IT NETWORK PRIVACY POLICY

version 1.0.

01.03.2022

1. General provisions

1.1. This Privacy Policy (hereinafter, the Policy) is an official document of Business Community Limited Liability Company, having its registered address at: Russia, 117342, Moscow, Butlerova Street, 17, floor 5 room/office 202/106 (hereinafter, the Website Administration), and defines the procedure for processing and protection of personal data of individuals who use the IT Network (social network) through the website https://itnetwork.org/ and IT Network mobile application (hereinafter, collectively referred to as the Website), as well as services and software products, to which these individuals (hereinafter, the Users) may have access during the use of the Website after authorization.

1.2. The Website Administration acts both as the controller and the processor of the User’s personal data as provided for by Regulation (EU) 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).

1.3. The current version of the Privacy Policy is a public document available to any Internet user at https://itnetwork.org/.

1.4. The Website Administration has the right to make changes to this Policy at its own discretion. When making changes in the Policy, the Website Administration shall notify the users thereof by posting a new version of the Policy on the Website at the permanent address (https://itnetwork.org/) not later than 10 days prior to the entry into force of the relevant changes. The previous versions of the Policy are stored in the documentation archive of the Website Administration. The Users should check the Website occasionally to ensure that they consent with any changes to this Policy. If the User disagrees with any terms of this Privacy Policy, the User must immediately cease to use the Website and notify the Website Administration of intention to stop the processing of the User’s personal data.

1.5. This Policy applies to all processes for the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, deletion, destruction of personal data carried out by automated means.

1.6. Before using the Website and providing the Website Administration with information necessary to initiate further interaction, the User must expresses his/her consent to processing of personal data in accordance with this Policy. In case of disagreement with these terms, the User must refrain from using the Website and its contents. The User gives consent by clicking on the "Register" button in the interface of the Website, after having read the text of this Policy available via hyperlink in the same section of the Website's interface, or by checking the checkbox in the corresponding window of the Website's interface upon registration.

2. Terms of Use of the Website

2.1. By providing access to the Website and its services for the Users, the Website Administration, acting reasonably and in good faith, believes that each User:

  • has all necessary rights enabling him/her to register and use the Website;
  • specifies true, accurate and complete information about himself/herself to use the Website;
  • is aware that information including personal data published by the User with the use of the Website, unless the User restricts access to such information in the interface of the Website, may become available to other Users of the Website and Internet users, may be copied and distributed by such users;
  • is aware that some types of information transmitted by the User to other Users may not be deleted by the User himself/herself;
  • has read this Policy, agrees to be bound by it, and accepts the rights and obligations set forth herein.

2.2. The Website Administration does not verify the accuracy of received (collected) information about the Users, except when such verification is necessary for the Administration to fulfill its obligations before the User.

2.3. If the User accesses his/her account at the Website using the registered username and password or other credentials as provided for in the Agreement, such access is considered to be authorized by the User by default, and the person obtaining access with these credentials has all necessary powers, unless the User has provides the Website Administration with information that account details of such User have been compromised.

3. Purposes of personal data processing

3.1. The Website Administration may use personal data of each User for the following purposes:

3.1.1. Identification of User for entering into and performance of the Agreement with the User;

3.1.2. Performance of the terms of the Agreement with the User, including granting Users access to Website, its functions and content;

3.1.3. Development, improvement, modernization, updating of services and products of the Website Administration;

3.1.4. Informing the User in connection with use of the Website and performance of the Agreement;

3.1.5. Compliance with the requirements of the applicable law or the decision of a court or other competent state or municipal authority.

4. Personal data processed by the Website Administration

4.1. Users may provide the Website Administration with the following personal data that will be processed by the Website Administration in accordance with this Policy:

4.1.1. the data provided by Users and minimally necessary for registration on the Website:

4.1.1.1. name, surname and patronymic (if applicable)

4.1.1.2. position (occupation, job title)

4.1.1.3. place of employment (including self-employment)

4.1.1.4. cell phone number and/or e-mail address and/or Apple ID and/or Google ID;

4.1.2. data provided by Users using the “edit” section of their personal pages (profiles) on the Website, which may include personal photo, information about previous places of employment and education, dates of employment and education; other information that may be provided by Users when filling out personal profiles;

4.1.3. data, additionally provided by Users at the request of the Website Administration for confirmation of information indicated by the Users in their profiles at the Website and prevention of fraudulent or other illegal activities, which may include a scanned copy or photo of his/her identification document and scanned copies or photos of documents related to education and employment of such User.

4.1.4. data about the User's contacts processed by the Website Administration when accessing the User's phone book with the use of mobile application that may include first names, last names and patronymics (if applicable) of persons listed in the User’s phone book.

4.2. Other information about Users processed by the Website Administration that may be received from the User and other sources:

4.2.1. Identification number (ID) at the Website, assigned after registration at the Website

4.2.2. IP address

4.2.3. Geolocation

4.2.4. Identifiers (UUID, model, and others) of mobile device

4.2.5. Operating system and its version.

4.2.6. Time zone.

4.2.7. Language used.

4.2.8. Cookies (small files stored in the memory of User’s device, designed to personalize User’s activity and behavior at the Website).

4.2.9. Information that may include personal data of the Users that is exchanged or published by the Users by using the Website.

5. Methods of personal data processing

5.1. The way the Website Administration uses personal data depends on the specific purposes for processing it.

5.1.1. Use of personal data for identification for registration at the Website

In order to obtain personal information for creation of the User’s personal profile at the Website, the Website Administration must obtain sufficient information to establish the User’s identity, indicated in clause 4.1.1. hereof. The Website Administration collects, records, stores and systematizes this information through automated means as well. Such personal data is processed until termination of the Agreement in accordance with terms and conditions of the Agreement.

5.1.2 Use of personal data for communication with the User

For the purposes of informing the User in connection with use of the Website and performance of the Agreement the Website Administration processes the information indicated in clause 4.1.1. hereof. The Website Administration collects, records, systematizes, accumulates, and uses the personal data listed above. The Website Administration may use aforementioned personal data to send notifications to personal account of the User or the User’s mobile phone number and/or email address, which may concern operation of the Website, new functions of the Website and special offers intended for Users. The aforementioned personal data is processed until termination of the Agreement in accordance with terms and conditions of the Agreement.

5.1.3. Use of personal data for performance of the Agreement

For the purposes of due performance of the Website Administration’s obligations under the Agreement, and, in particular, to allow editing the personal profile of the User, publishing of the User’s profile at the Website, verification of the User’s personal data and exchange of information between the Users, the Website Administration processes the information indicated in clauses 4.1.1. to 4.1.4. and 4.2. hereof. The Website Administration collects, records, systematizes, accumulates, and uses the personal data listed above. The aforementioned personal data is processed until termination of the Agreement in accordance with terms and conditions of the Agreement.

5.1.4. Use of personal data for operation and improvement of the Website

For the purposes of operation and improvement of the Website the Website Administration collects, records, systematizes, accumulates, and uses information indicated in clauses 4.1.1., 4.1.2., 4.1.4 and 4.2. hereof. This information may be shared with third parties subject to prior depersonalization of this information. This information is considered for development of the Website Administration’s market strategy, as well as the new and existing services and products of the Website Administration. The aforementioned personal data is processed until termination of the Agreement in accordance with terms and conditions of the Agreement.

6. Processing information about Users

6.1. Processing of personal data is based on principles:

6.1.1. lawfulness, fairness and transparency of processing personal data;

6.1.2. personal data processed is accurate and, where necessary, kept up to date on the basis of information provided by the Users;

6.1.3. processing of personal data in specified, explicit and legitimate purposes without further processing in a manner that is incompatible with those purposes;

6.1.4. personal data processed shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

6.1.5. personal data is stored in a form which permits identification of the Users for no longer than is necessary for the purposes for providing access to the Website and its contents;

6.1.6. protection of personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (integrity and confidentiality of personal data).

6.2. Personal data of the User is collected by the Website Administration upon registration of the User’s personal account at the Website, as well as further at the User's own initiative when the Users choose to provide additional information about themselves through the tools available in the interface of the Website.

The personal data provided for in clause 4.1.1. of this Policy are provided by the User and are minimally necessary for the purpose of registering the personal account of the User at the Website.

The personal data provided for in clauses 4.1.2. and 4.1.4. of this Policy are additionally provided by the User at his/her own initiative by using the "Edit" tab in the "My Profile" section of the Website.

6.3. Personal data of Users is stored only on electronic media and processed by automated means, except when non-automated processing of personal data is required in connection with the implementation of legislative requirements.

6.4. Personal data of the Users indicated in clauses 4.1.1. and 4.1.2. of this Policy is published by the Users at the Website at the relevant profiles of such Users and becomes available to all Users following registration and/or editing of the User’s personal account, unless the User elects to prohibit demonstration of his/her personal account to other Users with the exception of Users directly indicated by such User. The User determines the terms and provides access to the User’s personal data to an unlimited number of people, including by registering and using the standard functionality of the Website, as well as by choosing the privacy settings and visibility of their personal page within the functionality of the Website provided to the User. The Website Administration does not initiate or influence such choice of the User, nor does it have the purpose of obtaining the User's permission to share its personal data. Personal data of the Users is not transferred to any other third parties, except as expressly provided by the applicable legislation and this Policy.

If the User has given relevant consent, the User's personal data may be transferred to third parties-contractors of the Website Administration, provided that such contractors undertake to ensure the confidentiality of information received, in particular when using applications.

6.5. Provision of personal data of Users at the request of state agencies (local authorities) is carried out in the manner prescribed by applicable law.

6.6. In order to perform the Agreement and to provide access to the Website for the Users, the Website Administration develops and improves the existing and new functions of the Website. To ensure realization of these purposes the User agrees for the Website Administration, in compliance with applicable law, to collect, store, accumulate, systematize, extract, compare, use, fill (refine) their data, as well as to receive and transfer to affiliated persons and partners the depersonalized results of such data automated processing, using various information evaluation models, in the form of integer and/or text values and identifiers, corresponding to those specified in the evaluation requests.

6.7. Personal data of the User is deleted by the Website Administration in following cases:

  • At the User's own request to delete personal data sent to info@itnetwork.org with information sufficient to identify such User in order to process the User’s request;
  • If the Website Administration removes the information posted by the User, as well as the User's personal page according to terms of the Agreement.

In case of deletion of the User’s personal page the Website Administration may continue to store personal data of the User and information published by the User and/or transferred by the User with the use of the Website for the period required and established by applicable law.

6.8. By posting information including personal data on the User’s personal page at the Website the User acknowledges and agrees that this information may be available to other users of the Internet, taking into account the specific architecture and functionality of the Website.

6.9. The Website Administration may use cookies or similar technologies. Cookies are small text files that are stored on the User’s device and provide the Website Administration with the ability to track, store, and collect information about the User’s actions related to the Website. User may control cookies at the browser level, however, if the User disables cookies part of Website functions may become unavailable to the User until cookies are enabled again.

7. Storage of personal data and data transfer outside the European Union

7.1. Recording, systematization, accumulation, storage, improvement (updating, modification), extraction of User’s personal data is performed with the use of databases located in the territory of the United States or, if the User is a citizen of the Russian Federation – in databases located in the territory of the Russian Federation. Due to the fact that the Website Administration is unable to reliably verify the User's citizenship at the moment of his/her registration in the Social Network, the Website Administration assumes that any User, whose device settings specify the Russian Federation as the country, is a citizen of the Russian Federation. If the User's device settings specify a different country, but the User is a citizen of the Russian Federation, the User shall immediately notify the Administration of the Website of this fact by e-mail using the e-mail address specified in section 13 of this Policy.

7.2. The Website may be maintained in the United States and/or the Russian Federation. By using the Website, the User authorizes the export of personal data to the United States, or, if the User is a citizen of the Russian Federation, to the Russian Federation and its storage and use as specified in this Policy. The Website Administration may transfer personal data from the EU to the United states, the Russian Federation and other countries, which have not been determined by the European Commission to have an adequate level of data protection. Information stored in the United States and the Russian Federation may be subject to lawful requests by the courts or law enforcement authorities in the Unites States and the Russian Federation.

7.3. If the User is located in the EU, he/she may contact Website Administration via the contact details indicated in section 13 hereof if the User requires further information on the specific mechanism used by the Website Administration when transferring personal data out of the EEA.

8. Rights and obligations of Users

8.1. Users have the right to:

8.1.1. Free access to information about the User by visiting personal pages at the Website with the use of User’s username and password or other credentials as stipulated by the Agreement;

8.1.2. Independently make changes and corrections to the personal data on the personal page of the User at the Website, provided that such changes and corrections contain current and accurate information;

8.1.3. delete information about the User from the User’s personal page at the Website or request the Website Administration to delete certain information from the User’s personal page or the User’s personal page itself;

8.1.4. demand from the Website Administration to rectify (clarify) the User’s personal data, block or destroy them if such data is incomplete, outdated, unreliable, illegally obtained or not necessary for the stated purpose of processing and if it is impossible to independently perform the actions provided by clauses 8.1.2. and 8.1.3. of this Policy;

8.1.5. on the basis of a request to receive information from the Website Administration relating to the processing of his personal data, to receive electronic copy of personal data or organize direct transfer of personal data from the Website Administration to another personal data operator and/or processor where technically feasible;

8.1.6. complain about personal data processing by the Website Administration to a supervisory authority;

8.1.7. withdraw consent to personal data processing subject to deletion of User’s personal profile at the Website;

8.1.8. restrict processing of personal data and object to processing in cases as provided for by applicable law.

8.2. The Website is a universal means of communication and searching for people and the main function of the Website is to restore and maintain connections with old and new acquaintances. For this reason the following information about the User published by the User upon registration at the Website is always available to any registered User:

8.2.1. The last name and first name of the User;

8.2.2. Current and previous job positions, current and previous places of employment, profile photo, name of higher education institution that the User attended or graduated from, year (planned year) of graduation from higher education institution, start and finish dates of each job, User's portfolio;

8.2.3. A list of the User's business contacts;

8.3. When deleting personal data (other user information) from the User's personal page or deleting the User's personal page from the Website, information about the User copied by other Users or stored on other Users' pages is retained unless the User applies with a request to the Website Administration to delete such information with indication of exact location of such information at the Website.

9. Personal data protection measures

9.1. The Website Administration takes technical, organizational and legal measures to protect personal data against accidental or unlawful destruction, manipulation, damage, loss or alteration, unauthorized or unlawful access, disclosure or misuse, and all other unlawful forms of processing of personal data in possession of the Website Administration.

9.2. To ensure compliance with Federal Law of 27.06.2006, № 152-FZ "On personal data" and regulations adopted in accordance with it as well as GDPR, the Website Administration takes the following measures to protect personal data of the Users:

  • A person responsible for organizing the processing of personal data (data protection officer) has been appointed;
  • The Website Administration has adopted company regulations, policies and standards on personal data processing, security and procedures aimed at preventing and detecting violations of the laws and eliminating the consequences of such violations;
  • Legal, organizational and technical measures have been taken to ensure the security of personal data, the Website Administration uses network and information security technologies, monitors the systems and data centers to ensure that they comply with security policies
  • The technology safeguards are continuously adapted and improved in line with technological developments;
  • The Website Administration conducts regular training and awareness programs on security and privacy, to ensure that employees understand the importance of protecting personal data, and that they learn and maintain the necessary knowledge and skills effectively to protect it in practice
  • The rules of access to personal data processed in personal data information systems are established;
  • A register of actions performed with personal data in the information systems that contain personal data is maintained;
  • Rules have been established for back-up and restoration of information including personal data;
  • The Website Administration takes all reasonable measures to prevent personal data breaches. If such breaches occur the Website Administration shall take appropriate actions will be consistent with the role of the Website Administration in relation to the products, services or processes affected by the breach.

9.3. In order to access the User’s personal page at the Website, the User's login (email address or cell phone number) and password (code received via SMS or by messengers) are used. Alternatively, User may select Apple ID or Google ID authorization methods. Each User is responsible for the security of this information. The User may not give its own login and password and other credentials that are used for authorization to third parties, and is obliged to take measures to ensure their confidentiality.

10. Limitation of Policy Effect

10.1. This Policy shall not apply to the actions and Internet resources of third parties. The Website Administration shall not be responsible for the actions of the third parties, which, as a result of using the Internet or the Website, get access to the information about the User in accordance with the confidentiality level chosen by the User, for the consequences of using the information, which, due to the nature of the Website, is available to any Internet user. The Website Administration recommends Users to be responsible in deciding the amount of information about themselves published at Website.

11. User requests

11.1. Users have the right to send their requests to the Website Administration, including requests concerning processing of their personal data under clause 8.1.5. of this Policy. Requests may be sent in writing to the address: Russia, 117342, Moscow, Butlerova St., 17, floor 5, room/office 202/106 or in electronic form from an email address indicated by the User in its profile at the Website to the email address of the Website Administration: info@itnetwork.org. If the User sends a request from a different email address the Administration may require the User to provide additional information in order to properly identify such User for further processing of his/her request.

11.2. The request sent by the user must contain the following information:

  • Number, date of issue and issuing authority of the User’s the identity document;
  • User’s idenficiation number (ID) issued by the Website Administration (in particular, the user's ordinal id number or a short (sub-domain) name replacing the ordinal id number) if the User has previously created a personal account at the Website;
  • The signature of the user or his representative if the document is sent in written form by mail or courier.

11.3. The Website Administration undertakes to review and respond to the User's request within 30 days of receipt.

11.4. All correspondence received by the Website Administration from users (requests in written or electronic form) refers to restricted information and may not be disclosed without the written consent of the User. Personal data and other information about the User, who sent a request, may not be used without the User's express consent, except to respond to the received request or in cases expressly provided by applicable law.

12. Final Provisions

12.1. This Policy is obligatory for acquaintance and performance by all persons admitted to processing of personal data by the Website Administration, and the persons participating in the organization of processes of processing and safety of personal data in the Website Administration.

12.2. The Website Administration does not make decisions that give rise to legal consequences in respect of Users or otherwise affect their rights and legitimate interests, based solely on the automated processing of their personal data.

12.3. The Website Administration does not entrust the processing of personal data to other persons (processors).

12.4. The Website Administration does not carry out cross-border transfer of personal data of Users to third persons. Nevertheless, any information published by the User at the personal page of such User at the Website may become available to another User from any country including corporate and government entities due to nature of the Website.

12.5. Processing of personal date by the Website Administration is governed by legislation of the Russian Federation. This Policy is subject to update in the event of changes in the applicable law.

13. Contacts

User may contact the Website Administration by using the "Contact us" function of the Website interface.

User may contact data protection officer of the Website Administration on issues related to the processing of User’s personal data:

Address: 117342, Moscow, Butlerova St., 17, floor 5, room/office 202/106

Email address: info@itnetwork.org

Company name: Business Community LLC

Address: 117342, Moscow, Butlerova St., 17, floor 5, room/office 202/106