Regulation on the processing of personal data

Interactive product catalogue

Laboratory reactor units

News

13.11.2025

Meta-Chrom Showcases Advanced Laboratory Solutions at Chemistry-2025 Exhibition

27.10.2025

RPC Meta-chrom Co Ltd. will participate in the CHEMISTRY 2025 exhibition.

24.10.2025

Meta-chrom expands international cooperation at Business Caspian Forum in Tehran

23.07.2025

Head of the Mari El Republic Yuri Zaitsev visited RPC "Meta-chrom" Co Ltd.

21.07.2025

RPC "Meta-Chrom" Co Ltd showcased its Innovations at INNOPROM-2025 in Yekaterinburg

Regulation on the processing of personal data

1. GENERAL PROVISIONS

1.1. The Regulation on the processing of personal Data (hereinafter referred to as the Regulation) has been published and is being applied by the Limited Liability Company Meta-Chrome Research and Production Company, TIN 1215046110, OGRN 1021200757270, location address: 424028, Republic of Mari El, Yoshkar-Ola, 100 Bauman St. (hereinafter referred to as the Operator) in accordance with clause 2, part 1, art. 18.1 Federal Law of 27.07.2006 152-FZ on Personal Data.

1.2. This Regulation defines the policy, procedure and conditions of the Operator in relation to the processing of personal data obtained through the website https://en.meta-chrom.ru (further — «Website») or individual pages of the Site, by leaving messages in messengers, establishes procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations related to the processing of personal data.

1.3. All issues related to the processing of personal data that are not regulated by this Regulation are resolved in accordance with the current legislation of the Russian Federation in the field of personal data.

1.4. The Operator ensures the protection of the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Law on Personal Data.

1.5. The Operator has the right to make changes to these Regulations. When making changes, the title of the Regulation indicates the date of the last revision update. The new version of the Regulation comes into force from the moment it is posted on the website, unless otherwise provided by the new version of the Regulation.

2. TERMS USED IN THIS REGULATION

2.1. Personal data is any information relating directly or indirectly to a specific or identifiable natural person (personal data subject).

2.2. Personal Data Operator (operator)a state body, municipal body, legal entity or individual, independently or jointly with other persons, organizing and (or) processing personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations), performed with personal data.

2.3. Processing of personal data is any action (operation) or set of actions (operations) with personal data performed with or without automation tools. The processing of personal data includes, among other things: collection; recording; systematization; accumulation; storage; clarification (updating, modification); extraction; use; transfer (distribution, provision, access); depersonalization; blocking; deletion; destruction.

2.4. Automated processing of personal data processing of personal data using computer technology.

2.5. Dissemination of personal data - actions aimed at disclosure of personal data to an unspecified group of persons.

2.6. Provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain circle of persons.

2.7. Blocking of personal data - temporary termination of personal data processing (except in cases where processing is necessary to clarify personal data).

2.8. Destruction of personal data - actions that make it impossible to restore the content of personal data in the personal data information system and/or as a result of which the material carriers of personal data are destroyed.

2.9. Depersonalization of personal data is an action that makes it impossible to determine the identity of personal data to a specific personal data subject without using additional information.

2.10. The personal Data Information System is a set of personal data contained in databases and processing them, information technologies and technical means.

2.11. Cross-border transfer of personal data transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

3. PRINCIPLES, CONDITIONS AND PROCEDURE FOR PROCESSING PERSONAL DATA

3.1. Principles of personal data processing:

the processing of personal data is carried out on a lawful and fair basis;
the processing of personal data is limited to achieving specific, predetermined and legitimate goals. Processing of personal data incompatible with the purposes of personal data collection is not allowed;
it is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
only personal data that meets the purposes of their processing is subject to processing;
content and the volume of personal data processed corresponds to the stated purposes of processing. Redundancy of the processed personal data in relation to the stated purposes of their processing is not allowed;
when processing personal data, the accuracy of personal data, its sufficiency, and, where necessary, its relevance to the purposes of personal data processing are ensured. The operator takes the necessary measures or ensures that they are taken to delete or clarify incomplete or inaccurate data;
personal data must be stored in a form that makes it possible to identify the subject of personal data for no longer than the purposes of personal data processing require, unless the period of storage of personal data is established by federal law, an agreement to which the party, beneficiary or guarantor, which is the subject of personal data. The personal data being processed is subject to destruction upon achievement of the processing objectives or in case of loss of the need to achieve these objectives, unless otherwise provided by federal law.

3.2. Legal basis of personal data processing:

The processing of personal data is carried out with the consent of the personal data subject to the processing of personal data, and also without it in cases provided for by the legislation of the Russian Federation, including if the processing of personal data is necessary for the performance of a contract to which either the beneficiary or guarantor for which the personal data subject is, and also for concluding a contract on the initiative of the personal data subject or a contract, according to which the personal data subject will be the beneficiary or guarantor.

3.3. The procedure for processing personal data:

The operator performs automated processing of personal data of the site users;
persons who are familiar with the provisions of the legislation of the Russian Federation on personal data, including the requirements for personal data protection, documents defining the operator's policy regarding personal data processing, and local acts are allowed to process personal data. personal data processing issues;
disclosure and dissemination of personal data to third parties is not permitted without the consent of the personal data subject, unless otherwise provided by federal law;
the transfer of personal data to the bodies of inquiry and investigation, to the Federal Tax Service and other authorized executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation;
processing of special categories personal data concerning race, nationality, political views, religious or philosophical beliefs, or intimate life is not provided by the Operator;
cross-border transfer of personal data by the Operator is not carried out;
processing of biometric personal data by the Operator is not carried out;
oral communication with counterparties (including clients and potential clients) is carried out via a dedicated telephone line of the Operator. At the same time, the workplace of the Operator's employee, who is charged with communication, is provided with technical means that allow automated recording of telephone calls, as well as (with the consent of the personal data subject) audio recording of negotiations. In this situation, an audio recording of the received oral consent is appropriate;
if the documentation of information in the form of audio recordings on a digital dictaphone or audio cassette was carried out by an individual on his own initiative secretly, and sometimes with the aim of artificially creating evidence, then this evidence is considered inadmissible and not; legally binding on the basis of Part 2 of Article 50 of the Constitution of the Russian Federation.

4. PURPOSES OF PROCESSING, CATEGORIES OF SUBJECTS OF PERSONAL DATA, CATEGORIES AND LIST OF PERSONAL DATA TO BE PROCESSED, METHODS, TERMS OF THEIR PROCESSING AND STORAGE, PROCEDURE FOR DESTRUCTION OF PERSONAL DATA UPON ACHIEVEMENT OF GOALS OR UPON THE OCCURRENCE OF OTHER LEGITIMATE GROUNDS

4.1. Users (visitors) The site.

The purpose of personal data processing: processing and processing applications, informing about the Operator's services, sending informational messages, sending advertising newsletters, providing access to the site's services, including: sending letters to m_chrom@mari-el.ru.

Category of personal data processed: personal data.

The list of personal data processed: name, phone number, user name in the messenger, information collected through metric programs.

Terms of processing and storage of personal data: until the withdrawal of consent to the processing of personal data; until the achievement of the purposes of personal data processing or the loss of the purpose of personal data processing, unless otherwise provided by federal law.

Processing method: automated processing of personal data.

Destruction procedure: upon the expiration of the processing period of personal data or in the case of withdrawal of consent to the processing of personal data, the personal data of the personal data subject is destroyed by the responsible person of the operator. The destruction of personal data on electronic media is carried out by mechanically violating the integrity of the media, which does not allow reading or restoring personal data, or by deleting it from electronic media using methods and means to ensure the removal of residual information. The fact of destruction of PD is documented by the act of destruction of media.

4.2. Counterparties (including clients, potential clients)

The purpose of personal data processing is to conclude and execute a contract, inform about the Operator's goods and services, send informational messages, send promotional newsletters, provide access to the site's services, including: sending letters to: m_chrom@mari-el.ru.

Category of personal data processed: personal data.

The list of personal data processed: first name, last name, patronymic, phone number, user name in the messenger, INN, registration address, residential address, bank account details, email address.

Processing method: automated, non-automated processing of personal data.

5. BASIC RIGHTS OF PERSONAL DATA SUBJECTS

Subjects of personal data have the right to:

5.1. full information about their personal data processed by the Operator;

5.2. access to their personal data, including the right to receive a copy of any record containing their personal data, with the exception of cases provided for by the legislation of the Russian Federation;

5.3. clarification of their personal data, their blocking or destruction in the event that the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;

5.4. revocation of consent to the processing of personal data;

5.5. taking legal measures to protect their rights;

5.6. appeal against the Operator's actions or omissions carried out in violation of the requirements of the legislation of the Russian Federation in the field of personal data to the authorized body for the protection of the rights of personal data subjects or to the court;

5.7. exercise of other rights provided for by the legislation of the Russian Federation.

6. REVOCATION OF CONSENT TO THE PROCESSING OF PERSONAL DATA

6.1. Consent to the processing (including distribution) of personal data may be revoked by Users or their representatives by sending a written application to the Operator at the email address: sending letters to the email address: m_chrom@mari-el.ru or by postal address: 424028, Republic of Mari El, Yoshkar-Ola, 100 Bauman St.

6.2. In case of withdrawal of consent to the processing of personal data, the operator has the right to continue processing personal data without the user's consent, provided there are grounds specified in paragraphs 2 - 11, part 1, Article 6 of the Law on Personal Data.

7. ACTIONS PERFORMED BY THE PERSONAL DATA OPERATOR DURING THE PROCESSING OF PERSONAL DATA

7.1. The Operator has the right to perform the following actions: collection; recording; systematization; accumulation; storage; refinement (updating, modification); extraction; use; transfer (provision, access); deletion; destruction.

7.2. The operator has the right to entrust the processing of personal data to another person with the consent of the personal data subject, on the basis of a contract concluded with this person. The person who processes personal data on behalf of the operator is obliged to comply with the principles and rules of personal data processing provided for by the Law on Personal Data, and to respect the confidentiality of personal data.

8. STORAGE OF PERSONAL DATA

8.1. Personal data of subjects may be obtained, further processed and transferred to electronic storage.

8.2. Personal data of subjects processed using automation tools for different purposes are stored in different folders.

8.3. It is not allowed to store and post documents containing personal data in open electronic catalogs (file sharing sites) in the personal data information system.

9. MEASURES TAKEN BY THE OPERATOR TO ENSURE THE SECURITY OF PERSONAL DATA, ASSESSMENT OF THE HARM THAT MAY BE CAUSED TO PERSONAL DATA SUBJECTS

9.1. The measures necessary to ensure the security of the personal data processed by the operator include:

appointment of a person responsible for the organization of personal data processing;
adoption of local regulations and other documents in the field of personal data processing and protection;
compliance with the conditions ensuring the safety of personal data and excluding unauthorized access to them;
detection of unauthorized access to personal data;
conducting methodical work with persons authorized to working with personal data;
obtaining the consent of personal data subjects to the processing of their personal data, with the exception of cases provided for by the legislation of the Russian Federation;
ensuring the separate storage of personal data and their tangible media, which are processed for different purposes and which contain different categories of personal data;
ensuring the security of personal data when they are transferred by open communication channels;
identification of current threats to the security of personal data during their processing in the personal data information system and development of measures and measures to protect personal data;
the use of certified antivirus software with regularly updated databases;
storage of tangible personal data carriers in compliance with conditions that ensure the safety of personal data and exclude unauthorized access to them;
implementation of internal control and audit of compliance of personal data processing with the Law on Personal Data and regulatory legal acts adopted in accordance with it, requirements for personal data protection, this Regulation, and local regulatory acts of the Operator;
other measures provided for by the legislation of the Russian Federation in the field of personal data.

9.2. The assessment of the harm that may be caused to personal data subjects in the event of an Operator's violation of the requirements of the Law on Personal Data is determined in accordance with the Order of the Federal Service for Supervision of Communications, Information Technology and Mass Communications. communications from 10.27.2022 № 178.

10. DUTIES OF THE PERSONAL DATA OPERATOR

10.1. In case of detection of unlawful processing or inaccuracy of personal data, when contacting the personal data subject or his representative, or at the request of the personal data subject or his representative or the authorized body for the protection of the rights of personal data subjects, the operator is obliged to block unlawfully processed or inaccurate personal data related toto this subject of personal data, or to ensure their blocking (if the processing of personal data is carried out by another person, acting on behalf of the operator) from the moment of such request or receipt of the specified request for the verification period.

10.2. In case of confirmation of the inaccuracy of personal data, the operator, based on information provided by the personal data subject or his representative or the authorized body for the protection of the rights of personal data subjects, or other necessary documents, is obliged to clarify the personal data or provide clarification (if personal data processing performed by another person acting on behalf of the operator) within seven business days from the date of submission of such information and to remove the blocking of personal data.

10.3. In case of detection of unlawful processing of personal data carried out by the operator or a person acting on behalf of the operator, the operator, within a period not exceeding three working days from the date of this detection, is obliged to stop the unlawful processing of personal data or ensure the termination of the unlawful processing. personal data of a person acting on behalf of the operator. In the event that it is impossible to ensure the legality of the processing of personal data, the operator is obliged to destroy such personal data or ensure their destruction within a period not exceeding ten working days from the date of detection of the unlawful processing of personal data. The operator is obliged to notify the personal data subject or his representative about the elimination of violations or the destruction of personal data, and if the request of the personal data subject or his representative or the request of the authorized body for the protection of the rights of personal data subjects has been sent by the authorized body for the protection of the rights of personal data subjects, as well as the specified authority.

10.4. In the event that the fact of unlawful or accidental transfer (provision, dissemination, access) of personal data is established, which has resulted in a violation of the rights of personal data subjects, the operator is obliged to notify the authorized body from the moment such incident is identified by the operator, the authorized body for the protection of the rights of personal data subjects or another interested person. on protection of the rights of personal data subjects:

within twenty-four hours about the incident, the alleged causes that led to the violation of the rights of personal data subjects, and the alleged harm caused to the rights of personal data subjects, and the measures taken to eliminate the consequences of the incident, and also provide information about the person authorized by the operator to interact with the authorized body for the protection of the rights of personal data subjects on issues related to the identified incident.
within seventy-two hours about the results of the internal investigation of the identified incident, and also provide information about the persons whose actions caused the identified incident (if any).

10.5. If the purpose of personal data processing is achieved, the operator is obliged to stop processing personal data or ensure its termination (if personal data processing is carried out by another person acting on behalf of the operator) and destroy personal data or ensure their destruction (if personal data processing is carried out by another person acting on behalf of the operator) within a period not exceeding thirty days from the date of achievement of the purpose of processing personal data, unless otherwise provided by the contract, to which the personal data subject is a party, beneficiary, or guarantor, by another agreement between the operator and the personal data subject, or if the operator is not entitled to process personal data without the consent of the personal data subject on the grounds provided for by this Federal Law or other federal laws. laws.

10.6. In the event that the personal data subject withdraws consent to the processing of his personal data, the operator is obliged to terminate their processing or ensure the termination of such processing (if the processing of personal data is carried out by another person acting on behalf of the operator) and in the event that the storage of personal data is no longer required for the purposes of personal data processing, to destroy personal data or ensure their destruction (if personal data is processed by another person, acting on behalf of the operator) for a period not exceeding thirty days from the date of receipt of the said review, unless otherwise provided by an agreement to which the personal data subject is a party, beneficiary or guarantor, or any other agreement between the operator and by the personal data subject or if the operator does not have the right to process personal data without the consent of the personal data subject on the grounds provided for by this Federal Law or other federal laws.

10.7. If a personal data subject requests the operator to terminate the processing of personal data, the operator must terminate them within a period not exceeding ten business days from the date of receipt by the operator of the relevant request. Processing or ensure the termination of such processing (if such processing is carried out by the person processing personal data), with the exception of the cases provided for in paragraphs 2-11 of part 1 of Article 6, part 2 of Article 10 and part 2 of Article 11 of the Law on Personal Data. The specified period may be extended, but not for more than five working days if the operator sends a reasoned notification to the address of the personal data subject indicating the reasons for extending the deadline for providing the requested information.

10.8. If it is not possible to destroy personal data within the above-mentioned time limits, the operator shall block such personal data or ensure their blocking (if the processing of personal data is carried out by another person acting on behalf of the operator) and ensure the destruction of personal data in the term is not more than six months, unless another term is established by federal laws.

10.9. The destruction of personal data is confirmed by an act.

10.10. The operator is obliged to inform the personal data subject or his representative about the availability of personal data related to the relevant personal data subject, and also provide an opportunity to review these personal data when contacting the personal data subject or his representative, or within ten working days from the date of receipt of the request from the personal data subject or his representative. The specified period may be extended, but not for more than five working days if the operator sends a reasoned notification to the address of the personal data subject indicating the reasons for extending the deadline for providing the requested information.

10.11. The Operator is obliged to provide, free of charge, the personal data subject or his representative with the opportunity to get acquainted with personal data related to this personal data subject. Within a period not exceeding seven business days from the date on which the personal data subject or his representative provides information confirming that the personal data is incomplete, inaccurate or outdated, the operator is obliged to make the necessary changes to them. Within a period not exceeding seven business days from the date on which the personal data subject or his representative submits information confirming that such personal data was unlawfully obtained or is not necessary for the stated purpose of processing, the operator is obliged to destroy such personal data. The operator is obliged to notify the personal data subject or his representative of the changes made and the measures taken, and to take reasonable measures to notify third parties to whom the personal data of this subject has been transferred.

10.12. The operator is obliged to inform the authorized body for the protection of the rights of personal data subjects at the request of this body of the necessary information within ten working days from the date of receipt of such request. The specified period may be extended, but not for more than five working days if the operator sends a reasoned notification to the authorized body for the protection of the rights of personal data subjects, indicating the reasons for extending the deadline for providing the requested information.

10.13. The Operator is also obliged to perform other actions stipulated by the current legislation of the Russian Federation.

11. PRIVACY

11.1. Operators and other persons who have obtained access to personal data are required not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.

11.2. The website uses an identification technology based on the use of cookies.

11.3. When a User accesses the Site, cookies may be stored on the computer used by them for access, which will later be used to automatically authorize the User on the Site, as well as to collect statistical data, includingin particular, about the site's resource traffic.

11.4. Cookies are used for the purposes of website operation, retargeting, and statistical research and reviews using the Yandex service. Yandex. Metrica and other services.

11.5. If the user does not agree to the processing of the above data, the User must change the browser settings or leave the site.

11.6. The Operator does not sell or otherwise disclose the information received about the User, except as provided in these Regulations. The Operator may transfer the User's personal data, subject to obtaining the appropriate consent.: to service providers who provide services for the purpose of fulfilling concluded contracts. These service providers do not have the right to use or disclose the information received, except in cases where it is necessary to comply with legal requirements.

News