1.1. This document defines the policy of CONDE NAST JSC (hereinafter - the Company) in relation to the personal data processing and sets out a system of basic principles applied to the personal data processing in the Company.
1.2. This Policy applies to all operations performed in the Company with personal data using automation technologies or without them.
1.3. This Policy shall be read, understood and executed by all persons authorized to process personal data in the Company and persons involved in organizing the processing and security of personal data in the Company.
1.4. This Policy is developed under Convention No. 108 of the Council of Europe on the Protection of Individuals With Regard to the Automatic Processing of Personal Data and Federal Law of July 27, 2006 No. 152-FZ ‘On Personal Data’.
1.5. This Policy shall be updated in case of changes in the laws of the Russian Federation on personal data.
2.1. In accordance with subparagraph 2 of Article 3 of the Federal Law dated July 27, 2006 No. 152-FZ ‘On Personal Data’, the Company is an operator, i.e. a legal entity that independently organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, and actions (operations) performed with personal data. The Company shall not process personal data on behalf of another operator.
2.2. An important condition for the implementation of the goals of the Company is to ensure the protection of the rights and freedoms of man and citizen – personal data subject when processing his/her personal data.
2.3. The Company has developed and implemented documents establishing the procedure for processing and ensuring the safety of personal data to comply with the requirements of the Federal Law of July 27, 2006 No. 152-FZ ‘On Personal Data’ and its subordinate laws.
3.1. As the operator the Company shall process the personal data of the following entities:
3.2. The processing time for personal data shall be determined taking into account the following:
3.3. The Company carries out the processing of personal data on a legal and fair basis.
3.4. When processing personal data, their accuracy, adequacy, and, if necessary, their relevance to the purposes of personal data processing shall be ensured.
3.5. The Company shall not disclose to third parties and shall not distribute personal data without the consent of the personal data subject (unless otherwise provided for by the federal law of the Russian Federation).
3.6. The Company shall not create publicly available sources of personal data.
3.7. The Company shall process special categories of personal data. At the same time, the Company shall fulfill all the requirements for processing special categories of personal data stipulated by Federal Law of the Russian Federation ‘On Personal Data’ No. 152-FZ dated July 27, 2006. The Company shall not process personal data on criminal records.
3.8. The Company shall not process biometric personal data.
3.9. The Company may carry out cross-border transfer of personal data.
3.10. The Company shall process personal data to promote the Company's goods, works and services on the market by making direct contacts with a potential consumer using communication tools with the consent of potential consumer. The Company shall not process personal data for the purposes of political solicitation.
3.11. The Company shall not make decisions producing legal effects concerning the personal data subject or otherwise affect his/her rights and legitimate interests, based on exclusively automated personal data processing.
3.12. The Company shall entrust the processing of personal data to other persons. At the same time, the Company shall fulfill all the requirements for a personal data processing order stipulated by Federal Law of July 27, 2006 No. 152-FZ ‘On Personal Data’. A visitor to any of the websites of CONDE NAST JSC accepting this Policy regarding the processing of personal data and agreeing with it, shall give his consent to the transfer of his/her personal data by CONDE NAST JSC to third parties for the fulfillment of the objectives of the contracts in connection with which the personal data shall be transferred to a third party.
3.13. The Company shall process personal data using automation technologies and without their use. At the same time, the Company shall fulfill all the requirements for automated and non-automated processing of personal data stipulated by Federal Law of July 27, 2006 No. 152-FZ ‘On Personal Data’ and its subordinate laws.
4.1. The personal data subject has the right to receive information regarding the processing of his/her personal data. To obtain this information, the personal data subject may send a written request to the address: 125009, Moscow, Bolshaya Dmitrovka Str., house 11, bld. 7 in the manner prescribed by Article 14 of Federal Law of July 27, 2006 No. 152-FZ ‘On Personal Data’.
4.2. The personal data subject has the right to require the Company to clarify his/her personal data, to block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated processing purpose. The subject of personal data has the right to withdraw his/her consent to the processing of personal data. To exercise these powers, the personal data subject can send a written request (by registered letter with delivery confirmation) to the address: 125009, Moscow, Bolshaya Dmitrovka Str., house 11, bld. 7 in the manner prescribed by Article 21 of Federal Law of July 27, 2006 No. 152-FZ ‘On Personal Data’.
5.1. The Company receives personal data from personal data subjects, from third parties (persons who are not personal data subjects) and from publicly available sources of personal data (including in the Internet telecommunication network). Moreover, the Company shall fulfill the obligations stipulated by Federal Law of July 27, 2006 No. 152-FZ ‘On Personal Data’ in the collection of personal data.
5.2. The Company shall stop processing personal data in the following cases:
5.3. To ensure the fulfillment of the obligations stipulated by Federal Law of July 27, 2006 No. 152-FZ ‘On Personal Data’ and the regulatory legal acts adopted under it, the Company has taken the following measures: