ABBYY LLC Regulations for the Processing of Personal Data

ABBYY LLC Regulations for the Processing of Personal Data Provided by Personal Data Subjects via the ABBYY Websites.

These ABBYY LLC Regulations for the Processing of Personal Data Provided by Personal Data Subjects via the ABBYY Websites (hereinafter referred to as “these Regulations”) govern the collection, recording, systematization, accumulation, storage, adjustment (i.e. updating and modification), extraction, use, transfer, depersonalization, blocking, deletion, and destruction of personal data provided by visitors to the Website (as defined below) when completing the online form on the Website.

1. Terms and Definitions

Automated processing of personal data means the processing of personal data by means of computers. The processing of personal data shall not be deemed to be automated if personal data are merely stored in a computer storage system or are retrieved from such a system.

Company means ABBYY, a limited liability company, registered at ul. Otradnaya 2B, building 6, office 12, 127273, Moscow.

Confidentiality of personal data means the obligation of the operator or other persons having access to personal data to prevent the disclosure of personal data to third parties and any dissemination of personal data without the prior consent of the personal data subject, unless otherwise required by Federal law.

Anonymization of personal data means any actions that make it impossible to connect personal data with their subject without the use of additional information.

Processing of personal data means any action (operation) or set of actions (operations) on personal data, either automated or not, including collection, recording, systematization, accumulation, storage, adjustment (i.e. updates and modification), extraction, use, transfer (i.e. dissemination, provision, or grant of access), anonymization, blocking, deletion, and destruction of personal data.

Personal data means any information relating directly or indirectly to an identified or identifiable natural person (“personal data subject”).

Provision of personal data means any action aimed at disclosure of personal data to a specific person or a specific group of persons.

Dissemination of personal data means any action aimed at disclosure of personal data to any number of unspecified persons.

Personal data subject means the natural person that is directly or indirectly identified or is identifiable by means of the personal data.

Destruction of personal data means any action that makes it impossible to restore the personal data in a computer storage system and/or resulting in the destruction of the tangible media on which the personal data are stored.

Website means any of the following websites: www.abbyy.com, docflow.ru, digitalenterprise.ru, and digenforum.ru together with their online forms where visitors are asked to enter their personal data.

2. General Provisions

2.1. The processing of personal data by the Company is governed by the following principles:

  • • personal data shall be processed on a legal and equitable basis;
  • • personal data shall only be processed for specific, predefined, and legal purposes;
  • • the content and scope of personal data processed by the Company shall be consistent with the declared processing purposes; no personal data shall be processed unless they are really necessary for the declared processing purposes;
  • • databases where personal data are stored shall not be merged if they contain personal data whose processing purposes are incompatible;
  • • personal data shall be accurate, sufficient and, where necessary, up to date for the processing purposes;
  • • personal data shall be stored in a format that allows the identification of their subject for a period of time necessitated by the processing purposes, unless a different storage period is established by Federal law or an agreement where the personal data subject is a party, a beneficiary or an underwriter.

2.2. Taking into account the large number of documents containing personal data and the strict storage procedures currently in place, such documents will not be labelled as “confidential”.

2.3. The Company may, in the course of its business, provide personal data to government bodies that are entitled by law to receive such personal data, and to counterparties of the Company (e.g. banks, insurance companies, dealers, etc.), in strict compliance with the security requirements applicable to such personal data.

2.4. These Regulations apply to all of the Company’s executives and employees, either full-time or part-time, as well as to executives and employees of third parties that have entered into agreements with the Company and are involved in the processing of personal data.

3. Purposes of collecting personal data

3.1. The Company shall process personal data for any of the following purposes:

3.1.1. Registration/authorization on the Website;

3.1.2. Processing of orders placed via the Website, including as part of events organized by the Company;

3.1.3. Promotion of Company goods, works, and services to Website visitors by contacting them directly using diverse means of communication;

3.1.4. Analysis and assessment of the Website, assessment of the purchasing power of Website visitors, and providing them with personalized recommendations;

3.1.5. Informing Website visitors about special offers, promotions, discounts, and events by means of e-mail and SMS messages.

4. Legal basis for the processing of personal data

4.1. The Company will not process personal data without the prior consent of the personal data subject provided via an online form available on the Website.

4.2. The Company will only process personal data where such processing of personal data is necessary for the purposes set forth in international treaties entered into by the Russian Federation or in the applicable laws and to perform its obligations and functions as required by Russian law and international treaties.

4.3. The Company will process personal data where such processing is required by agreements where the personal data subject is a party or beneficiary or when the processing of personal data is necessary in order to execute an agreement initiated by the personal data subject or an agreement where personal data subject is a beneficiary.

5. Scope and categories of personal data

5.1. The Company will process, either by automated means or manually, the following categories of personal data that it may receive via the Website or via ABBYY software products:

  • • First name, last name, and patronymic
  • • Country;
  • • City;
  • • Type of software;
  • • Company name;
  • • Company industry;
  • • Company website;
  • • Partner status;
  • • Job title;
  • • E-mail address;
  • • Phone number;
  • • Age.

5.2. The Company will process personal data to the extent necessary for cooperation with prospective and existing customers subject to the consent of the personal data subjects.

5.3. The Company will delete personal data within 1 year following the attainment of the purposes of the processing of the personal data, unless the laws of the Russian Federation require otherwise.

5.4. The Company may use cookie files on its Website. Cookie files contain no personal data and are only used to customize the Website for a particular end-user’s device. The actual cookie settings depend on the browser settings in the end-user’s device when visiting the Website.

5.5. The Company obtains the IP addresses of visitors to the Website and the addresses of referring websites. Such information is not used to identify personal data subjects.

6. Procedures used for the processing of personal data

6.1. If personal data of a particular data subject are found to be inaccurate, the Company will, upon request from the personal data subject or its representative or upon request from the body in charge of the protection of the rights of data subjects, either block such personal data or, where such personal data are processed by a third party engaged by the Company, have such personal data blocked starting from receipt of the request until the personal data are verified, provided, however, that such blocking of personal data does not infringe the rights and legitimate interests of the personal data subject or third persons.

6.2. If a personal data subject withdraws his/her consent to the processing of his/her personal data or if the Company is prohibited by law from the processing of personal data without the consent of the personal data subject, the Company shall stop the processing of such personal data or, where such personal data are processed by a third party engaged by the Company, have the processing of such personal data stopped, and if such personal data must no longer be stored for the purposes of the processing of personal data, the Company shall destroy such personal data or, where such personal data are processed by a third party engaged by the Company, have such personal data destroyed within 7 working days following the withdrawal of the consent of the personal data subject, unless otherwise provided by an agreement where the personal data subject is a party, a beneficiary or an underwriter, or by any other agreement between the Company and the personal data subject.

6.3. The following are the cases where the Company shall stop the processing of personal data or, where personal data are processed by a third party engaged by the Company, have their processing stopped, and the personal data shall be destroyed1 within the time period set forth in Federal Law No. 152 (“On Personal Data”), unless otherwise required by the laws of the Russian Federation:

  • • expiration of the time period allowed for the processing of the personal data;
  • • attainment or dismissal of the purposes of the processing of the personal data;
  • • request from a personal data subject or the body in charge of the protection of the rights of data subjects claiming that the personal data in question are incomplete, out of date, inaccurate, have been obtained illegally or are not necessary for the declared purpose of processing;
  • • withdrawal by a personal data subject of his/her consent to the processing of his/her personal data, where such consent is required by Federal law;
  • • inability by the Company to correct faults discovered in its processing of personal data.

6.4. The Company may engage a third party to process personal data subject to the Company’s compliance with the provisions governing such engagement as set forth in Federal Law No. 152 (“On Personal Data”). Where a personal data subject orders services from a Company partner by completing a form on the Website, the personal data provided by the personal data subject will be processed by the Company partner.

6.5. The Company may transfer personal data to its affiliates2 in Russia and in other countries. Such transfers of personal data may be cross-border transfers.

6.6. If a personal data subject completes the data submission form on the docflow.ru, digitalenterprise.ru or digenforum.ru website, the Company may transfer the personal data thus received from the data subject to the sponsors of the events listed on the Website.

7. Responsibilities

7.1. The executives and employees of the Company are responsible for the Company’s compliance with the provisions of Federal Law No. 152 (“On Personal Data”). The Company’s departments and employees in charge of data security and confidentiality of personal data are responsible for the processing and safeguarding of personal data in compliance with the provisions of Federal Law No. 152 (“On Personal Data”) and these Regulations.

7.2. The heads of the Company’s departments and their employees involved in the processing of personal data are personally responsible for compliance with the requirements for the processing, security and confidentiality of personal data.

7.3. Any persons found to be in breach of the rules for the processing of personal data or involved in unauthorized disclosure or dissemination of personal data shall be subject to disciplinary, administrative, civil or criminal sanctions in accordance with applicable laws.

7.4. If an action by a Company employee causes damage to a third party and the Company is obliged to compensate such damage, the employee shall be materially responsible to the Company in accordance with Chapter 39 of the Labour Code of the Russian Federation.

7.5. If a Company employee discloses any personal data that have become known to the employee as a results of his/her performance of his/her job duties, including personal data of another Company employee, the Company may terminate its employment contract with the offending employee in accordance with Subparagraph “c”, Paragraph 6, Article 81 of the Labour Code of the Russian Federation.

8. Miscellaneous

8.1. These Regulations and relations arising herefrom shall be governed by the laws of the Russian Federation. In the event of change to the applicable laws or statutory enactments of the Russian Federation, these Regulations, as modified from time to time, shall apply to the extent that they do not conflict with the changed laws or statutory enactments of the Russian Federation.

8.2. The Company may amend these Regulations from time to time by publishing the latest version of these Regulations on the Website, indicating the date of the latest amendment.

8.3.Personal data subjects may send their suggestions, comments, or questions in connection with these Regulations to 127273, Moscow, ul. Otradnaya 2B, building 6, office 12, or send them by e-mail to sales@abbyy.ru. The Company will process any suggestions, comments or questions it receives in accordance with the laws of the Russian Federation.


1 Procedures for the destruction of personal data are set forth in the Company’s internal regulations.

2 For the purposes of this Regulations, the term “affiliate” has the meaning given to it in Article 4 of the Law of the Russian Soviet Federative Socialist Republic “On Competition and Restriction of Monopoly Activities in Commodity Markets” adopted on March 22, 1991 (No. 948-1).