EN 
RU 
CN 
ES 
POLICY
on privacy and personal data processing for the website brace-lf.com
1. Introduction
1.1. This Privacy and Personal Data Processing Policy (hereinafter referred to as the “Policy”) for the website brace-lf.com (hereinafter referred to as the “Website”) has been developed and adopted by the limited liability company “BRACE Law Firm”, registered at the address: 109559, Moscow, Belorechenskaya St., Bldg. 31, Apt. 12, TIN 7725287297, Primary State Registration Number 1157746812134.
1.2. The Website Administration and the operator of Personal data is the limited liability company “BRACE Law Firm” (hereinafter referred to as the “Website Administration”, “BRACE Law Firm”).
1.3. The Policy applies to the processing of Personal data via the Website. Issues of processing Personal data for the purpose of maintaining personnel records of compliance with the requirements of tax and/or pension legislation, as well as processing Personal data for other purposes, are regulated by the Website Administration by adopting separate local regulations. This Policy applies only to the use of the Site.
1.4. This Policy has been developed in accordance with and taking into account the provisions of the Constitution of the Russian Federation, Federal Law N 149-FZ of July 27, 2006 “On Information, Information Technologies and the Protection of Information”, Federal Law N 152-FZ of July 27, 2006 “On Personal Data” (hereinafter referred to as “Law N 152-FZ”), as well as other regulatory legal acts of the Russian Federation in the field of processing and protecting information and Personal Data.
1.5. This Policy contains information on the main purposes, procedure and conditions for processing Personal Data, as well as information on the requirements implemented by the Website Administration for the protection of processed Personal Data, and is intended to ensure the protection of the rights and freedoms of Personal Data subjects when their Personal Data is processed by the Website Administration.
1.6. This Policy is published (posted) on the Site in order to ensure unlimited access to it.
1.7. The processing of Personal Data is carried out on the territory of the Russian Federation and in accordance with the legislation of the Russian Federation (hereinafter referred to as the “Applicable Legislation”).
2. Terms and definitions
2.1. “Website” – set of interconnected web pages located on the Internet at a unique address (URL): brace-lf.com, as well as its subdomains.
2.2. “Subdomains” – pages or a set of pages located on third-level domains belonging to the Site, as well as other temporary pages, at the bottom of which the contact information of the Administration is indicated
2.3. “User” – person who has access to the Website via the Internet and uses the information, materials and products of the Website.
2.4. “Personal data” – any information related to a directly or indirectly determined or determinable natural person (subject of Personal data), including, but not limited to, the last name, first name, patronymic, date of birth, place of registration at the place of residence, position, place of work, location (geolocation), postal address of Users, telephone number, email address (if the email address relates to Personal data (contains Personal data of the User and is not a set of characters)), information about the education and place of work of Users (if necessary), IP addresses, Cookies, browser data, data of the Website from which the transition to the Website was made, duration of stay on the Website and other data of Users provided by them to the Website Administration and / or the Personal Data Operator both purposefully and automatically, including in the form of IP addresses, Cookies (including those collected through Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services), information about the geolocation and browser, data from the Website from which the transition to the Site was made, data on the duration of stay on the Website, data on another program by which access to the Website is provided, technical characteristics of the equipment and software used by users of the Website, as well as all data provided by users of the Website as part of their requests for legal services via the Website, telephone, email, messengers specified on the Website, including when concluding a public offer (agreement) for the provision of legal services (if it is posted on the Website), as well as part of a response to vacancies of the Website Administration (if vacancies are posted), including sending a resume and other information.
2.5. “Processing of Personal Data” – any action (operation) or set of actions (operations), including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data.
2.6. “Automated processing of Personal Data” – processing of Personal Data using computer technology. This Policy provides that the processing of Personal Data of Users of the Website is carried out without the use of automation tools.
2.7. “Dissemination of Personal Data” – actions aimed at disclosing Personal Data to an indefinite number of persons.
2.8. “Provision of Personal Data” – actions aimed at disclosing Personal Data to a specific person or a specific number of persons.
2.9. “Blocking of Personal Data” – temporary cessation of processing of Personal Data (except in cases where processing is necessary to clarify Personal Data).
2.10. “Destruction of Personal Data” – actions that make it impossible to restore the contents of Personal Data in the Personal Data information system and (or) that result in the destruction of tangible media of Personal Data.
2.11. “Depersonalization of Personal Data” – actions that make it impossible to determine the ownership of Personal Data by a specific subject of Personal Data without the use of additional information.
2.12. “Confidentiality of Personal Data” – requirement that the Personal Data Operator or another person who has gained access to Personal Data must comply with to prevent their dissemination without the consent of the subject of Personal Data or the presence of another legal basis.
2.13. “Cookies” – small fragment of data sent by the web server and stored on the computer of the User of the Website, which the web client or web browser sends to the web server in an HTTP request each time an attempt is made to open a page of the corresponding Website.
2.14. “IP address” – unique network address of a node in a computer network through which the User gains access to the Website.
2.15. “Personal Data Operator” – a person (the Website Administration or a person acting on behalf of the Administration), who independently or jointly with other persons organizes and (or) carries out the processing of Personal Data, and determines the purposes of processing Personal Data, the composition of Personal Data to be processed, the actions (operations) performed with Personal Data.
2.16. “Personal Data Information System” – a set of Personal Data contained in databases and the information technologies and technical means that ensure their processing.
2.17. “Cross-border transfer of Personal Data” – the transfer of Personal Data to the territory of a foreign state to a government body of a foreign state, a foreign individual or a foreign legal entity.
3. General Provisions on Personal Data
3.1. The Personal Data Operator processes Personal data that is necessary for using the Website, receiving high-quality service within the framework of such use, sending mailings and other information to Users by e-mail and other means of communication, providing legal services, recruiting personnel, as well as for the purpose of compliance with the requirements of the current legislation.
3.2. The category of Personal data subjects whose data is processed in accordance with this Policy. In accordance with the Policy, the Personal data of the Users are processed. In this category of subjects, the Personal Data Operator processes the Personal data of the Users of the Website in accordance with the processing purposes specified in this Policy.
3.3. Data transmitted automatically when using the Website (IP address, cookie, geolocation data, browser information, duration of stay on the Website, address of the Website from which the transition was made and other data) are processed anonymized using analytics systems.
3.4. The Personal Data Operator has the right to use Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services to collect information about the use of the Website, such as the frequency of visits to the Website by Users, visited pages and sites where users were before going to this Website.
3.5. Information received through Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services is used only to improve the content of the Website and the services provided through the Website. Information received through Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services is not combined with other received Personal Data.
3.6. The ability of Google and Yandex to use and transfer to third parties information collected by Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services about visits to the Website is limited by the Privacy Policy of Google and Yandex. Users of the Website have the right to prohibit Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services from recognizing users on repeat visits to the Website by disabling cookies in their browser or by using blockers. Failure of the Users to set the prohibitions specified in this paragraph means the consent of the Users to the collection of data through Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services.
3.7. Refusal to provide consent to the processing of Personal data does not limit access to information about the services provided on the Website.
3.8. For communication on the Website, the User has the right to enter reliable Personal data. The Website Administration has the right to establish requirements for the composition of the Personal data of the User, which must be provided for the use of the Website. If certain information is not marked by the Administration as mandatory, its provision or disclosure is carried out by the User at his own discretion.
3.9. The Personal Data Operator does not verify the authenticity of the Personal Data provided, assuming that the User acts in good faith, prudently and makes every effort to keep such information up to date. At the same time, to verify the data provided, the Website Administration reserves the right to request proof of identity in online or offline modes.
3.10. Use of the Website by the User means consent to this Privacy Policy and the terms of processing of the User's Personal Data.
3.11. In case of disagreement with the terms of the Privacy Policy, the User must stop using the Website.
3.12. The Website, the Personal Data Operator and/or the Website Administration do not control and are not responsible for third-party sites that the User can access via links available on the Website.
3.13. Processing of special categories of Personal Data related to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, as well as biometric Personal Data is not carried out.
3.14. The Personal Data Operator independently determines the volume of Personal Data requested from the User when maintaining the Website. In this case, the provision of such Personal Data is carried out by the User voluntarily and means his consent to this Policy.
4. Purposes of processing Personal data
4.1. The Personal Data Operator processes Personal Data for the following purposes:
4.1.1. Compliance with the requirements of the current legislation of the Russian Federation, according to which the processing of Personal Data by the Personal Data Operator is necessary.
4.1.2. Identification of the User of the Website for his/her subsequent authorization (if necessary).
4.1.3. If necessary, establishing feedback with the User of the Website, including sending, with the consent of the User of the Website, notifications, requests regarding the use of the Website, processing of requests and applications from the User of the Website.
4.1.4. Confirmation of the accuracy and completeness of the Personal Data provided by the User of the Website.
4.1.5. Providing the User of the Website with effective technical support in the event of problems related to the use of the Website.
4.1.6. Provision of information and reporting to state supervisory authorities in accordance with the requirements of the current legislation of the Russian Federation (in cases stipulated by the current legislation).
4.1.7. Provision to the User, with his consent, of service updates, special offers, price information, news, analytical and other mailings and other information.
4.1.8. Promotion of goods/works/services on the market.
4.1.9. Preparation/conclusion/performance of civil contracts (if concluded with the consent of the subject of Personal data).
4.1.10. Provision of legal services to Users of the Website who have sent requests for the provision of legal services and/or entered into a public offer (agreement) for the provision of legal services (if posted on the Website). Refusal to conclude, change or terminate a public offer (agreement) for the provision of services (if posted) in the event of refusal to provide Personal data by the User of the Website is not allowed, except in cases where such information is directly related to the performance of the agreement. The Personal Data Operator shall, within 7 days, provide the User with information in writing on the specific reasons and grounds that determined the impossibility of concluding, changing or terminating a public offer (agreement) for the provision of services (if posted) without providing Personal Data.
4.1.11. Conducting statistical, marketing and other research based on anonymized data.
4.1.12. Recruiting personnel if the Personal Data subject responds to vacancies posted on the Website (if posted).
4.1.13. Compliance with other legislation applicable to the activities of the Website Administration or the Personal Data Operator, including international or Russian legislation.
4.1.14. For other lawful purposes.
4.2. The processing of personal data of users of the Website who have not passed authorization is carried out in relation to Personal data collected automatically, including in the form of IP addresses, Cookies (including those collected through Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services), information about geolocation and browser, data of the Website from which the transition to the Website was made, data on the duration of stay on the Website, data on another program by means of which access to the Website is carried out, technical characteristics of the equipment and software used by users of the Website. In the event of establishing feedback with the User of the Website and/or authorization on the Website, the processing of other Personal data specified in paragraph 2.4 of this Policy is carried out with the consent of the User of the Website.
5. Principles of processing Personal data
5.1. Personal data shall be processed based on the following principles:
5.1.1. Lawfulness and fairness.
5.1.2. Limiting the processing of Personal data to achieving specific, predetermined purposes.
5.1.3. Preventing the processing of Personal data that is incompatible with the purposes of collecting Personal data.
5.1.4. Preventing the merging of databases containing Personal data that are processed for purposes that are incompatible with each other.
5.1.5. Processing only those Personal data that meet the purposes of their processing.
5.1.6. Preventing the processing of Personal data that is excessive in relation to the stated purposes of their processing.
5.1.7. Ensuring the accuracy, sufficiency and relevance of Personal data in relation to the purposes of processing Personal data.
5.1.8. Destruction or depersonalization of Personal data upon achieving the purposes of their processing or in the event of loss of need to achieve these purposes.
6. Procedure for processing Personal data
6.1. Use of the Website by the User of the Website means consent to this Policy and the terms of processing of the User's Personal Data.
6.2. In case of disagreement with the terms of the Privacy Policy, the User must stop using the Website.
6.3. The processing of the User's Personal Data is carried out without time limitation, by any legal means, including in Personal Data information systems and without the use of such means.
6.4. The User's Personal Data may be transferred to authorized government bodies only on the grounds and in the manner established by applicable law.
6.5. The Personal Data Operator takes the necessary organizational and technical measures to protect Personal Data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
6.6. The Personal Data Operator, together with the User, shall take all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's Personal Data.
6.7. The Personal Data Operator, for the purposes of processing the Personal Data established by the Policy, may collect electronic user data on its websites automatically, without the need for the user to participate or perform any actions to send the data. The accuracy of the electronic data collected in this way is not checked, the information in the form in which it was received from the client device. At the discretion of the Website Administration, the Users may be shown pop-up notifications about the collection and processing of cookie data (including collection through Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services) with a link to the Policy and buttons to accept the terms of processing or close the pop-up notification.
6.8. In addition to processing cookie data installed by the Website, as well as collected through Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services, Users may be installed cookies related to third-party sites, for example, in cases where the Website uses third-party components and software. The processing of such cookies is regulated by the policies of the relevant sites to which they relate, and may be changed without notice to Users.
6.9. Acceptance of the cookie processing terms by the User or closing of the pop-up notification in accordance with the Policy is regarded as consent to the processing of cookie data on the Website. If the User does not agree to the processing of cookies, he/she must accept the risk that in such a case the functions and capabilities of the Website may not be available in full, and then follow one of the following options:
6.9.1. Independently configure your browser in accordance with the documentation or help for it so that it does not permanently allow receiving and sending cookie data for any websites or for a specific Website or through Google Analytics, Google Console, Yandex Webmaster and Yandex Metrica and other similar services.
6.9.2. Switch to a special "incognito" browser mode for the Website to use cookies until the browser window is closed or until switching back to normal mode.
6.9.3. Leave the Website to avoid further cookie processing.
6.10. The Personal Data Operator has the right to transfer Personal data to third parties in the following cases:
6.10.1. The User has expressed their consent to such actions, including cases where the User applies settings of the software used that do not limit the provision of certain information.
6.10.2. The transfer is necessary within the framework of the User's use of the Website.
6.10.3. At the request of a court or other authorized government agency within the framework of the procedure established by law.
6.10.4. The Website Administration has the right to entrust the processing of Personal data to another person with the consent of the User, unless otherwise provided by law, on the basis of an agreement concluded with this person. The person processing Personal data on behalf of the operator is obliged to comply with the principles and rules for processing Personal data stipulated by Federal Law N 152-FZ, maintain the confidentiality of Personal data, and take the necessary measures aimed at ensuring the fulfillment of the obligations stipulated by Federal Law N 152-FZ. The Operator's order must define the list of Personal Data, the list of actions (operations) with Personal Data that will be performed by the person processing the Personal Data, the purposes of their processing, the obligation of such person to maintain the confidentiality of Personal Data, the requirements provided for in Part 5 of Article 18 and Article 18.1 of Law N 152-FZ, the obligation, upon request of the Personal Data operator, during the term of the operator's order, including before the processing of Personal Data, to provide documents and other information confirming the adoption of measures and compliance with the requirements of Article 6 of Law N 152-FZ for the purpose of executing the operator's order, the obligation to ensure the security of Personal Data during their processing, and must also specify the requirements for the protection of the processed Personal Data in accordance with Article 19 of Law N 152-FZ, including the requirement to notify the operator of the cases provided for in Part 3.1 of Article 21 of Law N 152-FZ.
6.10.5. If the Operator entrusts the processing of Personal Data to a foreign individual or foreign legal entity, the operator and the person processing the Personal Data on behalf of the Operator shall be liable to the subject of the Personal Data for the actions of the said persons..
7. Confidentiality and security of Personal data
7.1. The Personal Data Operator ensures the confidentiality of Personal Data in accordance with applicable law, except in the following cases:
7.1.1. If the Personal Data is publicly available, contained in publicly available sources of Personal Data or permitted by the subject to distribution.
7.1.2. If the information is subject to mandatory disclosure to third parties, including government agencies, in accordance with applicable law.
7.2. The Personal Data Operator and/or the Website Administration take the necessary and sufficient legal, organizational and technical measures to ensure the security of Personal Data to protect it from unauthorized (including accidental) access, destruction, modification, blocking of access and other unauthorized actions. Such measures include, in particular:
7.2.1. appointment of individuals or legal entities responsible for organizing the processing and ensuring the security of Personal Data;
7.2.2. prevention of excessive processing of Personal Data;
7.2.3. issuing local acts on the processing of Personal data, information security, familiarizing employees with them;
7.2.4. application of legal, organizational and technical measures to ensure the security of Personal data;
7.2.5. implementation of internal control and (or) audit of compliance of Personal data processing with Federal Law N 152-FZ and regulatory legal acts adopted in accordance with it, requirements for the protection of Personal data, this Policy, local acts of the Personal Data Operator;
7.2.6. assessment of harm in accordance with the requirements of Roskomnadzor, which may be caused to the User of the Website in the event of violation of Federal Law N 152-FZ, the ratio of the said harm and the measures taken by the Personal Data Operator aimed at ensuring the fulfillment of obligations stipulated by this Policy and Federal Law N 152-FZ;
7.2.7. familiarization of the employees of the Personal Data Operator directly involved in the processing of Personal Data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of Personal Data, documents defining the policy of the Personal Data Operator regarding the processing of Personal Data, local acts on issues of processing Personal Data, and (or) training of the said employees;
7.2.8. identifying threats to the security of Personal Data when processing them in Personal Data information systems, and forming threat models on their basis;
7.2.9. using security tools (anti-virus tools, firewalls, means of protection against unauthorized access, means of cryptographic protection of information), including, where necessary, those that have undergone the conformity assessment procedure in the established manner;
7.2.10. accounting for and storing information carriers, excluding their theft, substitution, unauthorized copying and destruction;
7.2.11. using information security tools that have undergone the conformity assessment procedure in the established manner;
7.2.12. assessing the effectiveness of measures taken to ensure the security of Personal Data prior to commissioning of the Personal Data information system (when using the information system);
7.2.13. accounting for machine-readable media of Personal Data;
7.2.14. detection of facts of unauthorized access to Personal Data and taking measures, including measures to detect, prevent and eliminate the consequences of computer attacks on Personal Data information systems and to respond to computer incidents in them;
7.2.15. restoration of Personal Data modified or destroyed due to unauthorized access thereto;
7.2.16. establishment of rules for access to Personal Data processed in the Personal Data information system, as well as ensuring the registration and accounting of all actions performed with Personal Data in the Personal Data information system;
7.2.17. control over the measures taken to ensure the security of Personal Data and the level of protection of Personal Data information systems.
7.2.18. implementation of internal control over compliance with the established procedure, verification of the effectiveness of the measures taken, response to incidents;
7.2.19. ensuring interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation, including informing it of computer incidents that have resulted in the illegal transfer (provision, distribution, access) of Personal Data;
7.2.20. other measures.
7.3. The personal data of the User of the Website is kept confidential, except in cases where the Website technologies or the settings of the software used by the User of the Website provide for open exchange of information with other participants and users of the Internet.
8. Rights and obligations of the parties
8.1. The User has the right to:
8.1.1. Make a free decision on the provision of their Personal Data necessary for using the Website.
8.1.2. Update, supplement the provided information on Personal Data in the event of a change in this information.
8.1.3. The User has the right to receive information from the Personal Data Operator regarding the processing of their Personal Data, unless such right is limited in accordance with federal laws. The User has the right to demand clarification of their Personal Data, their blocking or destruction if the Personal Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights. To do this, it is sufficient to notify the Personal Data Operator at the e-mail address specified in the "Contacts" section of the Website.
8.2. The Personal Data Operator is obliged to:
8.2.1. Use the information received solely for the purposes specified in this Policy.
8.2.2. Ensure that confidential information is kept secret, not disclosed without the prior written permission of the User, and not sell, exchange, publish, or disclose in any other possible way the transferred Personal Data of the User, except in cases stipulated by law.
8.2.3. Take precautions to protect the confidentiality of the Personal Data of the User in accordance with the procedure usually used to protect such information in existing business practices.
8.2.4. Notify the User of information about the processing of Personal Data carried out by him upon his request.
8.2.5. Inform the User of the Website or his representative about the availability of Personal data related to the relevant User of the Website, and also provide the opportunity to familiarize themselves with this Personal data upon request of the subject of Personal data or his representative, or within 10 (ten) business days from the date of receipt of the request of the User of the Website or his representative.
8.2.6. If the purpose of processing Personal data is achieved, the Operator is obliged to stop processing Personal data or ensure its cessation (if the processing of Personal data is carried out by another person acting on the instructions of the operator) and destroy Personal data or ensure their destruction (if the processing of Personal data is carried out by another person acting on the instructions of the operator) within a period not exceeding 30 (thirty) days from the date of achieving the purpose of processing Personal data.
8.2.7. In the event that the User of the Website revokes their consent to the processing of their Personal Data, the Personal Data Operator is obliged to stop their processing and, if the storage of Personal Data is no longer required for the purposes of processing Personal Data, to destroy the Personal Data within a period not exceeding 30 (thirty) days from the date of receipt of such revocation, unless otherwise provided by applicable law or another agreement between the Personal Data Operator and the User of the Website.
8.2.8. Personal Data is stored in a form that allows the Personal Data Subject to be identified for no longer than is required by the purposes of processing the Personal Data, except in cases where another storage period for Personal Data is established by federal law or an agreement to which the Personal Data Subject is a party, beneficiary or guarantor.
8.2.9 In the event that the User of the Website contacts the Personal Data Operator with a request to stop processing the Personal Data, the operator is obliged to stop processing them or ensure the termination of such processing within a period not exceeding 10 (ten) business days from the date of receipt by the operator of the relevant request.
9. Responsibilities of the parties
9.1. In case of loss or disclosure of Personal Data, the Personal Data Operator shall not be liable if the Personal Data:
9.1.1. Became publicly known prior to their loss or disclosure.
9.1.2. Were received from a third party prior to their receipt by the Personal Data Operator.
9.1.3. Were disclosed with the consent of the User.
9.2. The User acknowledges that responsibility for any information to which he or she may have access as part of the Website lies with the person who provided such information.
10. Dispute resolution
10.1 Before filing a claim in court regarding disputes arising from the relationship between the User and the Personal Data Operator, it is mandatory to file a claim (a written proposal or an electronic proposal for voluntary settlement of the dispute).
10.2. The recipient of the claim, within 30 (thirty) business days from the date of receipt of the claim, notifies the claimant in writing or electronically of the results of the consideration of the claim.
10.3. If no agreement is reached, the dispute will be referred to the authorized court of the Russian Federation for consideration.
11. Final Provisions
11.1. Policy has been drawn up in accordance with paragraph 2 of Article 18.1 of Federal Law N 152-FZ, as well as other regulatory legal acts of the Russian Federation in the field of protection and processing of Personal data and applies to all Personal data that the Personal Data Operator may receive from the User.
11.2. The Policy is a publicly available document and provides for the possibility of familiarization of any persons with its current version, including existing translations into foreign languages, by publishing it on the Internet on the Website.
11.3. The Personal Data Operator has the right to make changes to this Policy. The new version of the Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy.
11.4. The Policy is valid indefinitely after its approval and until it is replaced by a new version. The Administration has the right to make changes to the Policy without notifying any persons.
11.5. Interested parties may send suggestions and comments for changes to the Policy to the email address specified in the “Contacts” section of the Website.
