Privacy policy

PRIVACY POLICY for the processing of personal data on the internet of SOLUTION Law Firm

Please read this Policy carefully. It describes the TERMS AND CONDITIONS OF PROCESSING YOUR PERSONAL DATA on the websites www.reshili.ru, www.ipattorney.ru and www.ipattorney.com.ru.

1. General Provisions

1.1 This Privacy Policy for the processing of personal data on the internet has been prepared in accordance with paragraph 2, part 1, article 18.1 of the Federal Law of the Russian Federation “On Personal Data” No. 152‑FZ of July 27, 2006 and defines the position of SOLUTION Law Firm regarding the processing and protection of personal data, respect for the rights and freedoms of each personal data subject, and in particular the right to privacy, personal and family secrets, in the context of the operation of the internet websites www.reshili.ru, www.ipattorney.ru and www.ipattorney.com.ru, as well as in cases where personal data subjects contact the email addresses, telephone numbers or by means of feedback forms indicated on the websites regarding the provision of services or the activities of SOLUTION Law Firm.

1.2 SOLUTION Law Firm, established under the laws of the Russian Federation and registered at the legal address: Moscow, Shosse Entuziastov, 3k2, office 31, is the operator of personal data.

1.3 The Policy of SOLUTION Law Firm regarding the processing of personal data is that personal data shall be processed only in the cases and in the manner established by applicable law on a lawful and fair basis. Observance and protection of the rights and legitimate interests of personal data subjects is the main priority for SOLUTION Law Firm.

1.4 For the purposes of this Privacy Policy regarding the processing of personal data on the internet, the following terms are used, which may be written with capital or small letters:

“Updating of personal data” – actions to clarify, update and modify personal data aimed at ensuring the relevance of personal data in relation to the purposes of their processing.

“Blocking of personal data” – temporary suspension of processing of personal data (except where processing is necessary to clarify personal data).

“Data” – personal data processed by the Company under this Policy.

“Web analytics data” – information about previously visited websites by Users, versions and types of browsers, operating systems and devices of Users, language settings, time zone, display and other device settings, supported Flash plugin version, presence and support of JavaScript, content of cookies, geographic regions from which Users access the Websites, inferred interests of Users, page views, time spent on the Websites, file downloads and other similar data collected using Web Analytics Services.

“Law” – Federal Law No. 152‑FZ of July 27, 2006 “On Personal Data”.

“Personal data information system”, “PDIS” – a set of personal data contained in databases and information technologies and technical means ensuring their processing.

“Company” – SOLUTION Law Firm, being the operator of Data.

“Confidentiality of personal data” – a mandatory requirement for a person who has gained access to personal data not to disclose such information to third parties without the consent of its owner.

“Processing of personal data” – any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), extraction, use, dissemination, transfer (provision, access), blocking, deletion, destruction of personal data.

“Operator” – a state body, municipal body, legal entity or individual, independently or jointly with other persons organising and/or carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, the actions (operations) performed with personal data.

“Personal data” – any information relating directly or indirectly to an identified or identifiable individual (personal data subject).

“Users” – all personal data subjects whose Data is subject to collection or other processing using the Websites.

“Policy” – this Privacy Policy regarding the processing of personal data on the internet.

“Provision of personal data” – actions aimed at disclosing personal data to a specific person or a specific group of persons.

“Employees” – individuals with whom the SOLUTION Law Firm has an employment relationship.

“Roskomnadzor” – the authorised body for the protection of the rights of personal data subjects.

“Website” – any of the Websites or one of the Websites (depending on context).

“Websites” – internet websites owned by the Company, accessible under the domain names www.reshili.ru, www.ipattorney.ru and www.ipattorney.com.ru, www.advokat-reshenie.rf, as well as all their subsections and subdomains.

“Web Analytics Services” – web analytics tools, online ratings and other similar instruments that provide assessment of Website traffic, popularity of the Website as a whole and its individual sections with the target audience, study of demand for services offered on the Website, and similar tasks.

“Collection of personal data” – a targeted process of obtaining personal data from the personal data subject.

“Applicants” – individuals offering their candidacy for vacant positions in the Company.

“Personal data subject” – an individual to whom the personal data relates.

“Cross‑border transfer of personal data” – transfer of personal data to the territory of a foreign state to a foreign operator.

“Destruction of personal data” – actions as a result of which it becomes impossible to restore the content of personal data in the PDIS and/or as a result of which the physical media of personal data are destroyed.

“Event participants” – individuals intending to participate and/or participating in business events (conferences, seminars, receptions, etc.).

“Storage of personal data” – a process involving the retention of personal data in a systematic form at the disposal of the Company.

1.5 Personal data subjects have the following basic rights:

(a) the right to receive information concerning the processing of his/her Data;

(b) the right to request the rectification of his/her Data, their blocking or destruction if they are incomplete, outdated, inaccurate, unlawfully obtained or are not necessary for the stated purpose of processing;

(d) the right to protect rights and legitimate interests, including compensation for losses and/or compensation for moral damage in court or according to another procedure provided for by applicable law;

(e) the right to demand the termination of processing of personal data in cases established by law;

(f) other rights established by applicable law.

1.6 The Company, as the operator of Data, has the right to process Data only in cases, to achieve the purposes and subject to other conditions established by the Law.

1.7 The Company has the following main obligations:

(a) when collecting Data, the Company is obliged to provide, at the request of the personal data subject, the information provided for in part 7 of article 14 of the Law;

(b) if the provision of Data is mandatory in accordance with the law, the Company is obliged to explain to the personal data subject the legal consequences of refusing to provide his/her Data;

(c) the Company is obliged to take measures necessary and sufficient to ensure the fulfilment of the duties provided for by the Law and regulatory legal acts adopted in accordance with it;

(d) the Company is obliged to publish this Policy, information on the implemented requirements for the protection of personal data on the pages of the Websites used to collect personal data, and also to ensure access to this document;

(e) when processing personal data, the Company is obliged to take necessary legal, organisational and technical measures or ensure their adoption to protect Data from unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination of Data, as well as from other unlawful actions in relation to Data;

(f) the Company is obliged to notify Roskomnadzor in the event of an established fact of unlawful or accidental transfer (provision, dissemination, access) of personal data that resulted in a violation of the rights of personal data subjects, in the manner established by the Law and local regulations of the Company;

(g) the Company is obliged to respond to requests from personal data subjects and requests from Roskomnadzor and provide them with information concerning the processing of Data in the manner established by the Law;

(h) the Company is obliged to eliminate violations of the law committed during the processing of Data, to clarify, block and destroy Data (or ensure that these actions are performed by a person acting on behalf of the Company);

(i) the Company is obliged, before starting the processing of personal data, to notify Roskomnadzor of its intention to process personal data, except for cases established by law;

(j) the Company is obliged to appoint a Person responsible for organising the processing of personal data;

(k) the Company bears other obligations provided for by law in connection with the processing of Data.

2. Purposes of Data Collection

2.1 The processing of Data must be limited to the achievement of specific, predetermined and lawful purposes. Processing of Data incompatible with the purposes of collecting personal data is not allowed.

2.2 The Company processes Data to achieve the purposes specified in paragraph 4.3 of this Policy.

3. Legal Grounds for Processing Data

3.1 The legal ground for the processing of personal data is the set of legal acts pursuant to and in accordance with which the operator processes personal data.

3.2 The legal grounds for processing Data are specified in paragraph 4.3 of this Policy.

4. Scope and Categories of Processed Data, Categories of Data Subjects

4.1 The content and scope of processed Data must correspond to the stated purposes of processing. Processed Data must not be excessive in relation to the stated purposes of their processing.

4.2 The Company does not process, using the Websites, special categories of personal data (e.g., information about racial or ethnic origin, political opinions, religious or philosophical beliefs, health condition).

4.3 The following are the main categories and scope of processed Data in relation to the purposes of processing.

Category of subjects: Users (all personal data subjects whose Data is subject to collection or other processing using the Websites)

Categories and list of Data: surname, first name; name of organisation; contact details (telephone, email); content of the request.
Purposes of processing: providing feedback.
Methods of processing: using automation means.
Processing and storage periods: until the end of business correspondence (no longer than 90 days from the date of receipt of the last message from the user).
Destruction procedure: deletion of data from the PDIS.
Legal grounds for processing: consent of the personal data subject (clause 1, part 1, article 6 of the Law); performance of a contract (User Agreement) to which the User is a party (clause 5, part 1, article 6 of the Law).
Categories and list of Data: email address; mailing preferences; subscription password.
Purposes of processing: sending newsletters.
Methods of processing: using automation means.
Processing and storage periods: until withdrawal of consent to the processing of personal data (by unsubscribing from the newsletter).
Destruction procedure: deletion of data from the PDIS.
Legal grounds for processing: consent of the personal data subject (clause 1, part 1, article 6 of the Law); performance of a contract (User Agreement) to which the User is a party (clause 5, part 1, article 6 of the Law).
Categories and list of Data: information contained in cookies; web analytics data.
Purposes of processing: ensuring the functioning of the websites.
Methods of processing: using automation means.
Processing and storage periods: until the personal data subject withdraws consent to the processing of his/her personal data.
Destruction procedure: deletion of data from the PDIS.
Legal grounds for processing: consent of the personal data subject (clause 1, part 1, article 6 of the Law); performance of a contract (User Agreement) to which the User is a party (clause 5, part 1, article 6 of the Law).
Categories and list of Data: web analytics data.
Purposes of processing: marketing.
Methods of processing: using automation means.
Processing and storage periods: until the personal data subject withdraws consent to the processing of his/her personal data.
Destruction procedure: deletion of data from the PDIS.
Legal grounds for processing: consent of the personal data subject (clause 1, part 1, article 6 of the Law); performance of a contract (User Agreement) to which the User is a party (clause 5, part 1, article 6 of the Law).

Category of subjects: Event participants (individuals intending to participate and/or participating in business events – conferences, seminars, receptions, etc.)

Categories and list of Data: surname, first name, patronymic; position; employing organisation; contact details; date and time of visit; name of event; consumer preferences.
Purposes of processing: holding business events.
Methods of processing: using automation means and without using automation means.
Processing and storage periods: until the end of the event or until the expiration of the limitation period (3 years) from the date of termination of the agreement for participation in the event (if concluded).
Destruction procedure: deletion of data from the PDIS; destruction of paper documents.
Legal grounds for processing: consent of the personal data subject (clause 1, part 1, article 6 of the Law); performance of a contract for which the personal data subject is a beneficiary (clause 5, part 1, article 6 of the Law).

Category of subjects: Applicants (individuals offering their candidacy for vacant positions in the Company)

Categories and list of Data: surname, first name, patronymic; city; contact details (telephone, email); content of the CV and attached documents; content of the covering message.
Purposes of processing: consideration of candidates for vacant positions.
Methods of processing: using automation means and without using automation means.
Processing and storage periods: until a decision is made to hire or reject the application (but in any case no longer than 90 days).
Destruction procedure: deletion of data from the PDIS; destruction of paper documents.
Legal grounds for processing: consent of the personal data subject (clause 1, part 1, article 6 of the Law).

Category of subjects: Employees (individuals with whom the SOLUTION Law Firm has an employment relationship)

Categories and list of Data: personal data: surname, first name, patronymic; position; status of patent attorney; place of employment; existence of employment relationship with SOLUTION Law Firm; contact details; information about education, specialty and profession; information about foreign language skills, level of proficiency; information about professional retraining and/or advanced training; information about work activity (employment history); professional specialisation; professional certification and accreditation; professional achievements; publications; speeches at events; participation in international organisations; honorary titles and positions; awards; recommendations. Biometric personal data: photograph.
Purposes of processing: commercial purposes (marketing).
Methods of processing: using automation means.
Processing and storage periods: until the termination of the employment relationship with the Company.
Destruction procedure: deletion of data from the PDIS.
Legal grounds for processing: consent of the personal data subject (paragraph 3, article 88 of the Labour Code of the Russian Federation); clause 1, part 1, article 6, article 10.1 of the Federal Law of July 27, 2006 No. 152‑FZ “On Personal Data”.

5. Procedure and Conditions for Processing Data

5.1 The Company processes Data using automation means (including computers) and without using automation means (including on paper). The Company may perform the following actions (operations) and/or sets of actions (operations) with Data: collection; recording; systematisation; accumulation; storage; clarification (updating, modification); extraction; use; transfer (provision, access); blocking; deletion; destruction. In addition to the above, the Company also disseminates Employee Data by placing professional resumes on the Websites.

5.2 The Company always proceeds from the following: (a) all Data belongs personally to the personal data subject or the person indicated in the relevant request/web form; (b) each personal data subject visiting the Websites is capable and adult; (c) the personal data subject provides accurate and up‑to‑date Data.

5.3 Data is processed until the purpose of its processing is achieved or until the personal data subject withdraws consent to the processing of his/her Data, unless other grounds for continued processing established by law exist.

5.4 The Company transfers Data to courts, law enforcement, supervisory authorities and other authorised state bodies and officials when there are grounds provided for by applicable law.

5.5 The Company recognises Data as strictly confidential information. The Company and other persons who have gained access to Data do not disclose to third parties or disseminate Data without the consent of the relevant personal data subject, unless otherwise provided by federal law.

5.6 Pursuant to part 2 of article 18.1 of the Law, the Company publishes this Policy, as well as information on the implemented requirements for the protection of Data (Appendix No. 1 to the Policy) on the Websites and ensures permanent, free and unrestricted access to them for all personal data subjects.

5.7 The Company takes necessary legal, organisational and technical measures or ensures their adoption to protect Data from unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination of Data, as well as from other unlawful actions in relation to Data. Data security is achieved, in particular, by: (a) identifying threats to Data security during their processing in personal data information systems; (b) applying organisational and technical measures to ensure Data security during their processing in personal data information systems, necessary to meet the requirements for Data protection, the implementation of which ensures the levels of personal data protection established by the Government of the Russian Federation; (c) using information security means that have passed the conformity assessment procedure in the established manner; (d) using, for the destruction of Data, information security means that have passed the conformity assessment procedure in the established manner and which implement a data destruction function; (e) assessing the effectiveness of measures taken to ensure Data security before putting the personal data information system into operation; (f) recording computer‑readable media containing Data; (g) detecting facts of unauthorised access to Data and taking measures, including measures to detect, prevent and eliminate the consequences of cyber attacks on the PDIS and to respond to computer incidents within them; (h) restoring Data modified or destroyed due to unauthorised access; (i) establishing access rules to Data processed in the personal data information system, as well as ensuring registration and recording of all actions performed with Data in the personal data information system; (j) controlling the measures taken to ensure Data security and the level of protection of personal data information systems.

5.8 The condition for terminating processing of Data may be the achievement of the purposes of processing Data, expiration of the consent or withdrawal of consent by the personal data subject to the processing of his/her Data (if applicable), as well as the discovery of unlawful processing of Data.

5.9 Storage of Data is carried out in a form that allows the personal data subject to be identified no longer than required by the purposes of processing Data, unless the storage period for Data is established by federal law, a contract to which the personal data subject is a party, beneficiary or guarantor.

5.10 When collecting Data, recording, systematisation, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located outside the territory of the Russian Federation is not allowed.

5.11 For the purpose of providing feedback, the Company collects Data through feedback forms and call‑back forms on the Websites, as well as during communication with the User via the telephone numbers indicated on the Websites and upon receiving letters from the User at the email addresses indicated on the Websites. In such cases, the Company processes Data and ensures their confidentiality on the terms set out in this Policy. The Company considers the purpose of processing Data achieved if, after the last communication with the User on any matter carried out by any of the above methods, no new messages and/or calls are received from the User for 90 days. If, as a result of the communication, the User orders services from the Company, the Company will treat him/her as a client, and the issues of processing his/her personal data from that moment will be governed by other documents defining the Company’s policy on the processing of personal data of clients.

5.12 The Company processes Data to the minimum extent necessary for the purpose of sending informational and marketing newsletters, subject to obtaining the User’s prior consent. The Company provides the User with the ability to change preferences regarding the subject matter of the information sent at any time, as well as to unsubscribe from the newsletter.

5.13 For holding business events in person or online, the Company ensures registration of Event participants by filling out appropriate web forms on the Websites. At the discretion of the Company, registration may also be carried out by the Event participant contacting the telephone numbers or email addresses indicated on the Websites. The Company may also receive information about Event participants from other event organisers, provided that the Event participants have given their consent or there are other legal grounds for receiving and subsequently processing their Data.

5.14 The Company enables the submission of CVs through the Websites for the purpose of considering candidates for vacant positions. After submitting a CV through the appropriate web form, authorised employees of the Company contact the Applicant using the contact details provided by that Applicant. Further communication with the Applicant is conducted without using the Websites.

5.15 Issues of processing Data of Event participants and Applicants that go beyond the scope set out in paragraph 1.1 of this Policy may be regulated by other documents defining the Company’s policy on the processing of personal data. The Company provides the relevant Event participants and Applicants with unrestricted access to such documents and familiarisation with them in accordance with part 2 of article 18.1 of the Law.

5.16 Employee Data of the Company’s management, lawyers, patent attorneys and other employees of the Company is placed on the Websites for commercial purposes (marketing) based on the written consent of the Employees obtained in accordance with paragraph 3 of article 88 of the Labour Code of the Russian Federation, and the consent of the Employees to the processing of personal data permitted by the personal data subject for dissemination, obtained in accordance with article 10.1 of the Law.

5.17 In the consent to the processing of personal data permitted by the personal data subject for dissemination, each Employee has the right to impose prohibitions on the transfer (except for providing access) of Data by the Company to an unlimited number of persons, as well as prohibitions on processing or conditions for processing (except for obtaining access) of Data by an unlimited number of persons. Refusal by the Company to allow the Employee to impose prohibitions and conditions provided for by article 10.1 of the Law is not permitted.

5.18 The Company is obliged, no later than three working days from the date of receipt of the relevant consent of the Employees, to publish information on the conditions of processing and on the existence of prohibitions and conditions on the processing by an unlimited number of persons of Data permitted by the personal data subject for dissemination.

5.19 In accordance with the preceding paragraph, the Company reports that as of the date of adoption of this Policy, all Employees whose Data is published on the Websites: have not imposed prohibitions on the transfer of Data by the Company to an unlimited number of persons, nor prohibitions on the processing of Data by an unlimited number of persons; have not set conditions for the processing of Data by an unlimited number of persons; have not set conditions under which the received Data may be transferred by the Company only through its internal network, providing access to information only to strictly defined employees, or using information and telecommunications networks, or without transferring the received personal data.

6. Features of Processing Web Analytics Data and Cookies

6.1 The connection of the Websites to Web Analytics Services is carried out strictly in the standard manner provided for by the rules of the respective Web Analytics Service. In most cases, this is done by adding a software code (script) provided by the Web Analytics Service to the software code of the Websites. The script enables the Web Analytics Service to directly collect the information necessary for its operation. The Company does not independently collect or transmit information for processing to Web Analytics Services in any other way.

6.2 The principle of operation of Web Analytics Services is to collect information about visits to the Websites and User activity.

6.3 Web analytics data must be collected only in anonymised form and processed in aggregated form, i.e., Web analytics data cannot be attributed to a directly or indirectly identified or identifiable individual. In order to exclude the possibility of identifying Users as specific individuals, the Company never discloses to Web Analytics Services the personal data of Users that may be known to the Company.

6.4 The Company may access Web analytics data through personal accounts provided by the Web Analytics Services. The Web analytics data is then provided to the Company in processed and aggregated form in the form of reports.

6.5 Web Analytics Services may use various technical means to obtain Web analytics data, including cookies and other similar technologies (web beacons, IP addresses, Java scripts, etc.). Cookies are small text files that are stored on the device used by the User to work with the respective Website (personal computer, smartphone, tablet computer, etc.). These files may contain information necessary for the operation of the Web Analytics Services or the Websites, for example, information about browser settings, pages viewed, Website interface settings, etc. Web Analytics Services typically use cookies for technical tasks (ensuring the operation of the Web Analytics Service) and analytical tasks (studying the behaviour and interests of the Website audience, as well as other indicators characterising the Website’s market position). More detailed reference information about cookies can be found here: https://yandex.ru/support/browser/personal-data-protection/cookies.html .

6.6 Below is information about the main cookies that may be accepted by the User’s device when visiting the Websites.

Analytical cookies

Description: Yandex.Metrica cookies (more details: https://yandex.ru/support/metrica/general/cookie-usage.html)
Owner: YANDEX LLC
How to refuse: use the “Yandex Metrica Blocker” (more details: https://yandex.ru/support/metrica/general/opt-out.html).

Technical cookies

bx_user_id – set by Bitrix, used to store a unique identifier for the chat function. Owner: 1C‑Bitrix LLC. Procedure for refusal: see clause 6.7 of this Policy.
PHPSESSID – used to store and identify a unique user session identifier for the purpose of managing the user session on the website. The cookie is deleted when all browser windows are closed. Owner: SOLUTION Law Firm. Procedure for refusal: see clause 6.7 of this Policy.
hideModal – used to store information about the user’s agreement with this Policy. Owner: SOLUTION Law Firm. Procedure for refusal: see clause 6.7 of this Policy.

6.7 The User has the right to refuse to accept cookies and other web analytics tools on his/her device. To do this, the User may stop using the Websites or adjust the appropriate settings in his/her browser. Most modern browsers and internet security software support the ability to fully, partially or selectively block cookies and other technical means used to obtain Web analytics data, as well as to delete previously stored cookies. Therefore, the User is advised to review the security settings on his/her device and independently choose the preferred options. Settings may be implemented differently in each browser. The User should consult the “Help” section of his/her browser, as well as check the settings of his/her firewall software (if any). If the User refuses to accept cookies and use other technical means, the Company cannot, for technical reasons, guarantee that the User will have constant access to all functions of the Websites.

6.8 For marketing purposes, the Company may configure advertising tools on social networks and other web resources using Web analytics data, subject to the usage rules and privacy policies established by the Web Analytics Services. This allows the User to see advertising banners concerning the Company’s services. The Company never processes Web analytics data for the purpose of promoting goods, works, services on the market by making direct contact with potential consumers using means of communication. With the User’s consent, the Company may, for marketing purposes, transfer Web analytics data to the owners of relevant social networks and other web resources for further independent processing in accordance with the personal data processing policies (privacy policies) established by such persons.

7. Updating, Correction, Deletion and Destruction of Data, Responses to Data Subject Access Requests

7.1 If the fact of inaccuracy of Data or unlawfulness of their processing is confirmed, such Data is subject to updating by the Company, and processing must be terminated accordingly.

7.2 Upon achievement of the purposes of processing Data, as well as in the event of withdrawal of consent by the personal data subject to their processing, Data is subject to destruction if: (a) otherwise is not provided for by a contract to which the personal data subject is a party, beneficiary or guarantor; (b) the Company is not entitled to process without the consent of the personal data subject on the grounds provided for by the Law or other federal laws; (c) otherwise is not provided for by another agreement between the Company and the personal data subject.

7.3 The Company is obliged to inform the personal data subject or his/her representative about the processing of such subject’s personal data upon request.

8. Procedure for Responding to Requests/Appeals of Personal Data Subjects and their Representatives, Authorised Bodies regarding Inaccuracy of Personal Data, Unlawfulness of their Processing, Withdrawal of Consent and Access of the Personal Data Subject to his/her Data

8.1 Personal data subjects have the right to receive information concerning the processing of their Data, including: (a) confirmation of the fact of processing of Data by the Company; (b) legal grounds and purposes of processing of Data; (c) purposes and methods of processing of Data used by the Company; (d) name and location of the Company, information about persons (excluding employees of the Company) who have access to Data or to whom Data may be disclosed on the basis of a contract with the Company or on the basis of federal law; (e) processed Data relating to the relevant personal data subject, the source of their receipt, unless a different procedure for providing such data is provided for by federal law; (f) processing periods for Data, including storage periods; (g) the procedure for the exercise by the personal data subject of the rights provided for by the legislation of the Russian Federation in the field of Data; (h) information on the cross‑border transfer of Data carried out or contemplated; (i) the name or surname, first name, patronymic and address of the person processing Data on behalf of the Company, if processing is or will be entrusted to such person; (j) information on the methods by which the Company fulfills the obligations established by article 18.1 of the Law; (k) other information provided for by the legislation of the Russian Federation in the field of personal data. To obtain this information, personal data subjects have the right to contact the Company at the contact details set out in clause 8.14 below.

8.2 Personal data subjects have the right to demand that the Company rectify their Data, block or destroy them if the Data is incomplete, outdated, inaccurate, unlawfully obtained or not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights.

8.3 The above information must be provided to the personal data subject by the Company in an accessible form, and must not contain Data relating to other personal data subjects, unless there are legal grounds for disclosing such Data.

8.4 The information specified in this section shall be communicated to the personal data subject or his/her representative, and they shall also be given the opportunity to review the relevant Data upon request or within 10 working days from the date of the request or receipt by the Company of the personal data subject’s request. This period may be extended, but no more than by 5 working days, if the Company sends a reasoned notice to the personal data subject indicating the reasons for the extension of the period for providing the requested information. The request must contain: (a) the number of the main identity document of the personal data subject or his/her representative, information on the date of issue of such document and the issuing authority; (b) information confirming the participation of the personal data subject in the relationship with the Company, or information otherwise confirming the fact of processing of personal data by the Company, and the signature of the personal data subject or his/her representative. The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

8.5 If the information specified in this section, as well as the processed Data, have been provided for review to the personal data subject upon his/her request, the personal data subject has the right to contact the Company again or send a repeat request in order to obtain the said information and review such Data no earlier than 30 days after the initial request or sending of the initial request, unless a shorter period is established by federal law, a regulatory legal act adopted in accordance therewith, or a contract to which the personal data subject is a party, beneficiary or guarantor.

8.6 The personal data subject has the right to contact the Company again or send a repeat request in order to obtain the above information, as well as to review the processed Data, before the expiry of the period specified in the previous paragraph, if such information and/or processed Data were not provided to him/her for review in full as a result of consideration of the initial request. The repeat request must contain justification for sending the repeat request.

8.7 The Company has the right to refuse the personal data subject the execution of a repeat request that does not meet the conditions established by law. Such refusal must be reasoned.

8.8 The right of the personal data subject to access his/her Data may be restricted in accordance with federal laws, including if access of the personal data subject to his/her Data violates the rights and legitimate interests of third parties.

8.9 The Company reports to Roskomnadzor, at the request of this authority, the necessary information within the time limits established by the legislation of the Russian Federation.

8.10 All incoming appeals and requests are registered as incoming correspondence and are also recorded in the relevant logs of the Company.

8.11 Appeals and requests are considered by the Person responsible for organising the processing of personal data. If questions arise or the content of the request needs to be clarified, the Person responsible for organising the processing of personal data contacts the person who sent the request/appeal using the contact details contained therein.

8.12 The response to the request/appeal is drawn up in the same form in which the respective request/appeal was received (for example, by email or in writing), unless otherwise expressly provided by the legislation of the Russian Federation or a different request is contained in the request/appeal.

8.13 The response to a personal data subject’s appeal may be signed by the Person responsible for organising the processing of personal data or the Managing Partner. The response to a request from Roskomnadzor is signed by the Managing Partner or a person acting on his/her behalf under a power of attorney issued on behalf of the Company. Responses to requests and appeals are recorded in the relevant logs of the Company.

8.14 The request/appeal shall be sent in free form to the following address: SOLUTION Law Firm, Attention of the Person responsible for organising the processing of personal data, Postal address: Moscow, Shosse Entuziastov, 3k2, office 31.

Appendix. Information on the Implemented Requirements for the Protection of Personal Data

As necessary and taking into account the threats relevant to the PDIS used by the Company for processing Data, the Company implements the following requirements for the protection of Data, corresponding to the third level of protection of personal data, and/or ensures their implementation by persons engaged to process Data:

organising a regime for ensuring the security of premises in which the PDIS is located, preventing the possibility of uncontrolled entry or presence in these premises of persons who do not have the right of access to these premises;
ensuring the safety of personal data media;
approval by the head of the operator of a document defining the list of persons whose access to personal data processed in the PDIS is necessary for the performance of their official (labour) duties;
use of information security means that have passed the conformity assessment procedure to the requirements of the legislation of the Russian Federation in the field of information security, if the use of such means is necessary to neutralise current threats;
appointment of an official (employee) responsible for ensuring the security of personal data in the PDIS.

Search form

Privacy policy

About the site