Personal Data Processing Policy of Limited Liability Company BGP Litigation

1. General Provisions

1.1. This Policy of Limited Liability Company BGP Litigation (hereinafter the “Operator”), OGRN 1097746283910, TIN 7726629592, address: 6 PRESNENSKAYA EMB., BLDG. 2, FLOOR 18, PREMISES/OFFICE 1/1820, PRESNENSKY INTRA-CITY URBAN MUNICIPALITY, Moscow, 123112, in relation to processing of personal data (hereinafter the “Policy”) has been drawn up in performance of the requirements of Federal Law No. 152-FZ dated 27.07.2006 on “Personal Data” (hereinafter the “Personal Data Law”) for the purpose of ensuring protection of human and civil rights and liberties, including of the rights to personal privacy, personal and family secrets.

1.2. The Policy uses the terms and concepts as defined in the Personal Data Law.

1.3. The Policy is posted for unrestricted access on the Operator’s website at: bgplaw.com (hereinafter the “Website”).

1.4. The Policy determines the key goals, principles, procedure and conditions for processing the personal data of visitors to the given website (hereinafter the “Website Visitors” and “Personal Data Subjects”), and measures to ensure the security of and to protect personal data.

1.5. The Policy applies to all personal data of Website Visitors processed by the Operator.

1.6. The Operator guarantees observance of the confidentiality requirements in relation to the personal data received by the Operator as per the provisions of this Policy and undertakes to use them only for the purposes indicated herein.

2.  Key concepts and general provisions

2.1. Personal data means any information relating directly or indirectly to a determined or determinable individual (the Personal Data Subject).

2.2. Processing of personal data means any action (operation) or aggregate of actions (operations) performed with personal data using means of automation or otherwise. Processing of personal data includes: collection, recording, systematisation, accumulation, storage, specification (updating, amendment), extraction, transmission (distribution, presentation, provision of access to), anonymisation, blocking, deletion and destruction.

2.3. The Operator performs automated or non-automated processing, including collection, recording, systematisation, accumulation, storage, specification (updating, amendment), extraction, use, anonymisation, blocking, deletion and destruction; mixed processing of personal data with transmission via the Operator’s LAN; personal data transmission (presentation, provision of access), with the consent of the Personal Data Subject, to BGP LITIGATION Moscow Attorneys at Law, registered at: 6 Presnenskaya Emb., bldg. 2, Moscow, 123112.

2.4. When a Website Visitor views the Website, reads texts posted thereon and downloads other information, certain information about the computer used thereby is automatically registered.

2.5. During viewing of the Website, the Operator collects the following information: device IP-address for logging onto the Internet, type of browser and operating system, URL of the website from which the click-through was made, the date and time of the visit to the Website, the number of visits to webpages, their names, plus the duration of the visit.

2.6. The Operator processes and ensures the security of the personal data of Website Visitors who have consented to processing of their personal data (hereinafter the “Consent”) by submitting information via the selected web-forms (hereinafter the “Web-forms”) on the pages of the Website (bgplaw.com and its subdomains *.bgplaw.com) by e-mail to a corporate e-mail address ending in @bgplaw.com (hereinafter the “Corporate Mail”).

2.7. The Consent is deemed granted when:

- the Website Visitor submits the completed Web-form on the Operator’s Website by marking (clicking on) the relevant field on the Web-form on the corresponding Webpage;

- the Website Visitor clicks on the button to send an e-mail containing their personal data to the Corporate Mail address.

- the Website Visitor uses the Website to submit its personal data in any other way.

2.8. The Operator may not process the personal data for longer than necessary for the purposes of the processing specified in clause 4 hereof. Another condition for terminating personal data processing is expiry of the consent to personal data processing or recall thereof by the Personal Data Subject, as well as identification of unlawful processing of the personal data.

3. Use of cookies and services for collecting the Website Visitor’s technical data

3.1. The Website collects standard information on the session log, including the IP-address, browser type and language, and details of the visit time and address of the link click-through websites.

3.2. To ensure efficient management of the Website and assistance in the user interface settings, the Operator may use cookies (small text files stored on the visitor’s browser) or web beacons (electronic images) together with tracking pixels, which the Website uses to count the number of visitors to a particular page and ensure access to specific cookies. 

3.3. The technical data collected from Website Visitors are used exclusively for statistical purposes.

3.4. By using the Website, the Website Visitor gives their consent to the Operator downloading cookies onto their device as per the above conditions.

3.5. The Website Visitor may manage the cookies in the browser settings. If cookies are deleted, so will all the details of the Website Visitor’s preferences, including the preference to deny use of cookies.

3.6. If the cookies are blocked, the changes might affect the user interface and some of the Website components might become inaccessible.

4. Processing purposes, categories of Personal Data Subject, personal data processing composition and scope

Personal Data Subject

Personal data processing purpose

Personal data composition and scope

Participant in (visitor to) an event held by the Operator, including potential ones

Registration to attend events organised and held by the Operator (including webinars, seminars and conferences)

full name, place of work, position, e-mail, telephone number

Delivery of invitations to events held by the Operator by e-mail, telephone or messenger.

full name, place of work, position, e-mail, telephone number

Announcement of news, events, current commercial offers provided by the Operator in the form of information and news mail-outs, marketing material and alerts sent by the Operator by e-mail, telephone and messenger.

full name, place of work, position, e-mail, telephone number

Acceptance of communications from visitors to the Website and feedback with Website Visitors.

full name, place of work, position, e-mail, telephone number

Client (an individual or a legal entity representative), including a potential one, that has approached the Operator to receive legal services

Provision of legal services

Full name;

details of ID (for a client individual);

TIN (for a client individual);

date of birth (for a client individual);

registered address (for a client individual);

contact details: telephone number, e-mail;

information provided by the client in order to receive legal services;

place of work and position (for legal entity representatives).

Advice on the types of service rendered by the Operator

full name, place of work, position, e-mail, telephone number

Promotion of goods, work and services on the market through direct contacts with a potential client via means of communications

full name, place of work, position, e-mail, telephone number

Candidate for a vacancy posted on the Website

Decision-making on hiring a candidate

Full name, date of birth, (mobile) telephone number, e-mail, details of education, qualifications, occupational training, information about further training, about length of service, previous places of work, about business and other evaluative personal qualities of the candidate

5. Personal data processing principles

5.1. The Operator processes personal data as per the following principles:

- personal data is processed on a lawful and fair basis;

- personal data processing must be confined to achieving specific, previously determined and legal objectives. Personal data processing is not permitted unless it conforms to the goals for which the personal data are collected;

- only personal data that meet the objectives of their processing may be processed;

- the content and scope of processed personal data must comply with the declared processing purposes. Processed personal data must not be excessive with respect to the declared processing goals;

- personal data processing must ensure precision of the personal data, their sufficiency and, when necessary, relevance in relation to the personal data processing goals;

- other principles provided for by the effective Russian legislation on personal data.

6. Personal data processing conditions


6.1. The Operator may process personal data in the following cases:

- the Website Visitor has given their Consent to processing of their personal data; 

- processing of personal data is necessary for exercise of the rights and legitimate interests of the Operator to achieve socially significant objectives on the condition that this does not infringe on the rights and liberties of the Website Visitor; 

- personal data is processed for statistical or other research purposes, on the condition of mandatory anonymisation of the personal data; 

- in other cases provided for by the effective Russian legislation on personal data. 

7. Consent to personal data processing

7.1. The Website Visitor grants their Consent to processing of their personal data for the entire period required by the Operator to achieve the purposes of the processing.

7.2. The Website Visitor may revoke their Consent to processing of their personal data by:

  • sending a written notification, in free form, demanding that the Operator cease processing the personal data to the Operator’s address: 6 PRESNENSKAYA EMB., BLDG. 2, FLOOR 18, PREMISES/OFFICE 1/1820, PRESNENSKY INTRA-CITY URBAN MUNICIPALITY, Moscow, 123112;
  • sending a written notification, in free form, to the e-mail address office@bgplaw.com demanding a halt to the personal data processing;
  • unsubscribing from the information (news) mail-outs by clicking on the special unsubscribe link at the bottom of the e-mail mail-out letter.

If the consent to personal data processing is revoked, the Operator ceases to process them and destroys the personal data within 30 (thirty) days of receiving the consent recall.

If the Personal Data Subject refuses to consent to processing of their personal data, the Operator will have to refuse to perform for them the actions envisaged by the above personal data processing purposes.

8. Rights of the Personal Data Subject

8.1. The Personal Data Subject has the right:

8.1.1. In response to a personal address or a written enquiry sent to the postal address: 6 PRESNENSKAYA EMB., BLDG. 2, FLOOR 18, PREMISES/OFFICE 1/1820, PRESNENSKY INTRA-CITY URBAN MUNICIPALITY, Moscow, 123112, or the e-mail address office@bgplaw.com, to receive information about processing of their personal data, including confirmation of the personal data processing by the Operator, the legal grounds for and purposes of the personal data processing, the objectives of and means used by the Operator for personal data processing, the name and location of the Operator, information about persons (other than the Operator’s personnel) with access to the personal data or to whom the personal data may be disclosed on the basis of an agreement with the Operator or by federal law, the personal data processed in relation to the given Personal Data Subject, their source, unless a different procedure for provision of such data is stipulated by federal law, the personal data processing period, including for their storage and other information as per the Personal Data Law or other federal laws.

8.1.2. To request that the Operator update their personal data, block or destroy them if the personal data are incomplete, out of date, imprecise, received unlawfully or are not required for the declared processing purposes, and to take measures provided for by law for protection of their rights

8.1.3. To revoke their consent to processing of their personal data by sending the Operator a recall notice;

8.1.4. To complain about the actions or inactions of the Operator to the competent body for protection of the rights of personal data subjects or through the courts if they believe that the Operator is processing their personal data in breach of the requirements of the Personal Data Law or is otherwise violating their rights and liberties.

9. Obligations of the Operator

9.1. The Operator shall:

9.1.1. Process the personal data of Personal Data Subjects only on receipt of the Personal Data Subject’s consent to processing of their personal data, other than in cases dictated by the Personal Data Law when such consent is not required.

9.1.2 Explain to the Personal Data Subject the legal consequences of refusing to provide their personal data and/or consent to their processing when, as per federal law, provision of personal data and/or consent to personal data processing are mandatory.

9.1.3. Keep the Personal Data Subjects’ personal data confidential, not disclose to third parties or disseminate the personal data without the Personal Data Subject’s consent, unless federal law stipulates otherwise.

9.1.4. Take the requisite measures or cause them to be taken to delete or update incomplete or inaccurate personal data.

9.1.5. Provide, at the Personal Data Subject’s request, the information listed in clause 8.1.1. hereof, free of charge and in an accessible format, in the manner and by the times prescribed by the Personal Data Law.

9.1.6. Take the requisite legal, organisational and technical measures (cause them to be taken) for protecting personal data against unlawful or chance access thereto, destruction, amendment, blocking, copying, provision, distribution, or other unlawful actions with respect to the personal data. 

10. Representations and warranties

10.1. The Operator never requests from the Website Visitor information about their race, nationality, political views, religious or philosophical convictions, state of health or intimate life. 

10.2. The Operator processes and undertakes measures to protect Website Visitors’ personal data as per the requirements of the Russian legislation, the provisions of this Policy, and other documents adopted by the Operator.

 11. Ensuring personal data protection and security

11.1. Access to Website Visitors’ personal data is granted only to authorised employees of the Operator and BGP LITIGATION Moscow Bureau of Advocates registered at: 6 Presnenskaya Emb., bldg. 2, floor 18, premises/office 1/1820, Moscow, 123112, who have undertaken a confidentiality commitment with respect to such information.

11.2. The Operator appoints a person responsible for arranging personal data processing.

11.3. When processing personal data, the Operator takes the legal, organisational and technical measures as per Art.19 of the Personal Data Law to protect the personal data against unlawful or chance access thereto, destruction, amendment, blocking, copying, provision, distribution, or other unlawful actions with respect to the personal data.

11.4. The Operator uses secure premises with restricted access for locating the servers of the personal data information systems and lockable cabinets for storing personal data kept in hard copy. 

11.5. The Operator exercises control over the measures taken to ensure personal data security.

12. Final provisions

12.1. This Policy will be amended or supplemented if relevant amendments and supplements are introduced into the effective Russian legislation on personal data.
This Policy may be amended and/or supplemented at any time at the discretion of the Operator. Amendments come into effect when the Operator posts the Policy containing the amendments and/or supplements on the Website.

12.2. The current version of the Operator’s Policy is posted for viewing by an unlimited range of persons on the Website at: bgplaw.com.

12.3. All questions concerning processing and security of personal data that are not regulated hereby are regulated as per the provisions of the Russian legislation on personal data.

12.4. Control over fulfilment of the requirements of this Policy is exercised by the Operator’s person responsible for arranging personal data processing.