1. General Provisions
This personal data processing policy (hereinafter referred to as the “Policy”) is developed in accordance with the Federal Law of the Russian Federation No. 152-FZ “On Personal Data” dated July 27, 2006 and defines the procedure for processing personal data and measures to ensure the security of personal data in the Federal State Budgetary Educational Institution of Higher Education “Bauman MoscowState Technical University (National Research University)”, or BMSTU (hereinafter referred to as the “Operator”).
The Operator sets as its most important goal and condition for its activities the observance of human rights and freedoms during the processing of personal data, including the protection of privacy rights.
This Policy applies to all information thatthe Operatorcan receive about visitors of the websitereg.bmstu.ru.
2. Terms and Definitions
Personal data — any information referring directly or indirectly to a particular or identified User of the website reg.bmstu.ru.
User — any visitor of the website reg.bmstu.ru.
Website—a set of graphic and information materials,as well as computer programs and databases,ensuring their availability on the Internet atthenetwork addressreg.bmstu.ru.
Operator — state agency, municipal authority, legal entity or individual who independently or in cooperation with other entities organizes and (or) engages in personal data processing as well as determines the purposes and scope of personal data processing.
Personal data processing — any action (operation) or a combination of actions (operations) performed both automatically and manually with personal data, including collection, recording, arrangement, accumulation, storage, specification (updating, changing), extraction, use,transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction of personal data.
Automated personal data processing — personal data processing by means of computer technology.
Distribution of personal data — actions related to making the data available to indefinite range of persons or to making an unlimited group of persons familiar with personal data, including publication of personal data in mass media, information and telecommunication networks, or granting access to personal data in anyother way.
Provision of personal data — actions related to making the data available to a definite person or a definite range of persons.
Blocking of personal data — temporary cessation of personal data processing (except for the cases when the processing is necessary to specify personal data).
Destruction of personal data — actions performed on personal data that prevent such data from being restored and (or) actions aimed at the physical destruction of the tangible medium of personal data.
Depersonalization of personal data — actions performed on personal data that do not permit the identity of the individual concerned to be verified solely from such anonymized data.
Personal data information system — a database that contains personal data as well as information technologies and hardware used for data processing.
Cross-border transfer of personal data — transfer of personal data to a foreign state agency, foreign legal entity or individual located in the territory of a foreign state.
3.Personal Data Concept and Composition
The Operator can process the following personal data of the User:
Full name: surname, first name, patronymic (if any).
Date (day, month, year) and place of birth.
Mobile, home phone numbers.
Personal photos of the User.
National identity document data / passport details.
Actual residence address, registration address.
Information about education, profession, specialization and qualification, details of education documents.
Data onprevious job positionsand employment record,data on military duty.
Data onactual job position and the workplace.
Data on academicdegree.
Data onacademic title.
Additionally,the site collects and processesimpersonaldata about visitors(including cookies, IP addresses)using Internet statistics services(Yandex.Metrika,Google Analytics, etc.).
4. Purposes of Personal Data Processing
Personal data are processed for the purpose of organizing events (including conferences, seminars and other informational, educational and cultural events) in which the User takes part, as well as of sending the information about the Operator’s activities (including the ones relating to the events organized by the Operator) to the User.
The Operator also has the right to send notifications to the User about new products and services, special offers and various events.The Usercan always refuse to receive informational messages bysending the Operatoran e-mailto firstname.lastname@example.org “Refusal tonotify about new products and servicesand special offers”.
Impersonal User data collected using Internet statistics services serve to gather information about the actions of Users on the website, improve the quality of the site and its content.
5. Legal Basis for Personal Data Processing
The Operator processes the User’s personal data only if they are filled out and (or) sent by the User independentlythrough special forms on the website reg.bmstu.ru.By filling out the appropriate forms and (or) sending his/her personal data to the Operator, the User agrees with this Policy.
6. Procedure for the collection, storage, transfer or other Processing of Personal Data
The Operator shall guarantee the security of personal data by applying legal, organizational and technical measures to comply fully with the requirements of current personal data protection legislation.
The Operator ensures personal data security and takes all possible measures to prevent unauthorized persons or entities from accessing personal data.
The User's personal data will never, under any circumstances, be transferred to third parties, except for cases related to the implementation of the current legislation.
In case of inaccuracies in personal data, the User can update them independently by sending a notification to the Operator’s e-mail address email@example.com marked “Updating personal data”.
The term for personal data processing is unlimited. The User can withdraw his/her consent to the processing of personal data at any time by sending a notification to the Operator’s e-mail address firstname.lastname@example.org marked “Withdrawal of consent to personal data processing”.
7. Cross-border transfer of Personal Data
Prior to the commencement of the cross-border transfer of personal data, the Operator shall ensure that the foreign state into which territorythe transfer of personal data is intended provides reliable protection of personal data subjects’ rights.
Cross-border transfer of personal data can be performed to the territory of foreign states that do not meet the above requirements only if there is a written consent of the personal data subject to cross-border transfer of his/her personal data and (or) the performance of the contract to which the data subject is a party.
The User can get any clarification on issues of interest regarding the processing of his/her personal data by contacting the Operator via e-mail email@example.com.
This document will reflect any changes in the personal data processing Policy of the Operator. The Policy is valid indefinitely until it is replaced with a new version.
The current version of the Policy is feely available on the Internet at reg.bmstu.ru/policy.