Personal Data Processing Policy
by Autonomous Non-profit Organization
of Higher Education "Innopolis University"
1. General provisions
1.1. This Policy of personal data processing by Autonomous Nonprofit Organization of Higher Education "Innopolis University" on the website https//aiconf.innopolis. (hereinafter - Policy) defines basic principles and conditions of personal data processing (hereinafter - PD) of ANO of HE Innopolis University (legal address 420500, Republic of Tatarstan, Innopolis, Universitetskaya str., 1) (hereinafter - University) at https//aiconf.innopolis.ru (hereinafter - Site), as well as measures to ensure the security of PD.
1.5. Version of the Policy published at https//aiconf.innopolis.ru is considered relevant.
1.2. This Policy is designed compliant to the requirements of Federal Law of the Russian Federation dated July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter - the Personal Data Law), other federal laws governing PD processing, as well as the regulations of the Russian Federation for implementing subordinate legislation.
1.3. This Policy is mandatory for all employees and departments of the University that process PD as part of "AI IN 2023: Innopolis AI Conference for Business" event.
1.4. This Policy is mandatory for all PD both processed without the use of automated tools and during their processing in the information systems of personal data (hereinafter - ISPD), on the websites: https//aiconf.innopolis.ru and all its sub-domains.
1.6. Consent to processing PD, subject of PD agrees with the terms of processing and protection of PD, specified in this Policy.
2. General Terms and Definitions
2.1. This Policy uses terms and definitions accordingly:
2.1.4. Privacy of personal data - mandatory for the operator and other individuals having access to personal data, the requirement not to transfer to third parties personal data without the consent of the subject of personal data or other legal basis.
2.1.1. Automated processing of personal data - processing of personal data using computers.
2.1.2. Blocking of personal data - suspension of personal data processing (except when processing is necessary to clarify personal data).
2.1.3. Personal Data Information System - set of personal data in databases and providing information technology and technical means for its processing.
2.1.5. Responsible for managing personal data process in the organization - an employee appointed by order of the Director of the University in charge for ensuring that the University and its employees comply with the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data.
2.1.6. Unauthorized access - access to information, IT systems and IT infrastructure components by unauthorized persons, in violation control rules for access but using regular means by computer equipment or information system.
2.1.7. Personal Data Operator - a state institution, municipal institution, legal or individual person, independently or together with other persons, organizing and (or) carrying out processing of personal data, as well as determining the purposes of personal data processing, personal data components subject to processing, actions (operations) performed with personal data. This Policy defines the Personal Data Operator as ANO HE "Innopolis University".
2.1.8. Anonymization of personal data - actions that make it impossible, without the use of additional information, to determine what personal data belongs to a particular personal data subject.
2.1.9. Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data.
2.1.10. Personal Data - any information relating directly or indirectly to a specific or identifiable individual (the subject of personal data).
2.1.11. Submission personal data - actions to disclose personal data to a particular person or a particular group of persons.
2.1.12. Sharing personal data - actions to disclose personal data to unspecified audience.
2.1.13. Department of the University - department of the University that performs certain processes, functions, and works and participates in the economic activities of the University, but does not have economic independence within the University.
2.1.14. Subject of personal data - an individual who is directly or indirectly defined or identifiable by personal data.
2.1.15. Third Parties - any individuals who are not employees of the University, any legal persons, associations thereof, officials, public authorities and local governments, and other persons entering any legal relations with the University.
2.1.16. Destruction of personal data - actions, resulting in failure to restore the content of personal data in the information system of personal data and (or) as a result of which material personal data carriers are destroyed.
3. General principles of personal data processing
3.1. University, acting as an operator of PD in accordance with the terms of Personal Data Law, ensures compliance with the following principles of processing of PD in its activities:
3.1.4. Only PD which meet the purposes of their processing shall be processed.
3.1.1. Processing of PD shall be performed on a legal and fair basis.
3.1.2. Processing of PD shall be limited to achieving specific, predetermined and legal purposes. Processing of PD incompatible with the purposes of collecting PD shall not be performed.
3.1.3. Databases containing PD, which are to be processed for incompatible purposes, shall not be merged.
3.1.5. Content and scope of processed PD is consistent with the declared processing purposes. Processed PD are not excessive in relation to the declared purposes of their processing.
3.1.6. Processing of PD ensures the accuracy of PD, their sufficiency, and, if necessary, their relevance to the purposes of PD processing. University shall take necessary measures to remove or clarify incomplete or inaccurate PD.
3.1.7. Storing of PD shall be in a form that allows identifying the subject of the PD, no longer than required by the purposes of PD processing, unless the term of PD storage is established by federal law, an agreement to which the subject of PD is a party, a beneficiary, or a guarantor. Processed PD shall be destroyed or anonymized upon completion of the purposes of processing or when it is no longer necessary to achieve such purposes, unless otherwise provided for by federal law.
3.1.8. Personal data shall not be disclosed to third parties and shall not be distributed without the consent of the subject of personal data, except as provided by the legislation of the Russian Federation.
3.1.9. The University takes the necessary measures to ensure the security of processed PD.
4. Purposes and scope of personal data processing
4.1. The University processes PD for the following purposes:
4.1.4. Full functionality of the site https//aiconf.innopolis.ru as follows: login-password combination, visited pages of the University Internet resources (visited pages, time spent on the page, search intensity, browser, system time, unique user identifier, ip address, provider, cookies, WebGL parameters, entry and exit from the website, digital fingerprint of the browser, etc.)
4.1.1. Registration of the participant at the forum "AI IN 2023: Innopolis AI Conference for Business" (hereinafter - the Forum) as follows: full name, place of work and position, city of residence, e-mail, contact phone number, postal address.
4.1.2. Informing about marketing actions of the University as follows: Full name, e-mail, contact phone number.
4.1.3. Statistical information on the subject's use of the resources of the website https//aiconf.innopolis.ru as follows: visited pages of the University Internet resources (visited pages, time spent on the page, search intensity, browser, system time, unique user identifier, ip address, provider, cookies, WebGL parameters, entry and exit from the website, digital fingerprint of the browser, etc.)
4.1.5. Sending notifications on the services/works provided as follows: full name, contact phone number, e-mail, mailing address.
4.1.6. Updating the client base as follows: full name, contact phone number, e-mail, mailing address, place of work and position, city of residence.
4.1.7. Communication between the organizers and participants of the Forum as follows: full name, contact phone number, e-mail.
4.1.8. Organization of transfer of the participants of the event as follows: full name, contact phone number, e-mail.
5. Processing of PD on the website shall be legal and fair
The legal basis for processing PD is:
5.4. Federal Law No. 149-FZ dated July 27, 2006 "On Information, Information Technologies and Information Protection".
5.1. Constitution of the Russian Federation.
5.2. Civil Code of the Russian Federation.
5.3. Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".
5.5. Charter of ANO HE "Innopolis University".
5.6. Other regulatory documents, including local normative acts of the University, the effect of which regulates the processing of PD.
6. Main categories for subjects of PD
Whose data are processed on the website:
6.1. Individuals that are the speakers of the Forum.
6.2. Individuals that are participants of the Forum.
6.3. Individuals employed by or under contractual arrangements with the University.
7. Procedure and Conditions for Processing PD
7.1. As part of its activities, Operator shall perform the following actions with the personal data specified in paragraph 4 of this Policy, both individually and collectively: collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer, depersonalization, removal, blocking, destruction and other actions necessary to achieve the purposes of processing PD and which do not violate the rights of the subject of PD.
Limited Liability Company "Congress Avia" (Taxpayer Identification Number: 1655321180, OGRN: 1151690014200, legal address: 42 Peterburgskaya str. 14) to organize the transfer as follows: Full name, passport details, contact phone number, e-mail.
7.2.1. Involving no means of automatization.
7.2.2. Using means of automatization.
7.2.3. Combined mode.
Limited Liability Company Innopolis Express (INN: 1615012309, OGRN: 1151690079903, legal address: RT, Verkhneuslonsky District, Innopolis, Sportivnaya Street 102, room 2) to organize the transfer as follows: Full name, passport details, contact phone number, e-mail.
Individual entrepreneur Madyshin Artur Ranasovich: (TIN: 164444470060, ORGNIP: 320169000039040) to organize the transfer as follows: Full name, passport details, contact phone number, e-mail.
LLC Yandex (INN: 7736207543, OGRN: 1027700229193, legal address: 16, Leo Tolstoy St., Moscow) to collect statistical information on the use of the website as follows: visited pages of the University Internet resources (visited pages, time spent on the page, search intensity, browser, system time, unique user identifier, ip address, provider, cookies, WebGL parameters, entry and exit from the website, digital fingerprint of the browser, etc.)
7.2. All actions specified in paragraph 7.1. of this Policy shall be completed by the operator in the following ways:
7.3. University may transfer PD of the subjects to the following third parties:
7.4. Processing of PD shall be compliant with the requirements of Russian legislation to ensure confidentiality of PD. The information security measures are implemented and controlled by the employee responsible for PD security, appointed by the order of the University Director.
8. Personal Data storage and termination of processing
8.1. PD shall be kept for a period ensuring identification of the subject of PD required by the purposes of PD processing, unless the period is specified by federal law, an agreement involving the subject of Personal Data as a party, beneficiary or guarantor.
8.3.1. The purposes of processing of PD have been achieved and (or) the retention period of PD has expired.
8.2. PD shall be stored on paper, electronic media in databases and virtual machines. PD processed for multiple purposes shall be processed on different physical or virtual carriers.
8.3. Termination of PD processing shall be carried out in the following cases:
8.3.2. The purposes of processing PD are no longer relevant and there is no need to continue processing PD.
8.3.3. A notice received from the subject of PD on inaccurate processing of PD.
8.3.4. A notice of withdrawal of consent to process PD received from the subject of PD.
8.3.5. Employees in charge for processing and ensuring security of PD discovered unauthorized processing of PD.
9. Rights and obligations of the subject of PD
9.4. If the subject of PD concerns that the University is processing his PD in violation of the law on personal data or otherwise violates his rights and freedom, the subject of PD has the right to appeal the actions or inaction of the University to the authority to protect the rights of subjects of personal data (the Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor) or in court.
9.1. Subject of PD shall have the right to withdraw consent to process PD by sending a relevant request to the University by mail or by contacting the University in person.
9.2. The subject of Personal Data shall have the right to receive information regarding the processing of PD, also containing: confirmation of processing of PD by the University; legal basis and purposes for processing PD; purposes and methods of processing PD applied by the University; name and location of the University, information on individuals (excluding University employees/staff) that have access to PD or may have access to PD under a contract with the University or under federal law; processed PD related to the respective subject of the PD, how they were received, unless otherwise specified in the federal law; terms for processing PD, including terms of their storage; proceeding to the subject of PD rights provided by the Personal Data Law; information about completed or expected cross-border data transfer; full name and address of the person processing PD on behalf of the Operator, if the processing is or will be assigned to such a person; other information provided by the Personal Data Law or other federal laws.
9.3. Subjects of PD may request the University to clarify their PD, block or destroy them if their PD is incomplete, outdated, inaccurate, illegally obtained or unnecessary for the stated purpose of processing, as well as legally protect their rights.
9.5. Subject of PD is required to provide up-to-date and correct personal data. In case of changes in PD during the period of the website use, the subject is obliged to notify the Operator by sending the corrected PD.
2023 @ Innopolis AI Conference for business, Innopolis University, Russia
Contacts
Media Contacts
This website uses cookies to ensure you get the best experience
OK