Privacy

Personal Data Processing Policy

Association of European Businesses General Provisions


  • This Personal Data Processing Policy of the Association of European Businesses (hereinafter referred to as the "Policy") defines the basic principles and purposes of processing personal data and the measures to ensure its safety with the Association of European Businesses (hereinafter referred to as the "AEB").

  • This Policy applies to all operations performed in the AEB with personal data whether using automation tools or not.

  • This Policy has been developed in accordance with Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data."

  • This Policy is subject to updating if the legislation of the Russian Federation on personal data is amended, and it can also be amended at any time at the discretion of the AEB.

  • The terms used in this Policy shall be interpreted according to their definition given in Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data."


Principles and Purposes of Personal Data Processing at the AEB

The AEB, as part of its core business and being a personal data operator, processes the personal data of various categories of personal data subjects:

  • applicants for vacant positions;

  • employees who are or have been employed with the AEB;

  • relatives of AEB employees;

  • suppliers who are individuals;

  • representatives of corporate suppliers;

  • potential, current, and former members of the AEB who are individuals;

  • representatives and employees of potential, current, and former corporate members of the AEB;

  • relatives of representatives and employees of current corporate members of the AEB;

  • ultimate beneficiaries of corporate members of the AEB;

  • honored guests of the AEB;

  • members of a council of national representation;

  • representatives of the group's companies;

  • representatives and employees of corporate partners;

  • representatives of state and municipal authorities;

  • website users;

  • website visitors;

  • students and teachers of educational institutions;

  • journalists;

  • trainees;

  • office and event visitors.


The time periods for processing personal data are determined taking into account the following:

  • the established purposes of processing personal data;

  • expiration of contracts signed with personal data subjects and consent of personal data subjects to the processing of their personal data;

  • legal requirements.

  • The AEB processes personal data on a legal and fair basis and focuses only on achieving specific predetermined and legitimate goals.
  • The purposes of processing, the composition of personal data, as well as the categories of subjects whose data is processed by the AEB are indicated in the AEB's notification about the processing of personal data sent to the authorized body for the protection of the rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Media [Roskomnadzor]) and are updated if they change.
  • When processing personal data, its accuracy, sufficiency, and, if necessary, relevance as to the purposes of processing personal data are ensured.
  • The AEB does not disclose personal data to third parties and does not distribute personal data without the consent of the personal data subject (unless otherwise stipulated by federal law of the Russian Federation).
  • The AEB processes special categories of personal data of individuals, and it fulfills the requirements for processing such categories of personal data stipulated by Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data" and the Labor Code of the Russian Federation.
  • The AEB does not process biometric personal data.
  • The AEB carries out cross-border transfers of personal data. Therefore, the AEB meets the requirements for cross-border transfers of personal data stipulated by Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data."
  • The AEB entrusts the processing of personal data to other persons. At the same time, the AEB meets the requirements for entrusting the processing of personal data stipulated by Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data."
  • The AEB processes personal data both with and without using automation tools. At the same time, the AEB fulfills the requirements for the automated and non-automated processing of personal data stipulated by Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data" and the regulations adopted in accordance therewith.
  • The AEB does not make decisions that give rise to legal consequences in relation to the personal data subject or otherwise affect its rights and legitimate interests based on solely automated processing of personal data.

Rights of Subjects of Personal Data Processed by the AEB

The personal data subject has the right to update its personal data, block or destroy it, stop transfers, and receive information related to the processing of its personal data. In this regard, the personal data subject may send a written request to the following address: 68/70 Butyrsky Val St., Bldg. 1, 4th Floor, Premises I, Room 7, Tverskoy Municipal District, Moscow, 127055 Russian Federation, in the manner prescribed by Articles 10.1, 14, 20, and 21 of Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data." The request can also be sent in electronic form, signed with an electronic signature and sent to the following address: info@aebrus.ru.


AEB's Performance of Operator's Obligations

  • The AEB receives personal data from personal data subjects and from third parties (persons who are not personal data subjects). At the same time, when collecting personal data, the AEB fulfills the obligations stipulated by Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data" and the Labor Code of the Russian Federation.
  • The AEB stops processing personal data in the following cases:

  • upon the occurrence of conditions for termination of the processing of personal data or after the expiration of the established time period;

  • upon achieving the goals of their processing or in case the need to achieve these goals is lost;

  • at the request of the personal data subject if the personal data processed by the AEB is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing, and in other cases established by law;

  • in the event that unlawful processing of personal data is revealed if it is impossible to ensure the lawfulness of the processing of personal data;

  • if the personal data subject withdraws consent to the processing of its personal data or such consent expires (if personal data is processed by the AEB solely on the basis of the consent of the personal data subject);

  • in case of liquidation of the AEB.

  • The AEB has taken the following measures to ensure the fulfillment of the obligations stipulated by Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data" and the regulations adopted in accordance therewith:

  • a person responsible for organizing the processing of personal data has been appointed;

  • local regulations on the processing and security of personal data were issued and brought to the attention of employees, as well as local regulations establishing procedures aimed at preventing and identifying violations of the legislation of the Russian Federation and eliminating the consequences of such violations;

  • legal, organizational, and technical measures were applied to ensure the security of personal data;

  • internal control of the compliance of personal data processing with the requirements of Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data" and the regulations adopted in accordance therewith, this Policy, and local regulations of the AEB is carried out;

  • the harm that may be caused to the personal data subjects in case of a violation of the requirements of federal legislation on personal data was assessed; this harm and the measures taken by the AEB aimed at ensuring the fulfillment of the obligations stipulated by the legislation were coordinated;

  • AEB employees who directly process personal data are familiar with the provisions of Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data" and the regulations adopted in accordance therewith;

  • the process of receiving and processing requests and queries from personal data subjects or their representatives has been arranged.

The AEB has the following requirements in place for protecting personal data:

  • a regime has been organized to ensure the security of the premises where information systems are located, preventing the possibility of uncontrolled entry or stay in these premises by persons with no right to access these premises;

  • the safety of personal data carriers has been ensured;

  • a document that defines the list of persons whose access to personal data processed in the information system is necessary for the performance of their job duties has been approved;

  • information security means are being used;

  • requirements established by Decree of the Government of the Russian Federation No. 687 dated September 15, 2008 "On Approval of the Regulation on the Specifics of Personal Data Processing Carried Out Without Automation Tools" have been implemented.