PERSONAL DATA POLICY

1. General
   1. This Personal Data Policy (“Policy”) has been developed in accordance with applicable requirements of the RF Constitution, Federal Law on Personal Data of July 27, 2006, No. 152-FZ, and other Russian regulations pertaining to personal data protection.
   2. This Policy defines the principles, purposes, procedures and terms relating to processing of personal data of users of the Andrey Gorodissky & Partners (“AGP”) website, as well as personal data security, confidentiality and protection measures.
   3. The terms used herein have the same meanings as defined in the Federal Law on Personal Data of July 27, 2006, No. 152-FZ.
   4. This Policy is provided on the AGP website (“Website”) at www.agp.ru/en/  for unlimited public access and review.
      
      
2. Principles and Terms of Personal Data Processing
   1. AGP follows the following principles when processing personal data:
      • Legality and equitable basis;
      • Processing is limited to attainment of particular, predetermined legal purposes;
      • No personal data are processed for any purpose inconsistent with the purpose of collection of such data;
      • No integration of databases containing personal data that are processed for purposes inconsistent with each other;
      • Processed are only personal data that are consistent with the purpose of processing thereof;
      • Content and scope of processed personal data match the specified purpose of processing;
      • No processing of personal data that are over and above the specified purpose of processing;
      • Ensuring that processed personal data are accurate, sufficient and up-to-date for the purpose of processing thereof;
      • Personal data are stored in a personally identifiable format only as long as it is required for the purpose of processing, unless a longer period is required by a federal law or an agreement under which the personal data subject is a party or beneficiary or surety;
      • Personal data are deleted or anonymized upon attainment of the purpose of processing thereof or when attainment of such purpose is no longer needed, unless otherwise provided for by federal law.
   2. AGP processes personal data if at least one of the following conditions is met:
      • The subject of personal data has given his/her consent for processing;
      • Processing of personal data is required for fulfillment of an agreement under which the personal data subject is a party or beneficiary or surety, or for making an agreement initiated by the personal data subject or an agreement under which the personal data subject will be a party or beneficiary or surety;
      • Processing of personal data is required for exercise of AGP’s rights and legal interests or for attainment of public purposes, provided that such processing does not violate rights and freedoms of the personal data subject;
      • Personal data are processed for statistic or other research-related purposes provided that such personal data are anonymized;
      • Other conditions set by applicable Russian laws.
        
        
3. Purposes of Personal data Processing
   1. AGP processes personal data exclusively for the purposes for which they are provided by the Website users, inter alia for:
      • Sending AGP’s news and analytical materials, informational, referential or marketing mailouts or alerts on AGP events to the email addresses provided by the Website users;
      • Enabling a Website user to receive an answer from AGP, where the user contacts AGP by sending an email to any of the email addresses indicated on the Website;
      • Enabling a Website user seeking for a vacancy at AGP to be invited for interviews, or for any other purpose which is not inconsistent with applicable Russian law.
   2. By providing his/her personal data, a Website user acknowledges his/her consent for processing of such data for purposes for which they are provided.
      
      
4. Personal Data Content
   1. AGP only processes the Website users’ data provided by the users on their own accord.
   2. Content of personal data processed by AGP depends on which personal data are provided by the Website users. Personal data provided by the Website users, that can be processed by AGP, may include surname, first name, patronymic, email address, telephone number, place of job, job position, education, age, and other personal data received on an AGP’s corporate email address indicated on the Website.
   3. The Website users give their consent for processing of such data by clicking “send” when sending a relevant email containing their personal data. By providing their personal data, the Website users acknowledge their consent for processing.
   4. Whn using the Website, AGP may automatically collect from time to time certain anonymized technical information about the Website visits and usage, including time and date and duration of visits, number of visited Website pages, click-throughs, browser type, etc. These metrics are used for purely statistical purposes, in particular for improvement of the Website performance and analysis of AGP marketing efforts. Such data are anonymized and cannot be used to personally identify the Website users.
      
      
5. Website User’s Rights
   1. Website user has the right to request and receive from AGP information with respect to processing of his/her personal data, to the extent that such right is not limited by applicable law.
   2. Website user may request that AGP to update or block or delete his/her personal data if they are incomplete, outdated, inaccurate or illegally obtained or not required for the specified purpose of processing, and may use remedies afforded by law to protect his/her rights.
   3. Website user may use applicable procedures to appeal against unlawful action or inaction during processing of his/her personal data.
   4. Website user may revoke his/her consent for processing of personal data by giving a written notice to Znamenka str. 19, bldg. 3, 3^rd floor, Moscow 119019, Russia, or office@agp.ru.
      
      
6. AGP Rights and Obligations
   1. In the course of processing of personal data of the Website users, AGP may collect, record, systemize, accumulate, store, amend (update or change), retrieve, use, transfer (distribute, make available or provide access to), anonymize, block, delete or destroy the Website users’ personal data.
   2. Personal data may not be disclosed to any third parties other than AGP’s successors in the event of its reorganization or persons authorized by it to process personal data or authorized government agencies or persons whom AGP is required to disclose personal data to meet Russian laws or to persons whom AGP transfers personal data for the purpose of fulfillment of an agreement made with the Website user or to other persons with the Website user’s consent.
   3. In case the Website users participate in any AGP arranged event, AGP may disclose relevant personal data of the Website users to persons involved in arrangement of such event.
   4. AGP undertakes to give persons receiving the Website users’ personal data a prior notice that such data may only be used for the purposes for which they have been provided, and request that such persons certify the fulfillment of such requirement.
   5. AGP undertakes to not disclose the Website users’ personal data for any commercial purpose without their consent. The Website users’ personal data may not be processed for promotion of any products, work or services through direct telecommunications contact with potential consumers otherwise than with the Website users’ prior consent.
   6. AGP undertakes to ensure security of processed personal data and take legal, organizational and technical measures required for protection of the Website users’ personal data.
      
      
7. Personal Data Security
   1. The following measures are taken to prevent unauthorized access to, deletion, change, blocking, copying, disclosure or distribution of or other unlawful activities with regard to the Website users’ personal data:
      • Appointment of persons responsible for organizational arrangements concerning processing of personal data;
      • Implementation of legal, organizational and technical measures for security of personal data;
      • Use of secured premises and locked filing cabinets;
      • Use of antivirus software;
      • Employees directly involved in processing of the Website users’ personal data are aware of this Policy and the personal data provisions of Russian laws;
      • Monitoring the administration of the personal data protection measures.
        
        
8. Miscellaneous
   1. The Website users’ personal data are processed as long as required for the purpose for which they have been provided, unless a longer period is required by Russian laws.
   2. AGP collects, records, systemizes, accumulates, stores, amends (updates or changes) or retrieves personal data of the Website users being Russian citizens, using databases located in the territory of the Russian Federation.
   3. AGP does not control and is not responsible for any third party’s websites which may be accessed by the Website users via links appearing on the Website.
   4. Any other rights and obligations of the Website user and AGP shall be in accordance with personal data laws of the Russian Federation.
   5. Any issues of processing of the Website users’ personal data that are not expressly covered by this Policy shall be subject to the personal data provisions of the Russian laws.
   6. This Policy may be revised at any time by AGP on its discretion.