Ru - Russian
En - English
Cn - Chinese
Search results ${allResultCounter}
${item.name} ${item.count}
${this.additional.title}

Services

Services

Assurance

Assurance

Explore Assurance Audit Services Financial Accounting Advisory Services Sustainability Services Forensics

Consulting, Technology and Transactions

Consulting, Technology and Transactions

Explore Consulting, Technology and Transactions Engineering and Project Management Insurance and Actuarial Solutions M&A and Restructuring Operational Excellence: Finance Operational Excellence: Retail SC&O – Enterprise Asset Management (EAM) Strategy and Business Transformation Supply Chain and Operations Transaction Due Diligence Technology Consulting Services Valuation, Modeling and Economics

Tax, Law, PAS and Business Support

Tax, Law, PAS and Business Support

Explore Tax, Law, PAS and Business Support Indirect Tax International Tax Planning Global Trade and Customs Legal Services Managed Services: Tax and Accounting People Advisory Services Private Client Services Tax Controversy Transaction Tax Transfer Pricing and Operating Model Effectiveness
IPO services

Foreign Desk Organization

Foreign Desk Organization

Explore Foreign Desk Organization China Desk
Academy of Business

Industries

Industries

Energy & Resources
Financial Services
Government & Public Sector
Real Estate, Hospitality & Construction
Transportation
Retail & Consumer Products
Agribusiness & AgriTech
Life Sciences & Pharma
Mining & Metals
Technology, Media & Telecommunications
Advanced Manufacturing & Mobility
B1 Private

Analytics

Analytics

Surveys & Reviews
Tax Messenger
IFRS

Programs

Programs

Women Entrepreneurs and Leaders
Careers

About Us

About Us

About B1 Group
Our Mission and Values
Our Awards
Transparency Reports
Locations Media Center Subscribe Contact Us

Select your language

Ru - Russian
En - English
Cn - Chinese

Select your location

Russia
Belarus
We use cookies to give you the best possible experience with b1.ru. By continuing to browse this website, you are agreeing to our use of cookies. You can disable cookies in your browser settings.

Personal Data Processing Policy

Share

1. General

This Personal Data Processing Policy (hereinafter, the “Policy”) describes personal data processing activities and personal data protection requirements effective in the following B1 Group’s legal entities: B1 – Business Consulting LLC, B1 – IT LLC, TSATR – Audit Services LLC, B1 – Consult LLC, B1 Academy of Business LLC, B1 – Corporate Services LLC, TSATR – CONSULT LLC and KRSB Management Company LLC, each of which is an independent personal data operator and is hereinafter referred to individually as the “Operator.”

B1 Group JSC, B1 – Center LLC and B1 – Finance LLC do not provide services to B1 Group’s clients and apply their own personal data processing policies.

The Policy is designed to ensure compliance with the Russian privacy law and to protect human and civil rights and freedoms when the Operator organizes the processing and/or processes personal data, including the rights of privacy and personal and family secret, as well as the right of personal data subjects to be informed of the Operator’s activities to process and protect their personal data.

The Policy has been developed in accordance with Federal Law No. 152-FZ “On Personal Data” of 27 July 2006 (hereinafter, “Federal Law No. 152”) and is subject to mandatory publication on the Operator’s website in accordance with Article 18.1.2 of Federal Law No. 152. The Operator must ensure unrestricted access to the Policy.

The Policy applies to all business units of the Operator. All the Operator’s employees must read this Policy in accordance with the procedure established by the Operator to duly inform employees of its internal regulations.

If third parties plan to receive temporary or permanent access to personal data processed by the Operator, before granting such access, the Operator shall take all necessary measures to ensure that such parties assume the data protection obligations which are no less strict than those stipulated by this Policy.

The following key terms are used in the Policy:

  • Automated personal data processing: the use of computer equipment to process personal data
  • Blocking of personal data: temporary suspension of personal data processing (except where processing is required to revise personal data)
  • Personal data information system: all personal data contained in databases and all information technologies and equipment enabling such personal data to be processed
  • Anonymization of personal data: actions making it impossible, without additional information, to identify a specific personal data subject
  • Personal data processing: any action (operation) or set of actions (operations) performed on personal data, whether or not by automated means, including collection, recording, systematization, accumulation, storage, revision (updating, modification), retrieval, use, transfer (dissemination, provision, access), anonymization, blocking, deletion or destruction of personal data
  • Personal data operator: a state or municipal authority, legal entity or individual that processes personal data and/or organizes such processing, whether by themselves or jointly with others, and that determines the purposes of personal data processing, the range of personal data to be processed and the actions (operations) performed with personal data
  • Personal data: any information relating to an individual who is identified or identifiable, either directly or indirectly (the personal data subject)
  • Provision of personal data: actions taken to disclose personal data to a specific individual or group of individuals
  • Dissemination of personal data: actions taken to disclose personal data to an unlimited number of persons (transfer of personal data); to acquaint an unspecified number of persons with such data, including by publicizing personal data in mass media and making it available in information and telecommunication networks; or to provide access to personal data in any other way
  • Website: an Internet site, which is used to collect personal data
  • Cross-border transfer of personal data: the transfer of personal data abroad to a foreign government authority, foreign individual or foreign legal entity
  • Destruction of personal data: actions that make it impossible for the content of personal data in a personal data information system to be recovered and/or that result in the destruction of the physical media on which personal data is stored

2. Principles of personal data processing

The Operator adheres to the following principles of personal data processing:

  • Personal data is processed on a legal and equitable basis.
  • Personal data processing is limited to specific, predetermined and lawful purposes.
  • Personal data processing, which is inconsistent with the purposes for which data is collected, is prohibited.
  • Databases containing personal data processed for mutually incompatible purposes are not combined.
  • Personal data is processed only if such data is consistent with the processing purposes.
  • The range and quantity of processed personal data must be consistent with the declared processing purposes.
  • Processed personal data must not be more than is required for the declared processing purposes.
  • Personal data must be accurate, sufficient and relevant to the purposes for which it is processed.
  • Unless otherwise prescribed by federal laws, if the Operator is unable to eliminate violations of personal data, processed personal data must be destroyed or anonymized when the processing purposes are achieved or no longer needed to be achieved.

3. Conditions (legal basis) for personal data processing

The Operator processes personal data if at least one of the following conditions is met (on at least one of the following legal grounds):

  • Personal data is processed with the personal data subject’s consent.
  • Personal data must be processed for purposes stipulated by an international agreement of the Russian Federation or by a law in fulfillment of the functions, powers and duties conferred on operators by Russian law.
  • Personal data must be processed in order to execute a court ruling or a decision of another body or official which is binding under Russian laws concerning enforcement proceedings.
  • Personal data must be processed in fulfillment of an agreement under which the personal data subject is a signatory, beneficiary or guarantor, or for the conclusion of an agreement at the initiative of the personal data subject or an agreement under which the personal data subject will be a beneficiary or guarantor.
  • Personal data must be processed to protect the life, health or other vital interests of the personal data subject, and the personal data subject’s consent cannot be obtained.
  • Personal data must be processed in fulfillment of the rights and lawful interests of the operator or for the achievement of socially significant goals, provided that the rights and freedoms of the personal data subject are not infringed.
  • Processed personal data is to be published or must be disclosed under federal laws.

4. Purposes of personal data processing; categories and list of processed personal data; categories of subjects whose personal data is processed; methods, periods of personal data processing and storage, the procedure for its destruction

4.1 For each purpose of personal data processing, clause 4.5 of the Operator’s Policy determines the following:

  • Categories and list of processed personal data
  • Categories of subjects whose personal data is processed by the Operator
  • Methods and periods of personal data processing and storage
  • Procedure for personal data destruction

4.2 To achieve each purpose of personal data processing, the Operator processes personal data in one of the following ways: the mixed method, i.e., by both automated and non-automated means, with the data transfer via the internal network of a legal entity and via the Internet.

The Operator performs the following actions (operations) with personal data to achieve each purpose of personal data processing: collection, recording, systematization, accumulation, storage, revision (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion or destruction of personal data. 

4.3 Periods of processing and storage of personal data processed to achieve each purpose of personal data processing are determined based on data processing conditions set forth by Federal Law No. 152, provisions of an agreement under which the personal data subject is a signatory, beneficiary or guarantor, and/or the consent of the personal data subject. Personal data is processed and stored no longer than is required by purposes of personal data processing, unless otherwise provided by Federal Law No. 152. 

4.4 Personal data processed to achieve each purpose of personal data processing is destroyed in the following cases, unless otherwise provided by Federal Law No. 152: 

  • If the purpose of personal data processing has been achieved or no longer needs to be achieved
  • If it is revealed that personal data has been processed unlawfully
  • If the personal data subject withdraws the consent to personal data processing   
  • If the personal data subject demands to terminate personal data processing 

Procedures for personal data destruction are determined by the Operator’s internal regulations depending on the processing method, functionality of the personal data information system and the type of physical medium bearing personal data. 

4.5 The Operator processes personal data to achieve the purposes below.

Concluding and performing any agreements with employees, regulating labor and other directly associated relations

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, TIN, individual insurance account number (SNILS), address, place of work and position, information on previous employment and employers, information on income, bank account details, information on education, marital status, photo; special personal data: information on disabilities. 

 

Categories of personal data subjects: employees. 

 

Conditions (legal grounds) for personal data processing: consent, fulfillment of the functions, powers and duties conferred on operators by Russian law. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof.

Conducting transactions to achieve the Operator’s objectives specified in the articles of association, exercising contractual rights and performing contractual obligations

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, contact (personal and corporate) telephone numbers, corporate and personal email addresses, place of work and position, information on previous employment and employers, information on education, photo. 

 

Categories of personal data subjects: employees, counterparties, individuals that are employees of the Operator’s clients. 

 

Conditions (legal grounds) for personal data processing: consent, performance of an agreement under which the personal data subject is a signatory or beneficiary, fulfillment of the rights and lawful interests of operators and third parties. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof.

Advertising and marketing purposes aimed at attracting clients, informing clients of the Operator’s services, receiving feedback

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, contact (personal and corporate) telephone numbers, corporate and personal email addresses, information on education. 

 

Categories of personal data subjects: counterparties, visitors, participants of events, any persons who have subscribed to newsletters. 

 

Conditions (legal grounds) for personal data processing: consent. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof.

Fulfilling the functions, powers and duties conferred on the Operator by Russian law

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, ID details, military registration status. 

 

Categories of personal data subjects: employees, dismissed employees, counterparties, participants of legal entities, members of management bodies of legal entities. 

 

Conditions (legal grounds) for personal data processing: fulfillment of the functions, powers and duties conferred on operators by Russian law. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof.

Concluding and performing agreements for the benefit of employees, including insurance contracts

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, TIN, address, contact (office and corporate) telephone numbers, personal mobile and home telephone numbers, corporate and personal email addresses, place of work and position, information on previous employment and employers, marital status, military registration status, material status, emergency contact information; special personal data: information on disabilities, health details. 

 

Categories of personal data subjects: employees, their family members, counterparties. 

 

Conditions (legal grounds) for personal data processing: consent, performance of an agreement under which the personal data subject is a signatory or beneficiary. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof.

Ensuring safety on the Operator’s office premises, including in case of emergency, access control

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, address, contact (office and corporate) telephone numbers, personal mobile and home telephone numbers, corporate and personal email addresses, place of work and position, information on previous employment and employers, emergency contact information, photo; special personal data: information on disabilities. 

 

Categories of personal data subjects: job applicants, employees, their family members, counterparties, visitors. Conditions (legal grounds) for personal data processing: consent. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof.

Arranging business trips

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, address, contact (office and corporate) telephone numbers, personal mobile and home telephone numbers, corporate and personal email addresses, place of work and position, information on previous employment and employers, information on income, bank account details, information on education, marital status, military registration status, emergency contact information, photo; special personal data: information on disabilities. 

 

Categories of personal data subjects: employees, their family members. 

 

Conditions (legal grounds) for personal data processing: consent. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof.

Career development and human resources management, personnel motivation

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, TIN, individual insurance account number (SNILS), address, contact (office and corporate) telephone numbers, personal mobile and home telephone numbers, corporate and personal email addresses, place of work and position, information on previous employment and employers, bank account details, emergency contact information, photo, information about interests; special personal data: information on disabilities, health details. 

 

Categories of personal data subjects: employees, their family members. 

 

Conditions (legal grounds) for personal data processing: consent. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof. 

Preparing proposals for clients to conclude agreements, preparing tender documentation

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, contact (office and corporate) telephone numbers, corporate email address, place of work and position, information on previous employment and employers, information on education, photo. 

 

Categories of personal data subjects: employees, counterparties. 

 

Conditions (legal grounds) for personal data processing: consent. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof. 

Employee certification and training

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, TIN, individual insurance account number (SNILS), address, contact (office and corporate) telephone numbers, corporate email address, place of work and position, information on previous employment and employers, information on education, photo, information on the results of trainings and educational programs. 

 

Categories of personal data subjects: employees, counterparties. 

 

Conditions (legal grounds) for personal data processing: consent. Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof. 

Verifying the information provided by personal data subjects, including in employment

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, ID details, place of work and position, information on previous employment and employers, information on education. 

 

Categories of personal data subjects: job applicants, employees, counterparties. 

 

Conditions (legal grounds) for personal data processing: consent, fulfillment of the rights and lawful interests of operators and third parties. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof. 

Auditing the Operator’s activities

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, TIN, individual insurance account number (SNILS), address, contact (office and corporate) telephone numbers, personal mobile and home telephone numbers, corporate and personal email addresses, place of work and position, information on previous employment and employers, information on income, bank account details, information on education, marital status, military registration status, material status; special personal data: information on disabilities. 

 

Categories of personal data subjects: employees, their family members, dismissed employees, counterparties, participants of legal entities, members of management bodies of legal entities. 

 

Conditions (legal grounds) for personal data processing: consent. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof. 

Administrative and business activities and coordination within the Operator’s group of companies

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, TIN, individual insurance account number (SNILS), address, contact (office and corporate) telephone numbers, personal mobile and home telephone numbers, corporate and personal email addresses, place of work and position, information on previous employment and employers, information on education. 

 

Categories of personal data subjects: employees, dismissed employees, counterparties, participants of legal entities, members of management bodies of legal entities. 

 

Conditions (legal grounds) for personal data processing: consent, fulfillment of the rights and lawful interests of operators and third parties. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof. 

Recruiting and selecting job applicants

Categories of personal data: not special or biometric: last name, first name, patronymic, date of birth, place of birth, citizenship, ID details, individual insurance account number (SNILS), address, contact telephone numbers, email addresses, place of work and position, information on education and/or qualification, marital status, military registration status, information about interests, criminal history record information, level of proficiency in foreign languages, expected income, information on accounts in social media, copies of documents: SNILS; ID; international passport. 

 

Categories of personal data subjects: job applicants. 

 

Conditions (legal grounds) for personal data processing: consent. 

 

Methods of personal data processing: as determined by clause 4.2 hereof. 

 

Periods of personal data processing and storage: as determined by clause 4.3 hereof. 

 

Procedure for personal data destruction: as determined by clause 4.4 hereof.

5. Rights of personal data subjects

Personal data subjects hold rights granted by Federal Law No. 152. Personal data subjects may exercise these rights by sending a written request to the Operator or to the email address indicated in the Contact Details. The request to the Operator can take any form, but must include the following: information on the sender (last name, first name and patronymic, if any), contact information (email address or mailing address) and information that will help the Operator to determine, based on the data available to the Operator, the fact of processing the sender’s personal data. In the event the rights to revise, block and/or delete information are exercised, the request must also include a list of personal data subject to revision, blocking and/or deletion.

Right to withdraw consent

Personal data subjects must decide to provide their personal data and give consent to process it of their own free will and in their own interests. The consent to personal data processing may be given by personal data subjects or their representatives in any form that allows confirming the receipt thereof, unless otherwise prescribed by Russian law, and may be withdrawn by personal data subjects.

Right of access to personal data

Personal data subjects are entitled to obtain information from the Operator on the processing of their personal data unless this right is restricted by federal laws. 

Right to revise, block and delete personal data

Personal data subjects may request that the Operator revise, block or destroy their personal data if such data is incomplete, outdated, inaccurate, obtained illegally or unnecessary for the declared processing purpose, and may take measures envisaged by law to defend their rights. 

Right to challenge decisions made solely on the basis of automated personal data processing

It is forbidden to make decisions, solely on the basis of automated personal data processing, that have legal implications for personal data subjects or otherwise affect their rights and lawful interests, except in cases prescribed by federal laws or where the personal data subject has given written consent. A personal data subject may raise an objection against such a decision, which the Operator must consider within 30 days from the receipt thereof and notify the personal data subject of the outcome. 

Right to appeal against the Operator’s actions or omissions

A personal data subject who believes that the Operator is processing their personal data in violation of Federal Law No. 152 or otherwise infringing their rights and freedoms may appeal the Operator’s actions or omissions to a competent privacy authority or court.

6. Confidentiality of personal data

The Operator and other persons that receive access to personal data must not disclose it to third parties or disseminate it without the personal data subject’s consent, unless otherwise prescribed by federal laws.

7. Special categories of personal data

Special categories of personal data, concerning an individual’s race, nationality, political views, religious and philosophical convictions, health or private life, may be processed if: 

  • The personal data subject gives written consent for such processing.
  • Personal data authorized for dissemination by the personal data subject is processed in compliance with the prohibitions and conditions stipulated in Federal Law No. 152.
  • Personal data is processed under the legislation on state social assistance, labor law and Russian law on state pension benefits and labor pensions.
  • Personal data must be processed to protect the life, health or other vital interests of the personal data subject or other persons and the personal data subject’s consent cannot be obtained.
  • Personal data is processed for purposes of medical treatment, prevention, diagnosis or medical and health and social care services, on condition that such personal data is processed by a medical professional who is required by Russian law to observe patient confidentiality.
  • Personal data must be processed in order to establish or exercise the rights of the personal data subject or third parties as well as for the administration of justice.
  • Personal data is processed under the legislation on compulsory forms of insurance or insurance law. 

Unless otherwise prescribed by federal laws, the processing of special categories of personal data in the cases indicated in Article 10.4 of Federal Law No. 152 must be stopped immediately if the reasons for which such data was being processed no longer exist. 

The Operator may process personal data on an individual’s criminal record only when and as prescribed by federal laws.

8. Biometric personal data

Biometric personal data – information describing individuals’ physiological and biological characteristics that may be used to establish their identity – may be processed by the Operator only with the personal data subject’s written consent.

9. Personal data authorized for dissemination by the personal data subject

Personal data that has been authorized for dissemination by the personal data subject shall be processed by the Operator based on a consent executed in addition to other consents given by the personal data subject for the processing of their personal data. The Operator must ensure that the personal data subject can determine a list of personal data for each category indicated in the consent to process personal data authorized for dissemination by the personal data subject. 

In the consent to process personal data authorized for dissemination, the personal data subject may prohibit the transfer of (except for provision of access to) such personal data by the Operator to the public and also prohibit the processing of or establish conditions for processing of (except for provision of access to) such personal data by the public. The Operator may not deny the personal data subject to set such prohibitions and conditions. 

Personal data that has been disclosed by the personal data subject to the public may be processed by the Operator only if the Operator can provide evidence that the processing of such personal data is lawful.

10. Assignment of personal data processing to another party

With the consent of the personal data subject, the Operator may assign personal data processing to another party under an agreement with such party, unless otherwise stipulated by federal laws. A party that processes personal data at the Operator’s request must adhere to the rules and principles of personal data processing, respect confidentiality and take measures as set forth in Federal Law No. 152 and this Policy. 

The Operator’s request should contain a list of personal data, a list of actions involving personal data that the processor will take, and the purposes of data processing. The request should also establish the processor’s obligation to maintain the confidentiality of personal data and meet the requirements set forth in Federal Law No. 152, and the processor’s obligation, throughout the period covered by the Operator’s request, including before the personal data processing, to provide documents and other information proving that the processor has taken measures and complied with all the requirements in fulfillment of the Operator’s request. 

A party that processes personal data at the Operator’s request is not required to obtain the personal data subject’s consent to process their personal data. 

The Operator shall be responsible for the actions of a party that processes personal data at the Operator’s request. A party that processes personal data at the Operator’s request shall be liable to the Operator.

11. Processing of personal data of Russian citizens

Under Article 2 of Federal Law No. 242-FZ “On Amendments to Certain Legislative Acts of the Russian Federation to Modify the Procedure for Personal Data Processing in Information and Telecommunication Networks” of 21 July 2014, when personal data is collected, including via the Internet, the Operator ensures that personal data of Russian citizens is recorded, systematized, accumulated, stored, revised (updated, modified) and retrieved using databases located in the Russian Federation, except for the cases described below where the recording, systematization, accumulation, storage, revision (updating, modification) and retrieval or personal data of Russian citizens using databases located in the Russian Federation is not mandatory:

  • Personal data must be processed for purposes stipulated in an international agreement of the Russian Federation or by a law in fulfillment of the functions, powers and duties conferred on operators by Russian law.
  • Personal data must be processed in order to execute a court ruling or a decision of another body or official which is binding under Russian laws concerning enforcement proceedings.
  • Personal data must be processed so that federal executive bodies, bodies of state off-budget funds, executive bodies of constituent entities of the Russian Federation and local government bodies can exercise their powers and so that organizations involved in the provision of state and municipal services stipulated in Federal Law No. 210-FZ “On the Provision of State and Municipal Services” of 27 July 2010 can perform their functions, including registration of the personal data subject on the unified portal for state and municipal services and/or regional portals for state and municipal services.
  • Personal data must be processed for purposes of a journalist’s professional activity and/or lawful activities of mass media or for research and literary work or other creative activity, provided that the rights and lawful interests of the personal data subject are not infringed.

12. Processing of personal data of minors

The website is not intended for processing personal data of minors. If you have any reasons to believe that personal data of minors was provided to the Operator while using the website, please notify us at the email address indicated in the Contact Details.

13. Cross-border transfer of personal data

Cross-border transfer of personal data is subject to terms and limitations set forth by Federal Law No. 152. 

Before the cross-border transfer of personal data: 

  • The Operator obtains from foreign government authorities, foreign individuals or foreign legal entities, which are the recipients in the cross-border transfer of personal data, the information on measures taken to protect transferred personal data and conditions for the processing to be ceased.
  • If the cross-border transfer of personal data is planned to foreign government authorities, foreign individuals or foreign legal entities under the jurisdiction of a foreign state that is not a party to the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and that is not in the list of foreign states, which ensure an adequate level of protection of the rights of personal data subjects, the Operator obtains from foreign government authorities, foreign individuals or foreign legal entities, which are the recipients in the cross-border transfer of personal data, the information on personal data laws and regulations of the foreign state where they operate.
  • The Operator obtains the following information from foreign government authorities, foreign individuals or foreign legal entities to be the recipients in the cross-border transfer of personal data: corporate name or last name, first name and patronymic, contact telephone numbers, mailing addresses and email addresses.
  • Based on the information received, the Operator assesses the ability of foreign government authorities, foreign individuals or foreign legal entities to be the recipients in the cross-border transfer of personal data, to maintain confidentiality of personal data and ensure the security of personal data processed.
  • The Operator notifies the competent privacy authority of its intention to perform the cross-border transfer of personal data in accordance with Federal Law No. 152.

14. Cookies

A “cookie” is a technology that allows the website to store blocks of data in the browser which will be used by the website on any subsequent visits of a user. Cookies are designed to make the website work more efficiently, as well as to provide information to the website owners. The use of cookies by the Operator is described in the Cookie Policy.

15. Personal data security

The Operator ensures the security of personal data that it processes by taking legal, organizational and technical measures required to comply with federal laws concerning personal data security. 

The Operator takes the following organizational and technical measures to prevent unauthorized access to personal data: 

  • Appoints persons to be responsible for the organization of personal data processing and security
  • Limits the range of persons authorized to process personal data
  • Acquaints personal data subjects with the requirements of federal laws and the Operator’s regulations concerning personal data processing and security
  • Organizes the recording, storage and handling of media containing personal data
  • Identifies security threats in connection with personal data processing and creates corresponding threat models
  • Develops a personal data security system based on the threat model
  • Checks the readiness and effectiveness of information security tools
  • Limits users’ access to information resources and to hardware and software used for information processing
  • Registers and records the actions of users of personal data information systems   
  • Uses antivirus tools and means of restoring the personal data security system
  • Where necessary, makes use of firewalls, intrusion detection, security analysis and cryptographic tools
  • Organizes a system to control access to the Operator’s premises and supervise areas where personal data processing equipment is located

16. Contact details

OperatorTINAddress 
B1 – Business Consulting LLC 770938354075 Sadovnicheskaya nab., Moscow 115035
B1 – IT LLC 970500515675 Sadovnicheskaya nab., Moscow 115035
TSATR – Audit Services LLC770938353275 Sadovnicheskaya nab., Moscow 115035
B1 – Consult LLC770563726475 Sadovnicheskaya nab., Moscow 115035
B1 Academy of Business LLC97050331532, Paveletskaya Square, bldg. 2, office 501, Moscow 115054
B1 – Corporate Services LLC97051668512, Paveletskaya Square, bldg. 2, office 501, Moscow 115054
TSATR – CONSULT LLC 97051670762, Paveletskaya Square, bldg. 2, office 501, Moscow 115054
KRSB Management Company LLC 970517355275 Sadovnicheskaya nab., Moscow 115035

For all matters regarding personal data processing and security, please contact the following addresses: 

Mailing address: 75 Sadovnicheskaya nab., Moscow, 115035, Russia 

Email address: data.privacy@b1.ru 

17. Concluding provisions

The Policy becomes effective and binding on all the Operator’s employees on the date of its approval. 

The Operator may modify the Policy at any time at its sole discretion. 

Other rights and obligations of the Operator in connection with personal data processing are established by the laws of the Russian Federation concerning personal data. 

Employees of the Operator who violate the rules of personal data processing and security may be brought to financial, disciplinary, administrative, civil or criminal liability under federal laws.