Personal Data Processing Policy

Personal Data Processing Policy

  1. General Provisions

1.1. This personal data processing policy (hereinafter, the Policy) adopted by Quorum (Attorneys-at-Law, Primary State Registration Number 1177700000851, TIN 7704386699, registered address: Vtoraya Zvenigorodskaya str., 13/43 Moscow 123022 Russia) stipulates the principles, purposes, methods, and conditions for processing of personal data owned by the Visitors of the website as well as personal data security and protection measures.

1.2. This Policy has been developed in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ dd. 27.07.2006 (On Personal Data), legislative and other statutory instruments of the Russian Federation related to personal data (the Policy is available on

1.3. Provisions of this Policy shall apply to all information about visitors (hereinafter, the Visitor(s)) and/or third parties at the instruction and in favour of which the Visitor is acting that may be received (obtained) by Quorum (hereinafter, the Data Controller or the Controller) during the use of as well as its services, software programmes, and products. This Policy shall apply to all personal data owned by personal data subjects which may be received by the Data Controller in the course of its activity.

1.4. The purpose of this Policy is to inform persons providing their personal data about what personal data shall be subject to processing, for what purposes, and what security measures have been implemented.

1.5. The Visitors express their consent to personal data processing under this Policy when they use services of the Data Controller and communicate their personal data to the Controller, including through third parties.

Consent to personal data processing may be withdrawn by a personal data subject (i.e. personal data owner). Should the personal data subject withdraw its consent, the Data Controller may continue personal data processing without the subject’s consent provided there are statutory grounds for it.

1.6. Quorum shall process and protect personal data, namely:

1.6.1. Any information directly or indirectly related to an individual (personal data subject) including name, surname, patronymic, place of employment, position, contact telephone number, e-mail, and other information provided by the Visitor during registration or use of contact (feedback) forms and website’s services as well as information received on Quorum’s corporate e-mail ending with (hereinafter, the Corporate Mail) owned by personal data subjects who expressed their consent to personal data processing by providing their information via forms on the website or sending an e-mail.

1.6.2. Data which is, during the use of the website’s services by means of software tools of the Visitors, automatically transferred to the website, including IP-address, cookie files data, information about the browser (or other software used to access the website) of the Visitor, technical data about hardware used by the Visitor, date and time of access, requested page addresses, and other similar information.

1.7. Quorum does not request from the Visitors any information related to their racial and ethnic background, political, religious, or philosophical views, health or private issues.

  1. Purposes of Personal Data Processing

2.1. Except when statutory laws and regulations require compulsory retention of personal data for a certain period, the website shall gather and store only the information which is needed in order to provide services to or perform agreements and contracts with the Visitor.

2.2. The Data Controller shall process personal data for the purposes of ensuring its activity, pursuing its legitimate interests and claims.

2.3. Purposes of personal data processing:

– providing an access for the Visitor to the website resources;

– providing advisory services to the Visitor;

– creating feedback between the Controller and the Visitor, including sending notifications, requests concerning interaction with the website, providing services, processing requests and applications from the Visitor;

– establishing location of the Visitor for safety precautions and fraud prevention.

  1. Rules and Requirements for Processing and Retention of Personal Data

3.1. Personal data of the Visitor shall be kept confidential, unless the Visitor voluntarily provides its data for unlimited public access. In this case, the Visitor agrees that some of its personal data will come into the public domain.

3.2. The Data Controller may transfer the Visitor’s personal data to the third parties when:

– personal data shall be transferred to the competent public authorities acting within the limits of their powers based on Russian statutory laws and regulations or other applicable laws;

– personal data shall be transferred in order to perform a contract with a personal data subject;

– personal data shall be transferred to a legal successor of Quorum in case of its reorganization as well as persons which were instructed by Quorum to process personal data;

– in other cases when the Visitor expressed its consent to such actions.

3.3. When processing personal data, the Data Controller may gather, arrange, accumulate, store, adjust (update, change), extract, use, transfer, delete, block, erase personal data of the Visitor including data located in personal data information systems, with or without automation facilities.

3.4. Visitor’s personal data may be subject to processing for an unlimited period using any legal method.

3.5. Personal data shall be retained for a period necessary to meet the objectives and achieve the purposes for which it was set or for a period specified in laws and regulations, a contract or an agreement with the personal data subject, or a period limited by statute of limitations.

3.6. Personal data shall be erased (destroyed) after meeting the objectives or expiration of a relevant period.

  1. Duties and Responsibilities

4.1. Personal data subject may:

– receive a list of its personal data processed by the Data Controller, sources of such data, processing purposes and methods employed by the Data Controller, processing periods, retention periods, and other information specified in current Russian laws and regulations;

– request to adjust, block, or erase its personal data;

– appeal against acts or omissions of the Data Controller in a manner prescribed by the law.

4.2. The Visitor shall:

– provide accurate personal data;

– update, adjust personal data in case it was changed.

4.3. The Data Controller shall:

– use the provided information only for the stated purposes (objectives);

– ensure privacy of confidential information. Do not communicate (disseminate) personal data of the Visitor entrusted to it for commercial purposes without the Visitor’s prior consent;

– make efforts to protect personal data in accordance with this Policy and other documents issued by Quorum.

4.4. Consent to personal data processing shall be given by the Visitor for the whole period required by the Data Controller in order to achieve the purposes of such processing. The Visitor may withdraw such consent by sending a request to: Vtoraya Zvenigorodskaya str., 13/43 Moscow 123022 Russia.

  1. Personal Data Protection

5.1. The Data Controller shall process personal data contained in information systems based on the principles of data privacy.

5.2.  Measures of personal data protection employed by the Data Controller include:

– appointment of an officer responsible for personal data processing;

– application of legal, technical, and organizational measures to ensure personal data protection;

– use of secured premises with access rights (levels) differentiation for installing personal data information systems servers;

– making efforts aimed at prevention of an authorised access to personal data;

– familiarization of the Data Controller’s employees, who are responsible for personal data processing, with statutory requirements of Russian personal data laws;

– timely detection of unauthorised access to personal data

– capability to promptly recover personal data that was modified and erased (destroyed) by reason of an authorised access;

– regular monitoring of personal data protection level.

  1. Final Provisions

6.1. The Data Controller may amend this Policy without the Visitor’s prior consent.

6.2. This Policy (as amended and modified) may be found at: and is available for the general public.

6.3. All issues related to personal data protection and processing but not directly reflected in this Policy shall be governed by current Russian personal data laws.