social-icon
Ещё какое-то описание
social-icon
Продукт компании Meta*, которая признана экстремистской организацией в России
Ру
  • About
  • Projects
    decade1 Commercial Architecture name
  • Contacts
social-icon
Ещё какое-то описание
social-icon
Продукт компании Meta*, которая признана экстремистской организацией в России
social-icon social-icon

Personal Data Processing Policy

I. General Provisions

1. This Policy developed in accordance with the Federal Law "On Personal Data" and determines the purposes, basic principles, rules and legal grounds for processing personal data, as well as defines the main measures to ensure its security.

2. This Policy has been developed for implementation in the limited liability company Birch Studio (PSRN: 1237700887379, address: 119517, Moscow, intracity territory of the federal city, municipal district Ochakovo-Matveevskoye, Aminyevskoye sh., 6) of the requirements of the legislation of the Russian Federation in the field of personal data, as well as to ensure the protection of human rights of individuals during the processing of their personal data.

3. The provisions of this Policy provide the basis for developing and updating administrative, organizational and legal documents of Birch Studio LLC (hereinafter referred to as the Operator) regulating the processing of personal data of various categories of personal data subjects, as well as the procedure for implementing measures to protect the processed personal data.

4. The provisions of this Policy are mandatory for the Operator's employees who have access to personal data.

5. The list of purposes of personal data processing by the Operator, the scope of personal data and its categories, as well as the categories of personal data subjects, is presented in the Appendix.

II. Basic Concepts

6. The following concepts are used in this Policy:

  1. automated processing of personal data – processing of personal data using computer technology;
  2. security of personal data – a state of personal data security characterized by the ability of users, technical means and information technologies to ensure the confidentiality, integrity and availability of personal data during its processing in information systems;
  3. biometric personal data – information characterizing the physiological and biological characteristics of a personal data subject, on the basis of which it is possible to identify him/her and which are used by the operator to identify of the personal data subject;
  4. information system – a set of information contained in databases, as well as information technologies and technical means that process it.
  5. counterparty – a Russian or foreign legal or natural person with whom the Operator has a contractual relationship or plans to enter into a contractual relationship excluding an employment relationship;
  6. confidentiality of personal data – a mandatory requirement not to disclose to third parties or distribute personal data without the consent of the personal data subject, unless otherwise provided for by the legislation of the Russian Federation;
  7. tangible media – a paper or machine-readable media intended for recording, transferring and storing personal data;
  8. non-automated processing of personal data – personal data processing carried out with the employee’s direct participation without the use of computer technology;
  9. processing of personal data – any action (operation) or a set of actions (operations) with personal data performed with or without the use of automation tools. Processing of personal data including: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion (including erasure), destruction.
  10. operator – Birch Studio LLC (PSRN: 1237700887379, address: 119517, Moscow, intracity territory of the federal city, municipal district Ochakovo-Matveevskoye, Aminyevskoye sh., 6), independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of personal data processing, the scope of personal data to be processed and the actions (operations) performed with personal data;
  11. personal data – any information relating directly or indirectly to an identified or identifiable natural person (personal data subject);
  12. personal data authorized by the personal data subject for dissemination – the personal data, the access to which is granted to an unlimited number of persons by the personal data subject by giving consent to the processing of personal data permitted by the personal data subject to be distributed in accordance with the procedure provided for by the Federal Law "On Personal Data";
  13. providing personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons;
  14. distribution of personal data – actions aimed at disclosing personal data to an indefinite number of persons;
  15. special categories of personal data – categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life and criminal record;
  16. personal data subjects – users and visitors of the website, service users, contractors, Operator's employees, their close relatives, dismissed Operator's employees, candidates for employment (applicants), and their representatives, as well as other persons whose personal data became known to the Operator in the course of its activities;
  17. cross–border transfer of personal data – transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;
  18. destruction of personal data – actions as a result of which personal data is destroyed irretrievably with the impossibility of further restoration of the personal data content in the personal data information system and (or) material carriers of personal data are destroyed.

III. Principles and Rules of Personal Data Processing

7. The processing of personal data is carried out by the Operator in compliance with the following principles and rules:

  1. the processing is carried out on a lawful and equitable basis;
  2. the processing is limited to achievement of the specific, predetermined and lawful purposes;
  3. personal data that meets the purposes of processing is subject to processing, provided that its volume and content must correspond to the stated purposes of processing;
  4. it is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
  5. during processing personal data, its accuracy and sufficiency are ensured and, if necessary, relevance to the purposes of processing, with measures taken to delete or clarify incomplete or inaccurate data or to ensure that measures are taken.
  6. personal data is stored in a form allows to identify the personal data subject no longer than required by purposes of personal data processing, unless the period of personal data storage is established by the Federal Law, the contract to which the personal data subject is a party, beneficiary or guarantor;
  7. processed personal data is destroyed or depersonalized when the processing purposes are achieved or in case there is no more need to achieve these purposes, unless otherwise provided for by the legislation of the Russian Federation;
  8. The Operator ensures confidentiality and security of personal data processing.

IV. Legal Grounds for Personal Data Processing

9. The legal grounds for the personal data processing based on which personal data may be processed by the Operator, are:

  1. consent of the personal data subject to the processing of personal data in accordance with the legislation of the Russian Federation for the relevant category of personal data;
  2. achievement of the purposes stipulated by an international agreement of the Russian Federation or a law, implementation and fulfillment the functions, powers and duties assigned to the Operator by the legislation of the Russian Federation and the Operator's Organization Charter;
  3. judicial acts, acts of another body or official, which must be executed by the Operator in accordance with the provisions of the legislation of the Russian Federation on enforcement proceedings;
  4. a contract to which the personal data subject is a party, beneficiary or guarantor, or a contract entered into at the initiative of the personal data subject, or a contract under which the personal data subject will be a beneficiary or guarantor;
  5. ensuring and (or) protecting the life, health or other vital interests of the personal data subject if it is impossible to obtain the consent of the personal data subject;
  6. exercising the rights and legitimate interests of the Operator or third parties, or to achieve socially significant purposes, provided that the rights and freedoms of the personal data subject are not violated;
  7. other grounds established by the current legislation of the Russian Federation.

V. Organization of Personal Data Processing

10. In order to organize the effective processing and security of personal data, a person responsible for organizing the processing of personal data by the Operator has been appointed, who, in accordance with established powers, ensures:

  1. implementation of internal control over compliance with the requirements of the legislation of the Russian Federation and regulatory documents of the Operator in the field of personal data including requirements for protection of personal data by the Operator;
  2. bringing to the attention of the Operator's employees the provisions of the legislation of the Russian Federation, the Operator's regulatory documents on personal data processing, as well as personal data protection requirements;
  3. control over the processing of requests from personal data subjects or their representatives regarding the violations of legislation in the field of personal data committed by the Operator's employees.

11. The Operator's employees authorized to process personal data in accordance with the procedure established by the Operator are allowed to process personal data.

These persons have the right to process only those personal data which they need to perform their official duties.

12. Processing of personal data by the Operator is carried out with and (or) without the use of automation tools.

13. The Operator does not process special categories of personal data, as well as biometric personal data.

14. In order to implement the rights of personal data subjects, the Operator during personal data processing:

  1. takes legal, organizational and technical measures to protect personal data of personal data subjects from accidental or unauthorized access, destruction, change, blocking, copying, provision, distribution or any other illegal actions;
  2. explains to the subjects of personal data the legal consequences of refusal to provide their personal data and (or) consent to the processing, if the provision of personal data is mandatory in accordance with the legislation of the Russian Federation;
  3. blocks, clarifies and destroys unlawfully processed personal data, as well as terminates the unlawful processing;
  4. notifies the personal data subject of remedying committed violations or destruction of his/her personal data;
  5. at the request of the personal data subject or his/her representative, provides information related to the processing of his/her personal data in accordance with the procedure established by the legislation of the Russian Federation, as well as regulatory documents of the Operator;
  6. implements internal control and (or) audit of compliance of personal data processing with the legislation of the Russian Federation and regulatory documents of the Operator;
  7. makes an assessment the damage that may be caused to the personal data subjects in the event of a violation of the Russian Federation laws on personal data, the correlation between such damage and the measures taken by the Operator to ensure the fulfillment of obligations provided for by the legislation of the Russian Federation in the field of personal data.

15. The processing of personal data authorized by the personal data subject for distribution is carried out in compliance with the prohibitions and conditions provided for by Article 10.1 of the Federal Law "On Personal Data".

Consent to the processing of personal data authorized by the personal data subject for distribution is executed separately from any other consents of the personal data subject.

16. The transfer of personal data to third parties is carried out with the written consent of personal data subjects, except in cases when it is necessary to prevent threats to the life and health of personal data subjects, as well as in other cases provided for by the legislation of the Russian Federation.

17. The transfer of personal data to state authorities is allowed in the absence of the consent of the personal data subject to the processing of his/her personal data in accordance with the procedure and in cases provided for by the legislation of the Russian Federation.

18. The Operator does not carry out cross–border transfer of personal data.

19. The Operator has the right to entrust the processing of personal data to another person with the consent of the personal data subject on the basis of a contract concluded with this person, unless otherwise provided for by the legislation of the Russian Federation.

20. During collecting personal data, including using the information and telecommunications network “Internet”, the Operator ensures the recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data of the Russian Federation citizens using databases located in the territory of the Russian Federation, except in cases provided for by the legislation of the Russian Federation.

21. The security of personal data, including during its processing in information systems, is carried out in accordance with the legislation of the Russian Federation and the requirements of the body authorized for the protection of the rights of personal data subjects, the federal executive governmental body authorized in the field of security, and the federal executive governmental body authorized in the field of technical intelligence countermeasures and technical protection of information.

22. The terms of processing and storage of personal data for each purpose of processing personal data by the Operator provided for in Appendix № 1 to this Policy and are determined in compliance with the requirements of the legislation of the Russian Federation and (or) the provisions of the contract according to which the personal data subject is a party, beneficiary or guarantor and (or) the consent of the personal data subject to the processing of his/her personal data.

23. The procedure and methods of personal data destruction by the Operator are determined in accordance with the legislation of the Russian Federation and regulatory documents of the Operator.

Personal data must be destroyed in the following cases:

  1. upon achievement of the processing purposes or in case there is no more need to achieve the purposes of personal data processing;
  2. in case the personal data subject withdraws his/her consent to the processing of his/her personal data, except for the cases provided for by the legislation of the Russian Federation;
  3. when the personal data subject or his/her representative provides information confirming that:
    • the personal data is incomplete, outdated, inaccurate (provided that clarification of personal data is not possible);
    • b) the personal data was obtained illegally;
    • the personal data is not necessary for the stated purpose of processing;
  4. in case unlawful processing of personal data is detected (if it is impossible to ensure lawfulness of personal data processing);
  5. if the personal data subject requests the termination of personal data processing, except for the cases provided for by the legislation of the Russian Federation.

VI. Rights of Personal Data Subject

24. Personal data subjects have the right to:

  1. receive complete information about their personal data processed by the Operator upon request;
  2. review their personal data upon request to the Operator;
  3. clarify their personal data, block or destroy if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
  4. terminate the processing of their personal data;
  5. provide their personal data and consent to its processing freely, voluntarily and in their own interest;
  6. withdraw consent to the processing of their personal data;
  7. appeal against the actions (inaction) of The Operator during the processing of their personal data in accordance with the legislation of the Russian Federation;
  8. exercise any other rights provided for by the legislation of the Russian Federation.

25. Requests from personal data subjects should be sent by mail to the Company's address: 119517, Moscow, intracity territory of the federal city, municipal district Ochakovo-Matveevskoye, Aminyevskoye sh., 6 or e-mail address: info@birch7.com.

VII. Final Provisions

26. Responsibility for violation of the requirements of the legislation of the Russian Federation and regulatory documents of the Operator in the field of personal data is determined in accordance with the legislation of the Russian Federation.

27. The Policy is a publicly available document and is subject to publication on the official website of the Operator in the information and telecommunications network "Internet" at the Internet address: www.birch7.ru.

© 2026 BIRCH STUDIO
social-icon
Ещё какое-то описание
social-icon
Продукт компании Meta*, которая признана экстремистской организацией в России
social-icon social-icon