RIACRIAC
RIAC 2025
RIAC 2025

Privacy Policy for the Processing of Personal Data of Users of the RIAC Website

1. General Provisions

1.1. This privacy policy for the processing of personal data is drawn up in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006, “On Personal Data,” and defines the procedure for processing personal data and measures to ensure the security of personal data that the autonomous non-profit organisation “Russian Institute of Modern Arbitration” (hereinafter referred to as the Operator) receives about users of this website https://riac.centerarbitr.ru/ (hereinafter referred to as the "Website").

1.2. The Operator’s primary goal and condition for the performance of its activities is to respect the rights and freedoms of individuals and citizens when processing their personal data, including the protection of rights to privacy, personal, and family secrets.

1.3. This policy of the Operator regarding the processing of personal data (hereinafter referred to as the "Policy") establishes the Operator’s obligations regarding non-disclosure and ensuring the confidentiality of personal data that a visitor to the Site (hereinafter referred to as the “User”) provides during registration on the Site, as well as when sending inquiries to the Organiser concerning information posted on the Website.

1.4. The use of the Website signifies acceptance of this Policy and the terms of processing the User’s personal data. If the User does not agree with the terms of the Policy, they must cease using the Website.

1.5. This Privacy Policy applies only to the Website. This Website does not control and is not responsible for third-party websites that the User may access through links available on the Website.

1.6.        This Policy and any amendments to it are approved by the General Director of the Operator.

2. Purposes of Personal Data Processing and Categories of Processed Data

2.1. The purpose of processing the User’s personal data is to ensure the User’s ability to participate in events posted on the Website (specifically, the Russian International Arbitration Congress (hereinafter referred to as “RIAC,” “Congress”) and events organised by the RIAC partners). Personal data is processed, among other things, to provide the User with access to services, information, and/or materials available on the Website, register the User for events posted on the Website, process requests and applications received from the User, provide the User with access to their personal account on the Website, notify the User of changes in the event program, as well as send reminders. 

2.2. Personal data is provided by the User by filling out a registration form on the Website and includes the following information: 

- First name and last name of the User; 

- Email address; 

- Affiliation and position; 

- Contact phone number of the User; 

- Country and city of residence. 

2.3. The Operator does not collect anonymised user data through internet statistics services. 

2.4. In case the User contacts the email address riac@centerarbitr.ru with inquiries about the RIAC, partner events, or other questions regarding information posted on the Website, the Operator processes the data that the User deemed necessary to provide to the Operator in order to respond to the User’s inquiry. 

2.5. The Operator has the right to send notifications about other events and projects of the Operator if the User has expressed consent to receive such information. The User can always refuse to receive further messages by sending a notification to the Operator's email address riac@centerarbitr.ru with the subject line “Refusal to receive additional information.”

3. Principles of Personal Data Processing

3.1. The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection. 

3.2. The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized access to personal data by third parties. 

3.3. The Operator processes personal data until the objectives of their processing are achieved.

3.4. The Operator may transfer personal data to a RIAC partner if the User has registered for an event organised by that partner using the Website. 

3.5. The User is solely responsible for familiarising themselves with the personal data processing policies of the RIAC partners. 

3.6. The Operator may also provide the User’s personal data in cases stipulated by law.

4. Measures taken by the Operator to ensure the protection of personal data

4.1. The Operator takes the necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, dissemination, and other unauthorized actions, including: 

- identifying security threats to personal data during processing; 

- adopting regulations and other documents governing relations in the field of processing and protecting personal data; 

- appointing individuals responsible for ensuring the security of personal data in the Operator’s structural divisions and information systems; 

- creating necessary conditions for working with personal data;

- organising the accounting of documents containing personal data; 

- organising work with information systems in which personal data is processed; 

- storing personal data under conditions that ensure their safety and prevent unauthorised access; 

- organising training for employees of the Operator who process personal data. 

4.2. If there is a risk of violating the rights of the subject of personal data, the Operator shall promptly inform about such a violation of personal data as soon as possible under the circumstances.

5. Storage and Cross-Border Transfer of Personal Data 

5.1. Personal data is stored on the Operator’s servers located in Russia. 

5.2. The Operator may need to carry out a cross-border transfer of personal data to enable the User’s access to an event hosted by a RIAC partner. 

5.3.        Before initiating the cross-border transfer of personal data, the Operator must ensure that the foreign state to which the transfer is intended provides reliable protection of the rights of personal data subjects.

6. Final Provisions 

6.1. The User can obtain any clarifications regarding the processing of their personal data by contacting the Operator via email at riac@centerarbitr.ru

6.2. In case of identifying inaccuracies in their personal data, the User can update it independently by sending a notification to the Operator’s email address riac@centerarbitr.ru with the subject line “Update of Personal Data.” 

6.3. The User can withdraw their consent to the processing of personal data at any time by sending a notification to the Operator’s email address riac@centerarbitr.ru with the subject line “Withdrawal of Consent to Process Personal Data.” 

6.4. Any changes to the Operator’s personal data processing policy will be reflected in this document. The policy is valid indefinitely until replaced by a new version. 

6.5. The current version of the Policy is freely available on the Internet at https://riac.centerarbitr.ru/.