Settings
We use cookies (files with data about past visits to the site) and other similar technologies to ensure the usability of the site and improve the user experience. I agree to the use of these technologies by Sber on the terms specified in the Sber500 Cookie Use Policy
SBER500 PERSONAL DATA PROCESSING AND PROTECTION POLICY
This document defining the Data Controller's policy regarding the processing and protection of personal data (hereinafter, the "Policy") is adopted and developed in accordance with the requirements of Federal Law of the Russian Federation dated 27/07/2006 No. 152-ФЗ
(152-FZ) "On Personal Data", as well as in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter, the "GDPR") and deals with the processing of personal data of representatives of the Participants and/or visitors to the Website (URL): https://sberbank-500.ru
(152-FZ) "On Personal Data", as well as in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter, the "GDPR") and deals with the processing of personal data of representatives of the Participants and/or visitors to the Website (URL): https://sberbank-500.ru
Terms and Definitions
"Personal Data" means any information relating directly or indirectly to an identified or identifiable individual (the Data Subject);
"Processing of Personal Data" ("Processing") means any action (transaction) or set of actions (transactions) performed with or without the use of automation tools with Personal Data, including collection, recording, systematization, accumulation, storage, rectification (update, change), extraction, use, transfer (provision, access) to third parties, depersonalization, blocking, removal, destruction of Personal Data;
"Controller" means Sberbank (address: 19 Vavilova St., Moscow, 117312, Russia, e-mail: help@sberbank-500.ru, tel: 8 (800) 555-55-50);
"Program" means the Controller's program for selecting and training participants - startup projects to develop teams and their business projects in order to find synergies for pilot projects and organization of cooperation, as well as to attract investment, organize other events (Sber500), the terms of participation in which are regulated by the Sber500 Accelerator Participation Rules available at the following link (URL): https://sberbank-500.ru
"Confidentiality of Personal Data" means a mandatory requirement for the Controller, other person who received access to Personal Data not to allow their disclosure and dissemination without a legitimate reason;
"Website" means a collection of linked web pages located on the Internet at a unique address (URL): https://sberbank-500.ru. For purposes of this Policy, the Website also means the relevant web page where Users apply to participate in the Program;
"User" means a representative of a legal entity who has applied for participation in the Program by filling out a questionnaire posted on the Internet at the unique address (URL): https://sberunity.ru/registration;
"Cookie" means a small piece of data that a website requests from the browser used on your computer or mobile device. Cookie technology allows a website to "remember" the User's actions or preferences. Cookies are stored locally on the User's computer or mobile device. Users can delete stored cookies at will;
"Participant" means a startup project participating in the Program (admitted to the participation in Phase II of the Program).
Any terms and definitions used in the Policy that are not mentioned in this section will be interpreted systematically, in connection with other terms, separate conditions, and according to the meaning derived from the text of the Policy. If it is not possible to determine the content of a term or concept from the text of the Policy, the definition of the relevant term or concept shall be determined in accordance with the Sber500 Accelerator Participation Rules and the applicable law or based on the existing law enforcement practice.
"Processing of Personal Data" ("Processing") means any action (transaction) or set of actions (transactions) performed with or without the use of automation tools with Personal Data, including collection, recording, systematization, accumulation, storage, rectification (update, change), extraction, use, transfer (provision, access) to third parties, depersonalization, blocking, removal, destruction of Personal Data;
"Controller" means Sberbank (address: 19 Vavilova St., Moscow, 117312, Russia, e-mail: help@sberbank-500.ru, tel: 8 (800) 555-55-50);
"Program" means the Controller's program for selecting and training participants - startup projects to develop teams and their business projects in order to find synergies for pilot projects and organization of cooperation, as well as to attract investment, organize other events (Sber500), the terms of participation in which are regulated by the Sber500 Accelerator Participation Rules available at the following link (URL): https://sberbank-500.ru
"Confidentiality of Personal Data" means a mandatory requirement for the Controller, other person who received access to Personal Data not to allow their disclosure and dissemination without a legitimate reason;
"Website" means a collection of linked web pages located on the Internet at a unique address (URL): https://sberbank-500.ru. For purposes of this Policy, the Website also means the relevant web page where Users apply to participate in the Program;
"User" means a representative of a legal entity who has applied for participation in the Program by filling out a questionnaire posted on the Internet at the unique address (URL): https://sberunity.ru/registration;
"Cookie" means a small piece of data that a website requests from the browser used on your computer or mobile device. Cookie technology allows a website to "remember" the User's actions or preferences. Cookies are stored locally on the User's computer or mobile device. Users can delete stored cookies at will;
"Participant" means a startup project participating in the Program (admitted to the participation in Phase II of the Program).
Any terms and definitions used in the Policy that are not mentioned in this section will be interpreted systematically, in connection with other terms, separate conditions, and according to the meaning derived from the text of the Policy. If it is not possible to determine the content of a term or concept from the text of the Policy, the definition of the relevant term or concept shall be determined in accordance with the Sber500 Accelerator Participation Rules and the applicable law or based on the existing law enforcement practice.
2. Subject Matter of the Policy
2.1. This Policy applies to the processing of Personal Data of Participants, Users and / or visitors to the Website, as well as of persons who have sent messages to the Organizer through the feedback forms posted on the Website.
2.2. For more information about the list and purposes of processing your Personal Data, see the table below:
2.2. For more information about the list and purposes of processing your Personal Data, see the table below:
3. Procedure and periods of processing Personal Data
3.1. To achieve the above purposes, the Controller may process the Personal Data specified in clause 2.2 of the Policy, both using automation tools (and without their use) with the following actions: collection, receipt, recording, systematization, accumulation, storage, rectification (updating, modification), extraction, use, blocking, deletion, destruction, depersonalization.
3.2. Detailed conditions for processing cookies are set out in the Sber500 Cookies Policy posted on the Website.
3.3. Personal Data shall be processed for as long as necessary to achieve the aforementioned purposes or to comply with applicable law.
3.4. Processing of Personal Data for analytical, statistical, marketing studies and surveys, formation of personal offers on their basis, sending advertising and marketing mailings, as well as in other cases, where the processing of Personal Data is based on the consent given by the Data Subject for the relevant processing purpose, shall be carried out until the revocation of the consent by the Data Subject or until the expiration of such consent.
3.5. Processing of Personal Data may take place after the end of the Program, on the Website in cases stipulated by applicable law.
3.6. Destruction of Personal Data in electronic form shall be carried out by software or hardware means excluding the restoration of destroyed data, including residual information within the time frames and in cases stipulated by applicable law, in particular, when the purposes of processing are achieved, as well as in case of the withdrawal of consent (if processing is carried out on the basis of consent) in the absence of grounds for further processing. Destruction of Personal Data processed without the use of automation tools shall be carried out by destroying the tangible media of such data.
3.7. Specific purposes of Processing of Personal Data, their composition, actions taken with them may also be brought to the attention of the Data Subject during the collection of Personal Data in a manner and form appropriate to the source of receipt and the basis for Processing of such Personal Data (e.g., consent to the Processing of Personal Data).
3.2. Detailed conditions for processing cookies are set out in the Sber500 Cookies Policy posted on the Website.
3.3. Personal Data shall be processed for as long as necessary to achieve the aforementioned purposes or to comply with applicable law.
3.4. Processing of Personal Data for analytical, statistical, marketing studies and surveys, formation of personal offers on their basis, sending advertising and marketing mailings, as well as in other cases, where the processing of Personal Data is based on the consent given by the Data Subject for the relevant processing purpose, shall be carried out until the revocation of the consent by the Data Subject or until the expiration of such consent.
3.5. Processing of Personal Data may take place after the end of the Program, on the Website in cases stipulated by applicable law.
3.6. Destruction of Personal Data in electronic form shall be carried out by software or hardware means excluding the restoration of destroyed data, including residual information within the time frames and in cases stipulated by applicable law, in particular, when the purposes of processing are achieved, as well as in case of the withdrawal of consent (if processing is carried out on the basis of consent) in the absence of grounds for further processing. Destruction of Personal Data processed without the use of automation tools shall be carried out by destroying the tangible media of such data.
3.7. Specific purposes of Processing of Personal Data, their composition, actions taken with them may also be brought to the attention of the Data Subject during the collection of Personal Data in a manner and form appropriate to the source of receipt and the basis for Processing of such Personal Data (e.g., consent to the Processing of Personal Data).
4. Legal Grounds for Processing of Personal Data
4.1. The Controller shall process the Personal Data specified in clause 2.2 of the Policy only if one of the following legal grounds for such Processing applies:
• the Data Subject has consented to the Processing of such data for the purposes specified in clause 2.2 of the Policy;
• the processing of Personal Data is necessary for the Controller to be able to enter into a contract with the Data Subject and to perform its contractual obligations (in particular those provided for in the Sber500 Accelerator Participation Rules);
• the processing of Personal Data is necessary in order to fulfill the obligation imposed on the Controller by the laws of the Russian Federation or the GDPR;
• other applicable legal ground provided for by the laws of the Russian Federation or the GDPR.
4.2. The Controller shall provide Personal Data to the public and local authorities, courts, law enforcement agencies, and other authorized bodies in the cases and in the manner prescribed by Russian laws or the GDPR. The Controller shall provide the information to the public authorities only after making sure that the request is legitimate and justified. The Controller shall provide the public authorities with the minimum possible amount of information, which is expressly provided for by law.
4.3. Provision of Personal Data, if the Processing is supposed to be based on the consent of the Data Subject, is voluntary, the absence of such consent makes it impossible for the Controller to carry out the Processing for specific purposes, in particular for marketing purposes. However, without obtaining certain Personal Data, the Controller will not be able to fulfill its obligations under the Program to the relevant startup project, so failure to provide them will result in the inability of such startup project to participate in the Program.
4.4. Sources of obtaining Personal Data: the Data Subjects directly, as well as authorized representatives of the relevant Participants.
• the Data Subject has consented to the Processing of such data for the purposes specified in clause 2.2 of the Policy;
• the processing of Personal Data is necessary for the Controller to be able to enter into a contract with the Data Subject and to perform its contractual obligations (in particular those provided for in the Sber500 Accelerator Participation Rules);
• the processing of Personal Data is necessary in order to fulfill the obligation imposed on the Controller by the laws of the Russian Federation or the GDPR;
• other applicable legal ground provided for by the laws of the Russian Federation or the GDPR.
4.2. The Controller shall provide Personal Data to the public and local authorities, courts, law enforcement agencies, and other authorized bodies in the cases and in the manner prescribed by Russian laws or the GDPR. The Controller shall provide the information to the public authorities only after making sure that the request is legitimate and justified. The Controller shall provide the public authorities with the minimum possible amount of information, which is expressly provided for by law.
4.3. Provision of Personal Data, if the Processing is supposed to be based on the consent of the Data Subject, is voluntary, the absence of such consent makes it impossible for the Controller to carry out the Processing for specific purposes, in particular for marketing purposes. However, without obtaining certain Personal Data, the Controller will not be able to fulfill its obligations under the Program to the relevant startup project, so failure to provide them will result in the inability of such startup project to participate in the Program.
4.4. Sources of obtaining Personal Data: the Data Subjects directly, as well as authorized representatives of the relevant Participants.
5. Rights of the Data Subject, Obligations of the Controller
5.1. The Data Subject has the right, if the relevant right is provided for by the laws applicable to the relationship between the particular Data Subject and the Controller:
5.1.1. Withdraw their consent to the Processing of Personal Data by filling out the web form posted on the Internet at the unique address (URL): https://sberunity.ru/registration (if possible), or by sending a scanned copy of a free-form written notice with their signature or the signature of their representative, containing explicit withdrawal of the consent to the Processing of Personal Data, to the e-mail address: help@sberbank-500.ru, or the original of such notice to the Controller by registered mail with the list of enclosures or by courier service or by hand delivery against signature to the authorized representative of the Controller. The Controller shall cease Processing of Personal Data on the basis of such consent, unless otherwise provided for in the laws of the Russian Federation, GDPR.
5.1.2. Request confirmation of the processing of their Personal Data. In the case of such Processing, the Data Subject has the right to be acquainted with the Personal Data being processed, as well as with the information about the purposes of the Processing, categories of the processed data, actions with the data, recipients of the data and guarantees in case of transferring data to third parties, the period of Processing, sources of the data, availability of an exclusively automated decision-making process, inclusion of the Data Subject in the Controller's marketing mailings. The Data Subject also has the right to receive a list of the Personal Data to be processed.
5.1.3. Request to have their Personal Data corrected if they discover inaccuracies in the Personal Data being processed by the Controller. Taking into account the purposes of the Processing, the Data Subject has the right to make additions to the Personal Data, including by providing an additional application.
5.1.4. Initiate a restriction on the Processing of their Personal Data if one of the following conditions applies:
• the accuracy of Personal Data is challenged by the Data Subject (limitation on the time required by the Controller to confirm the correctness of Personal Data);
• unlawful Processing of Personal Data has been detected, the Data Subject objects to the deletion of his or her Personal Data and instead requests that its use be restricted;
• The Controller no longer requires Personal Data for the purposes of Processing, but it is required by the Data Subject in order to substantiate, enforce lawsuits or control defense in lawsuits;
• the Data Subject objects to Processing of their Personal Data (limitation on the period of time required for the Controller to establish whether the Controller's legal grounds for Processing of Personal Data prevail over the data subject's legal grounds, in case of Processing on the relevant ground).
5.1.5. Request deletion (destruction) of their Personal Data if one of the following conditions applies:
• Personal Data is no longer required for the purposes for which it was obtained;
• The Data Subject withdraws the consent on the basis of which the Processing was carried out, if there is no other legal basis for the Processing;
• Personal Data is processed illegally;
• Personal Data must be destroyed in order to comply with obligations under applicable law;
• Personal Data was obtained as part of Information Society Services.
5.1.6. The Data Subject has the right to request in a structured, universal and machine-readable format a list of their Personal Data to be processed by the Controller, and to instruct the Controller to transfer such data to a third party if the Controller has the appropriate technical capability. In this case, the Controller shall not be liable for the actions of a third party committed later with Personal Data.
5.1.7. The Data Subject has the right to object to the Processing of part or all of his or her Personal Data for the purposes specified in Section 3 of the Policy, unless the legitimate grounds for the Processing prevail over the interests, rights and freedoms of the Data Subject or the Processing is necessary to substantiate, enforce lawsuits or control defense in lawsuits.
5.1.8. The Data Subject has the right to complain to a supervisory authority if the Controller violates their rights in any way during the Processing of Personal Data.
5.2. The Controller shall process personal data of the Data Subject and ensure confidentiality and protection of the processed Personal Data in accordance with the requirements of Federal Law of 27/07/2006 No. 152-ФЗ (152-FZ) "On Personal Data", as well as the GDPR. When processing Personal Data, the Controller shall take necessary legal, organizational and technical measures to protect Personal Data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of Personal Data, as well as from other unlawful actions in relation to Personal Data.
5.3. If the Processing of Personal Data is based on the consent of the Data Subject, the Controller shall carry out the Processing within the period specified in the relevant consent for the Processing of Personal Data. Notwithstanding the above, in cases where Personal Data is processed on other legal grounds, the Controller may store Personal Data for the period of time necessary to achieve the purposes specified in clause 3.1 of the Policy, and upon achievement of such purposes, the relevant Personal Data shall be deleted.
5.1.1. Withdraw their consent to the Processing of Personal Data by filling out the web form posted on the Internet at the unique address (URL): https://sberunity.ru/registration (if possible), or by sending a scanned copy of a free-form written notice with their signature or the signature of their representative, containing explicit withdrawal of the consent to the Processing of Personal Data, to the e-mail address: help@sberbank-500.ru, or the original of such notice to the Controller by registered mail with the list of enclosures or by courier service or by hand delivery against signature to the authorized representative of the Controller. The Controller shall cease Processing of Personal Data on the basis of such consent, unless otherwise provided for in the laws of the Russian Federation, GDPR.
5.1.2. Request confirmation of the processing of their Personal Data. In the case of such Processing, the Data Subject has the right to be acquainted with the Personal Data being processed, as well as with the information about the purposes of the Processing, categories of the processed data, actions with the data, recipients of the data and guarantees in case of transferring data to third parties, the period of Processing, sources of the data, availability of an exclusively automated decision-making process, inclusion of the Data Subject in the Controller's marketing mailings. The Data Subject also has the right to receive a list of the Personal Data to be processed.
5.1.3. Request to have their Personal Data corrected if they discover inaccuracies in the Personal Data being processed by the Controller. Taking into account the purposes of the Processing, the Data Subject has the right to make additions to the Personal Data, including by providing an additional application.
5.1.4. Initiate a restriction on the Processing of their Personal Data if one of the following conditions applies:
• the accuracy of Personal Data is challenged by the Data Subject (limitation on the time required by the Controller to confirm the correctness of Personal Data);
• unlawful Processing of Personal Data has been detected, the Data Subject objects to the deletion of his or her Personal Data and instead requests that its use be restricted;
• The Controller no longer requires Personal Data for the purposes of Processing, but it is required by the Data Subject in order to substantiate, enforce lawsuits or control defense in lawsuits;
• the Data Subject objects to Processing of their Personal Data (limitation on the period of time required for the Controller to establish whether the Controller's legal grounds for Processing of Personal Data prevail over the data subject's legal grounds, in case of Processing on the relevant ground).
5.1.5. Request deletion (destruction) of their Personal Data if one of the following conditions applies:
• Personal Data is no longer required for the purposes for which it was obtained;
• The Data Subject withdraws the consent on the basis of which the Processing was carried out, if there is no other legal basis for the Processing;
• Personal Data is processed illegally;
• Personal Data must be destroyed in order to comply with obligations under applicable law;
• Personal Data was obtained as part of Information Society Services.
5.1.6. The Data Subject has the right to request in a structured, universal and machine-readable format a list of their Personal Data to be processed by the Controller, and to instruct the Controller to transfer such data to a third party if the Controller has the appropriate technical capability. In this case, the Controller shall not be liable for the actions of a third party committed later with Personal Data.
5.1.7. The Data Subject has the right to object to the Processing of part or all of his or her Personal Data for the purposes specified in Section 3 of the Policy, unless the legitimate grounds for the Processing prevail over the interests, rights and freedoms of the Data Subject or the Processing is necessary to substantiate, enforce lawsuits or control defense in lawsuits.
5.1.8. The Data Subject has the right to complain to a supervisory authority if the Controller violates their rights in any way during the Processing of Personal Data.
5.2. The Controller shall process personal data of the Data Subject and ensure confidentiality and protection of the processed Personal Data in accordance with the requirements of Federal Law of 27/07/2006 No. 152-ФЗ (152-FZ) "On Personal Data", as well as the GDPR. When processing Personal Data, the Controller shall take necessary legal, organizational and technical measures to protect Personal Data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of Personal Data, as well as from other unlawful actions in relation to Personal Data.
5.3. If the Processing of Personal Data is based on the consent of the Data Subject, the Controller shall carry out the Processing within the period specified in the relevant consent for the Processing of Personal Data. Notwithstanding the above, in cases where Personal Data is processed on other legal grounds, the Controller may store Personal Data for the period of time necessary to achieve the purposes specified in clause 3.1 of the Policy, and upon achievement of such purposes, the relevant Personal Data shall be deleted.
6. Final Provisions
6.1. This Policy shall become effective upon approval and remain in effect until it is amended and/or a new version is adopted by the Controller.
6.2. The Policy may be updated or otherwise modified by the Controller from time to time, and any changes shall be published by the Controller. Such changes shall come into force from the time of their publication. The User agrees to read the terms of this Policy independently regarding making changes.
6.2. The Policy may be updated or otherwise modified by the Controller from time to time, and any changes shall be published by the Controller. Such changes shall come into force from the time of their publication. The User agrees to read the terms of this Policy independently regarding making changes.
7. How to Contact Us about Personal Data Processing
In case of any questions, suggestions or intentions to exercise one or more of the data subject's rights regarding the Processing of Personal Data, the data subject is entitled to contact the Controller using the following contact information:
Address: 19 Vavilova St., Moscow, 117312, Russia
· Email: help@sberbank-500.ru
· Phone: 8 (495) 547-99-81
Address: 19 Vavilova St., Moscow, 117312, Russia
· Email: help@sberbank-500.ru
· Phone: 8 (495) 547-99-81
Level up your project
help@sberbank-500.ru
© 1997 – 2022 Sberbank
General license for banking operations dd. August 11, 2015. Reg. No – 1481
General license for banking operations dd. August 11, 2015. Reg. No – 1481