Legal Basis
This policy is established in accordance with Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”. This Russian law (the Personal Data Law) sets forth the principles and conditions for processing personal data. The English title and reference are typically given as “Federal Law No. 152-FZ of July 27, 2006, On Personal Data” (often cited simply as the “Russian Personal Data Law”).
Types of Personal Data Processing
The policy recognizes the following processing operations: collection, recording, systematization, accumulation, storage, destruction and depersonalization (anonymization) of personal data. It also includes the sending of informational emails to the user’s email address. These activities correspond to the list of processing actions enumerated in Article 2.6 of the Personal Data Law. In English legal usage, these operations are usually rendered as “data collection, recording, organization, accumulation, storage, destruction and depersonalization (anonymization)”, etc., reflecting GDPR-style terminology.
Conditions for Personal Data Processing
Collection, Storage, Transfer and Other Processing of Data
The policy states that the security of personal data is ensured by implementing legal, organizational and technical measures necessary for full compliance with Russia’s data protection laws. In practice, this means the Operator takes steps to protect data from unauthorized access or misuse.
The policy explicitly lists all standard processing operations performed by the Operator on the collected data. In English, these include:
Transborder Transfer of Personal Data
Before commencing any cross-border transfer of personal data, the Operator must notify the authorized data protection authority of its intention to make such transfers (this notification is separate from the general data processing notice). Prior to filing this notification, the Operator must obtain relevant information from the foreign authorities or entities (individuals or legal) to which the data will be transferred. This ensures compliance with Russian rules on “transborder transfer of personal data”.
Confidentiality of Personal Data
The Operator and any other persons who gain access to personal data are obliged not to disclose or disseminate personal data to third parties without the subject’s consent, unless federal law provides otherwise. In legal English, this is typically phrased: “The Operator and any other persons who have access to personal data must not disclose or distribute such data to third parties without the consent of the data subject, except as required by federal law.”.
Final Provisions
This policy is established in accordance with Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”. This Russian law (the Personal Data Law) sets forth the principles and conditions for processing personal data. The English title and reference are typically given as “Federal Law No. 152-FZ of July 27, 2006, On Personal Data” (often cited simply as the “Russian Personal Data Law”).
Types of Personal Data Processing
The policy recognizes the following processing operations: collection, recording, systematization, accumulation, storage, destruction and depersonalization (anonymization) of personal data. It also includes the sending of informational emails to the user’s email address. These activities correspond to the list of processing actions enumerated in Article 2.6 of the Personal Data Law. In English legal usage, these operations are usually rendered as “data collection, recording, organization, accumulation, storage, destruction and depersonalization (anonymization)”, etc., reflecting GDPR-style terminology.
Conditions for Personal Data Processing
- Consent of the Data Subject. Personal data are processed only with the consent of the data subject. In other words, the user must agree to the processing of their own personal data.
- Legal and Contractual Obligations. Processing is necessary to achieve objectives set by an international treaty or law of the Russian Federation, and to carry out the functions, powers and duties imposed on the Operator by Russian law. This covers situations where the law itself requires or permits the processing.
- Justice and Enforcement. Processing is necessary for the administration of justice, or for enforcement of a court decision or other legal act that must be executed under Russian enforcement laws. This reflects processing needed for legal proceedings or enforcement actions (e.g. “the performance of a court’s judgment”).
- Contract Performance. Processing is necessary for performing a contract to which the data subject is a party (or is the beneficiary or guarantor). It also covers entering into a contract at the data subject’s initiative or to which the data subject will be beneficiary or guarantor. In English: processing needed to “execute a contract” involving the data subject.
- Legitimate Interests / Public Interest. Processing is necessary to protect the rights and lawful interests of the Operator or third parties, or to achieve socially important objectives, provided that the rights and freedoms of the data subject are not violated. This corresponds to the “legitimate interests” ground (similar to GDPR), with the proviso that it not infringe on the subject’s rights.
- Public Personal Data. Processing is carried out on personal data that the data subject has made available to an unlimited number of people (so-called “public personal data”). In Russian law, personal data which the subject has consented to make publicly accessible qualify for processing. The English translation typically reads: “personal data to which access is provided by the data subject or at his request to an unlimited number of persons (hereinafter — public personal data)”.
- Mandatory Disclosure. Processing is carried out on personal data that are subject to publication or mandatory disclosure under federal law. In English: “personal data which are subject to publication or mandatory disclosure in accordance with federal law”.
Collection, Storage, Transfer and Other Processing of Data
The policy states that the security of personal data is ensured by implementing legal, organizational and technical measures necessary for full compliance with Russia’s data protection laws. In practice, this means the Operator takes steps to protect data from unauthorized access or misuse.
- Data Integrity and Access: The Operator guarantees the preservation of personal data and takes all possible measures to prevent unauthorized access to them. No personal data will be transferred to third parties under any circumstances, except as required by law or if the data subject has given explicit consent for transfer to a third party to fulfill contractual obligations.
- Updating Data: If inaccuracies in the personal data are discovered, the User may independently update their information by notifying the Operator via email (to russianlodgement@mail.ru with the note “Update of personal data”).
- Retention Period: Personal data are retained only as long as required by the purposes for which they were collected, unless a different period is stipulated by contract or law. The User can withdraw consent to processing at any time by emailing the Operator with the note “Withdrawal of consent to personal data processing”.
- Third-Party Services: All information collected by third-party services (including payment systems, communication providers, and other service providers) is stored and processed by those parties in accordance with their own User Agreements and Privacy Policies. The data subject is therefore subject to those third parties’ terms when using such services. The Operator disclaims responsibility for the actions of such third parties.
- Legal Restrictions: Any prohibitions set by the data subject on transferring (other than granting access) or processing (other than obtaining access) of personal data permitted for distribution do not apply when processing data in the interests of the state, society, or other public interests as defined by Russian law.
- Confidentiality: The Operator ensures the confidentiality of personal data during processing.
- Storage Limitation: The Operator stores personal data in a form identifying the data subject only as long as necessary for the purposes of processing. If no storage period is defined by law or contract, data are kept no longer than required by those purposes.
- Termination of Processing: Personal data processing is terminated when the purposes of processing are achieved, the consent expires or is withdrawn by the subject, or upon a request to cease processing, as well as upon discovery of unlawful processing.
The policy explicitly lists all standard processing operations performed by the Operator on the collected data. In English, these include:
- Collection, recording, organization, accumulation, storage
- Clarification (updating, modification), retrieval, use
- Transfer (dissemination, provision, granting access), depersonalization (anonymization)
- Blocking, deletion and destruction of personal data
Transborder Transfer of Personal Data
Before commencing any cross-border transfer of personal data, the Operator must notify the authorized data protection authority of its intention to make such transfers (this notification is separate from the general data processing notice). Prior to filing this notification, the Operator must obtain relevant information from the foreign authorities or entities (individuals or legal) to which the data will be transferred. This ensures compliance with Russian rules on “transborder transfer of personal data”.
Confidentiality of Personal Data
The Operator and any other persons who gain access to personal data are obliged not to disclose or disseminate personal data to third parties without the subject’s consent, unless federal law provides otherwise. In legal English, this is typically phrased: “The Operator and any other persons who have access to personal data must not disclose or distribute such data to third parties without the consent of the data subject, except as required by federal law.”.
Final Provisions
- The User may obtain any clarifications concerning the processing of their personal data by contacting the Operator via email at russianlodgement@mail.ru.
- Any changes to this policy will be reflected in this document; the policy remains in force indefinitely until replaced by a new version.
- The current version of the policy is freely accessible online at the address: https://russianlodgement.ru/privacy.
- Operator (Оператор): In Russian law, “Operator” refers to the entity that organizes and carries out personal data processing. It effectively corresponds to the GDPR term “data controller”. Russian legislation does not distinguish controller vs. processor in the GDPR sense; all such entities are called operators.
- Data Subject (Субъект персональных данных): The individual to whom the personal data belong, simply rendered as “data subject”.
- Personal Data (Персональные данные): Defined as any information relating directly or indirectly to an identifiable person. Commonly translated as “personal data” or “personal information.”
- Consent (согласие): Always translated as “consent of the data subject.” The law requires it to be “freely given, specific, informed, and unambiguous.”
- Depersonalization (обезличивание): Literally “depersonalization,” meaning that data are rendered so that the data subject cannot be identified without extra information. Under GDPR terminology, this is close to “pseudonymization” or “anonymization.” (The Russian law distinguishes “depersonalization” as a specific term; GDPR uses “pseudonymization” for similar purposes.)
- Public Personal Data (общедоступные персональные данные): Data which the subject has made available to an unlimited public (often called “personal data made available to the public”). Article 6 expressly allows processing of such data.
- Legal Bases Comparison: The listed conditions (consent, legal obligation, contract, legitimate interest, public interest, public data, mandatory disclosure) align broadly with GDPR Article 6 grounds (consent, contract, legal obligation, vital interests, public task, legitimate interest). Russian law adds certain categories (e.g. contract beneficiary/surety, public data) that are specific to its legal framework. Each translated clause above follows official or standard English rendering of the Russian legal text.