We respect your privacy and are committed to protecting your personal data. These Privacy Regulations («the Regulations») are intended to let you know how we safeguard your personal data when you visit our website, and to explain our procedure for processing of personal data and your rights to protection of such data.
Before reading the Regulations, please read the terms and definitions which the Regulations use.
These Regulations consists of the following sections, which can be accessed via links:
- About the personal data operator
- Terms and definitions
- People whose personal data are processed (subjects of personal data)
- Actions with personal data and ways of processing personal data
- Why we process your data (purposes of processing)
- What data we process
- Processing of special types of personal data
- Processing personal data of minors
- Our principles for processing personal data
- Who we receive your data from
- Who can access your data
- Cross-border transfer of your personal data
- Web analysis
- How long we keep your personal data
- How we protect your personal data
- Rights of the subjects of personal data
About the personal data operator
We, Gazprom Neft PJSC (a company registered at the address: 5 Galernaya street, Line A, St. Petersburg, Russia («the Company» or «we»)), receive personal data from users of this website in the course of our business and process those data. These Regulations define the basic principles, goals, terms and methods of processing personal data, the subjects of personal data, the nature of the personal data which are processed on our website, our functions in processing personal data, and the steps we take to protect personal data.
These Regulations were prepared in accordance with Federal Law No. 152-FZ «On Personal Data» dated July 27, 2006 , taking account of the provisions of the General Data Protection Regulation («GDPR») (Regulation (EU) 2016/679), dated April 27, 2016 and are intended to protect the rights and freedoms of the person during the processing of his/her personal data.
Terms and definitions
Personal data: any information relating directly or indirectly to a specific or specifiable individual (subject of personal data). Examples of personal data are surname, first name, middle name, passport data, email address, phone number.
Consent: freely expressed, specific, conscious and unambiguously identifiable evidence of consent to the processing of the subject’s personal data.
Processing of personal data: any action with personal data, including the collection, recording, systematization, accumulation, storage, clarification (updating, amendment), extraction, use, transfer (distribution, provision, giving access), depersonalization, blocking, deletion and destruction of personal data.
Cross-border transfer of personal data: the transfer of personal data to the territory of a foreign state, addressed to a foreign government, foreign individual or foreign legal entity.
Cookie: a data fragment sent by the website server and stored on your device in order to optimize the operation of the website on your device.
People whose personal data are processed (subjects of personal data)
Using our website, we can process the personal data of:
- visitors to our website:
- applicants to carry out research and development (R&D);
- applicants to sell/purchase proposals for the supply of finished (industrially proven) technology/catalysts for use in the oil refining and petrochemical industries;
- applicants proposing new ideas as part of a technology partnership;
- investors, including potential investors;
- job candidates;
- users who wish to leave feedback;
- users who wish to subscribe to news shots or to the magazine Siberian Oil;
- other visitors to the website (users who visit the website without a specific purpose).
Actions with personal data and ways of processing personal data
We carry out collection, storage, use, transfer (distribution, provision, giving access), depersonalization, deletion and destruction of data.
We perform mixed processing of personal data with transmission via the Internet.
Why we process your data (purposes of processing)
We process your data in order to:
- ensure proper operation of website services (saving language preferences, simplifying use of the site, etc.);
- collect statistics on website visits (to monitor accessibility of our services and analyze their use);
- collect feedback;
- send out news and information;
- further the effective development of oil refining technologies and catalysts for use in oil refining and petrochemical processes;
- select candidates for employment at our Company;
- enable the exercise of your rights as a subject of personal data (see also the section Rights of subjects of personal data);
- provide internal information support for the business of the Company, its subsidiaries, branches and representative offices; we can create internal reference materials, which (with your written consent and unless otherwise stipulated by Russian law) may include last name, first name, middle name, place of work, position, year and place of birth, address, subscriber number, email address, and other personal data communicated by you;
- ensure compliance with the Russian Constitution, laws and other regulatory legal acts, and with the Company’s own regulatory acts, including :
- compliance with duties stipulated by law and other regulatory legal acts (enforcement of court orders, and orders of other bodies or officials that are compulsory under the laws of the Russian Federation on the enforcement of court verdicts);
- performance of functions, powers and duties assigned to the Company under Russian law, including the provision of personal data to government bodies;
- exercise of the rights and legitimate interests of the Company in the conduct of its business, as provided for by the Articles of the Company and other local regulatory acts of the Company, or the rights and legitimate interests of third parties, or the achievement of socially significant goals.
What data we process
The list of data processed using the website is determined by Russian law, the GDPR and local regulatory acts of the Company, taking account of the purposes of data processing, which are specified in this Regulation.
We process the following types of data:
- general information about applicants, investors, site users and job candidates (full name, nationality, etc.);
- contact information of applicants, site users, partners and job candidates (email address, contact phone number, position, postal address, etc.);
- technical information about the devices used by visitors to our website (IP address, cookies, MAC address, browser and its version, time spent on the website, refusals on the website, etc. See the sections, Using cookies and Web analysis;
- other information submitted by the subject of personal data in relevant fields of application forms.
Processing of special types of personal data
We do not collect information about race, ethnicity, political views, religious or other beliefs, personal life or health status.
Processing personal data of minors
We do not process the personal data of minors (persons under 18 years of age or the age, which defines minors in other jurisdictions) without the consent of their parents or legal representatives.
Processing of personal data of persons under 18 is permissible in the framework of the «school-college-company» continuous education strategy (see here for more details) but only with the consent of their parents or legal representatives.
Our principles for processing personal data
We observe the following principles when processing personal data:
- We process personal data in a manner that is lawful, fair and clear.
The legal basis for processing of personal data by our Company is your consent (as subject of the personal data) to the data processing.
The requirements of applicable law and international agreements may also serve as a legal basis for data processing.
- We limit ourselves to the achievement of specific, predetermined and legitimate objectives.
This means that we process your personal data only in order to achieve such objectives and do not use the personal data, which you provide, for purposes other than the stated purpose of their collection.
- The type and amount of personal data, which we process, is consistent with the specific, predetermined and legitimate objectives.
We collect and process the minimum amount of personal data, which is necessary in order to achieve the objectives of processing.
- We do not keep personal for longer than is necessary to achieve the objectives of processing or to carry out our obligations.
We ensure the timely destruction of your personal data, kept by us, and do not store them after the objectives of processing have been achieved or after the achievement of these objectives is no longer required.
- We ensure that personal data are accurate, sufficient and up-to-date.
We act as necessary to delete or clarify incomplete or inaccurate personal data.
- We ensure that personal data remain confidential and take all necessary organizational and technical steps to protect them.
Access to personal data, which is being processed by the Company, is restricted (only specifically authorized employees are permitted to process personal data).
- Ensuring the security of personal data when using storage media.
We store physical storage media containing personal data in a way that ensures safekeeping of the data and prevents unauthorized access to them.
- Ensuring security of personal data during transfer:
We do not disclose personal data to third parties and do not distribute it without your consent, unless otherwise required by law. We prohibit the transfer of personal data via open communication channels without the use of measures to ensure security.
We retain the right to entrust the processing of personal data to a third party on the basis of a contract made with that party, but only with your consent. Such a contract shall contain a list of actions (operations) with the personal data to be carried out by the third party, the purposes of processing, the obligation of such party to maintain confidentiality of the data and ensure security during their processing, as well as requirements for the protection of personal data during processing as defined by Article 19 of the Federal Law «On Personal Data» with due account for the provisions of Article 28 of the GDPR.
In some cases, but only with your consent, we transfer data to our partners or subsidiaries. In such cases, we carefully monitor compliance with principles for the processing of personal data and appropriate security measures.
More details on measures to protect your personal data are described in the Personal Data Processing Policy, as well as in the section How we protect your personal data.
- We do not permit the merger of databases containing personal data, which is being processed for different and incompatible purposes.
We separate personal data which is processed using automation from personal data which is processed manually by keeping them on separate media and in special sections. We ensure separate storage of personal data (their material carriers), the processing of which is carried out for different purposes (carriers bearing different types of personal data).
This ensures that data collected for different processing objectives are stored separately, preventing the data being used for objectives other than those for which they are intended.
We accept responsibility for the compliance of our activities with the above-mentioned principles of personal data processing, under the guidance of applicable law.
Who we receive your data from
We may receive your data from our subsidiaries and partners: when you move from their site to ours, some technical information (cookies), which can be used to analyze website operation, may be passed to us. You can read more about our policy on cookies here. We have not assessed the policy for compliance with the requirements of European law, but work to achieve compliance has already been carried out on the relevant section of the site.
We may also obtain your personal data from the HeadHunter recruiting site if you responded to one of our open employment vacancies. You can respond to a vacancy using your HeadHunter profile or you can create your own profile on our website. The principles used by HeadHunter for processing of personal data can be found on its website hh.ru.
Who can access your data
We may transfer your data to the following parties:
- Our subsidiaries for employment purposes.
- Our subsidiaries when moving to their websites via links on our website.
- Our partners, Google Inc. and Yandex LLC (web analysis and collection of statistics on website visits, contextual advertising).
- Technical data to our partner HeadHunter, if HeadHunter requests data from your profile in connection with response to a vacancy.
We require all third parties, with whom we work, to respect the security of your personal data and process them in a lawful manner. We do not permit third parties to use your personal data for their own purposes and only permit them to process your personal data for predefined purposes and in accordance with our instructions.
Cross-border transfer of your personal data
We process your personal data inside the Russian Federation.
If you are a subject of personal data in a country other than Russia, there will be a cross-border transfer of your personal data to the servers of our website in Russia. We do not transfer your personal data, obtained via our website, to other countries.
Our site includes links to accounts of the Company in social networks: VK, Facebook, ok.ru, YouTube, Twitter, Instagram. Some technical information and cookies may be transmitted when you follow these links.
We use Yandex.Metrica and Google Analytics site analysis services on our site. Yandex LLC and Google Inc. analyze on our behalf how users use the website in order to assess its efficiency and to identify potential for improvement. You can block collection of this information by downloading and installing a browser plug-in at:
How long we keep your personal data
Your personal data are deleted as soon as the objective of their processing has been achieved, or in case their processing is no longer needed. However, in some cases, we are obliged keep your personal data for as long as required by applicable law and international agreements.
How we protect your personal data
When processing personal data, we take necessary and sufficient measures to ensure compliance with the requirements and laws of the Russian Federation, the GDPR and local regulatory acts of the Company in the sphere of personal data processing.
- we evaluate risks associated with the processing of your personal data and put relevant security measures in place;
- we assess potential harm to you in case requirements for the processing and safeguarding of your personal data are not observed;
- we take appropriate and effective measures to protect you from risks of discrimination, data theft, fraud using personal data, financial losses, reputational damage, breach of the confidentiality of your data and any other significant economic or social damage;
- we take legal, organizational and technical measures to protect personal data from any illegal actions;
- we update local regulatory acts that define policy and other issues in respect of processing and protection of personal data by the Company;
- we provide unlimited access to these Privacy Regulations;
- we appoint a person who is responsible for the organization of personal data processing;
- we familiarize employees of the Company who are directly involved in the processing of personal data with the provisions of Russian law and local regulatory acts of the Company in respect of personal data, including requirements for the protection of personal data, and we hold regular trainings for such employees;
- we carry out internal audit of processing and protection of your personal data;
- we provide training for our employees on matters of information security and personal data protection;
- we have a procedure in place for receipt and review of your requests and complaints;
- we inform subjects of personal data or their representatives concerning their personal data, which are held by us, and give them free access to the data, unless otherwise required by the provisions of Russian law;
- we suspend processing of personal data and destroy personal data when this is required by the provisions of Russian law.
Rights of the subjects of personal data
We guarantee to grant the following rights to you in respect of your personal data at no cost:
- to correct personal data that have been provided if they are incomplete and (or) incorrect (Art. 14 Federal Law-152, Art. 16 GDPR);
- to withdraw consent to the processing of personal data with the subsequent destruction of personal data (Art. 9 Federal Law-152, Art. 7 GDPR);
- to receive information regarding the processing of personal data (Art. 14, 16 Federal Law-152, Article 15 GDPR);
- to restrict processing and delete personal data (Art. 14, 15 Federal Law-152, Art. 17, 18 GDPR);
- if you believe that your rights and lawful interests have been breached, you can submit a complaint (Art. 17 Federal Law-152, Art. 21 GDPR). We will do our best to rectify the situation. Complaints should be submitted in letter form to the address ZGD_SEC@gazprom-neft.ru;
- if you believe that your rights and lawful interests have been breached, you have the right to file a claim with the appropriate supervisory authority or court (Art. 17 Federal Law-152, Art. 21 GDPR).
If you are a subject of European Union law, we guarantee the following rights under the GDPR:
- to receive personal data provided to us in a structured format and transfer these data to other organizations (Art. 20 GDPR);
- to receive a copy of the personal data processed by the Company (Art. 15 GDPR);
- to receive information on leaks of personal data (Art. 34 GDPR).
You will not be required to pay in order to access your personal data (or to exercise any of the other rights mentioned above) under the GDPR. However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. We may refuse to meet your request if you refuse payment in such a case.
The exercise of the above-mentioned rights is conditional on your unique identification as the subject of personal data. We notify you of your obligation to provide us with accurate personal dat
We will do our best to answer all your inquiries within one month (30 calendar days). A longer period of time may be required if your request is complex or if you sent several requests at once. In this case, we will notify you of the time needed for the information to be provided and will keep you informed of progress.
You can contract us in any of the ways listed below. We will be glad to respond to your questions and to hear any feedback concerning these Regulations.
This document is subject to amendment
We regularly evaluate the personal data processing procedures described above and update the Privacy Regulations as necessary. We will notify you of changes to the Privacy Regulations by email or via notice on the website. We recommend you to check this page periodically for information updates regarding our privacy rules.
Date of publication: 01.10.2019
Previous version of the document: 01.10.2019