Personal Data Processing Policy
Policy on processing personal data by the Website Administration
General provisions
This Personal Data Processing Policy (hereinafter referred to as the Policy) defines the conditions, purposes, content, and procedure for processing personal data (hereinafter referred to as PD) using automation tools as well as measures aimed at protecting PD and preventing violations of the personal data law of the Russian Federation. These measures are carried out by Eco-Vector LLC, OGRN 1099847039907, INN/KPP 7806423692/784101001, address: Aptekarskiy per, d. 3, lit. A,, office 1H, Saint-Petersburg, Russia.
This Policy defines the policy of Eco-Vector LLC regarding the processing and protecting personal data.
In this Policy, the following terms are used:
-
Personal Data (PD) refers to any information which is directly or indirectly related to a specific or identifiable individual (PD subject).
-
Processing of PD refers to any action (operation) or set of actions (operations) performed with or without automation tools including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of PD.
-
PD operator refers to an individual or organization who organizes and/or processes PD as well as determine purposes of PD processing, contents of PD to be processed, and actions (operations) performed with PD, independently or in cooperation with other entities.
-
A Personal Data Information System (hereinafter referred to as the PDIS) refers to a set of PD in databases as well as information technologies and technical means that are used for PD processing.
-
Confidentiality of PD refers to the obligation of the Operator and other persons who have received access to PD not to disclose PD to third parties and not to distribute PD without consent of a PD subject, unless otherwise provided by the federal law.
-
Depersonalization of PD refers to actions resulting in impossibility to determine what personal data belongs to certain subject of PD, without additional information.
-
Provision of PD refers to actions aimed at disclosing PD to a certain person or certain persons.
-
Distribution of PD refers to actions aimed at disclosing PD to indefinite persons.
-
Destruction of PD refers to actions resulting in impossibility to restore PD content in the PDIS and/or resulting in destruction of the physical carrier of PD.
The Website Administration processes PD of the following categories of PD subjects:
-
Operator's cutomers (individuals),
-
users of the Operator's online store,
-
users of the Operator's journal portal,
-
users of the Operator's e-book portal.
PD Processing is carried out by the Operator in compliance with terms and conditions provided for by this Policy and PD laws of the Russian Federation.
Information about PD processing and security protecting
Publisher employees with access to PD shall be obliged not to disclose PD to third parties and not to distribute PD without consent of PD subjects, unless otherwise provided by federal laws.
To protect PD from illegal actions (such as illegal or accidental access, destruction, modification, blocking, copying, provision, distribution), the Operator has implemented a set of legal, organizational, and technical measures to make the PD protection system and to ensure PD security.
These PD security measures ensure the established level of PD protection during their processing in the information system of the Operator.
Terms and conditions for processing personal data of users of the Operator's online store
The Operator processes PD of online store users as part of legal relations with the Operator regulated by current legislation.
The Operator processes the following types of PD of customers:
-
Full name (surname, name, middle name),
-
Mailing address,
-
Sex,
-
Place of work.
Terms and conditions for processing personal data of users of the Operator's journal portal
The Operator processes PD of journal portal users as part of legal relations with the Operator, regulated by current legislation.
The Operator processes the following types of PD of authors.
-
Surname,
-
Name,
-
Middle name,
-
Residence address,
-
Contact number,
-
E-mail,
-
User ID stored in the cookie,
-
ORCID iD,
-
SPIN code,
-
Scopus Author ID,
-
ResearcherId,
-
Mendeley Profile,
-
Publons Profile,
-
Organization,
-
Degree,
-
Position.
Terms and conditions for processing personal data of users of the Operator's e-book portal
The Operator processes PD of e-book portal users as part of legal relations with the Operator regulated by current legislation.
The Operator processes the following types of PD of authors:
-
Full name,
-
Mailing address,
-
Sex,
-
Place of work.
Personal data processing procedure
PD of PD subjects are processed in the PDIS as defined by the Order of the Operator on approval of the list of personal data information systems.
The PDIS of the Operator shall be classified in accordance with laws of the Russian Federation.
The Operator’s employees with right to process PD in the PDIS shall sign a Non-Disclosure Agreement for Information Containing Personal Data in the form approved by the Operator.
Such employees are provided with a unique login and password to access the relevant PDIS. Access is provided to application software subsystems considering functions related to official duties of employees.
Security of PD processed in the PDIS is achieved by preventing unauthorized access to PD (including accidental one) as well as taking respective security measures.
Terms of processing and storage of personal data
The Operator processes PD until purposes of such processing are achieved, unless otherwise provided by laws of the Russian Federation.
PD are stored in a form that allows determining a subject of PD, no longer than required by the purposes of processing PD, if the PD storage period is not established by federal laws or by agreement with a PD subject as a party, beneficiary, or guarantor. PD being processed are subject to destruction or depersonalization after purposes of PD processing are achieved or after these purposes are no longer needed to be achieved, unless otherwise provided by the federal law On Personal Data.
Rights of personal data subjects
A Subject of PD has the right:
-
To receive their PD and information regarding processing these PD,
-
To clarify, block, or destroy their PD if they are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing,
-
To withdraw their consent to PD processing,
-
To protect their rights and legal interests, including legal compensation for losses and compensation for moral damage,
-
To complain against the Operator’s action or inaction to an authorized body or courts for protecting rights of PD subjects.
-
To exercise their rights and legal interests, PD subjects have right to contact the Operator or send a request personally or with the help of a representative. The request must contain the information specified in Part 3 of Article 14 of the Federal Law On Personal Data.
Version 3 dated December 10, 2022