Updated: 10.05.2025

PERSONAL DATA PRIVACY POLICY

This Personal Data Privacy Policy (hereinafter referred to as the "Privacy Policy") applies to all personal data that the Personal Data Processing Operator(hereinafter referred to as the "Operator") processes. – Protected areas) can get information about the subject of Personal Data while using the Site with the domain namehttps://www.bmjour.ru The EPA requests that you carefully read the Privacy Policy and, if you do not agree with any of the provisions, stop using the Site and immediately leave it.

1. BASIC CONCEPTS

1. Basic concepts used in the Privacy Policy:

1.1. Automated processing of personal data - processing of personal data using computer technology.

1.2. Blocking of personal data - temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data).

1.3. Personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing.

1.4. Confidentiality of personal data – a mandatory requirement for compliance with the DPA or other person who has obtained access to Personal Data not to allow their dissemination without the consent of the Personal Data subject or other legal grounds.

1.5. Depersonalization of personal data - actions that make it impossible to determine whether personal data belongs to a specific personal data subject without using additional information.

1.6. Personal data processing – any action (operation) or a set of actions (operations) performed by the DPA with or without the use of automation tools with Personal Data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision access), depersonalization, blocking, deletion, or destruction of Personal Data.

1.7. Personal Data Processing Operator (PDA) - Irkutsk State Medical University OGRN: 1023801539673 TIN: 3811022096, which independently or jointly with other persons organizes and / or performs the processing of Personal Data, as well as determines the purposes of processing Personal Data, the composition of Personal Data to be processed, actions (operations) performed with Personal Data.

1.8. Personal data – any information relating directly or indirectly to a specific or identifiable natural person (subject of Personal Data).

1.9. Personal data authorized for distribution by the personal data subject - personal data that an unlimited number of persons have access to by the User (personal data subject) by giving consent to the processing of personal data authorized by the personal data subject for distribution in accordance with the procedure provided for by the current Russian legislation.

1.10. Privacy Policy – this document with all changes and additions, located on the Internet athttps://www.bmjour.ru/jour/about/privacyPolicyCommon.

1.11. User– a subject of Personal Data, a legally capable individual who uses the Site in their own interests. In the text of this Privacy Policy, the User is also listed as the subject of Personal Data.

1.12. Provision of personal data - actions aimed at disclosing personal data to a certain person or a certain group of persons.

1.13. Site – a set of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet at the network address https://www.bmjour.ru

1.14. Dissemination of personal data - actions aimed at disclosing personal data to an indefinite group of persons.

1.15. Cross-border transfer of personal data - transfer of personal data on the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

1.16. Destruction of personal data - actions that make it impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

1.17. Cookies – a small piece of data sent by the web server and stored on the User's device used to access the Site, which the web client or web browser sends to the web server in an HTTPS request each time when trying to open a page of the corresponding site.

1.18. The subject of Personal Datais a legally capable individual who uses the Site in their own interests.

1.19. IP address – a unique network address of a node in a computer network built using the IP protocol.

2. GENERAL PROVISIONS

2.1. The Privacy Policy defines the purposes, content and procedure for processing Personal Data, measures aimed at protecting Personal Data, as well as procedures aimed at identifying and preventing violations of the legislation of the Russian Federation in the field of Personal Data. This Privacy Policy sets out the responsibilities of the DPA for the processing of Personal Data, their protection, including ensuring the confidentiality of Personal Data provided by the DPA.

2.2. This Privacy Policy defines the policy of the PSA, as the operator that processes Personal Data, regarding the processing and protection of Personal Data. The processing of Personal Data at the PSA is carried out in compliance with the principles and conditions provided for in this Privacy Policy and the legislation of the Russian Federation in the field of Personal Data. The Operator sets as its most important goal and condition for carrying out its activities the observance of human and civil rights and freedoms when processing their Personal Data, including the protection of the rights to privacy, personal and family secrets.

2.3. This Privacy Policy applies only to information obtained during the use of the Site and in the framework of fulfilling the contractual obligations of the PLO.

2.4. The User decides to provide their Personal Data and consents to their processing freely, voluntarily and in their own interest. Consent to the processing of Personal Data must be specific, substantive, informed, conscious and unambiguous. The EPA does not verify the accuracy of the Personal Data provided by the User.

2.5. Using the Site means agreeing to this Privacy Policy and the terms of Personal Data processing.

2.6. By accepting this Privacy Policy, the User hereby gives his consent to the processing of his Personal Data specified in Section 3 of this Privacy Policy, including collection, recording, accumulation, storage, clarification (updating, modification), extraction, use, transfer to third parties (distribution, provision, access) depersonalization, blocking, deletion, or destruction of Personal Data for the purposes specified in section 3.

2.7. The subject of personal data, refusing to give consent to the processing of their Personal Data by the PSA for the purposes specified in Section 3, understands that they will not be able to use all the features of the Site and its services, and the use of the Site will be available in a limited mode.

2.8. A personal Data subject who has provided Personal Data that does not fully comply with the requirements of the relevant section of the Site or does not correspond to reality will not be able to use all the features of the Site and its services, including receiving certain services provided through the Site, and the use of the Site will be available in a limited mode

2.9.Rights of protected areas:

- collect Personal Data via forms on the Website

- grant access to the Site

- collect, record, accumulate, store, refine (update, modify), extract, use, transmit (distribute, provide, access), depersonalize, block, delete, destroy Personal Data

- transfer Personal Data to third parties on the basis of contracts concluded to achieve the goals specified in section 3 of the Privacy Policy and instructions for processing personal data.

- if the User withdraws consent to the processing of Personal Data, the PSA has the right to continue processing Personal Data without the User's consent, if there are grounds specified in the current legislation

- refuse the User to fulfill a repeated request for providing information regarding their Personal Data, which is processed by the DPA in accordance with the terms of the federal law when providing a reasoned response

- distribute Personal Data if there is a separate consent to the dissemination of personal data.

2.10. Responsibilities of the PLO:

- Use the received Personal Data exclusively for the purposes specified in section 3 of this Privacy Policy.

- Provide the User with information concerning their Personal Data upon receipt of a corresponding request or request.

- In case of loss or disclosure of confidential information, the PAO is not responsible if this confidential information:

- became public domain before its loss or disclosure;

- it was received from a third party prior to its receipt by the PA.

- was disclosed with the User's consent.

- Inform the Personal Data Subject or his representative of information about the processing of Personal Data of such a Personal Data Subject carried out by the DPA upon his request.

- Do not disclose or distribute Personal Data to third parties without the User's consent, unless otherwise provided by law.

- Upon receiving a request or request from the User, provide him with the information and information specified in the request/ request in an accessible form and without specifying Personal Data related to other personal data subjects, except in cases where there are legal grounds for disclosure of such Personal Data.

- Explain to the User the procedure for making a decision based solely on Automated processing of their personal data and the possible legal consequences of such a decision, provide the User with an opportunity to object to such a decision, as well as explain the procedure for protecting the User's rights and legitimate interests. The DPA is obliged to consider the objection specified in this paragraph within thirty days from the date of its receipt and notify the personal data subject of the results of consideration of such an objection.

- Explain to the User the legal consequences of refusing to provide their Personal Data and /or consent to their processing, if, in accordance with federal law, the provision of Personal Data and / or obtaining consent to the processing of Personal Data by the DPA are mandatory.

- When collecting Personal Data, including through the information and telecommunications network "Internet", the PLO is obliged to ensure the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of Personal Data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for the cases specified in the current legislation of the Russian Federation. Russian legislation.

- The EPA is obliged to ensure reliable protection of Personal Data, protection of their confidentiality.

2.11.User Rights:

- Has the right to request that the DPA clarify their Personal Data, block them or destroy them if the Personal Data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, by sending an application to the email addresseditor@bmjour.rueditor@bmjour.ru site editors.

- Has the right to request information about the measures taken by the DPA to protect Personal Data.

- Has the right to send a request to the DPA regarding their Personal Data that is processed by the DPA by sending an application (Appendix No. 4 to this Privacy Policy) to the DPA by e-maileditor@bmjour.rueditor@bmjour.ru site editors.

- Has the right to send a repeated request to the DPA regarding their Personal Data that is processed by the DPA, not earlier than 30 (thirty) days after the initial request or sending the initial request, unless a shorter period is established by federal law.

- Has the right to apply again to the DPA or send it a repeated request in order to obtain information about their Personal Data that is processed by the DPA, as well as in order to get acquainted with the processed Personal Data before the expiration of the period of 30 (thirty) days, if such information and (or) the processed Personal Data were not provided to them for full review of the results of consideration of the initial request. The repeated request must contain a justification for sending the repeated request.

- Has the right to send a revocation of the PLO's consent to the processing of Personal Data, consent to the Dissemination of Personal Data.

- Has the right to protect their rights and legitimate interests, including compensation for damages and (or) compensation for moral damage in court.

- Has the right to appeal against the actions or omissions of the DPA to the authorized body for the protection of the rights of personal data subjects or in court.

2.12.User's Responsibilities:

- Comply with the requirements specified in clause 1.11 of this Privacy Policy;

- provide your reliable Personal data.

2.13. Databases of information containing Personal Data of citizens of the Russian Federation are located on the territory of the Russian Federation.

2.14. The DPA processes Personal Data on a legal and fair basis in order to perform the functions, powers and duties assigned by law, exercise the rights and legitimate interests of the DPA and other persons. The transfer (distribution, provision) and use of Personal Data is carried out only in cases and in accordance with the procedure provided for by federal laws, with the consent of the Personal Data Subject, if this is determined by the current legislation.

2.15. The PSA receives Personal Data directly from the Personal Data subject, except for cases when Personal Data is transferred within the framework of a contractual relationship.

2.16. The PSA processes the User's Personal Data with their consent, provided either in writing (if necessary, in accordance with the current legislation of the Russian Federation), or when performing specific actions.

2.17. Principles of Personal Data processing established by this Privacy Policy:

2.17.1. The processing of Personal Data must be carried out on a legal and fair basis.

2.17.2. The processing of Personal Data should be limited to the achievement of specific, pre-defined and legitimate goals. Processing of Personal Data that is incompatible with the purposes of Personal Data collection is not allowed.  It is not allowed to process redundant Personal Data in relation to the stated purposes of their processing.

2.17.3. It is not allowed to combine databases containing Personal Data, the processing of which is carried out for purposes that are incompatible with each other.

2.17.4. Only Personal Data that meets the purposes of their processing are subject to processing.

2.17.5. The content and scope of Personal Data processed must correspond to the stated purposes of processing. The Personal Data processed should not be redundant in relation to the stated purposes of their processing.

2.17.6.When processing Personal Data, the accuracy of Personal Data, their sufficiency, and, if necessary, their relevance in relation to the purposes of Personal Data processing must be ensured. The EPA must take the necessary measures or ensure that they are taken to remove or clarify incomplete or inaccurate data.

2.17.7. Storage of Personal Data must be carried out in a form that allows identifying the subject of Personal Data, no longer than the purposes of processing Personal Data require, unless the period of storage of Personal Data is established by federal law, an agreement поручителемto which the subject of Personal Data is a party, beneficiary or guarantor. The processed Personal Data is subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law. 

2.17.8. The DPA is obliged to make sure that the foreign state to whose territory the Cross-border transfer of personal data is carried out provides adequate protection of the rights of Personal data subjects before starting the cross-border transfer of Personal Data.

2.17.9. OOPD trans-border transfers personal data of Authors of articles and media materials to international databases of scientific publications (such as Scopus and WebofScience, PubMed, DOAJ, Dimensions, etc.). In accordance with Part 2 of the List of Cases in which the requirements of Parts 3 - 6, 8 - 11 of Article 12 of the Federal Law "On Personal Data" do not apply to operators Performing cross-border transfer of personal data for the purpose of fulfilling the functions, powers and duties assigned to state bodies and municipal bodies by an international treaty of the Russian Federation or by the legislation of the Russian Federation. data protection", approved by the Decree of the Government of the Russian Federation No. 2526 of December 29, 2022. The requirements of Parts 8-11 do not apply to operators performing cross-border transfer of personal data in order to fulfill the functions, powers and responsibilities assigned to state bodies and municipal bodies by the international treaty of the Russian Federation or by the legislation of the Russian Federation article 12 of the Federal Law "On Personal Data", relates to the implementation of measures in the field of culture, science and education;

2.17.10. The PSA does not control and is not responsible for the processing of information by third-party sites that can be accessed via the links available on the Site.

3. PURPOSES OF PERSONAL DATA COLLECTION AND PROCESSING. SCOPE AND CATEGORIES OF PERSONAL DATA PROCESSED, CATEGORIES OF PERSONAL DATA SUBJECTS

3.1. The EPA collects and processes Personal Data for the following purposes:

3.1.1. Providing the User with the opportunity to create a personal account on the Site. To do this, the User fills out the registration form on the Site and provides the following Personal Data:

- email address.

- last name, first name, patronymic (if any).

3.1.2. Sending mailing letters to those Users who have filled out the subscription form on the Site and expressed their consent to receive information about the Site's news, about the Protected Area and its partners,including advertising. In the subscription form on the Site, the User specifies their email address.

Mailing is carried out using the Site's software.

To receive the newsletter, the User provides the following personal data:

- email address.

- first name.

3.1.3. Providing feedback to the User, including: sending notifications, requests and information related to the use of the Site, execution of agreements and contracts, as well as processing requests and requests from the User, responding to User comments on the Site, responding to messages, calls, letters from the User, reviewing User claims-the EPA collects the following Personal Data :  data:

- e-mail address - when receiving a message from the User to the address of the Administrative Division.

- phone number - when the ADF receives a message or call from the User.

- last name, first name, patronymic (if any);

- passport data(in cases stipulated by the legislation);

- address for sending a response to the letter or request.

- other Personal Data that the User leaves or informs the PLO during the communication process at their own request.

3.1.4. In order to provide the User with the opportunity to publish works (articles, materials, content) on the Website, the PLO collects the following personal data:

• last name, first name, patronymic (if any),
• email address,
• telephone,
• floor,
• place of work,

3.1.5. For the purpose of conducting marketing research and targeting using the Site's software, the DPA collects statistical impersonal data that does not identify the User as a personal data subject.

3.2. OOPD processes Personal Data of the following categories of Personal Data subjects: Site users, Authors, reviewers of scientific articles.

4. PROCEDURE AND CONDITIONS FOR PROCESSING PERSONAL DATA

4.1. The EPA collects and processes the following types of information:

- information that the User knowingly provided to the PLO during the use of the Site

- technical information that is automatically collected by the Site's software during the User's visit.

4.2. Technical information automatically collected by the Site's software during its visit includes:

• IP address.
• information from cookies.
• information about the browser.
• information about the type of device (mobile or PC).
• access time.
• other technical and statistical information collected by the Site's software.

Technical information also includes analytical data without identifying the subject of Personal Data obtained as a result of the Site's use of web analytics services. This information is used exclusively for internal and external marketing purposes – to analyze trends in Site visits and improve the Site's service.

4.3. The Site implements a User identification technology based on the use of cookies. Cookies may be stored on the device used by the User to access the Site,which will then be used to collect statistical data, in particular about Site traffic, and to automatically fill in fields in forms on the Site. The EPA may use and disclose information about the use of the Site, for example, to determine the degree of use of the Site, improve its content, explain the usefulness of the Site, and expand the functionality of the Site. By accepting this Privacy Policy, the User gives the DPA his consent that the technical data specified in clause 4.2 collected from the Site is transmitted over the Internet. Depersonalized User data collected using Internet statistics services is used to collect information about User actions on the site, improve the quality of the Site and its content.

4.4. OOPD does not store Personal Data in cookies. The EPA uses information stored in cookiesthat does not identify individual Users to analyze trends, administer the Site, determine User movements on the Site, and collect demographic information about the basic user population as a whole.

4.5. If the User does not want the PLO to collect technical information about them using cookies, the User must stop using the Site or prohibit the storage of cookies on their device used to access the Site by configuring their browser accordingly. Keep in mind that the Site's services that use this technology may not be available.

4.6. The User confirms his consent to the collection and processing of Personal Data when filling out the newsletter subscription form on the Site, when filling out the registration form on the Site, when filling out the comment form under the article on the Site by ticking the checkbox located after the corresponding form and clicking on the button under this form on the Site.  The User confirms his / her consent to the Dissemination of Personal Data by submitting a written consent to the dissemination of personal data to the DPA.

4.7. Consent to the processing of Personal Data provided when submitting a claim or application to the PSA is given by filling out the form provided by the PSA. The User must send the completed and signed consent form together with the text of the claim or application.

4.8. The EPA performs the following actions (operations) or a set of actions (operations) with Personal Data using automation tools or without using such tools: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deleting, or destroying personal data.

4.9. The PSA processes Personal Data in the following ways:

• using automated personal data processing tools
• 10. The transfer of the User's Personal Data to third parties (if necessary) is carried out with the User's consent for the purposes specified in Section 3.

4.10. The EPA guarantees that it never provides Personal Data to third parties, except in cases where:

• this is explicitly required by law (for example, at the written request of a court or law enforcement agency).
• The User has given consent to the transfer of Personal Data.
• The transfer is required for concluding contracts and/or within the scope of contracts between the ADF and the User.
• the transfer takes place as part of the sale or other transfer of the Site or business.
• the transfer takes place as part of the transfer of the database of Personal data from one service to another in accordance with the contractual relations of the PLO;
• This is required to provide support for user maintenance or to help protect and secure your OOP systems.

4.11. The User's personal data may be transferred to the authorized state authorities of the Russian Federation, bodies of inquiry and investigation, and other authorized bodies only on the basis and in accordance with the procedure established by the current legislation of the Russian Federation.

5. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

5.1. The PSA processes Personal Data on the basis of the following legal grounds:

• The Constitution of the Russian Federation;
• The Civil Code of the Russian Federation;
• Law No. 2300-1 of 07.02.1992 "On Consumer Rights Protection";
• Federal Law No. 59-FZ of 02.05.2006 "On the procedure for considering Appeals from Citizens of the Russian Federation";
• Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection";
• Federal Law No. 63-FZ of 06.04.2011 "On electronic Signatures";
• Federal Law No. 152-FZ of 27.07.2006 "On Personal Data";
• Decree of the Government of the Russian Federation No. 1119 of 01.11.2012 "On Approval of requirements for the protection of personal data when Processing them in Personal data Information systems";
• Decree of the Government of the Russian Federation No. 687 of 15.09.2008 "On approval of the Regulation on the Specifics of processing personal data performed without the use of automation tools";
• contracts concluded between the DPA and third parties for the purposes specified in section 3;
• Internal local administrative division documents.
• consent to the processing of Personal Data (in cases not directly provided for by the legislation of the Russian Federation, but corresponding to the powers of the EPA), consent to the Dissemination of personal data.

6. MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA DURING THEIR PROCESSING

6.1. The EPA protects the User's Personal Data by applying generally accepted security methods to ensure that information is protected from loss, unauthorized or accidental access, distortion and unauthorized distribution, destruction, modification, blocking, copying, as well as any other illegal actions with the Personal Data of third parties. Security is implemented by software-based network protection tools, access verification procedures, the use of cryptographic information protection tools, compliance with the Privacy Policy,as well as other internal documents regulating the rules for processing Personal Data of protected areas.

6.2. If Personal Data has been lost or disclosed, the PSA is obliged to inform the User about this.

6.3. The PSA, together with the User, takes all necessary legal, organizational and technical measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's Personal Data.

6.4. Personal data is kept confidential by the PLO, except for cases when the User voluntarily posted information for public access in messages, comments on the Site.

6.5. Ensuring the security of Personal Data processed in the Personal data information systems of the PLO is achieved by excluding unauthorized, including accidental, access to Personal Data, as well as taking the following security measures:

6.5.1. identification of threats to the security of Personal Data when processing them in the Personal data information systems of the DPA;

6.5.2. application of organizational and technical measures to ensure the security of Personal Data when processing them in the Personal data information systems of the DPA, which are necessary to meet the requirements for personal data protection, the implementation of which ensures the levels of personal Data security established by the Government of the Russian Federation;

6.5.3. application of duly completed conformity assessment procedures for information security tools;

6.5.4. assessment of the effectiveness of measures taken to ensure the security of Personal Data prior to commissioning of the personal data information system;

6.5.5. accounting of machine-generated personal data carriers;

6.5.6. detection of unauthorized access to Personal Data and taking measures;

6.5.7. recovery of personal Data modified or deleted or destroyed as a result of unauthorized access to them;

6.5.8. establishing rules for access to Personal Data processed in the Personal data information systems of the DPA, as well as ensuring registration and accounting of all actions performed with Personal Data in the Personal data information systems of the DPA;

6.5.9. control over the measures taken to ensure the security of Personal Data and the levels of security of Personal data information systems. 

6.6. Measures aimed at ensuring that the DPA fulfills its obligations under the current legislation in the field of Personal Data. The PAO is obliged to take measures that are necessary and sufficient to ensure the fulfillment of its obligations under the current Russian legislation. The PLO independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of these responsibilities. These measures include, in particular:

1) appointment of a person responsible for organizing the processing of Personal Data by the head of the PAO.

2) publication by the DPA of documents defining the DPA policy on Personal data processing, the Privacy Policy, local acts on Personal data processing, defining for each purpose of Personal Data processing the categories and list of Personal Data being processed, the categories of subjects whose Personal Data is processed, the methods and terms of their processing and storage, and the procedure for Personal data destruction when the purposes of their processing are achieved or other legal grounds arise, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations.

3) application of legal, organizational and technical measures to ensure the security of Personal data.

4) implementation of internal control and (or) audit of the compliance of Personal Data processing with the legislation and regulatory legal acts adopted in accordance with it, requirements for personal data protection, the DPA policy on personal data processing, the Privacy Policy, and local DPA acts;

5) assessment of the harm that may be caused to the subjects of Personal Data in the event of a violation of the law, the ratio of this harm and the measures taken by the DPA aimed at ensuring the fulfillment of obligations stipulated by the law;

6) familiarizing employees of the DPA who directly process Personal Data with the provisions of the legislation of the Russian Federation on personal data, including requirements for personal data protection, documents defining the DPA policy on personal data processing, the Privacy Policy, local acts on personal data processing, and (or) training these employees.

7) publishing on the Site Privacy policies to ensure unrestricted access to it.

7. TERMS OF PERSONAL DATA PROCESSING

7.1. The processing of Personal Data provided by the User on the Site is carried out within the period from the moment of sending the completed form on the Site until the moment of termination of the Site, until the moment of revocation of consent sent to the PSA, until the moment of deleting the personal account on the Site.

7.2. Unless otherwise provided by other clauses of this Privacy Policy or the current Russian legislation, the condition for termination of Personal Data processing is the achievement of the purposes of Personal Data processing, the expiration of the consent period or withdrawal of consent to Personal Data processing, identification of illegal Personal Data processing, receipt of a request for Personal Data destruction by the PSA.

7.3. The transfer (distribution, provision, access) of Personal Data authorized for distribution must be stopped at any time at the request of the User.

7.4. The User has the right to apply to the DPA with a request to stop transmitting (distributing, providing, accessing) their Personal Data that was previously allowed for distribution, in case of non-compliance with the provisions of the current legislation, or to apply to the court with such a request. The DPA is obliged to stop transmitting (distributing, providing, accessing) Personal Data within 3 (three)days from the end of the working days from the date of receipt of the claim or within the time period specified in the court decision that has entered into legal force, and if such time period is not specified in the court decision, then within 3 (three) working days from the date of entry into legal force of the court decision.

7.5. The User independently determines the period of subscription to the newsletter and unsubscribes from the newsletter by clicking on the unsubscribe link that is included in each received email, or by sending a free-form request to the EPA to the email addresseditor@bmjour.rueditorial offices of the journal marked "Unsubscribe".

8. UPDATING, CORRECTING, DELETING AND DESTROYING PERSONAL DATA, RESPONDING TO USER REQUESTS FOR ACCESS TO PERSONAL DATA

8.1. In case of confirmation of the fact of inaccuracy of Personal Data or illegality of their processing, the Personal Data are subject to their updating by the PSA, and the processing must be stopped accordingly.

8.2. The User's personal data provided by him on the Site, which is stored by the PSA and processed by it, may be deleted/depersonalized by contacting the PSA. To do this, please send a letter (Appendix No. 3 to this Privacy Policy) to the following address: editor@bmjour.rueditorial offices of the magazine. However, the User will not be able to use some of the Site's functionality. The request processing period is 10 (ten) business days.

8.3. When the purposes of Personal Data processing are achieved, the DPA terminates the processing of Personal Data (or ensures its termination if the processing of Personal Data is carried out by another person acting on behalf of the DPA) and destroys the Personal Data (or ensures their destruction if the processing of Personal Data is carried out by another person acting on behalf of the DPA) within a period not exceeding 30 (thirty) days from the date of completion of the processing goal, if:

• otherwise is not provided for in the contract поручителемto which the User is a party, beneficiary or guarantor;
• OOPD does not have the right to process Personal Data without the User's consent on the grounds provided for by the Federal Law "On Personal Data" or other federal laws;
• Otherwise, no other agreement is provided between the ADF and the User.

If it is not possible to destroy Personal Data within the period specified in this clause, the PSA blocks such Personal Data or ensures their blocking (if the processing of Personal Data is carried out by another person acting on behalf of the PSA) and ensures the destruction of Personal Data within a period of no more than 6 (six) months, unless another period does not apply. established by federal laws.

8.4. Upon receiving a revocation of consent to the processing of Personal Data by the DPA, the DPA terminates the processing of Personal Data (or ensures its termination if the processing of Personal Data is carried out by another person acting on behalf of the DPA) and, if the storage of Personal Data is no longer required for the purposes of Personal Data processing, destroys the Personal Data (or ensures their destruction if the processing of Personal Data is carried out by another person acting on behalf of the PSA) within a period not exceeding 30 (thirty) days from the date of receipt of the specified revocation, if:

• otherwise is not provided for in the contract поручителемto which the User is a party, beneficiary or guarantor;
• OOPD does not have the right to process Personal Data without the User's consent on the grounds provided for by the Federal Law "On Personal Data" or other federal laws;
• Otherwise, no other agreement is provided between the ADF and the User.

If it is not possible to destroy Personal Data within the period specified in this clause, the PSA blocks such Personal Data or ensures their blocking (if the processing of Personal Data is carried out by another person acting on behalf of the PSA) and ensures the destruction of Personal Data within a period of no more than 6 (six) months, unless another period does not apply. established by federal laws.

8.5. In the event of receiving a request to the PSA requesting the termination of processing of Personal Data, the PSA is obliged to stop processing them or ensure the termination of such processing (if such processing is carried out by the person processing personal data) within a period not exceeding 10 (ten) business days from the date of receipt of the relevant request, except for the cases provided for by the Legislation of the Russian Federation. current Russian legislation. The specified period may be extended, but not for more than 5 (five) business days, if the DPA sends a reasoned notification to the Personal Data subject indicating the reasons for extending the deadline for providing the requested information. If it is not possible to destroy Personal Data within the period specified in this clause, the PSA blocks such Personal Data or ensures their blocking (if the processing of Personal Data is carried out by another person acting on behalf of the PSA) and ensures the destruction of Personal Data within a period of no more than 6 (six) months, unless another period does not apply. established by federal laws.

8.6. The PSA blocks Personal Data in case of detection of illegal processing of Personal Data, identification of inaccurate Personal Data from the moment of the User's request (Appendix No. 1 to this Privacy Policy) or his legal representative or the authorized body for the protection of the rights of personal data subjects for the period of verification. If it is not possible to destroy Personal Data within the period specified in this clause, the PSA blocks such Personal Data or ensures their blocking (if the processing of Personal Data is carried out by another person acting on behalf of the PSA) and ensures the destruction of Personal Data within a period of no more than 6 (six) months, unless another period does not apply. established by federal laws.

8.7. The EPA updates, corrects, and clarifies Personal Data within 7 (seven) business days from the date of application or request of the personal data subject (Appendix No. 2 to this Privacy Policy) or his legal representative or the authorized body for the protection of the rights of Personal data subjects, in case of identification of incomplete, inaccurate, or irrelevant Personal Data data.

8.8. The PSA erases and destroys the User's Personal Data within 7 (seven) business days from the date of the request or request of the personal data subject (Appendix No. 3 to this Privacy Policy) or his legal representative or the authorized body for the protection of the rights of personal data subjects, in case of receiving information confirming that the Personal Data is not protected by are illegally obtained or are not necessary for the stated purpose of processing. At the same time, the PSA notifies the Personal Data subject or his representative about the changes made and measures taken, and takes reasonable measures to notify third parties to whom the Personal Data of this subject has been transferred.

8.9. In case of detection of illegal processing of Personal Data carried out by the DPA or a person acting on behalf of the DPA, the DPA is obliged to stop the illegal processing of Personal Data or ensure the termination of illegal processing of Personal Data by a person acting on behalf of the DPA within a period not exceeding 3 (three) business days from the date of this detection. If it is impossible to ensure the legality of the processing of Personal Data, the PSA is obliged to destroy such Personal Data or ensure their destruction within a period not exceeding 10 (ten) business days from the date of detection of illegal processing of Personal Data. The DPA is obliged to notify the personal Data subject or his representative, or the authorized body for the protection of the rights of personal data subjects, about the elimination of violations or the destruction of personal data.

8.10. The DPA responds to requests from Users, their representatives, and the authorized body for the protection of the rights of personal data subjects regarding Personal Data within 10 (ten) business days from the moment the DPA requests or receives the request. The specified period may be extended, but not for more than 5 (five) business days, if the DPA sends a reasoned notification to the Personal Data subject indicating the reasons for extending the deadline for providing the requested information.

8.11. If the fact of illegal or accidental transfer (provision, distribution, access) of Personal Data that resulted in a violation of the User's rights is established, the DPA is obliged to notify the authorized body for the protection of the rights of personal data subjects from the moment of detection of such an incident:

1) within 24 (twenty-four) hours on the incident that occurred, on the alleged reasons that led to the violation of the rights of personal data subjects, and on the alleged harm caused to the rights of Personal Data subjects, on the measures taken to eliminate the consequences of the relevant incident, as well as provide information about the person authorized by the DPA to interact with the authorized rights of personal data subjects, on issues related to the identified incident;

2) within 72 (seventy-two) hours on the results of the internal investigation of the identified incident, as well as provide information about the persons whose actions caused the identified incident (if any).

9. FINAL PROVISIONS

9.1. The EPA has the right to make any changes and additions to the Privacy Policy at any time at its sole discretion.

9.2. Changes and additions come into force from the moment the Privacy Policy with changes and additions is posted on the Site. By continuing to use the Site after the new version of the Privacy Policy is published, the User confirms that he accepts it.