Border Transfers of Personal Data for the Purpose of Fulfilling the Functions, Powers, and Obligations Imposed on State and Municipal Authorities by International Treaties of the Russian Federation and the Legislation of the Russian Federation. Cases in which the Requirements of Parts 8-11 of Article 12 of the Federal Law "On Personal Data" Do Not Apply to Operators Carrying Out Cross-Border Transfers of Personal Data for the Purpose of Fulfilling the Functions, Powers, and Obligations Imposed on State and Municipal Authorities by International Treaties of the Russian Federation and the Legislation of the Russian Federation, Do Not Apply to Operators Carrying Out Cross-Border Transfers of Personal Data include the implementation of events in the fields of culture, science, and education;

 

2.17.10. OOPD does not control and is not responsible for the processing of information by third-party websites accessible via links available on the Site.

 

3. PURPOSES OF COLLECTING AND PROCESSING PERSONAL DATA. VOLUME AND CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF PERSONAL DATA SUBJECTS

 

3.1. OOPD collects and processes Personal Data for the following purposes:

 

3.1.1. Providing the User with the opportunity to create a personal account on the Website. To do so, the User completes the registration form on the Website and provides the following Personal Data:

 

- Email address;

 

- Last name, first name, and patronymic (if any).

 

3.1.2. Sending newsletters to those Users who have completed the subscription form on the Website and consented to receive information about the Website, OOPD, and its partners, including advertising. The User provides their email address in the subscription form on the Website.

 

The newsletter is sent using the Website's software.

 

To receive the newsletter, the User provides the following personal data:

 

- Email address;

 

- Name.

 

3.1.3. Providing the User with feedback, including: sending notifications, requests, and information regarding the use of the Site, the execution of agreements and contracts, as well as processing requests and applications from the User, responding to the User's comments on the Site, responding to messages, calls, and letters from the User, and considering the User's complaints - the OOPD collects the following Personal Data:

 

- Email address - when receiving a letter from the User to the OOPD address;

 

- Telephone number - when the OOPD receives a message or call from the User;

 

- Last name, first name, patronymic (if any);

 

- Passport details (in cases stipulated by law);

 

- Address for sending a reply to a letter or request;

 

- Other Personal Data that the User provides or communicates to the OOPD during communication at their own discretion.

 

3.1.4. To provide the User with the opportunity to publish works (articles, materials, content) on the Website, the OOPD collects the following personal data:

 

last name, first name, patronymic (if any),

 

email address,

 

phone number,

 

gender,

 

place of work,

 

3.1.5. For marketing research and targeting purposes using the Website's software, the OOPD collects statistical anonymized data that does not identify the User as the subject of personal data.

 

3.2. The OOPD processes the personal data of the following categories of personal data subjects: Website Users, Authors, and reviewers of scientific articles.

 

4. PROCEDURE AND CONDITIONS FOR PROCESSING PERSONAL DATA

 

4.1. The OOPD collects and processes the following types of information:

 

- information that the User knowingly provides to the OOPD while using the Website

 

- technical information automatically collected by the Website software during the User's visit.

 

4.2. Technical information automatically collected by the Website software during a visit includes:

 

IP ​​address;

cookie information;

browser information;

device type (mobile or PC);

access time;

other technical and statistical information collected by the Website software.

 

Technical information also includes analytical data without identifying the subject of the Personal Data, obtained as a result of the Website's use of web analytics services. This information is used exclusively for internal and external marketing purposes – to analyze website usage trends and improve the Website's service.

 

4.3. The Website implements a user identification technology based on the use of cookies. Cookies may be stored on the device used by the User to access the Website. These cookies will be used to collect statistical data, in particular on Website traffic and to automatically populate fields in Website forms. The OOPD may use and disclose information about Website usage, for example, to determine Website usage, improve its content, explain its usefulness, and expand its functionality. By accepting this Privacy Policy, the User consents to the OOPD transmitting the technical data specified in Section 4.2 collected from the Website over the Internet. Anonymized User data collected through internet statistics services is used to collect information about User actions on the Website and improve the quality of the Website and its content.

 

4.4. The OOPD does not store Personal Data in cookies. The OOPD uses information stored in cookies, which does not identify individual Users, to analyze trends, administer the Site, track User movements, and collect demographic information about the general user base.

 

4.5. If the User does not want the OOPD to collect technical information about them using cookies, they must stop using the Site or disable the storage of cookies on their device used to access the Site by configuring their browser accordingly. Please note that the Site services that use this technology may become unavailable.

 

4.6. The User confirms their consent to the collection and processing of Personal Data by filling out the newsletter subscription form on the Site, by filling out the registration form on the Site, or by filling out the comment form under an article on the Site by checking the checkbox located after the relevant form and clicking the button under that form on the Site. The User confirms their consent to the Dissemination of Personal Data by providing the OOPD with a written consent to the dissemination of personal data.

 

4.7. Consent to the processing of Personal Data provided when submitting a claim or application to the OOPD is expressed by completing the form provided by the OOPD. The User is obligated to submit the completed and signed consent form along with the text of the claim or application.

 

4.8. The OOPD performs the following actions (operations) or a set of actions (operations) with Personal Data, with or without the use of automated means: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, and destruction of Personal Data.

 

4.9. The OOPD processes Personal Data in the following ways:

 

using automated means of processing Personal Data

 

without the use of automated means of processing Personal Data.

 

4.10. The transfer of the User's Personal Data to third parties (if necessary) is carried out with the User's consent for the purposes specified in Section 3.

 

4.10. OOPD guarantees that it never provides Personal Data to third parties, except in cases where:

 

this is expressly required by law (e.g., upon written request from a court or law enforcement agency);

The User has consented to the transfer of Personal Data;

the transfer is necessary for the conclusion of contracts and/or within the framework of contracts between OOPD and the User;

the transfer occurs as part of the sale or other transfer of the Website or business;

the transfer occurs as part of the transfer of the Personal Data database from one service to another in accordance with OOPD's contractual relations;

this is necessary to provide support for User services or to assist in the protection and security of OOPD systems.

 

4.11. The User's Personal Data may be transferred to authorized government agencies of the Russian Federation, inquiry and investigative agencies, and other authorized bodies only on the basis of and in the manner established by the current legislation of the Russian Federation.

 

5. LEGAL BASIS FOR PERSONAL DATA PROCESSING

 

5.1. The OOPD processes Personal Data based on the following legal basis:

 

Constitution of the Russian Federation;

Civil Code of the Russian Federation;

Federal Law of 07.02.1992 No. 2300-1 "On the Protection of Consumer Rights";

Federal Law of 02.05.2006 No. 59-FZ "On the Procedure for Considering Appeals from Citizens of the Russian Federation";

Federal Law of 27.07.2006 No. 149-FZ "On Information, Information Technology, and Information Protection";

Federal Law of 06.04.2011 No. 63-FZ "On Electronic Signature";

Federal Law of 27.07.2006 No. 152-FZ "On Personal Data";

Russian Federation Government Resolution No. 1119 of November 1, 2012, "On Approval of Requirements for the Protection of Personal Data When Processed in Personal Data Information Systems";

Russian Federation Government Resolution No. 687 of September 15, 2008, "On Approval of the Regulation on the Specifics of Personal Data Processing Carried Out Without the Use of Automation Tools";

Agreements concluded between the OPPD and third parties for the purposes specified in Section 3;

Internal local documents of the OPPD;

Consent to the processing of Personal Data (in cases not expressly provided for by Russian legislation but consistent with the OPPD's authority), consent to the Dissemination of Personal Data.

 

6. MEASURES TO ENSURING THE SECURITY OF PERSONAL DATA DURING PROCESSING

 

6.1. The OOPD protects the User's Personal Data using generally accepted security methods to ensure protection of information from loss, unauthorized or accidental access, distortion, unauthorized distribution, destruction, modification, blocking, copying, and any other illegal actions by third parties. Security is ensured through network security software, access verification procedures, the use of cryptographic information protection tools, and compliance with the Privacy Policy and other internal documents regulating the processing of the OOPD's Personal Data.

 

6.2. In the event of loss or disclosure of Personal Data, the OOPD is obligated to notify the User thereof.

 

6.3. The OOPD, in conjunction with the User, takes all necessary legal, organizational, and technical measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's Personal Data.

 

6.4. Personal data is kept confidential by the OOPD, except in cases where the User voluntarily makes information publicly available in messages or comments on the Website.

 

6.5. The security of Personal Data processed in the OOPD's Personal Data information systems is ensured by preventing unauthorized, including accidental, access to Personal Data, and by implementing the following security measures:

 

6.5.1. Identifying threats to the security of Personal Data when processed in the OOPD's Personal Data information systems;

 

6.5.2. Implementing organizational and technical measures to ensure the security of Personal Data when processed in the OOPD's Personal Data information systems, necessary to meet the Personal Data protection requirements, the implementation of which ensures the levels of Personal Data security established by the Government of the Russian Federation;

 

6.5.3. Implementing duly completed information security compliance assessment procedures;

 

6.5.4. Assessing the effectiveness of measures taken to ensure the security of Personal Data prior to the commissioning of the Personal Data information system;

 

6.5.5. Accounting for personal data on machine-readable media;

 

6.5.6. Detecting instances of unauthorized access to personal data and taking appropriate measures;

 

6.5.7. Restoring personal data that has been modified, deleted, or destroyed due to unauthorized access.

6.5.8. Establishing rules for access to Personal Data processed in the OODP's Personal Data Information Systems, as well as ensuring the registration and accounting of all actions performed with Personal Data in the OODP's Personal Data Information Systems;

 

6.5.9. Monitoring the measures taken to ensure the security of Personal Data and the levels of protection of Personal Data Information Systems.

 

6.6. Measures aimed at ensuring the OODP's fulfillment of its obligations stipulated by current legislation in the field of Personal Data. The OODP is obligated to take measures necessary and sufficient to ensure the fulfillment of its obligations stipulated by current Russian legislation. The OODP independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of these obligations. Such measures include, in particular:

 

1) Appointment by the OODP's head of a person responsible for organizing the processing of Personal Data.

 

2) issuing documents by the OOPD defining the OOPD's policy on the processing of Personal Data, including a Privacy Policy and internal regulations on the processing of Personal Data, defining the categories and list of Personal Data to be processed for each purpose of processing Personal Data, the categories of subjects whose Personal Data is processed, the methods and timeframes for processing and storing it, the procedure for destroying Personal Data upon achieving the processing objectives or upon the occurrence of other legal grounds, as well as internal regulations establishing procedures aimed at preventing and detecting violations of Russian Federation legislation and eliminating the consequences of such violations.

 

3) implementing legal, organizational, and technical measures to ensure the security of Personal Data.

 

4) implementing internal control and/or auditing of compliance of Personal Data processing with legislation and regulatory legal acts adopted in accordance with it, requirements for the protection of Personal Data, the OOPD's policy on the processing of personal data, the Privacy Policy, and internal regulations of the OOPD;

 

5) an assessment of the harm that may be caused to personal data subjects in the event of a violation of the law, and the balance between such harm and the measures taken by the OOPD to ensure compliance with their legal obligations;

 

6) familiarization of OOPD employees directly involved in the processing of personal data with the provisions of Russian Federation legislation on personal data, including requirements for the protection of personal data, documents defining the OOPD's policy on the processing of personal data, the Privacy Policy, and internal regulations on the processing of personal data, and/or training of such employees.

 

7) publication of the Privacy Policy on the Website to ensure unrestricted access to it.

 

7. PERSONAL DATA PROCESSING TIMES

 

7.1. The processing of personal data provided by the User on the Website is carried out from the moment the completed form is submitted on the Website until the termination of the Website, until the revocation of consent sent to the OOPD, and until the deletion of the personal account on the Website.

 

7.2. Unless otherwise provided in other clauses of this Privacy Policy or by applicable Russian law, the termination of the processing of Personal Data is determined by the achievement of the purposes of processing the Personal Data, the expiration or revocation of consent to the processing of Personal Data, the detection of unlawful processing of Personal Data, or the receipt by the OOPD of a request to delete the Personal Data.

 

7.3. The transfer (dissemination, provision, access) of Personal Data permitted for distribution must be terminated at any time upon the User's request.

 

7.4. The User has the right to request the OOPD to terminate the transfer (dissemination, provision, access) of their Personal Data previously permitted for distribution in the event of non-compliance with the provisions of applicable law, or to file such a request in court. The OOPD is obligated to cease transferring (distributing, providing, or accessing) Personal Data within 3 (three) business days of receiving the request or within the period specified in a final and binding court decision, or, if such period is not specified in the court decision, then within 3 (three) business days of the court decision's entry into force.

 

7.5. The user independently determines the subscription period for the newsletter and unsubscribes from the newsletter by clicking the unsubscribe link provided in each received email or by sending a free-form request to the OOPD editorial office at snimschikova@oreluniver.ru with the subject line "Unsubscribe."

 

8. UPDATING, CORRECTION, DELETION, AND DESTRUCTION OF PERSONAL DATA; RESPONSES TO USER REQUESTS FOR ACCESS TO PERSONAL DATA

 

8.1. If the inaccuracy of Personal Data or the illegality of its processing is confirmed, the Personal Data must be updated by the OOPD, and processing must be terminated accordingly.

 

8.2. The User's personal data provided by them on the Website, stored by the OOPD, and processed by them, may be deleted/anonymized by contacting the OOPD. To do this, please send an email to the OOPD at snimschikova@oreluniver.ru to the editorial office of the journal. In this case, the User will not be able to use certain functionality of the Website. The request will be processed within 10 (ten) business days.

 

8.3. Upon achieving the Personal Data processing objectives, the OOPD shall cease processing the Personal Data (or ensure its termination if the Personal Data is processed by another person acting on behalf of the OOPD) and destroy the Personal Data (or ensure its destruction if the Personal Data is processed by another person acting on behalf of the OOPD) within a period not exceeding thirty (30) days from the date the processing objectives are achieved, unless:

 

otherwise provided by an agreement to which the User is a party, beneficiary, or guarantor;

 

The OOPD shall not process Personal Data without the User's consent on the grounds stipulated by the Federal Law "On Personal Data" or other federal laws;

 

unless otherwise provided by another agreement between the OOPD and the User.

 

If it is not possible to destroy Personal Data within the period specified in this clause, the OOPD will block such Personal Data or ensure its blocking (if the Personal Data is processed by another person acting on behalf of the OOPD) and ensure the destruction of the Personal Data within no more than six (6) months, unless another period is established by federal laws.

 

8.4. Upon receipt of a revocation of consent to the processing of Personal Data by the OOPD, the OOPD will cease processing the Personal Data (or ensure its cessation, if the Personal Data is processed by another person acting on behalf of the OOPD) and, if retention of the Personal Data is no longer required for the purposes of processing the Personal Data, will destroy the Personal Data (or ensure its destruction, if the Personal Data is processed by another person acting on behalf of the OOPD) within no more than thirty (30) days from the date of receipt of the said revocation, unless:

 

otherwise provided by the agreement to which the User is a party, beneficiary, or guarantor;

 

The OOPD shall not process Personal Data without the User's consent on the grounds stipulated by the Federal Law "On Personal Data" or other federal laws;

 

unless otherwise provided in another agreement between the OOPD and the User.

 

If it is impossible to destroy Personal Data within the period specified in this clause, the OOPD shall block such Personal Data or ensure its blocking (if the Personal Data is processed by another person acting on the OOPD's behalf) and ensure the destruction of the Personal Data within no more than six (6) months, unless another period is established by federal laws.

 

8.5. If the OOPD receives a request to cease processing Personal Data, the OOPD shall, within no more than ten (10) business days from the date of receipt of the request, cease processing such Personal Data or ensure the cessation of such processing (if such processing is carried out by the person processing the personal data), except in cases stipulated by current Russian legislation. This period may be extended, but by no more than 5 (five) business days, if the OOPD sends the Personal Data subject a reasoned notice stating the reasons for the extension. If it is not possible to destroy the Personal Data within the period specified in this clause, the OOPD will block such Personal Data or ensure its blocking (if the Personal Data is processed by another person acting on the OOPD's behalf) and ensure the destruction of the Personal Data within no more than 6 (six) months, unless another period is established by federal laws.

 

8.6. The OOPD will block Personal Data if it detects unlawful processing of Personal Data or inaccurate Personal Data from the moment of the User's request or appeal (Appendix No. 1 to this Privacy Policy) or their legal representative or authorized body for the protection of the rights of Personal Data subjects during the verification period. If it is not possible to destroy Personal Data within the period specified in this paragraph, the OOPD shall block such Personal Data or ensure their blocking (if the processing of Personal Data is carried out by another person acting on behalf of the OOPD) and ensures the destruction of Personal Data within a period of no more than six (6) months, unless another period is established by federal laws.

 

8.7. The OOPD updates, corrects, and clarifies Personal Data within seven (7) business days from the date of the request or appeal from the personal data subject (Appendix No. 2 to this Privacy Policy) or their legal representative or authorized body for the protection of the rights of personal data subjects, if incomplete, inaccurate, or outdated Personal Data is discovered.

 

8.8. The OOPD will delete and destroy the User's Personal Data within 7 (seven) business days of the request or appeal from the Personal Data Subject (Appendix No. 3 to this Privacy Policy) or their legal representative or authorized body for the protection of the rights of Personal Data Subjects, if it receives information confirming that the Personal Data was obtained illegally or is not necessary for the stated processing purpose. The OOPD will notify the Personal Data Subject or their representative of the changes made and the measures taken and will take reasonable steps to notify third parties to whom the Personal Data of this subject was transferred.

 

8.9. If unlawful processing of Personal Data by the OOPD or a person acting on behalf of the OOPD is discovered, the OOPD is obligated to cease the unlawful processing of the Personal Data or ensure that the person acting on behalf of the OOPD ceases the unlawful processing of the Personal Data within 3 (three) business days of the date of such discovery. If it is impossible to ensure the lawfulness of the processing of Personal Data, the OOPD is obligated to destroy such Personal Data or ensure its destruction within 10 (ten) business days from the date of discovery of the unlawful processing of Personal Data. The OOPD is obligated to notify the Personal Data subject or their representative, or the authorized body for the protection of the rights of Personal Data subjects, of the rectification of the violations or the destruction of the Personal Data.

 

8.10. The OOPD responds to requests from Users, their representatives, and the authorized body for the protection of the rights of Personal Data subjects regarding Personal Data within 10 (ten) business days from the date of the request or the OOPD's receipt of the request. This period may be extended, but by no more than 5 (five) business days, if the OOPD sends the Personal Data subject a reasoned notice stating the reasons for the extension of the deadline for providing the requested information.

 

8.11. If it is established that Personal Data has been illegally or accidentally transferred (provided, distributed, or accessed) resulting in a violation of the User's rights, the Data Protection Authority is obligated, from the moment such incident is discovered, to notify the authorized body for the protection of the rights of personal data subjects:

 

1) within 24 (twenty-four) hours of the incident, the presumed causes that led to the violation of the rights of personal data subjects, the presumed harm caused to the rights of personal data subjects, and the measures taken to eliminate the consequences of the incident, as well as provide information about the person authorized by the Data Protection Authority to interact with the authorized body for the protection of the rights of personal data subjects on matters related to the identified incident;

 

2) within 72 (seventy-two) hours of the results of the internal investigation of the identified incident, as well as provide information about the persons whose actions caused the identified incident (if any).

 

9. FINAL PROVISIONS

 

9.1. The OOPD reserves the right to make any changes or additions to the Privacy Policy at any time at its sole discretion.

 

9.2. Changes and additions take effect upon posting the amended Privacy Policy on the Website. By continuing to use the Website after the publication of the updated Privacy Policy, the User confirms their acceptance of it.