Preview

The Eurasian Journal of Life Sciences

Advanced search

Privacy Policy

This Personal Data Privacy Policy (hereinafter referred to as the “Privacy Policy”) applies to all personal data that the Personal Data Controller (hereinafter referred to as the “PDC”) may collect about a data subject while the Data subject is using the website with the domain name https://www.eajls.com. PDC asks that you carefully review the Privacy Policy and, if you disagree with any of its provisions, stop using the Website and leave it immediately.

  1. KEY TERMS AND DEFINITIONS

1. Key terms used in the Privacy Policy:

1.1. Automated processing of personal data – the processing of personal data using computer technology.

1.2. Blocking of personal data – temporary suspension of the processing of personal data (except in cases where processing is necessary to verify the accuracy of the personal data).

1.3. Personal data information system – a collection of personal data contained in databases, together with the information technology and technical means that enable their processing.

1.4. Confidentiality of personal data – a requirement that must be observed by the PDC or any other person who has access to personal data, prohibiting the disclosure of such data without the consent of the data subject or the existence of another legal basis.

1.5. Anonymization of personal data – actions that make it impossible to identify the specific data subject to whom the personal data pertains without the use of additional information.

1.6. Processing of personal data – any action (operation) or set of actions (operations) performed by the PDC, with or without the use of automated means, on personal data, including the collection, recording, organization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of Personal Data.

1.7. Personal Data Controller (PDC) – Federal State Autonomous Educational Institution of Higher Education First Moscow State Medical University named after I.M. Sechenov of the Ministry of Health of the Russian Federation (Sechenov University) PSRN: 1027739291580 TIN: 7704047505, which, independently or jointly with other entities, organizes and/or carries out the processing of Personal Data, as well as determines the purposes of processing Personal Data, the scope of Personal Data to be processed, and the actions (operations) performed on Personal Data.

1.8. Personal data – any information relating directly or indirectly to an identified or identifiable natural person (the Data subject).

1.9. Personal data authorized by the data subject for disclosure – personal data to which access is granted to an unlimited circle of persons by the User (Data subject) through the provision of consent to the processing of personal data authorized by the data subject for disclosure in accordance with the procedure provided for by current Russian legislation.

1.10. Privacy Policy – the document, including all amendments and additions, available online at https://www.eajls.com/jour/about/privacyPolicyCommon.

1.11. User – the subject of Personal Data, a legally competent natural person who uses the Website for their own purposes. Throughout this Privacy Policy, the User is also referred to as the subject of Personal Data (Data subject).

1.12. Disclosure of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.

1.13. Website – a collection of graphic and informational materials, as well as computer programs and databases, that make them accessible on the Internet via the web address https://www.eajls.com

1.14. Dissemination of personal data – actions aimed at disclosing personal data to an indefinite group of persons.

1.15. Cross-border transfer of personal data – the transfer of personal data to the territory of a foreign state to a government authority of a foreign state, a foreign natural person, or a foreign legal entity.

1.16. Destruction of personal data – actions that make it impossible to restore the content of personal data in a personal data information system and/or that result in the destruction of physical media containing personal data.

1.17. Cookies – a small piece of data sent by a web server and stored on the User’s device used to access the Website, which the web client or web browser sends back to the web server in an HTTPS request each time the User attempts to open a page on the Website.

1.18. Data Subject – a legally competent natural person using the Website for their own purposes.

1.19. IP Address – a unique network address of a node in a computer network built using the IP protocol.

 

  1. GENERAL PROVISIONS

2.1. This Privacy Policy defines the purposes, content, and procedures for the processing of Personal Data, measures aimed at protecting Personal Data, as well as procedures designed to identify and prevent violations of Russian Federation legislation regarding Personal Data. This Privacy Policy establishes the obligations of the PDC regarding the processing and protection of Personal Data, including ensuring the confidentiality of Personal Data provided to the PDC.

2.2. This Privacy Policy sets forth the PDC's policy as a controller processing Personal Data with respect to the processing and protection of Personal Data. The PDC processes Personal Data in compliance with the principles and conditions set forth in this Privacy Policy and the laws of the Russian Federation governing Personal Data. The Controller considers the observance of human and civil rights and freedoms in the processing of Personal Data, including the protection of the rights to privacy and personal and family confidentiality, to be its primary objective and a prerequisite for conducting its activities.

2.3. This Privacy Policy applies only to information collected through the use of the Website and in connection with the fulfillment of PDC’s contractual obligations.

2.4. The User decides to provide their Personal Data and consents to its processing freely, of their own volition, and in their own interest. Consent to the processing of Personal Data must be specific, relevant, informed, conscious, and unambiguous. PDC does not verify the accuracy of the Personal Data provided by the User.

2.5. Use of the Website constitutes acceptance of this Privacy Policy and the terms and conditions governing the processing of Personal Data.

2.6. By accepting this Privacy Policy, the User thereby gives their consent to PDC to process their Personal Data specified in Section 3 of this Privacy Policy, including the collection, recording, accumulation, storage, clarification (updating, modification), retrieval, use, transfer to third parties (distribution, provision, access), anonymization, blocking, deletion, and destruction of Personal Data for the purposes specified in Section 3.

2.7. By refusing to consent to the processing of their Personal Data by PDC for the purposes specified in Section 3, the data subject understands that they will not be able to take full advantage of the Website and its services, and that their use of the Website will be limited.

2.8. Data subject who has provided Personal Data that is incomplete in relation to the requirements of the relevant section of the Website or that is inaccurate will not be able to use all the features of the Website and its services, including the receipt of certain services provided through the Website, and use of the Website will be available on a limited basis.

2.9. Rights of the PDC:

- collect Personal Data through forms on the Website

- provide access to the Website

- collect, record, accumulate, store, update (modify), retrieve, use, transfer (distribute, disclose, grant access to), anonymize, block, delete, and destroy Personal Data

- transfer Personal Data to third parties on the basis of contracts entered into to achieve the purposes specified in Section 3 of the Privacy Policy and instructions for the processing of personal data.

- in the event that the User withdraws consent to the processing of Personal Data, the PDC has the right to continue processing Personal Data without the User’s consent if there are grounds specified in applicable law

- refuse the User’s repeated request for information regarding their Personal Data processed by the PDC in accordance with the provisions of federal law, provided that a reasoned response is provided

- disseminate Personal Data if separate consent for the dissemination of Personal Data has been obtained.

2.10. Obligations of the PDC:

- Use the Personal Data collected solely for the purposes specified in Section 3 of this Privacy Policy.

- Provide the User with information regarding their Personal Data upon receipt of a relevant request or inquiry.

- In the event of the loss or disclosure of confidential information, PDC shall not be liable if such confidential information:

- had already become public knowledge prior to its loss or disclosure;

- was obtained from a third party prior to PDC receiving it;

- was disclosed with the User’s consent.

- Provide the Data Subject or their representative with information regarding the processing of such Data Subject’s Personal Data by PDC, upon request.

- Not disclose Personal Data to third parties or disseminate it without the User’s consent, unless otherwise required by law.

- Upon receiving a request or inquiry from a User, provide the User with the details and information specified in the request or inquiry in an accessible format, without disclosing Personal Data relating to other data subjects, unless there are legal grounds for disclosing such Personal Data.

- Explain to the User the procedure for making a decision based solely on the automated processing of their personal data and the possible legal consequences of such a decision, provide the User with the opportunity to object to such a decision, and explain to the User the procedure for protecting their rights and legitimate interests. PDC is obligated to review the objection specified in this paragraph within thirty days of its receipt and notify the data subject of the results of the review of such objection.

- Explain to the User the legal consequences of refusing to provide their Personal Data and/or consent to its processing, if, in accordance with federal law, the provision of Personal Data and/or the receipt of consent to the processing of Personal Data by PDC is mandatory.

- When collecting Personal Data, including via the Internet, PDC is obligated to ensure the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of Personal Data of citizens of the Russian Federation using databases located within the territory of the Russian Federation, except in cases specified in current Russian legislation.

- PDC is obligated to ensure the reliable protection of Personal Data and the protection of its confidentiality.

2.11. Rights of the User:

- The right to request that PDC clarify, block, or delete your Personal Data if it is incomplete, outdated, inaccurate, obtained unlawfully, or not necessary for the stated purpose of processing, by sending a request to the website’s editorial team at eajls@staff.sechenov.ru.

- The right to request information about the measures taken by PDC to protect Personal Data.

- The right to submit a request to PDC regarding their Personal Data processed by PDC by sending a request (Appendix No. 4 to this Privacy Policy) to PDC via email at eajls@staff.sechenov.ru or to the website’s editorial office.

- The right to submit a follow-up request to PDC regarding their Personal Data processed by PDC no earlier than 30 (thirty) days after the initial contact or submission of the initial request, unless a shorter period is established by federal law.

- The right to contact PDC again or submit a repeat request to it in order to obtain information regarding their Personal Data processed by PDC, as well as to review the processed Personal Data before the expiration of the 30 (thirty) days, if such information and/or the processed Personal Data was not provided to the individual for review in full following the consideration of the initial request. The repeat request must include a justification for submitting the repeat request.

- The right to notify PDC of the revocation of their consent to the processing of Personal Data or their consent to the Disclosure of Personal Data.

- The right to protect their rights and legitimate interests, including the right to seek damages and/or compensation for emotional distress through legal proceedings.

- The right to appeal the actions or inaction of PDC to the authorized body for the protection of the rights of data subjects or through the courts.

2.12. Obligations of the User:

- Comply with the requirements set forth in Section 1.11 of this Privacy Policy;

- Provide accurate Personal Data.

2.13. Databases containing Personal Data of citizens of the Russian Federation are located within the territory of the Russian Federation.

2.14. PDC processes Personal Data on a lawful and fair basis to perform the functions, powers, and duties assigned by law, and to exercise the rights and legitimate interests of PDC and other persons. The transfer (disclosure, provision) and use of Personal Data shall be carried out only in the cases and in the manner provided for by federal laws, with the consent of the Data Subject, if so required by applicable law.

2.15. PDC obtains Personal Data directly from the data subject, except in cases where Personal Data is transferred within the framework of a contractual relationship.

2.16. PDC processes the User’s Personal Data with the User’s consent, provided either in writing (where required by applicable law of the Russian Federation) or through implied actions.

2.17. Principles for the processing of Personal Data established by this Privacy Policy:

2.17.1. The processing of Personal Data must be carried out on a lawful and fair basis.

2.17.2. The processing of Personal Data must be limited to the achievement of specific, predefined, and legitimate purposes. Processing of Personal Data that is incompatible with the purposes for which the Personal Data was collected is not permitted. Processing of Personal Data that is excessive in relation to the stated purposes of such processing is not permitted.

2.17.3. Databases containing Personal Data that are processed for purposes incompatible with one another may not be combined.

2.17.4. Only Personal Data that is relevant to the purposes of its processing may be processed.

2.17.5. The content and scope of the Personal Data being processed must correspond to the stated purposes of processing. The Personal Data being processed must not be excessive in relation to the stated purposes of its processing.

2.17.6. When processing Personal Data, the accuracy of the Personal Data, its adequacy, and, where necessary, its relevance to the purposes of processing must be ensured. PDC must take the necessary measures or ensure that such measures are taken to delete or correct incomplete or inaccurate data.

2.17.7. Personal data shall be stored in a form that allows for the identification of the data subject for no longer than is necessary to achieve the purposes of processing the Personal Data, unless the retention period for the Personal Data is established by federal law or by a contract to which the data subject is a party, beneficiary, or guarantor. Processed Personal Data shall be destroyed or anonymized upon achievement of the purposes of processing or in the event that the need to achieve such purposes ceases to exist, unless otherwise provided by federal law.

2.17.8. PDC is obligated to ensure that the foreign state to whose territory the cross-border transfer of Personal Data is carried out provides adequate protection of the rights of Personal Data subjects prior to the commencement of the cross-border transfer of Personal Data.

2.17.9. PDC performs Cross-Border Transfer of personal data belonging to Authors of articles and media materials to international databases of scientific publications (such as Scopus, Web of Science, PubMed, DOAJ, Dimensions, and others). In accordance with Part 2 of the List of Cases in which the requirements of Parts 3–6 do not apply to operators engaged in the cross-border transfer of personal data for the purpose of fulfilling the functions, powers, and duties assigned to state bodies and municipal bodies by international treaties of the Russian Federation or by the legislation of the Russian Federation, Parts 8–11 of Article 12 of the Federal Law “On Personal Data,” approved by Resolution of the Government of the Russian Federation No. 2526 of December 29, 2022, do not apply to cases in which operators engaged in the cross-border transfer of personal data for the purpose of fulfilling the functions, powers, and duties assigned to state bodies and municipal bodies, the requirements of Parts 8–11 of Article 12 of the Federal Law “On Personal Data” do not apply; this includes the implementation of activities in the fields of culture, science, and education;

2.17.10. PDC does not control and is not responsible for the processing of information by third-party websites that can be accessed via links available on the Website.

 

  1. PURPOSES OF COLLECTING AND PROCESSING PERSONAL DATA. SCOPE AND CATEGORIES OF PERSONAL DATA PROCESSED, CATEGORIES OF DATA SUBJECTS

3.1. PDC collects and processes Personal Data for the following purposes:

3.1.1. To enable the User to create a personal account on the Website. To do so, the User must complete the registration form on the Website and provide the following Personal Data:

- email address;

- last name, first name, and patronymic (if applicable).

3.1.2. Newsletters are sent to Users who have filled out the subscription form on the Website and consented to receiving information about the Website’s news, PDC, and its partners, including promotional content. Users provide their email address in the subscription form on the Website.

Newsletters are sent using the Website’s software.

To receive the newsletter, the User provides the following personal data:

- email address;

- first name.

3.1.3. Providing feedback to the User, including: sending notifications, requests, and information regarding the use of the Website, the performance of agreements and contracts, as well as processing requests and applications from the User, responding to the User’s comments on the Website, responding to the User’s messages, calls, and letters, and reviewing the User’s complaints — PDC collects the following Personal Data:

- email address - upon receipt of a letter from the User to PDC’s address;

- phone number - upon receipt by PDC of a message or call from the User;

- last name, first name, patronymic (if applicable);

- passport details (in cases provided for by law);

- address for sending a reply to a letter or inquiry;

- other Personal Data that the User provides to PDC voluntarily during the course of communication.

3.1.4. To enable Users to publish works (articles, materials, content) on the Website, PDC collects the following personal data:

  • last name, first name, middle name (if applicable),
  • email address,
  • phone number,
  • gender,
  • place of employment,

3.1.5. For the purpose of conducting marketing research and for targeting using the Website’s software, PDC collects statistical, anonymized data that does not identify the User as a data subject.

3.2. PDC processes Personal Data of the following categories of data subjects: Website Users, Authors, and reviewers of scientific articles.

 

  1. TERMS AND CONDITIONS FOR THE PROCESSING OF PERSONAL DATA

4.1. PDC collects and processes the following types of information:

- information that the User has voluntarily provided to PDC while using the Website;

- technical information automatically collected by the Website’s software when the User visits the Website.

4.2. Technical information automatically collected by the Website's software during your visit includes:

  • IP address;
  • information from cookies;
  • browser information;
  • device type information (mobile or PC);
  • access time;
  • other technical and statistical information collected by the Website’s software.

Technical information also includes anonymous analytical data—data that does not identify the subject of the Personal Data—obtained through the Website's use of web analytics services. This information is used exclusively for internal and external marketing purposes—to analyze trends in Website traffic and improve the Website's services.

4.3. The Website uses a user identification technology based on cookies. Cookies may be stored on the device the User uses to access the Website; these cookies will subsequently be used to collect statistical data—specifically regarding Website traffic—and to automatically fill in fields in forms on the Website. PDC may use and disclose information about the use of the Website, for example, to determine the extent of Website usage, improve its content, explain the Website’s usefulness, and expand the Website’s functionality. By accepting this Privacy Policy, the User grants PDC consent for the technical data specified in Section 4.2, collected from the Site, to be transmitted over the Internet. Anonymized User data collected using web analytics services is used to gather information about User activity on the Site and to improve the quality of the Website and its content.

4.4. PDC does not store Personal Data in cookies. PDC uses information stored in cookies—which does not identify individual Users—to analyze trends, administer the Website, track User movements on the Website, and collect demographic information about the User base as a whole.

4.5. If a User does not want PDC to collect technical information about them using cookies, the User must stop using the Website or prohibit the storage of cookies on the device used to access the Website by configuring their browser accordingly. Please note, however, that Website services that use this technology may become unavailable.

4.6. The User confirms their consent to the collection and processing of Personal Data when filling out the newsletter subscription form on the Website, when filling out the registration form on the Website, and when filling out the comment form under an article on the Website by checking the checkbox located below the relevant form and clicking the button below that form on the Website. The User confirms their consent to the Disclosure of Personal Data by providing PDC with written consent to the disclosure of personal data.

4.7. Consent to the processing of Personal Data provided when submitting claims or requests to PDC is given by filling out the form provided by PDC. The User is required to submit the completed and signed consent form along with the text of the claim or request.

4.8. PDC performs the following actions (operations) or sets of actions (operations) on Personal Data, with or without the use of automated means: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of Personal Data.

4.9. PDC processes Personal Data in the following ways:

  • using automated means of processing Personal Data    
  • without using automated means of processing Personal Data 4.10. The transfer of the User’s Personal Data to third parties (if necessary) is carried out with the User’s consent for the purposes specified in Section 3.

4.10. PDC guarantees that it will never disclose Personal Data to third parties, except in cases where:

  • it is expressly required by law (for example, upon a written request from a court or law enforcement agencies);
  • the User has consented to the transfer of Personal Data;
  • the transfer is necessary for the conclusion of contracts and/or within the scope of contracts between PDC and the User;
  • the transfer occurs as part of the sale or other transfer of the Site or business;
  • the transfer occurs as part of the migration of the Personal Data database from one service to another in accordance with the PDC’s contractual relationships;
  • it is required to provide user support or to assist in the protection and security of the PDC’s systems.

4.11. The User’s personal data may be disclosed to authorized government agencies of the Russian Federation, investigative authorities, and other authorized bodies only on the grounds and in accordance with the procedures established by the current legislation of the Russian Federation.

 

  1. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA 

5.1. PDC processes Personal Data on the following legal grounds:

  • the Constitution of the Russian Federation;
  • the Civil Code of the Russian Federation;
  • Law No. 2300-1 of February 7, 1992, “On the Protection of Consumer Rights”;
  • Federal Law No. 59-FZ of May 2, 2006, “On the Procedure for Considering Appeals from Citizens of the Russian Federation”;
  • Federal Law No. 149-FZ of July 27, 2006, “On Information, Information Technologies, and Information Protection”;
  • Federal Law No. 63-FZ of April 6, 2011, “On Electronic Signatures”;
  • Federal Law No. 152-FZ of July 27, 2006, “On Personal Data”;
  • Decree of the Government of the Russian Federation No. 1119 of November 1, 2012, “On the Approval of Requirements for the Protection of Personal Data When Processed in Personal Data Information Systems”;
  • Decree of the Government of the Russian Federation No. 687 dated September 15, 2008, “On the Approval of the Regulations on the Specifics of Personal Data Processing Carried Out Without the Use of Automation Tools”;
  • agreements concluded between the PDC and third parties for the purposes specified in Section 3;
  • internal local documents of the PDC;
  • consent to the processing of Personal Data (in cases not expressly provided for by the legislation of the Russian Federation but falling within the PDC’s authority), consent to the Disclosure of Personal Data.

 

  1. MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA DURING PROCESSING

6.1. PDC protects the User’s Personal Data by employing generally accepted security measures to safeguard information against loss, unauthorized or accidental access, distortion, and unauthorized disclosure, destruction, alteration, blocking, copying, as well as any other unlawful actions involving the Personal Data of third parties. Security is implemented through network security software, access control procedures, the use of cryptographic information protection measures, compliance with the Privacy Policy, and other internal documents governing the rules for processing PDC’s Personal Data.

6.2. In the event that Personal Data is lost or disclosed, PDC is required to notify the User.

6.3. PDC, together with the User, shall take all necessary legal, organizational, and technical measures to prevent losses or other negative consequences caused by the loss or disclosure of the User’s Personal Data.

6.4. Personal Data is kept confidential by PDC, except in cases where the User has voluntarily posted information for public access in messages or comments on the Site.

6.5. The security of Personal Data processed in PDC’s Personal Data Information Systems is ensured by preventing unauthorized access to Personal Data, including accidental access, and by implementing the following security measures:

6.5.1. identifying security threats to Personal Data during its processing in PDC’s Personal Data information systems;

6.5.2. the implementation of organizational and technical measures to ensure the security of Personal Data when it is processed in PDC’s Personal Data information systems, as required to meet Personal Data protection requirements, the implementation of which ensures the levels of Personal Data security established by the Government of the Russian Federation;

6.5.3. applying conformity assessment procedures for information security measures that have been conducted in accordance with established procedures;

6.5.4. assessing the effectiveness of measures taken to ensure the security of Personal Data prior to the commissioning of the Personal Data information system;

6.5.5. keeping records of physical media containing Personal Data;

6.5.6. detecting instances of unauthorized access to Personal Data and taking appropriate measures;

6.5.7. restoring Personal Data that has been modified, deleted, or destroyed as a result of unauthorized access;

6.5.8. establishing rules for accessing Personal Data processed in PDC’s Personal Data Information Systems, as well as ensuring the logging and recording of all actions performed on Personal Data within PDC’s Personal Data Information Systems;

6.5.9. monitoring the measures taken to ensure the security of Personal Data and the security levels of Personal Data information systems. 

6.6. Measures aimed at ensuring that PDC fulfills the obligations set forth in applicable personal data legislation. PDC is required to take measures that are necessary and sufficient to ensure compliance with the obligations set forth in applicable Russian legislation. PDC independently determines the composition and list of measures necessary and sufficient to ensure compliance with these obligations. Such measures include, in particular:

1) appointment by the head of PDC of a person responsible for organizing the processing of Personal Data.

2) issuance by PDC of documents defining PDC’s policy regarding the processing of Personal Data, a Privacy Policy, and local regulations on the processing of Personal Data, specifying for each purpose of processing Personal Data the categories and list of Personal Data being processed, the categories of data subjects, whose Personal Data is processed, the methods and timeframes for their processing and storage, the procedure for destroying Personal Data upon achievement of the purposes of their processing or upon the occurrence of other legal grounds, as well as local regulations establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations.

3) implementation of legal, organizational, and technical measures to ensure the security of Personal Data.

4) internal control and/or audit of the compliance of Personal Data processing with legislation and regulatory legal acts adopted in accordance therewith, requirements for the protection of Personal Data, PDC’s policy regarding the processing of personal data, the Privacy Policy, and PDC’s internal regulations;

5) assessment of the harm that may be caused to data subjects in the event of a violation of the law, and the proportionality of such harm to the measures taken by PDC to ensure compliance with its legal obligations;

6) familiarizing PDC employees directly involved in the processing of Personal Data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of Personal Data, documents defining PDC’s policy regarding the processing of personal data, the Privacy Policy, local regulations on the processing of Personal Data, and/or training of such employees.

7) publishing the Privacy Policy on the Website to ensure unrestricted access to it.

 

  1. TERMS FOR THE PROCESSING OF PERSONAL DATA 

7.1. The processing of Personal Data provided by the User on the Website takes place from the moment the completed form is submitted on the Website until the Website ceases operations, until consent provided to PDC is revoked, or until the User’s personal account on the Website is deleted.

7.2. Unless otherwise provided by other provisions of this Privacy Policy or applicable Russian law, the conditions for the termination of the processing of Personal Data are the achievement of the purposes of processing Personal Data, the expiration of the consent period, or the withdrawal of consent to the processing of Personal Data, the detection of unlawful processing of Personal Data, or the receipt by PDC of a request to destroy Personal Data.

7.3. The transfer (distribution, disclosure, or provision of access to) of Personal Data authorized for distribution must be discontinued at any time upon the User’s request.

7.4. The User has the right to request that PDC cease the transfer (distribution, provision, access) of their Personal Data previously authorized for distribution in the event of non-compliance with applicable law, or to file such a request with a court. PDC is obligated to cease the transfer (distribution, provision, access) of Personal Data within 3 (three) business days from the date of receipt of the request or within the timeframe specified in a court decision that has entered into legal force; if no such timeframe is specified in the court decision, then within 3 (three) business days from the date the court decision enters into legal force.

7.5. User independently determines the duration of their newsletter subscription and may unsubscribe by clicking the unsubscribe link included in every email received, or by sending a free-form PDC request to the journal’s editorial office at eajls@staff.sechenov.ru with the subject line “Unsubscribe.”

 

  1. UPDATING, CORRECTING, DELETING, AND DESTROYING PERSONAL DATA; RESPONDING TO USERS’ REQUESTS FOR ACCESS TO PERSONAL DATA

8.1. If it is confirmed that Personal Data is inaccurate or that its processing is unlawful, the Personal Data must be updated PDC, and the processing must be discontinued accordingly.

8.2. The User’s personal data provided by the User on the Website, which is stored and processed by PDC, may be deleted or anonymized by contacting PDC. To do so, the User must send a letter (Appendix No. 3 to this Privacy Policy) to PDC to the editorial office’s email address: eajls@staff.sechenov.ru. In this case, the User will not be able to use certain features of the Website. The request will be reviewed within 10 (ten) business days.

8.3. Upon achieving the purposes of processing Personal Data, PDC shall cease processing Personal Data (or ensure its cessation if the processing of Personal Data is carried out by another person acting on behalf of PDC) and destroy the Personal Data (or ensure its destruction if the processing of Personal Data is carried out by another person acting on behalf of PDC) within a period not exceeding 30 (thirty) days from the date the purpose of processing is achieved, unless:

  • otherwise provided by a contract to which the User is a party, beneficiary, or guarantor;
  • PDC is not entitled to process Personal Data without the User’s consent on the grounds provided for by the Federal Law “On Personal Data” or other federal laws;
  • otherwise provided by another agreement between PDC and the User.

If it is not possible to destroy Personal Data within the timeframe specified in this paragraph, PDC shall block such Personal Data or ensure its blocking (if the processing of Personal Data is carried out by another person acting on behalf of the PDC) and ensure the destruction of Personal Data within a period not exceeding 6 (six) months, unless a different period is established by federal laws.

8.4. Upon receiving a request from the Data Subject to withdraw consent for the processing of Personal Data, PDC shall cease processing the Personal Data (or ensure that such processing ceases if the Personal Data is being processed by another party acting on behalf of PDC) and, if the retention of Personal Data is no longer necessary for the purposes of processing Personal Data, PDC shall destroy the Personal Data (or ensure its destruction if the processing of Personal Data is carried out by another person acting on behalf of PDC) within a period not exceeding 30 (thirty) days from the date of receipt of such withdrawal, unless:

  • otherwise provided by a contract to which User is a party, beneficiary, or guarantor;
  • PDC is not entitled to process Personal Data without User’s consent on the grounds provided for by the Federal Law “On Personal Data” or other federal laws;
  • otherwise provided by another agreement between PDC and User.

If it is not possible to destroy Personal Data within the timeframe specified in this paragraph, PDC shall block such Personal Data or ensure its blocking (if the processing of Personal Data is carried out by another person acting on behalf of the PDC) and ensure the destruction of Personal Data within a period not exceeding 6 (six) months, unless a different period is established by federal laws.

8.5. If PDC receives a request to cease processing Personal Data, the PDC is required, within a period not exceeding 10 (ten) business days from the date of receipt of the relevant request, to cease processing such data or ensure that such processing is ceased (if such processing is carried out by a person responsible for processing personal data), except in cases provided for by applicable Russian law. This period may be extended, but by no more than 5 (five) business days, if PDC sends a reasoned notice to the data subject specifying the reasons for extending the deadline for providing the requested information. If it is not possible to destroy the Personal Data within the period specified in this paragraph, PDC shall block such Personal Data or ensure its blocking (if the processing of Personal Data is carried out by another person acting on behalf of the PDC) and ensure the destruction of Personal Data within a period not exceeding 6 (six) months, unless a different period is established by federal laws.

8.6. PDC shall block Personal Data in the event of unlawful processing of Personal Data or the discovery of inaccurate Personal Data, effective from the time of the User’s request or inquiry (Appendix No. 1 to this Privacy Policy) or from their legal representative or an authorized body for the protection of the rights of data subjects for the duration of the review. If it is not possible to destroy Personal Data within the period specified in this paragraph, PDC shall block such Personal Data or ensure its blocking (if the processing of Personal Data is carried out by another person acting on behalf of the PDC) and ensure the destruction of Personal Data within a period not exceeding 6 (six) months, unless a different period is established by federal laws.

8.7. PDC shall update, correct, or clarify Personal Data within 7 (seven) business days from the date of a request or inquiry from the data subject (Appendix No. 2 to this Privacy Policy), their legal representative, or an authorized body for the protection of data subjects’ rights, in the event that incomplete, inaccurate, or outdated Personal Data is identified.

8.8. PDC shall delete and destroy the User’s Personal Data within 7 (seven) business days of receiving a request from the data subject (Appendix No. 3 to this Privacy Policy), their legal representative, or an authorized body responsible for protecting the rights of data subjects, in the event that information is received confirming that the Personal Data was obtained unlawfully or is not necessary for the stated purpose of processing. In such cases, PDC shall notify the data subject or their representative of the changes made and the measures taken, and shall take reasonable steps to notify third parties to whom the data subject’s Personal Data has been transferred.

8.9. If unlawful processing of Personal Data by PDC or a person acting on behalf of PDP is detected, PDC shall, within a period not exceeding 3 (three) business days from the date of such discovery, cease the unlawful processing of Personal Data or ensure that the unlawful processing of Personal Data by a person acting on behalf of PDC is ceased. If it is impossible to ensure the lawfulness of the processing of Personal Data, PDC shall, within a period not exceeding 10 (ten) business days from the date of detection of the unlawful processing of Personal Data, destroy such Personal Data or ensure its destruction. PDC shall notify the data subject or their representative, or the authorized body for the protection of data subjects’ rights, of the rectification of the violations or the destruction of the Personal Data.

8.10. PDC shall respond to requests from Users, their representatives, or the authorized body for the protection of personal data subjects’ rights regarding Personal Data within 10 (ten) business days from the date of the request or the date PDC receives the request. This period may be extended, but by no more than 5 (five) business days, if PDC sends a reasoned notice to the data subject specifying the reasons for extending the deadline for providing the requested information.

8.11. If it is determined that an unlawful or accidental transfer (disclosure, dissemination, or access) of Personal Data has occurred, resulting in a violation of the User’s rights, PDC is required, upon discovery of such an incident, to notify the competent authority responsible for protecting the rights of data subjects:

1) within 24 (twenty-four) hours of the incident, regarding the incident itself, the presumed causes leading to the violation of the rights of data subjects, and the presumed harm caused to the rights of data subjects, the measures taken to mitigate the consequences of the incident, as well as provide information regarding the person authorized by PDC to interact with the competent authority for the protection of personal data subjects’ rights on matters related to the identified incident;

2) within 72 (seventy-two) hours, regarding the results of the internal investigation into the identified incident, as well as provide information about the persons whose actions caused the identified incident (if any).

 

  1. FINAL PROVISIONS

9.1. PDC reserves the right to make any changes or additions to the Privacy Policy at any time at its sole discretion.

9.2. Such changes and additions take effect upon the posting of the updated Privacy Policy on the Website. By continuing to use the Website after the publication of the updated Privacy Policy, the User thereby confirms their acceptance of it. 

 

Application