Menu
Exhibition floor plan
Contacts
Book a booth
Get a ticket
RU
CN
Home/

Personal Data Processing Policy

dated “15” January 2025

1. General provisions

1.1. This Personal Data Processing Policy (hereinafter, the “Policy”) describes how the Operator processes personal data on the dronexpo.ru website (hereinafter, the “Website”).

1.2. This Policy applies to the following categories of personal data subjects whose personal data are processed by the Operator:

  • The Operator’s counterparties (individuals).
  • The Operator’s clients.
  • Users of the Operator’s Website.

1.3. The key terms used in this Policy:

Personal data means any information relating directly or indirectly to an identified or identifiable individual (personal data subject);

Personal data operator (the “Operator”) means Yuriy Vladimirovich Feshkin, TIN 380896371756, who independently or jointly with other persons organises and/or carries out the processing of personal data, and also determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data;

Personal data processing means any action (operation) or a set of actions (operations) with personal data performed with or without the use of automation tools. Personal data processing includes, among other things: collection, recording, systematisation, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalisation, blocking, deletion, destruction;

Automated personal data processing means the processing of personal data using computer technology;

Distribution of personal data means actions aimed at disclosing personal data to an indefinite number of persons;

Provision of personal data means actions aimed at disclosing personal data to a specific person or a specific group of persons;

Blocking of personal data means the temporary suspension of personal data processing (except where processing is necessary to clarify personal data);

Destruction of personal data means actions as a result of which it becomes impossible to restore the content of personal data in a personal data information system and/or as a result of which the physical media containing personal data are destroyed;

Depersonalisation of personal data means actions as a result of which it becomes impossible, without the use of additional information, to determine whether personal data relate to a specific personal data subject;

Personal data information system means a set of personal data contained in databases and the information technologies and technical means ensuring their processing;

Cross-border transfer of personal data means the transfer of personal data to the territory of a foreign state, to an authority of a foreign state, or to a foreign individual or a foreign legal entity;

Website means a set of software for electronic computers and other information contained in an information system, access to which is provided via the Internet and which is located at: dronexpo.ru.

1.4. Basic rights and obligations of the Operator.

1.4.1. The Operator has the right to:

  • independently determine the composition and list of measures necessary and sufficient to ensure the fulfilment of the obligations established by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws;
  • entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with that person. A person processing personal data on behalf of the Operator must comply with the principles and rules for personal data processing established by the Personal Data Law;
  • in the event that a personal data subject withdraws their consent to the processing of personal data, continue processing personal data without the consent of the personal data subject if there are grounds specified in the Personal Data Law.

1.4.2. The Operator is obliged to:

  • organise the processing of personal data in accordance with the requirements of the Personal Data Law;
  • respond to enquiries and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
  • provide the authorised body for the protection of the rights of personal data subjects (hereinafter, “Roskomnadzor”) with the requested information within 30 days from the date of receipt of such request.

1.5. Basic rights of personal data subjects. A personal data subject has the right to:

  • receive information relating to the processing of their personal data, except in cases provided for by federal laws. Such information is provided to the personal data subject by the Operator in an accessible form and must not contain personal data relating to other personal data subjects, except where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
  • require the Operator to clarify their personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, unlawfully obtained or are not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
  • appeal to Roskomnadzor or to a court against unlawful actions or inaction of the Operator in the processing of their personal data.

A personal data subject may exercise their rights to obtain information about the processing of their personal data, as well as their rights to clarify, block or destroy their personal data by contacting the Operator with an appropriate request by email at y@feshkin.ru. The request must be drawn up in accordance with the requirements of clause 6.1 of this Policy.

1.6. Control over compliance with this Policy is exercised by the authorised person responsible for organising the processing of personal data at the Operator.

1.7. Liability for violation of the requirements of the legislation of the Russian Federation and the Operator’s local acts in the field of personal data processing and protection is determined in accordance with the legislation of the Russian Federation.

2. Principles of personal data processing

2.1. Personal data are processed by the Operator in accordance with the legislation of the Russian Federation and on the basis of the following principles:

  • lawfulness and fairness;
  • limitation of personal data processing to the achievement of specific, predetermined and lawful purposes;
  • prohibition on processing personal data in a way that is incompatible with the purposes of personal data collection;
  • prohibition on combining databases containing personal data if the processing is carried out for purposes that are incompatible with each other;
  • processing only those personal data that are consistent with the purposes of their processing;
  • correspondence of the content and volume of processed personal data to the stated purposes of processing;
  • prohibition on processing excessive personal data in relation to the stated purposes of their processing;
  • ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
  • destruction or depersonalisation of personal data upon achievement of the purposes of their processing or when the need to achieve these purposes is lost, where it is impossible for the Operator to remedy violations of personal data, unless otherwise provided by federal law.
3. Legal grounds for personal data processing

3.1. The legal grounds for personal data processing are the body of regulatory legal acts in pursuance of which and in accordance with which the Operator processes personal data, including:

  • the Constitution of the Russian Federation;
  • the Civil Code of the Russian Federation;
  • the Tax Code of the Russian Federation;
  • Federal Law No. 402-FZ of 6 December 2011 “On Accounting”;
  • other regulatory legal acts governing relations related to the Operator’s activities.

3.2. The legal grounds for personal data processing also include:

  • contracts concluded with the personal data subject;
  • the personal data subject’s consent to personal data processing.
4. Purposes and conditions of personal data processing

4.1. The processing of personal data is limited to the achievement of specific, predetermined and lawful purposes. Processing of personal data that is incompatible with the purposes for which personal data are collected is not permitted. Only personal data that are consistent with the purposes of their processing are subject to processing.

4.2. The content and volume of processed personal data must correspond to the stated purposes of processing set out in this section. The processed personal data must not be excessive in relation to the stated purposes of their processing.

4.3. In accordance with this Policy, the Operator may process personal data belonging to the following categories of personal data subjects:

  • the Operator’s counterparties (individuals);
  • the Operator’s clients;
  • users of the Operator’s Website.

4.3.1. The Operator’s counterparties (individuals)

4.3.1.1. The Operator processes the personal data of counterparties (individuals) for the following purpose(s):

  • conclusion and performance of contracts.

4.3.1.2. The processing of personal data of counterparties (individuals) does not require additional consent where personal data are processed in accordance with paragraph 5 of part 1 of article 6 of the Personal Data Law.

4.3.1.3. For the above purposes, the Operator processes the following categories of personal data of counterparties (individuals):

  • surname, name, patronymic;
  • residential address;
  • passport details;
  • contact phone number;
  • email address;
  • TIN.

4.3.1.4. The Operator does not process biometric personal data of counterparties (individuals) (information describing the physiological and biological characteristics of a person on the basis of which the person’s identity can be established).

4.3.1.5. The Operator does not process special categories of personal data of counterparties (individuals).

4.3.1.6. Counterparties (individuals) provide their personal data when concluding a contract. The personal data of counterparties (individuals) are stored for the duration of the contractual obligations and/or for the periods established by law.

4.3.1.7. The Operator carries out automated, non-automated and mixed processing of personal data of counterparties (individuals), with the receipt and/or transfer of information via information and telecommunication networks.

4.3.1.8. The list of actions involving processing of personal data of counterparties (individuals) includes: collection, recording, systematisation, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion, destruction.

4.3.1.9. Personal data may not be disclosed to third parties or distributed without the counterparty’s consent, unless otherwise provided by federal law.

4.3.1.10. The Operator does not carry out cross-border transfer of personal data of counterparties (individuals).

4.3.2. The Operator’s clients

4.3.2.1. The Operator processes the personal data of clients for the following purpose(s):

  • conclusion and performance of contracts;
  • sending marketing information about services.

4.3.2.2. The processing of clients’ personal data does not require additional consent where personal data are processed in accordance with paragraph 5 of part 1 of article 6 of the Personal Data Law. Consent from clients is obtained in the following cases:

  • participation of a client in a loyalty programme;
  • sending marketing information about goods and services.

4.3.2.3. For the above purposes, the Operator processes the following categories of clients’ personal data:

  • surname, name, patronymic;
  • contact phone number;
  • email address.

4.3.2.4. The Operator does not process biometric personal data of clients (information describing the physiological and biological characteristics of a person on the basis of which the person’s identity can be established).

4.3.2.5. The Operator does not process special categories of personal data of clients.

4.3.2.6. Clients provide their personal data when concluding a contract. Clients’ personal data are stored for the duration of the contractual obligations and/or for the periods established by law.

4.3.2.7. The Operator carries out automated, non-automated and mixed processing of clients’ personal data, with the receipt and/or transfer of information via information and telecommunication networks.

4.3.2.8. The list of actions involving processing of clients’ personal data includes: collection, recording, systematisation, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), blocking, deletion, destruction.

4.3.2.9. Personal data may not be disclosed to third parties or distributed without the client’s consent, unless otherwise provided by federal law.

4.3.2.10. The Operator does not carry out cross-border transfer of clients’ personal data.

4.3.3. Users of the Operator’s Website

4.3.3.1. The Operator processes the personal data of users for the following purpose(s):

  • processing applications on the Website;
  • sending marketing information about goods and services;
  • profiling;
  • targeting goods and services in accordance with the user’s interests.

4.3.3.2. Users’ personal data are processed subject to the receipt of their prior consent.

4.3.3.3. For the above purposes, the Operator processes the following categories of users’ personal data:

  • surname, name, patronymic;
  • contact phone number;
  • email address;
  • date and time of visiting the Website;
  • IP address assigned to the device used to access the Internet;
  • type of browser and operating system;
  • URL of the website from which the user was redirected to the Website;
  • cookies;
  • data collected on the Website via web-analytics services.

4.3.3.4. The Operator does not process biometric personal data of users (information describing the physiological and biological characteristics of a person on the basis of which the person’s identity can be established).

4.3.3.5. The Operator does not process special categories of personal data of users.

4.3.3.6. The Operator carries out automated, non-automated and mixed processing of users’ personal data, with the receipt and/or transfer of information via information and telecommunication networks.

4.3.3.7. The list of actions involving processing of users’ personal data includes: collection, recording, systematisation, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion, destruction.

4.3.3.8. Personal data may not be disclosed to third parties or distributed without the user’s consent, unless otherwise provided by federal law.

4.3.3.9. Within the country, the Operator may transfer users’ personal data for the purposes specified in this section to Sole Proprietor N.V. Obukhov (Tilda service), 127051, Moscow, Tsvetnoy Boulevard, building 21, structure 1, P.O. Box 44.

4.3.3.10. The Operator does not carry out cross-border transfer of users’ personal data.

4.3.3.11. The information banner displayed on the Website informs the user about the processing of cookies and user data. The user may choose to give their consent to the processing of the above personal data by continuing to use the Website, or to refuse such consent by disabling cookies and user data collection in the browser settings, or by leaving the Website.

4.3.3.12. Although most browsers accept cookies automatically, the user can configure their browser to decide whether to accept or block cookies (see the “Tools” or “Settings” menu of the browser used). The user can delete cookies from their device at any time. Please note that if the user does not accept cookies, some functions of the Website may be lost. More detailed information on cookie management can be found in the browser help file or on specialised websites.

5. Procedure for collection and storage of personal data

5.1. When collecting personal data, including via the Internet, the Operator ensures the recording, systematisation, accumulation, storage, clarification (updating, modification) and retrieval of personal data of citizens of the Russian Federation using databases located in the territory of the Russian Federation.

5.2. Persons who have provided the Operator with information about another personal data subject, including via the Website, without having the consent of the subject whose personal data were provided, bear liability in accordance with the legislation of the Russian Federation.

5.2.1. The Website is not intended for the processing of personal data of minors. If you have reason to believe that a child has provided us with their personal data through data collection forms, please inform us by email at y@feshkin.ru.

5.3. The Operator stores personal data in a form that allows identification of the personal data subject for no longer than required by the purposes of personal data processing, unless the period for storing personal data is established by federal law or by a contract to which the personal data subject is a party, beneficiary or guarantor.

5.4. Processed personal data are subject to destruction in the following cases:

  • expiry of the processing period for personal data;
  • achievement of the purposes of personal data processing;
  • loss of the need to achieve the purposes of personal data processing;
  • receipt of a withdrawal of consent to personal data processing;
  • removal of the Operator from the Unified State Register of Individual Entrepreneurs.
6. Protection of personal data

6.1. The Operator takes necessary legal, organisational and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, distribution and other unauthorised actions, including:

  • identifying threats to the security of personal data during their processing;
  • adopting local regulations and other documents governing relations in the field of personal data processing and protection;
  • appointing persons responsible for ensuring the security of personal data in the Operator’s structural units and information systems;
  • creating the necessary conditions for working with personal data;
  • organising the accounting of documents containing personal data;
  • organising the operation of information systems in which personal data are processed;
  • storing personal data under conditions that ensure their safety and prevent unauthorised access to them;
7. Updating, correction, deletion and destruction of personal data, responses to data subjects’ requests for access to personal data

7.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of processing, as well as other information specified in part 7 of article 14 of the Personal Data Law, is provided by the Operator to the personal data subject or their representative upon request or upon receipt of a request from the personal data subject or their representative. The information provided shall not include personal data relating to other personal data subjects, except where there are legal grounds for disclosing such personal data.

The request must contain:

  • the number of the main identity document of the personal data subject or their representative, information about the date of issue of this document and the issuing authority;
  • information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conventional designation and/or other information), or other information confirming the fact of personal data processing by the Operator;
  • the signature of the personal data subject or their representative.

The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

If the personal data subject’s request does not contain all the necessary information in accordance with the requirements of the Personal Data Law, or if the subject does not have the right to access the requested information, a reasoned refusal is sent to them.

The personal data subject’s right to access their personal data may be restricted in accordance with part 8 of article 14 of the Personal Data Law, including where access by a personal data subject to their personal data violates the rights and legitimate interests of third parties.

7.2. If inaccurate personal data are identified when a personal data subject or their representative contacts the Operator or upon their request or upon a request from Roskomnadzor, the Operator blocks the personal data relating to this personal data subject from the moment of such request for the period of verification, provided that blocking does not violate the rights and legitimate interests of the personal data subject or third parties.

If the inaccuracy of personal data is confirmed, the Operator clarifies the personal data on the basis of the information provided by the personal data subject or their representative or by Roskomnadzor, or other necessary documents, within seven working days from the date of submission of such information and unblocks the personal data.

7.3. If unlawful personal data processing is identified when a personal data subject or their representative or Roskomnadzor contacts the Operator, the Operator blocks the unlawfully processed personal data relating to this personal data subject from the moment of such contact or receipt of the request.

7.4. Upon achievement of the purposes of personal data processing, as well as in the event that the personal data subject withdraws their consent to processing, personal data shall be destroyed if:

  • otherwise is not provided for by a contract to which the personal data subject is a party;
  • the Operator does not have the right to process personal data without the consent of the personal data subject on the grounds provided for by the Personal Data Law or other federal laws;
  • otherwise is not provided for by another agreement between the Operator and the personal data subject.
8. Final provisions

8.1. The Operator may send marketing and informational messages to the personal data subject by email, SMS and push notifications only with the prior consent to receive advertising in accordance with part 1 of article 18 of Federal Law No. 38-FZ of 13.03.2006 “On Advertising”. Consent to receive marketing messages from the Operator by email, SMS and push notifications is given in writing or in electronic form by ticking the relevant box on the Website.

The personal data subject has the right to refuse to receive marketing messages by following the corresponding link in the emails received from the Operator or by sending a notice of refusal to receive marketing messages to the support service by contacting the Operator with an appropriate request by email at y@feshkin.ru.

8.2. In compliance with part 2 of article 18.1 of the Personal Data Law, this Policy is made available at the location of the Operator and is also published in the public domain on the Internet on the Website.

Contacts

Tatarstan, Kazan, Bolshiye Kabany, Vystavochnaya 1, Kazan Expo International Exhibition Centre
Call
+7 (495) 532-96-77
+7 (926) 932-93-25
Message
x@dronexpo.ru
t.me/xdronexpo

© Drone Expo LLC, 2025

All rights reserved

Exhibition presentation
Letter from the Ministry of Industry and Trade
Exhibition
Drone Expo 2025
Program
About Kazan Expo
Exhibition floor plan
Contacts
For exhibitors
Who should participate
Booth options
Stand construction
Documents
Networking
For visitors
Why visit
For media partners
Project

support
Consent to the use of cookies
Consent to personal data processing
Personal data processing policy