Privacy policy
  1. PREAMBLE

This Website contains information about the Controller’s activities, team, practice areas, services, as well as informational materials, directories, alerts and other legal materials. When using the Website, we may collect and process certain personal data, and this Policy describes whose data we process, what data we process, the purpose of the processing, and other details of the processing and protection of personal data.

  1. GENERAL PROVISIONS
    • This Policy of WHITE SQUARE PARTNERS LIMITED LIABILITY COMPANY (hereinafter referred to as the “Controller“, registered number 1227700616923, address: Russian Federation, 121552, Moscow, Vn. Ter. G., Kuntsevo Municipal District, 15 Elninskaya St., Bldg. 3) with regard to processing of personal data (hereinafter referred to as the “Policy“) is developed in compliance with the requirements of the Federal Law of Russian Federation of 27.07.2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the “PD Law“), as well as in accordance with international standards in the field of personal data processing. The Policy is developed in order to ensure the protection of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family secrecy.
    • This Policy shall be governed by and interpreted in accordance with the Russian law and international standards in the field of personal data processing.
    • The Policy uses terms and concepts based on the way they are defined in the PD Law, taking into account international standards in the field of personal data regulation.
    • The Policy is published for unrestricted access on the Controller’s website at whitesquarepartners.com (the “Website“).
    • The Policy defines the main purposes, principles, procedure and conditions of processing personal data of the Website’s visitors (hereinafter –the “Website Visitors” or the “Data Subjects“), as well as measures to ensure the security and protection of personal data.
    • The Policy applies to all personal data of the Website Visitors, which is processed by the Controller.
    • The Controller guarantees compliance with confidentiality requirements in respect of personal data received by the Controller, taking into account the provisions of this Policy, and undertakes to use them only for the purposes specified in the Policy.
  2. BASIC CONCEPTS, METHODS OF PROCESSING OF PERSONAL DATA AND CONSENT OF THE DATA SUBJECT
    • Personal data – any information relating to a directly or indirectly identified or identifiable natural person (the Data Subject).
    • Processing of personal data – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or otherwise making available, alignment or combination, restriction, erasure or destruction.
    • The Controller performs automated as well as non-automated processing, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, depersonalization, blocking, deletion, destruction; mixed processing of personal data with transmission via the Controller’s internal network; transfer (provision, access) of personal data, in particular to technical specialists and developers of the Website, with the Consent of the Data Subject.
    • The Controller processes and protects the personal data of the Website Visitors who have expressed their consent to the processing of personal data (hereinafter – the “Consent”) by sending information via selected web forms (hereinafter – the “Web Forms“) on the pages of the Website (whitesquarepartners.com, as well as its subdomains) or by sending an e-mail to the corporate mail address ending with @whitesquarepartners.com (hereinafter – the “Corporate Mail“).
    • The Consent shall be deemed expressed when:
      • sending by the Website Visitor of the completed Web Form on the Controller’s Website by marking (clicking) in the corresponding field in the Web Form and clicking on the button of sending the Web Form on the corresponding page of the Website;
      • clicking by the Website Visitor on the button for sending an e-mail containing his/her personal data to the Corporate Mail;
      • any other sending of personal data by the Website Visitor using the Website.
    • The period of personal data processing by the Controller may not exceed the period stipulated by the purposes of personal data processing specified in article 6 of this Policy. The condition for termination of personal data processing is also the expiration of Consent or withdrawal of Consent of the Data Subject to processing his/her personal data, as well as the detection of unlawful processing of personal data.
  3. USE OF COOKIES AND TECHNICAL DATA COLLECTION SERVICES FOR THE WEBSITE VISITORS
    • The Website collects typical session log information, including IP address, browser type and language, as well as the time of visit and the address of the websites from which links were clicked.
    • To ensure effective management and improvement of the Website, the Controller may use cookies or web beacons (electronic images) together with tracking pixels, by means of which the Website counts the number of visitors who have visited a certain page and provides access to certain cookies.
    • By using the Website, the Website Visitor Consents to allow the Controller to download cookies to the Website Visitor’s device for the purposes described above.
    • The Website Visitor can manage cookies by accessing the browser settings. If cookies are deleted, all data on the Website Visitor’s preferences will be deleted, including the preference to refuse the use of cookies.
    • If cookies are blocked, changes may affect the user interface and some components of the Website may become unavailable.
  4. PRINCIPLES OF PERSONAL DATA PROCESSING
    • Processing of personal data is carried out by the Controller on the basis of the following principles:
      • processing of personal data is carried out on a lawful and fair basis;
      • processing of personal data must be limited to the achievement of specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection is not allowed;
      • Only personal data that meet the purposes for which they are processed are subject to processing;
      • the content and scope of processed personal data must correspond to the stated purposes of processing. Processed personal data must not be redundant in relation to the stated purposes of their processing;
      • when processing personal data, the accuracy of personal data, their sufficiency and, where necessary, relevance in relation to the purposes of personal data processing shall be ensured;
      • other principles stipulated by the current legislation of the Russian Federation on personal data, as well as international standards in the field of personal data regulation.
  1. PURPOSES OF PROCESSING, CATEGORIES OF THE DATA SUBJECTS, COMPOSITION AND LIMITATION ON PROCESSING OF PERSONAL DATA
DATA SUBJECT PURPOSE OF PROCESSING PROCESSED PERSONAL DATA PROCESSING LIMITATION
1.             Website Visitor (individuals who visit the Website) Management and improvement of the Website. IP address, device, operating system and browser information; the pages of the Website visited by the visitor; the day and time of the visit to the Website. 10 years
2.             Applicant for a vacant position published on the Website

 

Making decisions on hiring applicants. Surname, first name, patronymic, date of birth, telephone number (mobile), e-mail address, data on education, qualifications, professional training, information on advanced training, information on employment history, previous places of work, information on business and other personal qualities of an evaluative nature provided by the applicant. 3 years
3.             Participant (visitor) of the event held by the Controller, including potential participants ·         Registration for attending events organized and conducted by the Controller (including webinars, seminars, conferences).

·         Sending invitations to events organized by the Controller by e-mail, phone calls, messenger messages.

·         Notification of news, events, current commercial offers in relation to the services provided by the Controller by sending information and newsletters, marketing materials, alerts by e-mail, phone calls, messages to messengers.

·         Receiving requests from visitors of the Website and feedback from visitors of the Website.

Surname, first name, patronymic, place of work, position, e-mail address, phone number. 5 years
4.             Client (natural person or representative of a legal entity), including a potential one, who has applied to the Controller for legal services or request for legal services (request for quotation)

 

Provision of legal services. Surname, first name, patronymic; details of identity document (for a client of an individual); TIN (for a client of an individual); date of birth (for a client of an individual); address of registration (for a client of an individual); contact information: telephone number, e-mail address; information provided by the client for rendering legal services to him/her; place of work and position (for representatives of a legal entity). 5 years
Advising on the types of services provided by the Controller. Surname, first name, patronymic, place of work, position, e-mail address, phone number.
Promotion of goods, works, services in the market by means of direct contacts with a potential client through means of communication. Surname, first name, patronymic, place of work, position, e-mail address, phone number.
  1. TERMS OF PROCESSING OF PERSONAL DATA
    • Processing of personal data by the Controller is allowed in the following cases:
      • The Website Visitor has given his/her Consent to the processing of his/her personal data;
      • processing of personal data is necessary for realization of the rights and legitimate interests of the Controller for achievement of socially significant purposes, provided that at the same time the rights and freedoms of the Website Visitor are not violated;
      • processing of personal data is carried out for statistical or other research purposes, subject to mandatory depersonalization of personal data;
      • in other cases provided for by the current legislation of the Russian Federation on personal data, as well as international standards in the field of personal data regulation.
  1. PROCESSING OF PERSONAL DATA BY A THIRD PARTY ON BEHALF OF THE CONTROLLER
    • The Controller has the right to transfer personal data in case of assignment of personal data processing to another person with the Consent of the Data Subject. The person processing personal data on behalf of the Controller is not obliged to obtain the Consent of the Data Subject to the processing of his/her personal data.
    • If the Controller entrusts personal data processing to another person, the Controller shall be liable to the Data Subject for the actions of the said person. The person processing personal data on behalf of the Controller shall be liable to the Controller.
  2. CONSENT TO THE PROCESSING OF PERSONAL DATA
    • Consent to the processing of personal data is given by the Website Visitor for the entire period required by the Controller to achieve the purposes of processing.
    • Consent to the processing of personal data may be withdrawn by the Website Visitor by:
      • sending a notice with a request to stop processing of personal data in any form to the e-mail address info@whitesquarepartners.com; or
      • where applicable, by unsubscribing from the newsletter by clicking on the special unsubscribe link at the bottom of the newsletter email.
    • In case of withdrawal of Consent to the processing of personal data, the Controller shall stop processing and destroy personal data within a period not exceeding 30 (thirty) days from the date of receipt of the withdrawal.
    • In case of refusal to provide Consent to personal data processing, the Controller will be forced to refuse the Data Subject to perform the actions envisaged by the aforementioned purposes of personal data processing.
  3. RIGHTS OF THE DATA SUBJECT
    • The Data Subject has the right to:
      • obtain information regarding the processing of personal data in person or by sending a request to the e-mail address info@whitesquarepartners.com, including confirmation of the fact of personal data processing by the Controller, the legal basis and purposes of personal data processing, the purposes and methods of personal data processing applied by the Controller, the name and location of the Controller, information about persons (except for the Controller’s employees) who have access to personal data or to whom personal data may be disclosed;
      • demand from the Controller to clarify his personal data, block or destroy them in case the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect his rights;
      • revoke his/her Consent to the processing of personal data by sending a revocation to the Controller; and
      • appeal the actions or inactions of the Controller to the authorized body for the protection of the rights of the Data Subject or in court if he/she believes that the Controller processes his/her personal data in violation of the requirements of the Law on Personal Data or otherwise violates his/her rights and freedoms.
  1. CONTROLLER DUTIES
    • The Controller is obligated to:
      • process personal data of the Data Subjects only if the Consent of the Data Subject to the processing of his/her personal data is obtained, except in cases established by the PD Law or international standards in the field of personal data processing, when it is not necessary to obtain such Consent;
      • explain to the Data Subject the legal consequences of refusal to provide his/her personal data and (or) give the Consent to their processing in the event that, in accordance with the PD Law or international standards in the field of personal data processing, providing personal data and (or) obtaining the Consent to the processing of personal data is mandatory;
      • ensure confidentiality of personal data of the Data Subjects, not to disclose to third parties and not to distribute personal data without the Consent of the Data Subject, unless otherwise provided for by the PD Law or international standards in the field of personal data processing;
      • take the necessary measures or ensure that they are taken to delete or clarify incomplete or inaccurate personal data;
      • provide, upon request of the Data Subject, the information specified in the paragraph 1.1 of this Policy free of charge in an accessible form in the manner and within the timeframe provided for by the PD Law and international standards in the field of personal data processing; and
      • take the necessary legal, organizational and technical measures (ensure their adoption) to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination, other unlawful actions in relation to personal data.
  1. REPRESENTATIONS AND WARRANTIES
    • The Controller never asks the Website Visitor for information about their race, nationality, political views, religious and philosophical beliefs, state of health, intimate life.
    • The Controller shall process and take measures to protect personal data of the Website Visitors in accordance with the requirements of the legislation of the Russian Federation and international standards in the field of personal data processing, the provisions of this Policy, as well as other documents adopted by the Controller.
  2. ENSURING THE PROTECTION AND SECURITY OF PERSONAL DATA
    • Access to personal data of the Website Visitors is provided only to authorized employees of the Controller, who have undertaken to keep such information confidential.
    • The Controller appoints a person responsible for organizing the processing of personal data.
    • When processing personal data, the Controller shall take legal, organizational and technical measures provided for in Article 19 of the PD Law and international standards in the field of personal data processing to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions in relation to personal data.
    • The Controller shall use secured premises with delimited access to place servers of personal data information systems, as well as use lockable cabinets to store paper carriers of personal data.
    • The Controller exercises control over the measures taken to ensure the security of personal data.
  3. FINAL PROVISIONS
    • This Policy shall be subject to amendment or supplementation in cases of relevant amendments or supplements to the current legislation of the Russian Federation on personal data and international standards in the field of personal data processing.
    • This Policy may be amended and/or supplemented at any time at the discretion of the Controller. The changes shall come into effect from the moment the Controller posts the Policy with changes and/or amendments on the Website.
    • The current version of the Controller’s Policy is available for viewing by an unlimited number of persons on the Website at: whitesquarepartners.com.
    • All issues related to the processing and protection of personal data and not regulated in this Policy shall be regulated in accordance with the provisions of the current legislation of the Russian Federation on personal data and international standards in the field of personal data processing.
    • Control over fulfillment of the requirements of this Policy shall be exercised by the person responsible for organization of personal data processing of the Controller.
  4. CONTACT THE CONTROLLER

If the Data Subject wishes to exercise his/her rights (e.g., withdraw his/her Consent), receive certain information from the Controller or get answers to any other questions related to this Policy or the Controller’s processing of personal data, the Data Subject may send a corresponding request to the e-mail info@whitesquarepartners.com.