Personal Data Processing Policy
1. General Provisions
This Personal Data Processing Policy has been drawn up in accordance with the requirements of the Federal Law dd. 27.07.2006. No. 152-FZ "On Personal Data" (hereinafter referred to as the Personal Data Law) and determines the procedure for personal data processing and measures to ensure the security of personal data taken by GLOBAL MEDICAL GROUP (hereinafter referred to as the Operator).
1.1. The Operator sets as its most important goal and condition for the implementation of its activities the observance of human and civil rights and freedoms when processing personal data of citizens including the protection of the rights to privacy, personal and family secrets.
1.2. This Operator's Policy regarding the personal data processing (hereinafter referred to as the Policy) applies to all information that the Operator can obtain about visitors to the website https://globalmedical.group.
2. Basic Definitions Used in the Policy
2.1. Automated personal data processing is personal data processing performed using computing technology.
2.2. Blocking of personal data is a temporary suspension of the personal data processing (unless the processing is necessary to qualify personal data).
2.3. Website is a set of graphic and information materials as well as computer programs and databases ensuring their availability on the Internet at a network address https://globalmedical.group.
2.4. Information system of personal data is a set of personal data contained in databases and information technologies, and technical means providing their processing.
2.5. Depersonalization of personal data means actions as a result of which it is impossible to determine, without the use of additional information, the belonging of personal data to a specific User or other personal data subject.
2.6. Personal data processing is any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator is a state body, municipal body, legal entity or individual independently or jointly with other persons organizing and (or) performing personal data processing as well as determining the personal data processing purposes, the composition of personal data to be processed, and actions (operations) performed with personal data.
2.8. Personal data is any information relating directly or indirectly to a specific or identifiable User of website https://globalmedical.group.
2.9. Personal data permitted by a personal data subject for distribution are personal data access of an indefinite range of persons to which is provided by a personal data subject by giving consent to the personal data processing permitted by a personal data subject for distribution in the manner prescribed by the Personal Data Law (hereinafter – personal data permitted for distribution).
2.10. The User is any website https://globalmedical.group visitor.
2.11. Provision of personal data means actions aimed at disclosing personal data to a certain person or a specific group of persons.
2.12. Distribution of personal data means any actions aimed at disclosing personal data to an indefinite range of persons (transfer of personal data) or at acquaintance with personal data of an indefinite range of persons including public disclosure of personal data in the media, posting on information and telecommunication networks or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to the authority of a foreign state, to a foreign individual or foreign legal entity.
2.14. Destruction of personal data means any actions as a result of which personal data are destroyed irrevocably with the impossibility of further restoring the content of personal data in the personal data information system, and (or) physical carriers of personal data are destroyed.
3. Operator's Basic Rights and Obligations
3.1. The Operator has the right to:
- receive from a personal data subject reliable information and / or documents containing personal data;
- if a personal data subject withdraws the consent to personal data processing as well as sending an appeal with a request to stop processing of personal data, the Operator has the right to continue processing personal data without the consent of a personal data subject if there are grounds specified in the Personal Data Law;
- independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided by the Personal Data Law and regulatory legal acts adopted in accordance with it unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Operator is obliged to:
- provide a personal data subject, upon his or her request, with information regarding the processing of his or her personal data;
- organize the personal data processing in the manner prescribed by the current legislation of the Russian Federation;
- respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
- communicate the necessary information to the authorized body for the protection of the rights of personal data subjects at the request of this body within 10 days from the date of receipt of such a request;
- publish or otherwise provide unrestricted access to this Policy in respect of the personal data
processing;
- take legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, change, blocking, copying, provision, distribution of personal data as well as from other illegal actions in respect of personal data;
- stop the transfer (distribution, provision, access) of personal data, stop the processing and destroy personal data in the manner and in cases provided for by the Personal Data Law;
- perform other duties provided for by the Personal Data Law.
4. Basic Rights and Obligations of a Personal Data Subject
4.1. Personal data subjects have the right to:
- receive information regarding the processing of their personal data except for cases provided for by federal laws. The information is provided to a personal data subject by the Operator in an accessible form, and it should not contain personal data regarding other personal data subjects unless there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Personal Data Law;
- require the Operator to clarify their personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing as well as take measures provided for by law to protect their rights;
- set forth a condition of obtaining prior consent when processing personal data in order to promote goods, works, and services on the market;
- withdraw the consent to the personal data processing as well as to make a request to terminate the personal data processing;
- appeal to the authorized body for the protection of the rights of personal data subjects or in court against the illegal actions or inaction of the Operator when processing their personal data;
- exercise other rights provided by the legislation of the Russian Federation.
4.2. Personal data subjects are obliged to:
- provide the Operator with reliable data about themselves;
- inform the Operator about the clarification (update, change) of their personal data.
4.3. Persons who provided false information about themselves or information about other personal data subject without the consent of the latter to the Operator are liable in accordance with the legislation of the Russian Federation.
5. Principles of Personal Data Processing
5.1. The personal data processing is performed on a legal and equitable basis.
5.2. The personal data processing is limited to the fulfillment of specific, predetermined and legitimate goals. The personal data processing that is incompatible with the purposes of collecting personal data is not allowed.
5.3. It is not allowed to combine databases containing personal data, the processing of which is performed for purposes incompatible with each other.
5.4 Only personal data that meet the purposes of their processing are subject to processing.
5.5. The content and volume of the processed personal data correspond to the stated purposes of the processing. The redundancy of the processed personal data in respect of the stated purposes of their processing is not allowed.
5.6. When processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, relevance in respect of the purposes of personal data processing are ensured. The Operator takes the necessary measures and/or ensures their adoption to remove or clarify incomplete or inaccurate data.
5.7. The storage of personal data is performed in a form that makes it possible to determine a personal data subject no longer than the purpose of personal data processing requires if the personal data storage period is not established by a federal law, or a contract to which the personal data subject is a party, beneficiary, or guarantor. The processed personal data is destroyed or depersonalized upon achievement of the processing goals or in case of loss of the need to achieve these goals unless otherwise provided by a federal law.
6. Purposes of Personal Data Processing
7. Personal Data Processing Conditions
7.1. The personal data processing is performed with the consent of a personal data subject to the processing of his or her personal data.
7.2. The personal data processing is necessary to achieve the goals provided for by an international treaty of the Russian Federation or by law for the implementation of the functions, powers and duties imposed by the legislation of the Russian Federation on the Operator.
7.3. The personal data processing is necessary for the administration of justice, the execution of a judicial act, an act of the other body or official, subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings.
7.4. The personal data processing is necessary for the execution of a contract to which a personal data subject is a party, beneficiary, or guarantor as well as for concluding a contract on the initiative of a personal data subject or a contract under which a personal data subject will be a beneficiary or guarantor.
7.5. The personal data processing is necessary to exercise the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals provided that this does not violate the rights and freedoms of a personal data subject.
7.6. The personal data processing is performed, access of an indefinite range of persons to which is provided by a personal data subject or at his or her request (hereinafter – publicly available personal data).
7.7. The processing of personal data that are subject to publication or mandatory disclosure is performed in accordance with the federal law.
8. The Procedure for Collection, Storage, Transfer and Other Types of Personal Data Processing
The security of personal data processed by the Operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of the current legislation in the field of personal data protection.
8.1. The Operator ensures the safety of personal data and takes all possible measures to exclude access of unauthorized persons to personal data.
8.2. The User's personal data will never, under any circumstances, be transferred to third parties except in cases related to the implementation of current legislation or if a personal data subject has given consent to the Operator to transfer data to a third party to fulfill obligations under a legal contract.
8.3. In case of inaccuracies in personal data, the User can update them independently by sending a notification to the Operator's e-mail address info@gmed.group marked "Updating personal data".
8.4. The period for the personal data processing is determined by the achievement of goals for which personal data were collected unless another period is provided for by a contract or current legislation.
The User can revoke his consent to the personal data processing at any time by sending a notification to the Operator's email address info@gmed.group marked "Withdrawal of the consent to the personal data processing".
8.5. All information that is collected by third party services including payment systems, communication facilities, and other service providers is stored and processed by the specified persons (Operators) in accordance with their User Agreement and Privacy Policy. A personal data subject and/or the User is/are obliged to independently read the specified documents in a timely manner. The Operator is not responsible for the actions of third parties including the service providers specified in this clause.
8.6. The prohibitions established by a personal data subject on the transfer (except for providing access) as well as on the processing or processing conditions (except for gaining access) of personal data permitted for distribution do not apply in cases of personal data processing in the state, public and other social interests determined by legislation of the Russian Federation.
8.7. When processing personal data, the Operator ensures the privacy of personal data.
8.8. The Operator stores personal data in a form that makes it possible to determine a personal data subject no longer than the purpose of personal data processing requires unless the personal data storage period is established by a federal law, or a contract to which a personal data subject is a party, beneficiary or guarantor.
8.9. A condition for termination of the personal data processing may be the achievement of the personal data processing goals, expiration of a personal data subject's consent, withdrawal of the consent by a personal data subject or request to stop processing personal data as well as the identification of illegal processing of personal data.
9. List of Actions Performed by the Operator with the Received Personal Data
9.1. The Operator collects, records, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers (distributes, provides, gains access), depersonalizes, blocks, deletes, and destroys personal data.
9.2. The Operator performs the automated personal data processing with the receipt and/or transfer of the information received via information and telecommunication networks or without it.
10. Cross-Border Transfer of Personal Data
10.1. Prior to starting the cross-border transfer of personal data, the Operator is obliged to notify the authorized body for the protection of the rights of personal data subjects of its intention to carry out cross-border transfer of personal data.
Prior to filling the above notification, the Operator is obliged to obtain relevant information from the authorities of a foreign state, foreign individuals, foreign legal entities, to which the cross-border transfer of personal data is planned.
11. Personal Data Privacy
The Operator and other persons who have gained access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of a personal data subject unless otherwise provided by a federal law.
12. Final Provisions
12.1. The User can receive any clarifications on issues of interest regarding the processing of his or her personal data by contacting the Operator via e-mail info@gmed.group.
12.2. This document will reflect any changes in the Personal Data Processing Policy made by the Operator. The Policy is valid without limit in time until it is replaced by a new version.
12.3. The current version of the Policy is freely available on the Internet at https://globalmedical.group/en/privacy.
1. General Provisions
This Personal Data Processing Policy has been drawn up in accordance with the requirements of the Federal Law dd. 27.07.2006. No. 152-FZ "On Personal Data" (hereinafter referred to as the Personal Data Law) and determines the procedure for personal data processing and measures to ensure the security of personal data taken by GLOBAL MEDICAL GROUP (hereinafter referred to as the Operator).
1.1. The Operator sets as its most important goal and condition for the implementation of its activities the observance of human and civil rights and freedoms when processing personal data of citizens including the protection of the rights to privacy, personal and family secrets.
1.2. This Operator's Policy regarding the personal data processing (hereinafter referred to as the Policy) applies to all information that the Operator can obtain about visitors to the website https://globalmedical.group.
2. Basic Definitions Used in the Policy
2.1. Automated personal data processing is personal data processing performed using computing technology.
2.2. Blocking of personal data is a temporary suspension of the personal data processing (unless the processing is necessary to qualify personal data).
2.3. Website is a set of graphic and information materials as well as computer programs and databases ensuring their availability on the Internet at a network address https://globalmedical.group.
2.4. Information system of personal data is a set of personal data contained in databases and information technologies, and technical means providing their processing.
2.5. Depersonalization of personal data means actions as a result of which it is impossible to determine, without the use of additional information, the belonging of personal data to a specific User or other personal data subject.
2.6. Personal data processing is any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator is a state body, municipal body, legal entity or individual independently or jointly with other persons organizing and (or) performing personal data processing as well as determining the personal data processing purposes, the composition of personal data to be processed, and actions (operations) performed with personal data.
2.8. Personal data is any information relating directly or indirectly to a specific or identifiable User of website https://globalmedical.group.
2.9. Personal data permitted by a personal data subject for distribution are personal data access of an indefinite range of persons to which is provided by a personal data subject by giving consent to the personal data processing permitted by a personal data subject for distribution in the manner prescribed by the Personal Data Law (hereinafter – personal data permitted for distribution).
2.10. The User is any website https://globalmedical.group visitor.
2.11. Provision of personal data means actions aimed at disclosing personal data to a certain person or a specific group of persons.
2.12. Distribution of personal data means any actions aimed at disclosing personal data to an indefinite range of persons (transfer of personal data) or at acquaintance with personal data of an indefinite range of persons including public disclosure of personal data in the media, posting on information and telecommunication networks or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to the authority of a foreign state, to a foreign individual or foreign legal entity.
2.14. Destruction of personal data means any actions as a result of which personal data are destroyed irrevocably with the impossibility of further restoring the content of personal data in the personal data information system, and (or) physical carriers of personal data are destroyed.
3. Operator's Basic Rights and Obligations
3.1. The Operator has the right to:
- receive from a personal data subject reliable information and / or documents containing personal data;
- if a personal data subject withdraws the consent to personal data processing as well as sending an appeal with a request to stop processing of personal data, the Operator has the right to continue processing personal data without the consent of a personal data subject if there are grounds specified in the Personal Data Law;
- independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided by the Personal Data Law and regulatory legal acts adopted in accordance with it unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Operator is obliged to:
- provide a personal data subject, upon his or her request, with information regarding the processing of his or her personal data;
- organize the personal data processing in the manner prescribed by the current legislation of the Russian Federation;
- respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
- communicate the necessary information to the authorized body for the protection of the rights of personal data subjects at the request of this body within 10 days from the date of receipt of such a request;
- publish or otherwise provide unrestricted access to this Policy in respect of the personal data
processing;
- take legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, change, blocking, copying, provision, distribution of personal data as well as from other illegal actions in respect of personal data;
- stop the transfer (distribution, provision, access) of personal data, stop the processing and destroy personal data in the manner and in cases provided for by the Personal Data Law;
- perform other duties provided for by the Personal Data Law.
4. Basic Rights and Obligations of a Personal Data Subject
4.1. Personal data subjects have the right to:
- receive information regarding the processing of their personal data except for cases provided for by federal laws. The information is provided to a personal data subject by the Operator in an accessible form, and it should not contain personal data regarding other personal data subjects unless there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Personal Data Law;
- require the Operator to clarify their personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing as well as take measures provided for by law to protect their rights;
- set forth a condition of obtaining prior consent when processing personal data in order to promote goods, works, and services on the market;
- withdraw the consent to the personal data processing as well as to make a request to terminate the personal data processing;
- appeal to the authorized body for the protection of the rights of personal data subjects or in court against the illegal actions or inaction of the Operator when processing their personal data;
- exercise other rights provided by the legislation of the Russian Federation.
4.2. Personal data subjects are obliged to:
- provide the Operator with reliable data about themselves;
- inform the Operator about the clarification (update, change) of their personal data.
4.3. Persons who provided false information about themselves or information about other personal data subject without the consent of the latter to the Operator are liable in accordance with the legislation of the Russian Federation.
5. Principles of Personal Data Processing
5.1. The personal data processing is performed on a legal and equitable basis.
5.2. The personal data processing is limited to the fulfillment of specific, predetermined and legitimate goals. The personal data processing that is incompatible with the purposes of collecting personal data is not allowed.
5.3. It is not allowed to combine databases containing personal data, the processing of which is performed for purposes incompatible with each other.
5.4 Only personal data that meet the purposes of their processing are subject to processing.
5.5. The content and volume of the processed personal data correspond to the stated purposes of the processing. The redundancy of the processed personal data in respect of the stated purposes of their processing is not allowed.
5.6. When processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, relevance in respect of the purposes of personal data processing are ensured. The Operator takes the necessary measures and/or ensures their adoption to remove or clarify incomplete or inaccurate data.
5.7. The storage of personal data is performed in a form that makes it possible to determine a personal data subject no longer than the purpose of personal data processing requires if the personal data storage period is not established by a federal law, or a contract to which the personal data subject is a party, beneficiary, or guarantor. The processed personal data is destroyed or depersonalized upon achievement of the processing goals or in case of loss of the need to achieve these goals unless otherwise provided by a federal law.
6. Purposes of Personal Data Processing
- The purpose of personal data processing is to inform the User by sending e-mails.
- Personal data: name, surname, patronymic (if any) and e-mail address.
- Legal grounds: statutory (constitutional) documents of the Operator.
- Types of personal data processing: collection, recording, systematization, accumulation, storage, destruction and depersonalization of personal data.
7. Personal Data Processing Conditions
7.1. The personal data processing is performed with the consent of a personal data subject to the processing of his or her personal data.
7.2. The personal data processing is necessary to achieve the goals provided for by an international treaty of the Russian Federation or by law for the implementation of the functions, powers and duties imposed by the legislation of the Russian Federation on the Operator.
7.3. The personal data processing is necessary for the administration of justice, the execution of a judicial act, an act of the other body or official, subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings.
7.4. The personal data processing is necessary for the execution of a contract to which a personal data subject is a party, beneficiary, or guarantor as well as for concluding a contract on the initiative of a personal data subject or a contract under which a personal data subject will be a beneficiary or guarantor.
7.5. The personal data processing is necessary to exercise the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals provided that this does not violate the rights and freedoms of a personal data subject.
7.6. The personal data processing is performed, access of an indefinite range of persons to which is provided by a personal data subject or at his or her request (hereinafter – publicly available personal data).
7.7. The processing of personal data that are subject to publication or mandatory disclosure is performed in accordance with the federal law.
8. The Procedure for Collection, Storage, Transfer and Other Types of Personal Data Processing
The security of personal data processed by the Operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of the current legislation in the field of personal data protection.
8.1. The Operator ensures the safety of personal data and takes all possible measures to exclude access of unauthorized persons to personal data.
8.2. The User's personal data will never, under any circumstances, be transferred to third parties except in cases related to the implementation of current legislation or if a personal data subject has given consent to the Operator to transfer data to a third party to fulfill obligations under a legal contract.
8.3. In case of inaccuracies in personal data, the User can update them independently by sending a notification to the Operator's e-mail address info@gmed.group marked "Updating personal data".
8.4. The period for the personal data processing is determined by the achievement of goals for which personal data were collected unless another period is provided for by a contract or current legislation.
The User can revoke his consent to the personal data processing at any time by sending a notification to the Operator's email address info@gmed.group marked "Withdrawal of the consent to the personal data processing".
8.5. All information that is collected by third party services including payment systems, communication facilities, and other service providers is stored and processed by the specified persons (Operators) in accordance with their User Agreement and Privacy Policy. A personal data subject and/or the User is/are obliged to independently read the specified documents in a timely manner. The Operator is not responsible for the actions of third parties including the service providers specified in this clause.
8.6. The prohibitions established by a personal data subject on the transfer (except for providing access) as well as on the processing or processing conditions (except for gaining access) of personal data permitted for distribution do not apply in cases of personal data processing in the state, public and other social interests determined by legislation of the Russian Federation.
8.7. When processing personal data, the Operator ensures the privacy of personal data.
8.8. The Operator stores personal data in a form that makes it possible to determine a personal data subject no longer than the purpose of personal data processing requires unless the personal data storage period is established by a federal law, or a contract to which a personal data subject is a party, beneficiary or guarantor.
8.9. A condition for termination of the personal data processing may be the achievement of the personal data processing goals, expiration of a personal data subject's consent, withdrawal of the consent by a personal data subject or request to stop processing personal data as well as the identification of illegal processing of personal data.
9. List of Actions Performed by the Operator with the Received Personal Data
9.1. The Operator collects, records, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers (distributes, provides, gains access), depersonalizes, blocks, deletes, and destroys personal data.
9.2. The Operator performs the automated personal data processing with the receipt and/or transfer of the information received via information and telecommunication networks or without it.
10. Cross-Border Transfer of Personal Data
10.1. Prior to starting the cross-border transfer of personal data, the Operator is obliged to notify the authorized body for the protection of the rights of personal data subjects of its intention to carry out cross-border transfer of personal data.
Prior to filling the above notification, the Operator is obliged to obtain relevant information from the authorities of a foreign state, foreign individuals, foreign legal entities, to which the cross-border transfer of personal data is planned.
11. Personal Data Privacy
The Operator and other persons who have gained access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of a personal data subject unless otherwise provided by a federal law.
12. Final Provisions
12.1. The User can receive any clarifications on issues of interest regarding the processing of his or her personal data by contacting the Operator via e-mail info@gmed.group.
12.2. This document will reflect any changes in the Personal Data Processing Policy made by the Operator. The Policy is valid without limit in time until it is replaced by a new version.
12.3. The current version of the Policy is freely available on the Internet at https://globalmedical.group/en/privacy.
