1. General Provisions

1.1. This Privacy Policy for the personal data of visitors to the website of the Federal State Budgetary Scientific Institution “Federal Scientific Center “V.S. Pustovoit All-Russian Research Institute of Oil Crops” (FSBSI FSC VNIIMK) in the Information and Telecommunication Network “Internet” (hereinafter referred to as the “Privacy Policy”) is developed in accordance with the provisions of the Constitution of the Russian Federation, the Federal Law of July 27, 2006 No. 149-FZ “On Information, Information Technologies and Information Protection”, the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the “Data Protection Law”) and other legal acts regarding the protection and processing of personal data that are valid on the territory of the Russian Federation.

1.2. The following terms are used in this Privacy Policy:

“website” refers to the https://journal-oil-crops.ru/, located on the domain name https://journal-oil-crops.ru/;

“website administration” refers to the employees authorized to manage the website. They determine the composition of personal data of website users, the purposes of collecting personal data, and how it is processed and stored;

“website user” refers to an individual who uses the website’s services and is the subject of personal data, who voluntarily visited the website and provided consciously, freely, of his own free will and in his own interests the necessary personal data to continue interaction with the Federal State Budgetary Scientific Institution “Federal Scientific Center “V.S. Pustovoit All-Russian Research Institute of Oil Crops”.

– “сookie” refers to a small piece of data sent by a web server and stored on the user’s computer. A web client or browser sends this data to the web server in an HTTP request each time it tries to open a page of the corresponding website;

– “IР address” refers to the unique network address of a node in a computer network based on the IP protocol;

“personal data” refers to any information relating to a directly or indirectly defined or identifiable individual (subject of personal data);

“processing of personal data” refers to any action or set of actions performed with or without automated means on personal data, including collection, recording, systematization, accumulation, storage, clarification (update or change), extraction, use, transfer (distribution, sharing, or access), depersonalization, blocking, deletion, or destruction.

1.3. This Privacy Policy establishes the procedure for obtaining, protecting, storing, processing, and sharing the personal data of users of the FSBSI FSC VNIIMK website (legal address: 17 Filatova street, Krasnodar, Krasnodar Region, 350038, Russia; email: vniimk@vniimk.ru; phone: (861) 255-59-33). The Policy applies to all information that the website administration can obtain about users while they are using the website.

This Privacy Policy does not apply to other websites or third-party websites. The website administration is not responsible for third-party websites that users can access through links available on the website.

1.4. Personal data of website users includes:

  • surname, first name, patronymic;
  • contact telephone number;
  • electronic mail address (e-mail);
  • residence address;
  • registration address.
  • Depending on the software settings, the following data is transmitted automatically:
  • standard data that is automatically received by the server when accessing the website and the subsequent actions of the user, such as the IP address of the host, the operating system used by the user, and the pages visited on the website;
  • information automatically received when accessing the website using bookmarks (cookies);
  • information obtained as a result of the user’s actions on the website;
  • information required to identify the user for access to website services.
  • The website administration can only receive personal data about users from the users themselves.
  • The personal data of website users is confidential and cannot be used by the website administration or any other person for personal purposes.

1.5. The purposes of processing personal data of website users: promotion of goods on the market, maintenance of the official website of FSBSI FSC VNIIMK, improvement of customer service quality.

1.6. The website administration provides users with free access to their personal data, including the right to receive copies of any record containing their personal data, unless otherwise provided by law.

1.7. The website administration develops measures to protect the personal data of the website users.

2. Processing, Storage, and Transfer of Personal Data of Website Users

2.1. Personal data of website users is processed exclusively for the purposes specified in clause 1.5 of this Privacy Policy.

2.2. Personal data processing on the website is carried out with and without the use of automated means.

2.3. The categories of subjects of personal data include: website visitors.

The website administration processes the personal data of this category of subjects in order to promote goods on the market and improve customer service quality:

Category of personal dataList of personal dataMethod of processingTerm of processing and storage
only general personal datasurname, first name, patronymic; contact telephone number; electronic mail address (e-mail); residence address; registration addressautomated, non-automatedduring the period of validity of consent for the processing of personal data or until it is revoked

2.4. Personal data of users is stored on electronic media and processed using automated systems. Non-automated processing of personal data on hard copies is permitted.

Hard copies of personal data of website users are stored in the Department for Commercialization of Research and Development Results.

Organizational and technical measures are observed when storing personal data of website users to ensure their safety and prevent unauthorized access.

Only authorized website administration employees who have signed a non-disclosure agreement can access and process personal data.

The list of employees with access to personal data of website users is approved by an order of FSBSI FSC VNIIMK.

2.5. The website administration may only transfer the personal data of website users to third parties if necessary to prevent a threat to their life or health, or in cases established by law.

2.6. In the course of its activities, FSBSI FSC VNIIMK has the right to carry out cross-border transfers of personal data. When carrying out cross-border transfers of personal data, FSBSI FSC VNIIMK undertakes to comply with the requirements of Article 12 of the Data Protection Law.

2.7. The website administration is obliged to provide user personal data only to authorized persons and only to the extent necessary for them to perform their job duties, in accordance with this Privacy Policy and Russian Federation legislation.

2.8. When transferring the personal data of website users to the third parties, the website administration informs the recipients of this data that it can only be used for the intended purposes, and requires written confirmation from the recipients that they will comply with this condition.

2.9. Consent to the processing of personal data authorized by the website user for distribution is executed separately from the user’s other consents to the processing of their personal data. The website administration provides the user with the opportunity to define a list of personal data for each category of personal data specified in the consent to the processing of personal data authorized for distribution.

2.10. In the consent to the processing of personal data authorized for distribution by the website user, the user has the right to prohibit the website administration from transferring these personal data to the public domain (except for providing access), as well as prohibiting the processing or conditions of processing these personal data in the public domain (except for access).

2.11. The transfer (distribution, sharing, or access) of personal data authorized by the website user must stop at any time upon their request. This personal data may only be processed by the website administration.

2.12. The rights, obligations, and actions of website administration employees whose job duties include processing the personal data of website users are determined by job descriptions.

2.13. All information about the transfer of website users’ personal data is taken into account to ensure the legality of its use by those who received it.

2.14. To improve service quality and ensure legal defense, the website administration may store log files of user actions performed within the framework of website use.

3. Requirements for Premises Where Personal Data is Processed

3.1. The placement of equipment for personal data information systems and special equipment, as well as the security of the premises where personal data is handled, shall ensure the safety of personal data carriers and information protection means. This shall also exclude the possibility of unauthorized persons entering or staying in these premises.

3.2. Premises where technical means of personal data information systems are located or where personal data carriers are stored must comply with fire safety requirements established by current Russian Federation legislation.

3.3. The level of special equipment of the premises shall be determined by a commission established for this purpose. Based on the results of the determination of the class and the inspection of the premises for compliance with that class, acts shall be drawn up.

3.4. In addition to the above measures regarding special equipment and the security of premises where cryptographic information protection means are installed or stored, the additional requirements determined by the Federal Security Service of Russia’s methodological documents are implemented.

4. Rights and Obligations of the Website Administration

4.1. The website administration has the right to establish requirements for the composition of user personal data, which must be provided for website use. The administration is guided by this Privacy Policy, the Constitution of the Russian Federation, and other federal laws.

4.2. The website administration does not verify the accuracy of the personal data provided by users, trusting that they are acting in good faith and keeping their personal data information up to date.

4.3. The website administration is not responsible for website users voluntarily sharing their contact information, password, or login with third parties.

4.4. The website administration does not have the right to receive or process website users’ personal data regarding their political, religious, or other beliefs or private life.

4.5. The website administration provides protection of website users’ personal data from misuse or loss at owner’s expense, in accordance with the procedure established by Russian Federation legislation.

4.6. The website administration shall take the necessary and sufficient measures to fulfill the obligations stipulated by the Data Protection Law and its subordinate legislation. The website administration independently determines the necessary and sufficient measures to fulfill these obligations. Such measures include, in particular:

– appointment of a person responsible for organizing personal data processing;

– issuance of documents defining website policy regarding personal data processing and local acts on personal data processing issuesб defining the categories and lists of processed personal data for each purpose of processing, the categories of subjects whose personal data are processed, the methods and terms of processing and storage, and the procedure for destroying personal data once the processing purposes have been achieved or other lawful grounds have occurred, as well as local acts establishing procedures aimed at preventing and detecting violations of Russian Federation legislation and eliminating the consequences of such violations. These documents and local acts may not include provisions that restrict the rights of website users or impose powers and duties on the website administration that are not provided for by Russian Federation legislation;

– application of legal, organizational, and technical measures to ensure the security of personal data;

– internal control and/or audit of the compliance of personal data processing with the Data Protection Law, its subordinate legislation, requirements for personal data protection, the website’s personal data processing policy, and local website acts;

– assessment of potential harm to website users in the event of a Data Protection Law violation and the correlation between said harm and the measures taken by the website administration to fulfill obligations under the Data Protection Law;

– introduction of website employees directly involved in processing personal data to Russian Federation legislation on personal data, including requirements for protecting personal data. This includes documents defining the website’s policy regarding processing personal data, local acts on processing personal data, and/or training these employees.

5. Rights of Website Users to protect Their Personal Data

5.1. To ensure the protection of their personal data stored on the website, users have the right to:

– receive full information about their personal data, its processing, storage, and transfer;

– choose representatives to protect their personal data;

– require the exclusion or correction of any incorrect or incomplete personal data, as well as any data processed in violation of this Privacy Policy and Russian Federation legislation;

– demand that the website administration notifies all persons to whom incorrect or incomplete personal data of website users was previously reported of all exceptions, corrections, or additions made.

If the website administration refuses to exclude or correct the personal data of website users, the users have the right to inform the administration in writing of their disagreement, providing relevant justification.

5.2. Website users have the right to independently limit the data collection by third parties using the standard privacy settings of their internet browser. They also have the right to change, delete, or supplement the personal data they have submitted at any time.

5.3. If website users believe that the processing of their personal data violates the Data Protection Law or their rights and freedoms, they may appeal the actions or inaction of the website administration to the authorized body that protects the rights of data subjects or in court.

5.4. Website users have the right to edit the personal data they provided during registration or authorization at any time by contacting FSBSI FSC VNIIMK.

5.5. Website users may not waive their right to preserve and protect secrecy.

5.6. Within the framework of exercising the right to withdraw his/her consent to the processing of personal data, the website user has the right to apply to the address (legal, electronic) of FSBSI FSC VNIIMK with a statement to withdraw the previously given consent to the processing of personal data. Also, the website user has the right to appeal to FSBSI FSC VNIIMK with a request to stop processing of personal data. FSBSI FSC VNIIMK reserves the right to continue processing of personal data without the consent of the website user, if such processing will be carried out in the presence of the grounds specified in paragraphs 2-11 of Part 1 of Article 6, paragraphs 2-10 of Part 2 of Article 10 and Part 2 of Article 11 of the Data Protection Law.

6. Procedure for the Destruction or Blocking of Personal Data

6.1. In case of the detection of the unlawful processing of personal data, at the request of a website user, the website administration will block the unlawfully processed personal data related to that user from the moment the request is made, for the period of verification.

6.2. In case of the detection of inaccurate personal data, the website administration will block the personal data related to the user upon request, for the period of verification, unless doing so violates the rights and legitimate interests of the user or third parties.

6.3. If the inaccuracy of personal data is confirmed, the website administration clarifies the personal data within seven working days from the date of submission of the necessary documents or information submitted by the website user and removes the blocking of personal data.

6.4. In case of detection of unlawful processing of personal data carried out by the website administration, the website administration shall stop such processing within three working days from the date of detection.

6.5. If it is impossible to ensure the legality of personal data processing, the website administration shall destroy such personal data within ten working days of the detection of unlawful processing.

6.6. The website administration shall notify the user about the elimination of violations or destruction of personal data.

6.7. In case the fact of unlawful or accidental transfer (distribution, sharing, or access) of personal data resulting in violation of the rights of the website user is established, the website administration shall notify the authorized body for the protection of the rights of personal data subjects from the moment of detection of such incident by the website administration, the authorized body for the protection of the rights of personal data subjects or other interested person:

– within twenty-four hours of the incident, the website administration will provide information about the incident and the alleged causes that led to the violation of the website user’s rights, alleged harm caused to the user’s right, as well as information about the measures taken to eliminate the consequences of the incident and about the person authorized by the website administration to interact with the authorized body for the protection of the rights of personal data subjects on issues related to the incident;

– within seventy-two hours, the website administration will provide the results of the internal investigation of the incident, as well as information on the persons whose actions caused the incident (if there are any).

6.8. Once the purpose of processing personal data is achieved, the website administration will stop processing and destroy personal data within thirty days.

6.9. If a website user withdraws consent to the processing of their personal data, the website administration stops processing it. If storing the personal data is no longer required for processing purposes, the website administration destroys the data within thirty days of receiving the withdrawal.

6.10. If a website user requests that the website administration stop processing personal data, the website administration will stop processing within ten working days of receiving the request, unless otherwise provided by the Data Protection Law.

The specified term may be extended by no more than five working days if the website administration sends a justified notice to the website user indicating the reasons for the extension.

6.11. If it is not possible to destroy personal data within the period specified in paragraphs 6.4-6.10 of this Privacy Policy, the website administration shall block the data and ensure its destruction within six months, unless a different timeframe is specified by federal law.

6.12. After the normative storage period for documents containing the personal data of website users expires, or upon the occurrence of other legal grounds, the documents are subject to destruction.

6.13. To this end, the website administration shall establish an expert commission and conduct an expert examination of the documents’ value.

6.14. Based on the results of the expert examination, documents containing the personal data of website users and are subject to destruction:

– on paper – shall be destroyed by shredding in a shredder.

– in electronic form – shall be erased from information carriers or the carriers shall be physically destroyed.

7. Liability for Violation of the Rules Governing the Processing and Protection of Personal Data of Website Users

7.1. Those who violate the rules governing the collection, processing, and protection of personal data of website users shall be held liable under disciplinary, material, civil, administrative, and criminal law, in accordance with the procedure established by current Russian Federation legislation.

7.2. Moral damages caused to a website user as a result of a violation of their rights, of the rules for processing personal data established by the Data Protection Law, as well as the requirements for protecting personal data established in accordance with the aforementioned federal law, shall be compensated in accordance with Russian Federation legislation. Compensation for moral damages is independent of compensation for property damages and losses incurred by the website user.

8. Changes to the Privacy Policy

8.1. The website administration may change or terminate this privacy policy unilaterally without prior notice to the website user. The new version of the Privacy Policy takes effect when posted on the website, unless the new version of the Privacy Policy states otherwise.]

8.2. The current version of the Privacy Policy is available on the website at the following addresses: https://journal-oil-crops.ru/politika-konfidencialnosti/.