Preview

User

Not a user? Register with this site Forgot your password?

Safety and Risk of Pharmacotherapy

Advanced search

Privacy Policy

Privacy Policy

This Privacy Policy for personal data (hereinafter referred to as the "Privacy Policy") applies to all personal data that the Data Processing Operator (hereinafter referred to as the "Operator") may obtain about a Data Subject while they are using the website with the domain name https://www.risksafety.ru. Make sure to read this Privacy Policy carefully. If you disagree with any of its terms, you must stop using the Website and leave it immediately.

KEY DEFINITIONS

The key terms used in this Privacy Policy are defined as follows:

1.1. Data Processing Operator (Operator) – Federal State Budgetary Institution "Scientific Centre for Expert Evaluation of Medicinal Products" of the Ministry of Health of the Russian Federation (FSBI "SCEEMP" of the Ministry of Health of Russia). Primary State Registration Number (OGRN) 1027700070903, Taxpayer Identification Number (INN) 7707306652.

1.2. Automated Processing of Personal Data – processing of personal data using computer technology.

1.3. Blocking of Personal Data – temporary cessation of personal data processing (except for cases where processing is necessary to clarify personal data).

1.4. Personal Data Information System – a set of personal data contained in databases and the information technologies and technical means that enable their processing.

1.5. Confidentiality of Personal Data – a mandatory requirement for the Operator or any other party who has gained access to Personal Data to prevent their dissemination without the Data Subject's consent or without another legal basis.

1.6. Depersonalization of Personal Data – actions that make it impossible to determine, without the use of additional information, the belonging of personal data to a specific Data Subject.

1.7. Processing of Personal Data – any action (operation) or set of actions (operations) performed by the Operator with Personal Data, with or without automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of Personal Data.

1.8. Operator of Personal Data (Operator) – an organization that organizes independently or jointly with others and/ or carries out the processing of Personal Data, and also determines the purposes of processing Personal Data, the composition of Personal Data to be processed, and the actions (operations) performed with Personal Data.

1.9. Personal Data – any information relating to a directly or indirectly identified or identifiable individual (Data Subject).

1.10. Personal Data Authorized by the Data Subject for Dissemination – Personal Data to which an unlimited number of persons have been granted access by the User (Data Subject) by giving consent to the processing of Personal Data permitted for dissemination in the manner prescribed by current Russian legislation.

1.11. Privacy Policy – this document with all changes and additions, located on the Internet at:  https://www.risksafety.ru/jour/about/privacyPolicyCommon

1.12. User – a Data Subject, a legally competent individual using the Website for their own purposes. Within this Privacy Policy, the User is also referred to as the Data Subject.

1.13. Provision of Personal Data – actions aimed at disclosing Personal Data to a specific person or a specific circle of persons.

1.14. Website – the combination of graphical and informational materials, as well as computer programs and databases that ensure their availability on the Internet at the network address https://www.risksafety.ru

1.15. Disclosure of Personal Data – actions aimed at disclosing Personal Data to an indefinite number of persons.

1.16. Cross-Border Transfer of Personal Data – the transfer of Personal Data to the territory of a foreign state, to a foreign state authority, a foreign individual, or a foreign legal entity.

1.17. Destruction of Personal Data – actions that make it impossible to restore the content of Personal Data in the Personal Data information system and/or as a result of which the material carriers of Personal Data are destroyed.

1.18. Cookies – a small piece of data sent by a web server and stored on the User's device used to access the Website, which the web client or web browser sends to the web server each time in an HTTPS request when trying to open a page of the corresponding site.

1.19. Data Subject – a legally competent individual using the Website for their own purposes.

1.20. IP Address – a unique network address of a node in a computer network built using the IP protocol.

GENERAL PROVISIONS

2.1. This Privacy Policy defines the purposes, content, and procedure for processing Personal Data, measures aimed at protecting Personal Data, and procedures aimed at identifying and preventing violations of the legislation of the Russian Federation in the field of Personal Data. This Privacy Policy establishes the Operator's obligations for the processing, protection of Personal Data, including ensuring the confidentiality regime for Personal Data provided to the Operator.

2.2. This Privacy Policy defines the policy of the Operator as a data controller regarding the processing and protection of Personal Data. Personal Data are processed by the Operator in compliance with the principles and conditions provided for by this Privacy Policy and the legislation of the Russian Federation in the field of Personal Data. The Operator considers the observance of human, civil rights, and freedoms when processing their Personal Data, including the protection of the rights to privacy, personal and family secrets, as its most important goal and condition for its activities.

2.3. This Privacy Policy applies only to information obtained during the use of the Website and within the framework of the Operator's contractual obligations.

2.4. The User makes the decision to provide their Personal Data and gives consent to their processing freely, by their own will, and in their own interest. Consent to the processing of Personal Data must be specific, informed, and conscious. The Operator does not verify the accuracy of the Personal Data provided by the User.

2.5. Using the Website implies agreement with this Privacy Policy and the terms of processing of Personal Data.

2.6. By accepting this Privacy Policy, the User thereby gives their consent to the Operator for the processing of their Personal Data specified in Section 3 of this Privacy Policy, including collection, recording, accumulation, storage, clarification (updating, modification), retrieval, use, transfer to third parties (distribution, provision, access), depersonalization, blocking, deletion, and destruction of Personal Data for the purposes specified in Section 3.

2.7. The Data Subject, by refusing to give consent to the Operator for the processing of their Personal Data for the purposes specified in Section 3, understands that they will not be able to use all the features of the Website and its services, and the use of the Website will be available in a limited mode.

2.8. The Data Subject who has provided Personal Data that does not fully meet the requirements of the relevant section of the Website or is inaccurate will not be able to use all the features of the Website and its services, including receiving certain services provided through the Website, and the use of the Website will be available in a limited mode.

2.9. Operator's Rights:

  • To collect Personal Data through forms on the Website;
  • To provide access to the Website;
  • To carry out collection, recording, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of Personal Data;
  • To transfer Personal Data to third parties based on contracts concluded to achieve the purposes specified in Section 3 of the Privacy Policy and data processing instructions;
  • In case of withdrawal of consent to the processing of Personal Data by the User, the Operator has the right to continue processing Personal Data without the User's consent if there are grounds specified in the current legislation;
  • To refuse the User's repeated request for information regarding their Personal Data processed by the Operator in accordance with the terms of federal law, providing a reasoned response;
  • To carry out the Dissemination of Personal Data if there is separate consent for the dissemination of personal data.

2.10. Operator's Obligations:

  • To use the obtained Personal Data solely for the purposes specified in Section 3 of this Privacy Policy;
  • To provide the User with information concerning their Personal Data upon receiving a corresponding request or appeal;
  • The Operator shall not be liable if the confidential information was lost or disclosed and: became publicly known before its loss or disclosure; was received from a third party before it was received by the Operator; was disclosed with the User's consent;
  • To inform the Data Subject or their representative about the processing of their Personal Data carried out by the Operator upon their request;
  • Not to disclose to third parties or disseminate Personal Data without the User's consent, unless otherwise provided by law;
  • Upon receiving a request or appeal from the User, to provide them with the information and details specified in the request/appeal in an accessible form and without indicating Personal Data relating to other data subjects, except in cases where there are legal grounds for disclosing such Personal Data;
  • To explain to the User the procedure for making a decision based solely on automated processing of their Personal Data and the possible legal consequences of such a decision, to provide the User with an opportunity to object to such a decision, and to explain the procedure for the User to protect their rights and legitimate interests. The Operator is obliged to consider the objection specified in this paragraph within 30 (thirty) days from the date of its receipt and notify the Data Subject of the results of the consideration of such objection;
  • To explain to the User the legal consequences of refusing to provide their Personal Data and/or give consent to their processing, if, in accordance with federal law, the provision of Personal Data and/or the Operator's receipt of consent to the processing of Personal Data are mandatory;
  • When collecting Personal Data, including via the Internet, the Operator is obliged to ensure the recording, systematization, accumulation, storage, clarification (updating, modification), retrieval of Personal Data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for cases specified in the current Russian legislation;
  • The Operator is obliged to ensure reliable protection of Personal Data and the protection of their confidentiality.

2.11. User's Rights:

  • The right to demand from the Operator the clarification, blocking, or destruction of their Personal Data if the Personal Data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated purpose of processing, by sending an appeal to the editorial office's email address: birf@expmed.ru;
  • The right to request information about the measures taken by the Operator to protect Personal Data;
  • The right to send a request to the Operator regarding their Personal Data that is being processed by the Operator, by sending an appeal (Appendix No. 4 to this Privacy Policy) to the Operator at the editorial office's email address: birf@expmed.ru;
  • The right to send a repeated request to the Operator regarding their Personal Data that is being processed by the Operator, no earlier than 30 (thirty) days after the initial appeal or sending the initial request, unless a shorter period is established by federal law;
  • The right to re-apply to the Operator or send them a repeated request to obtain information regarding their Personal Data that is being processed by the Operator, as well as to familiarize themselves with the processed Personal Data before the expiration of the 30 (thirty) day period, if such information and/or processed Personal Data were not provided to them in full based on the results of the initial appeal. The repeated request must contain a justification for sending the repeated request;
  • The right to send the Operator a withdrawal of the consent given by them for the processing of Personal Data and consent for the Dissemination of Personal Data;
  • The right to protect their rights and legitimate interests, including compensation for losses and/or moral damages in court;
  • The right to appeal against the actions or inaction of the Operator to the authorized body for the protection of the rights of data subjects or in court.

2.12. User's Obligations:

  • To comply with the requirements specified in clause 1.11 of this Privacy Policy;
  • To provide their accurate Personal Data.

2.13. Databases containing Personal Data of citizens of the Russian Federation are located on the territory of the Russian Federation.

2.14. The Operator processes Personal Data on a lawful and fair basis to perform the functions, powers, and duties imposed by legislation, to exercise the rights and legitimate interests of the Operator and other persons. The transfer (distribution, provision) and use of Personal Data are carried out only in cases and in the manner provided for by federal laws, with the consent of the Data Subject, if this is determined by current legislation.

2.15. The Operator receives Personal Data directly from the Data Subject, except in cases where Personal Data is transferred within the framework of contractual relations.

2.16. The Operator processes the User's Personal Data with their consent, provided either in writing (in cases required by the current legislation of the Russian Federation) or by performing conclusive actions.

2.17. Principles of Personal Data Processing established by this Privacy Policy:

2.17.1. The processing of Personal Data must be carried out on a lawful and fair basis.
2.17.2. The processing of Personal Data must be limited to the achievement of specific, predetermined, and lawful purposes. Processing of Personal Data that is incompatible with the purposes of collecting Personal Data is not allowed. Processing of Personal Data that is excessive in relation to the stated purposes of their processing is not allowed.
2.17.3. The merging of databases containing Personal Data processed for incompatible purposes is not allowed.
2.17.4. Only Personal Data that meets the purposes of their processing is subject to processing.
2.17.5. The content and volume of the processed Personal Data must correspond to the stated purposes of processing. The processed Personal Data must not be excessive in relation to the stated purposes of their processing.
2.17.6. When processing Personal Data, the accuracy of Personal Data, their sufficiency, and, where necessary, their relevance in relation to the purposes of processing Personal Data must be ensured. The Operator must take necessary measures or ensure their adoption to delete or clarify incomplete or inaccurate data.
2.17.7. The storage of Personal Data must be carried out in a form that allows the identification of the Data Subject for no longer than required by the purposes of processing Personal Data, unless the storage period for Personal Data is established by federal law, an agreement to which the Data Subject is a party, beneficiary, or guarantor. Processed Personal Data are subject to destruction or depersonalization upon achieving the processing purposes or in case of loss of the necessity to achieve these purposes, unless otherwise provided by federal law.
2.17.8. The Operator is obliged to ensure that the foreign state to whose territory the Cross-Border Transfer of Personal Data is carried out provides adequate protection of the rights of Data Subjects before the start of the cross-border transfer of Personal Data.
2.17.9. The Operator carries out Cross-Border Transfer of Personal Data of Authors of articles and media materials to international databases of scientific publications (such as Scopus, Web of Science, PubMed, DOAJ, Dimensions, etc.). In accordance with Part 2 of the List of cases in which the requirements of Parts 3–6, 8–11 of Article 12 of the Federal Law "On Personal Data" do not apply to operators carrying out Cross-Border Transfer of Personal Data for the purpose of fulfilling the functions, powers, and duties imposed on state bodies, municipal bodies by an international treaty of the Russian Federation, the legislation of the Russian Federation, approved by Decree of the Government of the Russian Federation of December 29, 2022 No. 2526, the cases in which the requirements of Parts 8–11 of Article 12 of the Federal Law "On Personal Data" do not apply to operators carrying out Cross-Border Transfer of Personal Data for the purpose of fulfilling the functions, powers, and duties imposed on state bodies, municipal bodies by an international treaty of the Russian Federation, the legislation of the Russian Federation, include the implementation of measures in the field of culture, science, and education.
2.17.10. The Operator does not control and is not responsible for the processing of information by third-party websites that can be accessed via links available on the Website.

PURPOSES OF COLLECTION AND PROCESSING OF PERSONAL DATA. SCOPE AND CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF DATA SUBJECTS

3.1. The Operator collects and processes Personal Data for the following purposes:

3.1.1. To provide the User with the ability to create a personal account on the Website. For this, the User fills out the registration form on the Website and provides the following Personal Data:

  • Email address;
  • Last name, First name, Patronymic (if any).

3.1.2. To send mailing letters to Users who have filled out the subscription form on the Website and expressed their consent to receive information about Website news, the Operator and its partners, including advertising. In the subscription form on the Website, the User indicates their email address. The mailing is carried out using the Website's software. To receive the mailing, the User provides the following personal data:

  • Email address;
  • Name.

3.1.3. To provide User feedback, including: sending notifications, requests, and information related to the use of the Website, execution of agreements and contracts, as well as processing requests and applications from the User, responding to User comments on the Website, responding to User messages, calls, letters, considering User claims – the Operator collects the following Personal Data:

  • Email address – when receiving a letter from the User to the Operator's address;
  • Phone number – when the Operator receives a message or call from the User;
  • Last name, First name, Patronymic (if any);
  • Passport data (in cases provided by law);
  • Address for sending a response to a letter, appeal;
  • Other Personal Data that the User leaves or communicates to the Operator during communication of their own free will.

3.1.4. To provide the User with the opportunity to publish works (articles, materials, content) on the Website, the Operator collects the following personal data:

  • Last name, First name, Patronymic (if any),
  • Email address,
  • Phone number,
  • Gender,
  • Place of work.

3.1.5. For conducting marketing research, for targeting using the Website's software, the Operator collects statistical depersonalized data that does not identify the User as a Data Subject.

3.2. The Operator processes Personal Data of the following categories of Data Subjects: Website Users, Authors, reviewers of scientific articles.

PROCEDURE AND TERMS OF PROCESSING PERSONAL DATA

4.1. The Operator collects and processes the following types of information:

  • Information that the User consciously provided to the Operator during the use of the Website;
  • Technical information automatically collected by the Website's software during its visit by the User.

4.2. Technical information automatically collected by the Website's software during a visit includes:

  • IP address;
  • Information from cookies;
  • Browser information;
  • Information about the type of device (mobile or PC);
  • Access time;
  • Other technical and statistical information collected by the Website's software.
    Technical information also includes analytical data without identification of the Data Subject, obtained as a result of the Website's use of web analytics services. This information is used solely for internal and external marketing purposes – to analyze Website traffic trends and improve the Website's service.

4.3. The Website uses User identification technology based on the use of cookies. Cookies may be recorded on the device used by the User to access the Website, which will later be used to collect statistical data, in particular about Website traffic, for automatic filling of fields in forms on the Website. The Operator may use and disclose information about the use of the Website, for example, to determine the extent of Website use, improve its content, explain its usefulness, and to expand the Website's functionality. By accepting this Privacy Policy, the User gives the Operator their consent that the technical data specified in clause 4.2, collected from the Website, is transmitted via the Internet. Depersonalized User data collected using Internet statistics services is used to collect information about User actions on the site, improve the quality of the Website and its content.

4.4. The Operator does not store Personal Data in cookies. The Operator uses information recorded in cookies, which does not identify individual Users, to analyze trends, administer the Website, determine User movements around the Website, and to collect demographic information about the general User base.

4.5. If the User does not want the Operator to collect technical information about them using cookies, the User must stop using the Website or prohibit the saving of cookies on their device used to access the Website by appropriately configuring their browser. It should be noted that Website services using this technology may become unavailable.

4.6. The User confirms their consent to the collection and processing of Personal Data when filling out the subscription form for the mailing on the Website, when filling out the registration form on the Website, when filling out the comment form under an article on the Website by checking the box located after the corresponding form and clicking the button under that form on the Website. The User confirms their consent to the Dissemination of Personal Data by providing the Operator with written consent for the dissemination of Personal Data.

4.7. Consent to the processing of Personal Data provided when sending a claim, application to the Operator is given by filling out the form provided by the Operator. The User must send the completed and signed consent form together with the text of the claim or application.

4.8. The Operator carries out the following actions (operations) or sets of actions (operations) with Personal Data with or without automation tools: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data.

4.9. The Operator processes Personal Data in the following ways:

  • Using automated means of processing Personal Data;
  • Without using automated means of processing Personal Data.

4.10. The transfer of the User's Personal Data to third parties (if necessary) is carried out with the User's consent for the purposes specified in Section 3.

4.11. The Operator guarantees that it never provides Personal Data to third parties, except in cases where:

  • This is expressly required by law (e.g., upon a written request from a court, law enforcement agencies);
  • The User has consented to the transfer of Personal Data;
  • The transfer is necessary for concluding contracts and/or within the framework of contracts between the Operator and the User;
  • The transfer occurs in the context of the sale or other transfer of the Website or business;
  • The transfer occurs within the framework of transferring the Personal Data database from one service to another according to the Operator's contractual relations;
  • It is required to provide User support or to assist in protecting and securing the Operator's systems.

4.12. The User's Personal Data may be transferred to authorized state authorities of the Russian Federation, inquiry and investigation bodies, and other authorized bodies only on the basis and in the manner established by the current legislation of the Russian Federation.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

5.1. The Operator processes Personal Data based on the following legal grounds:

  • The Constitution of the Russian Federation;
  • The Civil Code of the Russian Federation;
  • Law No. 2300-1 of 07.02.1992 "On Protection of Consumer Rights";
  • Federal Law No. 59-FZ of 02.05.2006 "On the Procedure for Considering Appeals of Citizens of the Russian Federation";
  • Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection";
  • Federal Law No. 63-FZ of 06.04.2011 "On Electronic Signature";
  • Federal Law No. 152-FZ of 27.07.2006 "On Personal Data";
  • Decree of the Government of the Russian Federation No. 1119 of 01.11.2012 "On Approval of Requirements for the Protection of Personal Data during Their Processing in Personal Data Information Systems";
  • Decree of the Government of the Russian Federation No. 687 of 15.09.2008 "On Approval of the Regulation on the Features of Processing Personal Data Carried Out Without the Use of Automation Tools";
  • Contracts concluded between the Operator and third parties for the purposes specified in Section 3;
  • Internal local documents of the Operator;
  • Consent to the processing of Personal Data (in cases not expressly provided for by the legislation of the Russian Federation but corresponding to the Operator's powers), consent to the Dissemination of Personal Data.

MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA DURING THEIR PROCESSING

6.1. The Operator protects the User's Personal Data by using generally accepted security methods to protect information from loss, unlawful or accidental access, distortion, and unauthorized dissemination, destruction, modification, blocking, copying, as well as any other unlawful actions with Personal Data by third parties. Security is implemented by network protection software, access verification procedures, the use of cryptographic means of information protection, compliance with the Privacy Policy, and other internal documents regulating the rules for processing Personal Data by the Operator.

6.2. If Personal Data is lost or disclosed, the Operator is obliged to inform the User about it.

6.3. The Operator, together with the User, takes all necessary legal, organizational, and technical measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's Personal Data.

6.4. Personal Data is kept confidential by the Operator, except when the User voluntarily placed information for general access in messages and comments on the Website.

6.5. Ensuring the security of Personal Data processed in the Operator's Personal Data information systems is achieved by eliminating unauthorized, including accidental, access to Personal Data, as well as by taking the following security measures:
6.5.1. Identifying threats to the security of Personal Data during their processing in the Operator's Personal Data information systems;
6.5.2. Applying organizational and technical measures to ensure the security of Personal Data during their processing in the Operator's Personal Data information systems, necessary to meet the requirements for the protection of Personal Data, the fulfillment of which ensures the levels of protection of Personal Data established by the Government of the Russian Federation;
6.5.3. Using information protection tools that have passed the established conformity assessment procedures;
6.5.4. Assessing the effectiveness of the measures taken to ensure the security of Personal Data before putting the Personal Data information system into operation;
6.5.5. Accounting for machine carriers of Personal Data;
6.5.6. Detecting facts of unauthorized access to Personal Data and taking measures;
6.5.7. Recovering Personal Data modified or deleted, destroyed due to unauthorized access to them;
6.5.8. Establishing rules for access to Personal Data processed in the Operator's Personal Data information systems, as well as ensuring the registration and accounting of all actions performed with Personal Data in the Operator's Personal Data information systems;
6.5.9. Monitoring the measures taken to ensure the security of Personal Data and the security levels of Personal Data information systems.

6.6. Measures aimed at ensuring the Operator's fulfilment of the duties provided for by the current legislation in the field of Personal Data. The Operator is obliged to take measures necessary and sufficient to ensure the fulfilment of the duties provided for by the current Russian legislation. The Operator independently determines the composition and list of measures necessary and sufficient to ensure the fulfilment of these duties. Such measures, in particular, include:

  1. Appointment by the head of the Operator of a person responsible for organizing the processing of Personal Data;
  2. Issuance by the Operator of documents defining the Operator's policy regarding the processing of Personal Data, the Privacy Policy, local acts on the processing of Personal Data, defining for each purpose of processing Personal Data the categories and list of processed Personal Data, categories of subjects whose Personal Data are processed, methods, terms of their processing and storage, the procedure for destroying Personal Data upon achieving the purposes of their processing or upon the occurrence of other legal grounds, as well as local acts establishing procedures aimed at preventing and identifying violations of the legislation of the Russian Federation, eliminating the consequences of such violations;
  3. Application of legal, organizational, and technical measures to ensure the security of Personal Data;
  4. Implementation of internal control and/or audit of the compliance of the processing of Personal Data with the legislation and regulatory legal acts adopted in accordance with it, requirements for the protection of Personal Data, the Operator's policy regarding the processing of personal data, the Privacy Policy, local acts of the Operator;
  5. Assessment of the harm that may be caused to Data Subjects in case of violation of the legislation, the ratio of the said harm and the measures taken by the Operator aimed at ensuring the fulfillment of the duties provided for by the legislation;
  6. Familiarizing the employees of the Operator who directly process Personal Data with the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of Personal Data, documents defining the Operator's policy regarding the processing of Personal Data, the Privacy Policy, local acts on the processing of Personal Data, and/or training the said employees.
  7. Publishing the Privacy Policy on the Website to ensure unlimited access to it.

TERMS OF PROCESSING PERSONAL DATA

7.1. The processing of Personal Data provided by the User on the Website is carried out from the moment the filled-out form is submitted on the Website until the termination of the Website's operation, until the moment of withdrawal of consent sent to the Operator, until the moment of deletion of the personal account on the Website.

7.2. Unless otherwise provided by other clauses of this Privacy Policy or current Russian legislation, the condition for terminating the processing of Personal Data is the achievement of the purposes of processing Personal Data, the expiration of the consent, or the withdrawal of consent to the processing of Personal Data, the identification of unlawful processing of Personal Data, the Operator's receipt of a request for the destruction of Personal Data.

7.3. The transfer (distribution, provision, access) of Personal Data permitted for dissemination must be terminated at any time at the request of the User.

7.4. The User has the right to apply to the Operator with a demand to stop the transfer (distribution, provision, access) of their Personal Data, previously permitted for dissemination, in case of non-compliance with the provisions of the current legislation, or to apply with such a demand to the court. The Operator is obliged to stop the transfer (distribution, provision, access) of Personal Data within 3 (three) working days from the receipt of the demand or within the period specified in the court decision that has entered into legal force, and if such a period is not specified in the court decision, then within 3 (three) working days from the moment the court decision enters into legal force.

7.5. The User independently determines the subscription period for the mailing and unsubscribes from the mailing by clicking on the unsubscribe link, which is in each received letter, or by sending a request to the Operator in free form to the editorial office's email address birf@expmed.ru with the note "Unsubscribe from mailing".

UPDATING, CORRECTION, DELETION, AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO USER REQUESTS FOR ACCESS TO PERSONAL DATA

8.1. If the inaccuracy of Personal Data or the illegality of their processing is confirmed, the Personal Data are subject to updating by the Operator, and the processing must be terminated accordingly.

8.2. The User's Personal Data, provided by them on the Website, which is stored and processed by the Operator, can be deleted/depersonalized by contacting the Operator. To do this, it is necessary to send a letter (Appendix No. 3 to this Privacy Policy) to the Operator at the editorial office's email address birf@expmed.ru. In this case, the User will not be able to use some of the Website's functionality. The consideration period for the request is 10 (ten) working days.

8.3. Upon achieving the purposes of processing Personal Data, the Operator ceases the processing of Personal Data (or ensures its cessation if the processing of Personal Data is carried out by another person acting on behalf of the Operator) and destroys the Personal Data (or ensures their destruction if the processing of Personal Data is carried out by another person acting on behalf of the Operator) within a period not exceeding 30 (thirty) days from the date of achieving the purpose of processing, unless:

  • Otherwise provided by the contract to which the User is a party, beneficiary, or guarantor;
  • The Operator is not entitled to process Personal Data without the User's consent on the grounds provided for by the Federal Law "On Personal Data" or other federal laws;
  • Otherwise provided by another agreement between the Operator and the User.
    If it is impossible to destroy Personal Data within the period specified in this clause, the Operator blocks such Personal Data or ensures their blocking (if the processing of Personal Data is carried out by another person acting on behalf of the Operator) and ensures the destruction of Personal Data within a period of no more than 6 (six) months, unless another period is established by federal laws.

8.4. Upon the Operator's receipt of a withdrawal of consent to the processing of Personal Data, the Operator ceases the processing of Personal Data (or ensures its cessation if the processing of Personal Data is carried out by another person acting on behalf of the Operator) and, if the storage of Personal Data is no longer required for the purposes of processing Personal Data, destroys the Personal Data (or ensures their destruction if the processing of Personal Data is carried out by another person acting on behalf of the Operator) within a period not exceeding 30 (thirty) days from the date of receipt of the said withdrawal, unless:

  • Otherwise provided by the contract to which the User is a party, beneficiary, or guarantor;
  • The Operator is not entitled to process Personal Data without the User's consent on the grounds provided for by the Federal Law "On Personal Data" or other federal laws;
  • Otherwise provided by another agreement between the Operator and the User.
    If it is impossible to destroy Personal Data within the period specified in this clause, the Operator blocks such Personal Data or ensures their blocking (if the processing of Personal Data is carried out by another person acting on behalf of the Operator) and ensures the destruction of Personal Data within a period of no more than 6 (six) months, unless another period is established by federal laws.

8.5. Upon receiving an appeal to the Operator with a demand to cease the processing of Personal Data, the Operator is obliged, within a period not exceeding 10 (ten) working days from the date of receipt of the corresponding demand, to cease their processing or ensure the cessation of such processing (if such processing is carried out by a person processing Personal Data), except for cases provided for by the current Russian legislation. The specified period may be extended, but not more than 5 (five) working days, in case the Operator sends a motivated notification to the Data Subject indicating the reasons for extending the period for providing the requested information. If it is impossible to destroy Personal Data within the period specified in this clause, the Operator blocks such Personal Data or ensures their blocking (if the processing of Personal Data is carried out by another person acting on behalf of the Operator) and ensures the destruction of Personal Data within a period of no more than 6 (six) months, unless another period is established by federal laws.

8.6. The Operator blocks Personal Data in case of identification of unlawful processing of Personal Data, identification of inaccurate Personal Data from the moment of appeal or request of the User (Appendix No. 1 to this Privacy Policy) or their legal representative or the authorized body for the protection of the rights of data subjects for the period of verification. If it is impossible to destroy Personal Data within the period specified in this clause, the Operator blocks such Personal Data or ensures their blocking (if the processing of Personal Data is carried out by another person acting on behalf of the Operator) and ensures the destruction of Personal Data within a period of no more than 6 (six) months, unless another period is established by federal laws.

8.7. The Operator updates, corrects, and clarifies Personal Data within 7 (seven) working days from the moment of appeal or request of the Data Subject (Appendix No. 2 to this Privacy Policy) or their legal representative or the authorized body for the protection of the rights of data subjects, in case of identification of incomplete, inaccurate, or outdated Personal Data.

8.8. The Operator deletes and destroys the User's Personal Data within 7 (seven) working days from the moment of appeal or request of the Data Subject (Appendix No. 3 to this Privacy Policy) or their legal representative or the authorized body for the protection of the rights of data subjects, upon receiving information confirming that the Personal Data was illegally obtained or is not necessary for the stated purpose of processing. In this case, the Operator notifies the Data Subject or their representative of the changes made and the measures taken and takes reasonable measures to notify third parties to whom the Personal Data of this subject was transferred.

8.9. In case of identification of unlawful processing of Personal Data carried out by the Operator or a person acting on behalf of the Operator, the Operator, within a period not exceeding 3 (three) working days from the date of this identification, is obliged to cease the unlawful processing of Personal Data or ensure the cessation of unlawful processing of Personal Data by the person acting on behalf of the Operator. If it is impossible to ensure the lawfulness of the processing of Personal Data, the Operator, within a period not exceeding 10 (ten) working days from the date of identification of unlawful processing of Personal Data, is obliged to destroy such Personal Data or ensure their destruction. The Operator is obliged to notify the Data Subject or their representative, or the authorized body for the protection of the rights of data subjects about the elimination of the violations committed or the destruction of Personal Data.

8.10. The Operator responds to requests from Users, their representatives, the authorized body for the protection of the rights of data subjects regarding Personal Data within 10 (ten) working days from the moment of appeal or receipt of the request by the Operator. The specified period may be extended, but not more than 5 (five) working days, in case the Operator sends a motivated notification to the Data Subject indicating the reasons for extending the period for providing the requested information.

8.11. In case of establishing the fact of unlawful or accidental transfer (provision, distribution, access) of Personal Data, which resulted in a violation of the User's rights, the Operator is obliged, from the moment of identification of such an incident, to notify the authorized body for the protection of the rights of data subjects:

  1. Within 24 (twenty-four) hours about the incident that occurred, the presumed reasons that led to the violation of the rights of Data Subjects, and the presumed harm caused to the rights of Data Subjects, the measures taken to eliminate the consequences of the corresponding incident, and also provide information about the person authorized by the Operator to interact with the authorized body for the protection of the rights of data subjects on issues related to the identified incident;
  2. Within 72 (seventy-two) hours about the results of the internal investigation of the identified incident, and also provide information about the persons whose actions caused the identified incident (if any).

FINAL PROVISIONS

9.1. The Operator has the right to make any changes and additions to the Privacy Policy at any time at its discretion.

9.2. Changes and additions come into force from the moment of posting the Privacy Policy with changes and additions on the Website. By continuing to use the Website after the publication of the new version of the Privacy Policy, the User thereby confirms their acceptance of it.



Publisher: Scientific Centre for Expert Evaluation of Medicinal Products

 

Processing of personal data
Development and technical support
of the site is carried out by NEICON
(Elpub lab)