1.1 This personal data processing policy (the “Policy”) has been drawn up in accordance with the requirements of Federal Law No. 152-FZ dated 27.07.2006 “On Personal Data” (the “Law on Personal Data”) and sets forth the procedure for processing personal data introduced by ORION PARTNERS Law Firm LLC (“Orion Partners”), as well as measures to ensure the security of personal data collected using the website of Orion Partners with the domain name https://orion-law.com (the “Website”).
1.2 The most prominent goal and pre-requisite for the implementation of the activities of Orion Partners is the observance of the rights and freedoms of individual persons and citizens upon the processing of their personal data, including the protection of the rights to privacy, personal and family secrets.
1.3 This personal data processing Policy of Orion Partners applies solely to the Website and to all personal data that Orion Partners may receive about Website visitors (each of them being a “User”). The processing by Orion Partners of personal data of other categories of personal data subjects shall be regulated by other local acts of Orion Partners.
1.4 The legal basis for the processing of personal data shall be a set of regulatory legal acts, pursuant to and in accordance with which Orion Partners processes personal data, the Charter and other documents of Orion Partners.
1.5 In pursuance of the requirements of part 2 of Article 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Website of Orion Partners.
1.6 The main terms and concepts used in this Policy shall be interpreted in accordance with their definition set forth in the Law on Personal Data.
Personal data of Website Users are being processed for the following purposes:
- informing Users by sending e-mails;
- promotion of services;
- provision of reference and marketing information to Users;
- receipt of feedback from Users;
- consideration of employment applications and hiring employees;
- improvement of the Website and description of services provided by Orion Partners;
- ensuring the safety of using the Website and its efficient operation;
- information support;
- collection, processing and publication of information obtained during interviews on the Orion Partners website;
- gathering the statistics and analysis of the Website operation;
- for other purposes being in compliance with applicable laws of the Russian Federation.
3.1 The processing of personal data of Website Users shall be performed subject to receiving their consent to the processing of their personal data. Website Users give their consent to the processing of their personal data in the following cases:
- upon subscribing to news by clicking on the “Subscribe to News” button.
3.2 If a User does not agree with the terms of this Policy, the use of the Website and/or any services available when using the Website shall be immediately ceased.
3.3 List of personal data of Users processed on the Website using automation tools:
- surname, first name, patronymic;
- telephone number;
- e-mail;
- any other information which a User decided to provide.
3.4 In order to gather statistics and analyse the operation of the Website, Orion Partners processes information about Users’ visits to the Website without the relevant information being provided by Users themselves. The above information may be obtained using such metric services as Google Analytics and Yandex.Metrica. The metric services Google Analytics and Yandex.Metrica allow processing such data as:
- IP address;
- information about the browser;
- data from cookies;
- access time;
- referrer (address of the previous page).
3.5 If a Website User does not agree to cookies being stored on their device, they may independently disable this option in their browser settings. Stored cookies may also be deleted at any time in the browser’s system settings. A Website User may change the browser settings to accept or reject by default all cookies or cookies from specific websites, including the Website.
3.6 In case of their disagreement with the use of metric services, settings and tools of Internet statistics, a Website User shall cease using the Website.
3.7 Following the blocking of Google Analytics and Yandex.Metrica, as well as disabling of some cookies, some functions of the Website may become unavailable.
4.1 The processing of personal data shall be carried out provided that the personal data subject grants their consent to the processing of their personal data.
4.2 The processing of personal data is necessary to achieve the goals stipulated by an international treaty concluded by the Russian Federation or by law, in order to perform the functions and the obligations and to execute the powers established by laws of the Russian Federation applicable to Orion Partners.
4.3 The processing of personal data is required for the administration of justice, execution of judicial acts or acts of any other body or official to be executed in accordance with laws of the Russian Federation on enforcement proceedings.
4.4 The processing of personal data is required for the performance of an agreement to which the personal data subject is a party or under which they act as beneficiary or guarantor, as well as to conclude an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will act as beneficiary or guarantor.
4.5 The processing of personal data is required to exercise rights and legitimate interests of Orion Partners or third parties, or to achieve publicly significant goals, provided that the rights and freedoms of the personal data subject are not violated.
4.6 The processing of personal data, the access of an unlimited number of persons to which is granted by the personal data subject for subsequent distribution or is allowed upon their request, shall be carried out in compliance with the prohibitions and conditions stipulated by the Law on Personal Data.
4.7 Any personal data subject to publication or mandatory disclosure in accordance with the Law on Personal Data shall be processed.
4.8 No processing of biometric personal data and special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status or intimate life shall be carried out on the Website.
4.9 Orion Partners does not verify the accuracy of the information provided by a User, and proceeds from the fact that a User provides reliable and sufficient information and controls its relevance.
4.10 The storage of personal data shall be carried out in a form that allows determining the personal data subject for no longer than is required for the purposes of processing personal data.
4.11 The achievement of the goals of personal data processing, the expiration of the period for personal data processing, the withdrawal of the consent of a Website User to the processing of their personal data, as well as any detection of unlawful processing of personal data may serve as a basis for terminating the processing of personal data.
4.12 The storage of personal data of Website Users shall be carried out for the period necessary for the goals of collecting personal data, or for the period stipulated by the Law on Personal Data. Upon reaching the goals and/or expiration of the personal data processing period, the personal data of Website Users shall be destroyed without notifying Website Users.
5.1 The security of personal data processed by Orion Partners shall be ensured by the introduction of legal, organizational, technical and software measures necessary and sufficient to provide for the compliance with the requirements of laws of the Russian Federation.
5.2 Orion Partners shall take organizational and technical measures required to protect Users’ personal data from unauthorized or accidental access, destruction, modification, blocking, copying or distribution, as well as from other illegal actions of third parties.
5.3 Employees of Orion Partners having access to the processing of personal data shall maintain the confidentiality of personal data.
5.4 Orion Partners may involve third parties for the purpose of processing personal data of Website Users, and Orion Partners shall ensure that such third parties undertake appropriate obligations regarding the confidentiality of personal data.
5.5 For the purposes of providing services, Orion Partners, if necessary, may hire external consultants, both in Russia and abroad, and in such case Orion Partners shall ensure the performance of obligations pertaining to personal data within the framework of and in accordance with this Policy.
5.6 The Website may contain links to other websites, the procedure for processing personal data on which may differ from the one stipulated by this Policy. Prior to using such websites, Users should read their Privacy Policy and similar documents posted on such websites.
5.7 Orion Partners shall take the following measures to ensure the security of personal data:
- limiting the composition of Orion Partners employees having access to personal data;
- determination of the level of protection of personal data upon processing personal data in information systems;
- establishment of rules for delimiting access to personal data processed in personal data information systems and ensuring registration and recording of all actions performed with personal data;
- restriction of access to the premises where the main technical equipment and systems of personal data information systems are kept and where non-automated processing of personal data is carried out;
- keeping records of machine carriers of personal data;
- organization of backup and restoration of the operability of personal data information systems as well as personal data modified or destroyed as a result of any unauthorized access thereto;
- establishment of requirements for the complexity of passwords for access to personal data information systems;
- implementation of anti-virus control, prevention of the introduction of malicious software (software viruses) and software bookmarks into the corporate network;
- organization of timely updating of software used in personal data information systems and information security tools;
- regular assessment of the effectiveness of measures taken to ensure the security of personal data;
- detection of unauthorized access to personal data and taking measures to establish the causes and to eliminate possible consequences thereof;
- control over the measures taken to ensure the security of personal data and levels of security of personal data information systems.
6.1 Orion Partners may:
- receive from a personal data subject reliable information and/or documents containing personal data;
- in the event that a personal data subject withdraws their consent to the processing of personal data, as well as sends a request to terminate processing their personal data, Orion Partners may continue processing personal data without the consent of the personal data subject on the grounds specified in the Law on Personal Data;
- independently determine the composition and list of measures necessary and sufficient to ensure the performance of the obligations stipulated by the Law on Personal Data and any regulations adopted thereunder, unless otherwise stipulated by the Law on Personal Data or other federal laws.
6.2 Orion Partners shall:
- upon request, provide a personal data subject with information regarding the processing of their personal data;
- organize the processing of personal data in the manner prescribed by applicable laws of the Russian Federation;
- respond to applications and requests from personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
- disclose to an authorized body for the protection of the rights of personal data subjects, upon request, the necessary information within ten (10) days from the date of receipt of such request;
- publish or otherwise provide unrestricted access to this Personal Data Processing Policy;
- take legal, organizational and technical measures to protect personal data from unauthorized or accidental access thereto, from the destruction, modification, blocking, copying, provision or distribution of personal data, as well as from other illegal actions in relation to personal data;
- terminate the transfer of (distribution or provision of, access to) personal data, terminate processing and destroy personal data in the manner and in cases stipulated by the Law on Personal Data;
- perform other obligations stipulated by the Law on Personal Data.
7.1 Personal data subjects may:
- receive information regarding the processing of their personal data, unless otherwise stipulated by federal laws. The information shall be provided to a personal data subject by Orion Partners in an accessible form, and it may not contain personal data relating to other personal data subjects, unless there are legal grounds for the disclosure of such personal data. The list of information and the procedure for obtaining it are set forth in the Law on Personal Data;
- request from Orion Partners to update their personal data or to block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated processing goal, as well as take legal measures to protect their rights;
- stipulate the need to receive their prior consent to the processing of personal data in order to promote goods, works and services on the market;
- revoke their consent to the processing of their personal data, as well as send a request to terminate processing personal data;
- file an appeal with an authorized body for the protection of the rights of personal data subjects or challenge in court the illegal actions or inaction of Orion Partners in the course of processing their personal data;
- exercise other rights stipulated by laws of the Russian Federation.
7.2 Personal data subjects shall:
- provide Orion Partners with accurate information about themselves;
- notify Orion Partners of any clarification (update, amendment) of their personal data.
7.3 Any persons providing Orion Partners with false information about themselves or information about another personal data subject without the consent of the latter shall be held liable in accordance with laws of the Russian Federation.
8.1 The processing of personal data shall be carried out on a legal and fair basis.
8.2 The processing of personal data shall be limited to the achievement of specific, predetermined and legitimate goals. No processing of personal data being incompatible with the goals of collecting personal data shall be allowed.
8.3 Combining databases containing personal data, the processing of which is carried out for goals being incompatible with each other, may not be allowed.
8.4 No processing of personal data that is incompatible with the goals of collecting personal data shall be allowed.
8.5 The content and scope of processed personal data shall correspond to the stated processing goals. The redundancy of the processed personal data in relation to the stated processing goals may not be allowed.
8.6 Upon processing personal data, it is necessary to ensure the accuracy of personal data, their sufficiency, and, if applicable, relevance in relation to the goals of processing personal data. Orion Partners shall take the necessary measures to remove or clarify incomplete or inaccurate data and/or ensure taking such measures.
8.7 The personal data being processed shall be destroyed or depersonalized upon the achievement of the processing goals or in the case of loss of the need to achieve these goals, unless otherwise stipulated by the Law on Personal Data
9.1 The security of personal data processed by Orion Partners shall be ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of applicable laws on personal data protection.
9.2 Orion Partners shall ensure the safety of personal data and take all possible measures to prevent access to personal data by unauthorized persons.
9.3 In case of detection of any inaccuracies in their personal data, a User may update them independently by sending Orion Partners a notification to the email address of Orion Partners info@orion-law.com marked “Updating personal data”.
9.4 The period for the processing of personal data shall be determined by the achievement of the goals for which the personal data were collected, unless a different period is stipulated by the contract or applicable law.
9.5 A User may at any time withdraw their consent to the processing of personal data by sending Orion Partners a notification by e-mail to the email address of Orion Partners info@orion-law.com marked “Withdrawal of the consent to the processing of personal data”.
9.6 All information collected by third-party services, including by payment systems, means of communication and other service providers, shall be stored and processed by such persons (Operators) in accordance with their user agreements and privacy policies. Orion Partners may not be held liable for any actions of third parties, including the service providers specified in this clause.
9.7 The prohibitions established by a personal data subject on the transfer (other than granting access), as well as on the processing or processing terms (other than obtaining access) of personal data permitted for distribution, may not apply in cases of processing personal data in state, social and other public interests determined by laws of the Russian Federation.
9.8 Upon processing personal data, Orion Partners shall ensure the confidentiality of personal data.
9.9 Orion Partners shall store personal data in a form that allows identifying the personal data subject no longer than required by the goals of processing personal data, unless the period for storing personal data is established by the Law on Personal Data or by an agreement to which the personal data subject is a party or under which they act as beneficiary or guarantor.
9.10 The achievement of the purposes of processing personal data, the expiration of the consent of the personal data subject, a withdrawal of their consent by the personal data subject or a request to terminate processing personal data, as well as the detection of unlawful processing of personal data may serve as a basis for terminating the processing of personal data.
10.1 Orion Partners shall collect, record, systematize, accumulate, store, clarify (update, amend), extract, use, transfer (distribute, provide, access), depersonalize, block, delete and destroy personal data.
10.2 Orion Partners shall carry out automated processing of personal data with or without the receipt and/or transmission of the received information via information and telecommunication networks.
10.3 Orion Partners shall process personal data for no longer than is required by the goals of their processing, unless other periods are stipulated by applicable laws of the Russian Federation on personal data.
11.1 Orion Partners may perform cross-border transfers of personal data to the territory of foreign states in accordance with the Law on Personal Data.
11.2 Prior to the commencement of a cross-border transfer of personal data, Orion Partners shall notify an authorized body for the protection of the rights of personal data subjects of its intention to carry out the cross-border transfer of personal data (such notification shall be sent separately from the notification of the intention to process personal data). A notification of intent to carry out a cross-border transfer of personal data shall contain the information stipulated in clause 4 of Article 12 of the Law on Personal Data, sent in a hard copy or in electronic form and signed by an authorized person.
11.3 Orion Partners, prior to submitting the notification provided for in clause 11.2 of this Policy is obliged to obtain from the authorities of a foreign state, foreign individuals or foreign legal entities to whom the cross-border transfer of personal data is planned, the information stipulated in clause 5 of Article 12 of the Law on Personal Data.
11.4 After submitting the notification provided for in clause 11.2 of this Policy, Orion Partners has the right to carry out cross-border transfers of personal data to the territory of foreign states:
- being parties to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data;
- contained in the list of foreign states not being parties to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and providing adequate protection of the rights of personal data subjects, approved by an authorized body for the protection of the rights of personal data subjects.
11.5 Cross-border transfers of personal data to the territory of foreign states that do not provide adequate protection of the rights of personal data subjects may be performed by Orion Partners after submitting the notification provided for in clause 11.2 of this Policy in case of protection of life, health or other vital interests of the personal data subject or other persons.
11.6 Cross-border transfers of personal data may be prohibited or limited in order to protect the foundations of the constitutional order of the Russian Federation, morality, health, rights and legitimate interests of citizens, to ensure the national defence and state security, to protect the economic and financial interests of the Russian Federation, to provide diplomatic and international legal means of protection of the rights, freedoms and interests of citizens of the Russian Federation, sovereignty, security, territorial integrity of the Russian Federation and its other interests in the international arena from the date of adoption by an authorized body for the protection of the rights of personal data subjects of the decision provided for in Article 12 of the Law on Personal Data.
11.7 The use of the Website implies the User’s consent to the cross-border transfer of personal data for the purposes of Article 12 of the Law on Personal Data.
Orion Partners and other persons receiving access to personal data may not disclose to third parties or distribute personal data without the consent of the personal data subject, unless otherwise stipulated by the Law on Personal Data.
13.1 Any User may receive any clarifications on issues of interest regarding the processing of their personal data by contacting Orion Partners via e-mail info@orion-law.com.
13.2 This Policy may be amended subject to any amendments being introduced to applicable laws of the Russian Federation on personal data, and may also be amended at any time at the discretion of Orion Partners. This Policy shall remain valid for an unlimited term until replaced by a new version hereof.
13.3 The up-to-date version of this Policy is available on the Internet at https://orion-law.com/policy.
13.4 Other rights and obligations of Orion Partners in connection with the processing of personal data that are not reflected in this Policy are determined by applicable laws of the Russian Federation on personal data.