Confidentiality and Personal Data Processing Policy
PERSONAL DATA
1. General provisions
1.1. This Personal Data Processing Policy (the “Policy”) adopted by Scriptolex LLC (Reg. number: 1086449002606, TIN: 6449049147, registered at: 14 General – lieutenant Rudchenko M.M. quay, Engels, Saratov region, 413100, Russia (“Scriptolex”) defines the main principles, objectives, procedure and conditions of processing personal data of Visitors to the website, as well as the measures to ensure that such personal data is secure and protected.
1.2. This Policy has been developed in compliance with the Russian Constitution and statutory and other regulations of the Russian Federation in the sphere of personal data and has been published for open access at Scriptolex’s website at: www.scriptolex.ru.
1.3. The terms used in this Policy are interpreted as defined in Federal Law No. 152-FZ “On personal data” dated 27 July 2006.
1.4. Scriptolex guarantees that personal data it received shall be treated confidential having regard to the provisions of this Policy and undertakes to use such personal data only for the purposes set out in the Policy.
2. Definition and composition of personal data
2.1. The list of personal data to be safeguarded at Scriptolex shall be formed in accordance with Federal Law No. 152-FZ “On personal data” dated 27 July 2006.
2.2. Scriptolex shall process and safeguard personal data (including the surname, name, place of work, position, contact phone number, email, etc.) of the Visitors to Scriptolex’s Website at www.scriptolex.ru (the “Website”), as well as personal data coming to the Scriptolex’s corporate email ending with @scriptolex.ru (the “Corporate Email”) of personal data subjects who expressed their Consent to the processing of their personal data (the “Consent”) by submitting the information through the forms they select (the “Forms”) on the Website or by sending an email. The moment at which the Consent is accepted will be the marking of the corresponding field of the Form and the pressing on the button of ‘Submit Form’ on any page of the Website, as well as the pressing on the button of ‘Submit email’ to the Corporate Email, with such email containing personal data of the subject.
2.3. When visiting the Scriptolex’s Website, reading texts and loading other information, certain data is automatically registered on a PC from which a Website Visitor browses Scriptolex’s Website. When visitors browse its Website, Scriptolex gathers the following information:
the date and time when the Website were visited;
the number and title of pages visited, as well as the duration of the visit to each page;
IP address assigned to the device for connecting to the Internet;
type of browser and operating system;
the URL of the website from which a visitor came.
3. Purposes of processing personal data
3.1. Personal data of Website Visitors will be processed for the following purposes:
sending to the Website Visitors reference and marketing materials to the email addresses that the Website Visitors indicate;
offering Visitors an opportunity to contact Scriptolex for feedback
advising Website Visitors of the services we provide, for the purpose of marketing and providing support to Website Visitors and for any other purposes that do not contravene current Russian legislation and the provisions of the agreement between Scriptolex and the corresponding Website Visitors.
4. Principles of and timeframes for processing personal data
4.1. Scriptolex processes personal data based on the following principles:

the processing is carried out on legal and fair basis;

the processing is limited to specific and predetermined legal purposes;

it is not permitted to process personal data which is incompatible with the purposes for which such personal data was collected;

it is not permitted to combine the databases which contain personal data processed for mutually incompatible purposes;

the content and the volume of personal data being processed should be consistent with the declared purposes of the processing;

personal data is stored in a form which allows the personal data subject to be identified, but for no longer than it is required in accordance with the purposes for processing the personal data, unless another period is set by a federal law or a contract to or under which the personal data subject is a party, beneficiary or a guarantor;

based on such other principles as current Russian legislation on personal data may provide for.

4.2. Scriptolex will process personal data if either of the conditions below is met:

a personal data subject granted Consent to the processing of his/her personal data

the processing of personal data is necessary for rights and legal interests of Scriptolex to be exercised or for socially valuable purposes to be achieved, provided that this does not infringe the rights and liberties of personal data subjects;

personal data is processed for the purposes of statistical or other research, provided that such data is always depersonalised;

other conditions for which current Russian legislation on personal data provides.

5. Rights and obligations of a personal data subject
5.1. A personal data subject has the right:

to demand that his/her personal data be updated, renewed, blocked or destroyed;

to obtain the list of his/her personal data which Scriptolex processes and the source from which such personal data has been received, to be advised of the period for which his/her personal data will be processed, including the period of storage, and any other information about the processing of his/her personal data;

to demand that all persons to whom his/her inaccurate or incomplete personal data be advised of any corrections or supplements made;

to challenge, in the established manner, any unlawful acts or omissions when his/her personal data is processed.

5.2. Website Visitors must submit only accurate data about themselves.

5.3. A Visitor grants his/her Consent to the processing of his/her personal data for the whole period necessary for Scriptolex to attain the goals of processing such personal data.

5.4. A Visitor may revoke his/her Consent to the processing of his/her personal data by sending an application in writing to Scriptolex’s postal address at: 14 General – lieutenant Rudchenko M.M. quay, Engels, Saratov region, 413100, Russia, or to its corporate email address (info@scriptolex.ru).

5.5. Persons who have transferred the data to Scriptolex via the Website about another personal data subject without having the consent of the subject whose personal data has been transferred will be held liable under Russian legislation.
6. Rights and obligations of Scriptolex
6.1. Scriptolex never asks a Website Visitor about his/her race, national origins, political views, religious and philosophical convictions, health, and private life.

6.2. When processing personal data Scriptolex may do the following: gather, record, systematise, accumulate, store, update (renew or modify), retrieve, use, transfer (distribute, provide or access), depersonalise, block, delete or destroy the personal data of a Visitor.

6.3. If Visitors take part in the events Scriptolex holds, Scriptolex may disclose the corresponding personal data of the Visitor to persons who participate in holding the event.

6.4. Scriptolex may not transfer personal data to any third party, except for the following persons:

officials of state authorities to the extent of their powers;

persons to whom Scriptolex is obliged to transfer such personal data to comply with Russian legislation;

persons to whom Scriptolex transfers personal data in pursuance of an agreement with the personal data subject;

persons whom Scriptolex instructs to process personal data;

Scriptolex’s legal successors in the event of its reorganisation;

other persons, with the consent of the personal data subject.

6.5. Scriptolex may not disclose personal data of a Website Visitor for any commercial purposes without his/her consent. The processing of a Visitor’s personal data for the purposes of promoting goods, work and/or services on the market by directly contacting a potential consumer using means of communications is only allowed with the Visitor's prior consent.

6.6. Scriptolex undertakes to warn persons who have received a Visitor’s personal data that such data may be used only for the corresponding purposes and to require that such persons confirm their compliance with this rule.

6.7. Persons who received a Visitor’s personal data must keep such data secret (confidential).

6.8. Scriptolex will process personal data of Website Visitors and undertake measures to protect such personal data in accordance with the provisions of this Policy and other bylaws Scriptolex may issue.
7. Protection and security of personal data
7.1. Scriptolex applies the corresponding standards of technical and operational security to protect information submitted by Website Visitors from unauthorised access, disclosure, distortion, blocking or destruction.

7.2. The measures Scriptolex applies include the following:

appointing a person to be responsible for organising the processing of personal data;

applying legal, technical and organisational measures to ensure the safety of personal data;

assessing the damage personal data subjects may sustain if legislation is breached, and the correlation between the damage and security measures Scriptolex applies;

using secured premises with delineated access where personal data servers are placed and using locked cabinets to store personal data in hard copy form;

acquainting Scriptolex’s employees who are directly involved in processing personal data with the provisions of Russian legislation on personal data;

monitoring the measures undertaken to safeguard personal data.

7.3. Access to personal data is granted only to Scriptolex’s authorised employees and subcontractors who have undertaken to keep such information confidential.
8. Storage of personal data
8.1. Personal data of Website Visitors is stored during the period required for the purposes for which such data has been submitted, or for the period stipulated by legislation.
8.2. Once such purposes are attained or the period for processing personal data has expired, the personal data of Website Visitors will be destroyed.
9. Log data, cookies and web beacons
9.1. Scriptolex’s Website gathers standard information from the session log, including IP-address, type and language of the browser, as well as data on the time of the visit and addresses of websites from which a visitor came. To ensure effective management of the Website and assist with setting the user’s interface, Scriptolex may use cookies (small text files stored in the visitor’s browser) or web-beacons (electronic images), together with tracking pixels enabling the Website to calculate the number of visitors to a specific page, and may ensure access to specific cookie-files.
The standard information gathered will be used solely for strategic purposes. Scriptolex does not use personal data for the purpose of the personal identification of any Visitors. If, however, registered Visitors are authorised on the Website, Scriptolex will be able to use such data together with the information obtained via data analysis tools and cookie files so that to analyse how visitors use the Website.

9.2. When using the Website, a Visitor grants his/her consent to Scriptolex uploading cookie files to the Visitor’s device in accordance with the conditions above.
.3. A Visitor can manage cookie files by using the browser settings. If cookie files are deleted, all data regarding the Visitor’s preferences will be deleted, including his/her preference regarding a refusal to use cookie files. If cookie files are blocked, changes may be reflected on a user’s interface and some of the Website's features may become unavailable.
9.4. Scriptolex use services of Google Analytics and Yandex Metrics. For more information about services, see:
Google Analytics: https://marketingplatform.google.com/about/
Yandex Metrics: https://yandex.ru/support/metrica/
10. Final provisions
10.1. This Policy will be amended or added to if the corresponding changes or additions are made to current Russian legislation on personal data. The Policy may be amended at any moment at the discretion of Scriptolex. The current version of Scriptolex’s Policy is always available for review by public at large at its permanent address: www.scriptolex.ru.
10.2. All relationships involving Scriptolex relating to processing and protection of personal data which are not expressly reflected in this Policy will be regulated in accordance with Russian legislation on personal data.
10.3. Compliance with this Policy will be monitored by the person in charge of processing of personal data at Scriptolex.
The date of the latest update of the Policy is 06.11.2019
Made on
Tilda