PRIVACY NOTICE

Upgrade your
visa application experience

TLScontact designed a variety of services to enhance your visa application experience. Upgrade your visa application experience by using one of TLScontact and/or UKVI services.


ALL OUR SERVICES

INTRODUCTION

Limited Liability Company "TLSContact (RU)", a legal entity registered under the current legislation of the Russian Federation under the State Registration Number: 1137746960999, which is a resident of the Russian Federation under the Tax Identification Number (TIN): 7719858753, with a legal address at the date of preparation and implementation of this Policy: 105120, Russian Federation, Moscow, 2nd Syromyatnicheskiy pereulok, h. 1, floor 3, premises I, room 16.

Limited Liability Company "TLC Contact (RU)" is the Operator of personal data (hereinafter referred to as the "Operator") with respect to this Website Users. In relation to the applicants, Operator together with diplomatic and consular institutions are the Personal Data Operators, which fulfill the international agreements for the purpose of issuing visas on the territory of the Russian Federation.

In order to fully comply with the regulations of the current legislation of the Russian Federation, the Operator considers as his most important tasks the observance of the principles of legality, justice and confidentiality in the processing of personal data, as well as ensuring the security of their processing procedures.

The present Policy is to be defined by the following features: a) it is designed to implement the requirements of the current legislation of the Russian Federation in the field of personal data processing and protection; b) it reveals the methods and principles of personal data processing by the Operator, the rights and obligations of the Operator during the processing of personal data, the rights of personal data subjects, as well as includes a list of measures applied by the Operator in order to ensure the security of personal data during its processing. The Operator is an intermediary in providing the services of accepting and processing visa applications between the diplomatic or consular institutions and the applicant. The main activity is to ensure the operation of visa centers by order of governmental authorities.

As of the date of drafting and implementation of this Policy, the Operator has valid contracts for the provision of services for the reception and processing of visa applications with foreign public authorities competent to decide on the refusal or issuance of visas to applicants - natural persons: Swiss Confederation, Kingdom of Belgium, United Kingdom of Great Britain and Northern Ireland (hereinafter referred to as "the Client").

The rules of this Policy shall be applied to any applicants, who request for rendering of services and/or for users, who register on the Operator's Website, regardless of their citizenship on the territory Russian Federation.

This Policy is an official standard document of the Operator, and defines the procedure of processing and protection of personal data of natural persons, used on the Operator's Websites and/or during rendering of services.

The Operator processes personal data by means of mixed processing of personal data.

TOP

1. GENERAL CONDITIONS

This Policy has been drafted in accordance with the following list of legal documents valid on the date of drafting and implementation of this Policy:

  • Constitution of the Russian Federation;
  • "Agreement between the Russian Federation and the European Community on the facilitation of the issuance of visas to the citizens of the Russian Federation and the European Union" together with the Protocol and Joint Statements of May 25, 2006, ratified by the Russian Federation according to the Federal Law № 30-FZ On ratification of the Agreement between the Russian Federation and the European Community on the facilitation of the issuance of visas to the citizens of the Russian Federation and the European Union" of March 07, 2007;
  • "Agreement between the Government of the Russian Federation and the Federal Council of the Swiss Confederation on facilitation of visa issuance to citizens of the Russian Federation and the Swiss Confederation" of September 21, 2009, ratified by the Russian Federation according to the Federal Law № 424-FZ "On ratification of the Agreement between the Government of the Russian Federation and the Federal Council of the Swiss Confederation on facilitation of visa issuance to citizens of the Russian Federation and the Swiss Confederation" of December 28, 2010;
  • "Memorandum of Understanding between the Government of the Union of Soviet Socialist Republics and the Government of the United Kingdom of Great Britain and Northern Ireland on visa issuance to their citizens" of April 6, 1989;
  • "Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data" ratified by the Russian Federation according to Federal Law № 160-FZ "On ratification of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of 19 December 2005;
  • Civil Code of the Russian Federation;
  • Federal Law of Russian Federation "On personal data";
  • Governmental regulation of the Russian Federation "On approval of requirements for personal data protection during their processing in information systems of personal data" № 1119 dated 01 November 2012;
  • Governmental regulation of the Russian Federation "On the approval of the requirements for material carriers of biometric personal data and technologies for the storage of such data outside information systems of personal data" № 512 of July 06, 2008;
  • Governmental regulation of the Russian Federation "On the approval of the Regulation on peculiarities of personal data processing carried out without using automation means" № 687 as of September 15, 2008;
  • Governmental regulation of the Russian Federation "On the approval of the list of measures aimed at ensuring the fulfillment of the obligations provided by the Federal Law "on personal data" and the normative legal acts adopted in accordance with it, by the operators who are state or municipal authorities" № 211 as of 21 March 2011;
  • Order of the Federal Service for Supervision of Communications, Information Technology and Mass Communications № 274 of 15 March 2013;
  • Order of the Federal Security Service of the Russian Federation "On the approval of the composition and content of organizational and technical measures to ensure the security of personal data at their processing in information systems of personal data using the means of cryptographic protection of information necessary to meet the requirements for the protection of personal data for each level of security established by the Government of the Russian Federation" № 33620 of July 10, 2014;
  • Order of the Federal Service for Technical and Export Control "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in information systems of personal data" № 21 of 18 February 2013;
  • Recommendations of the Ministry of Digital Development, Communications and Mass Communications of the Russian Federation;
  • Statute of the Operator;
  • Terms and conditions of providing services posted on the Operator's websites;
  • Contracts, the parties to which are personal data subjects - applicants, namely natural persons;
  • Contracts of services and/or engagement contracts with existing Clients.
TOP

2. THE BASIC CONCEPTS USED IN THIS POLICY

Personal data - any information relating to a directly or indirectly defined or identifiable natural person (personal data subject).

Operator - legal entity or natural person, independently or together with other people, who organize and (or) carry out processing of personal data, as well as determine the purpose of processing of personal data, the components of personal data to be processed, actions (operations) carried out with personal data.

Processing of the personal data - any action (operation) or set of actions (operations), to be performed with use of means of automation or without use of such means with the personal data, including gathering, recording, systematization, accumulation, storage, specification (updating, change), extraction, use, transfer (distribution, granting, access), depersonalization, blocking, removal, destruction of the personal data.

Special categories of personal data - data related to race, nationality, political opinions, religious or philosophical beliefs, health conditions, intimate life.

Automated processing of personal data - processing of personal data by means of computer technology.

Dissemination of personal data - actions aimed at disclosing personal data to an undefined circle of persons.

Personal data provision - actions aimed to disclose personal data to a certain person or to a certain group of people.

Personal data blocking - temporary cessation of the personal data processing (except the cases when the processing is necessary to clarify the personal data).

Destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material personal data carriers are destroyed.

Depersonalization of personal data - actions as a result of which it becomes impossible to determine the belonging of personal data to a specific subject of personal data without using additional information.

The information system of personal data - a set of personal data contained in databases and ensuring their processing of information technologies and technical means.

Transborder transfer of personal data - transfer of personal data to the territory of a foreign state to a foreign authority, foreign individual or foreign legal entity.

TLScontact Group of Companies - legal entities that are directly or indirectly affiliated with TLScontact (RU) LLC or the founder its incorporator TLS Group S.A.

Regulations - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, which applies to the processing of personal data of applicants in the event of cross-border transfer of data to the European Economic Area.

The Binding Corporate Rules of TLScontact Group on the transfer and processing of personal data (hereinafter the Binding Corporate Rules) are contractual provisions applicable for the cross-border transfer of personal data, approved by the French authority for personal data issues, which are elaborated and regulated by the French legislation and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General regulations on the protection of personal data).

Profiling is any form of automatic processing of personal data, which consists in the use of personal data to assess the personal characteristics of an individual, in particular to analyze or predict the characteristics concerning the individual's professional qualities, financial situation, health condition, personal preferences, interests, integrity, behavior, location or movements.

TOP

3. THE VOLUME OF PERSONAL DATA COLLECTED BY THE OPERATOR, THE PURPOSES OF THEIR PROCESSING AND THE TERMS OF THEIR PROCESSING

The Operator shall use the provided personal data in all the ways provided by the current legislation of the Russian Federation.

For the purposes of creating a personal account on the Operator's Sites, the applicant - individual provides his personal data, namely his e-mail address.

In case of applying directly to the UK Visa and Immigration Service, the Operator receives the following personal data from it, which were indicated in the application form for the primary objective – processing of applicant’s visa form. In the Visa Centre, applicant provides his biometric data after signing the consent.

For the purposes of providing services to receive and process visa applications the Operator in accordance with the requirements of its Clients, which are based on the legislation of the country - residence of the Client, the applicant shall provide the following information:

Personal details: surname, name, middle name, citizenship, gender, travel document details (e.g. passports or ID cards), Russian Federation citizen's passport details, e-mail address, telephone number, marital status, address at the place of registration, place of residence, place and date of birth, photographs;

Details of professional activity: name of the legal entity - employer, its legal and actual address, phone number of the employer, e-mail address of the employer.

Education: name of the educational institution, its legal and actual address, telephone number, e-mail address.

Financial data: in accordance with the requirements of the Client, regulated and established on the Client's websites for certain categories of visas according to the current national legislation of the country of the Client and/or in accordance with the Regulation (EC) No 810/2009 of the European Parliament and of the Council of 13 July 2009 establishing a Community Code on Visas (Visa Code), the applicant may provide the following data: bank account statement and/or bank statement with the balance on the bank account, proof of salary.

Personal details of people related to you: children, parents, spouse, personal details of inviting party necessary for the purpose of filling in the application form and processing the visa application.

For the processing of the above data, if the personal details belong to Individual staying on the territory of European Economic Community, or being it’s resident, the provisions of the Regulation shall apply to such processing.

Special categories of personal details and biometric data:

  • Health related information;
  • Biometric data (fingerprints, digital face image, DNA swabs, genomic information);
  • Records of criminal activities, legal proceedings.

For the purposes of biometric data collection the Operator shall be obliged to obtain the applicant's written consent in accordance with clause 1 of the article 11 of the Federal Law of Russian Federation "On personal data". The purpose of processing the applicant's biometric data is the transfer of biometric data through cross-border data transfer to the Customer through the Operator's information systems.

In some cases, established by the current legislation of the country - residence of the Customer, in case of providing biometric data earlier to the countries, which are members of the Schengen Agreement, the applicant may not provide biometric data to the Operator.

The Operator is obliged to delete and dispose of biometric data from the moment of cross-border transfer of such biometric data to the Customer. The Operator shall ensure technical and organizational security measures for biometric data transfer in accordance with the classification of information security threats.

When taking samples of genomic information, the Operator provides a room and an employee Operator, as well as video recording without sound support of the process of taking genomic materials. All genomic material is collected by an independent qualified medical worker, who undertakes to obtain consent for the collection of genomic material, as well as consent for the transborder transfer of genomic information to the countries with adequate protection of personal details - laboratory accredited by the Client in accordance with the consideration of applications for citizenship of the Client country.

Information on criminal prosecution and court proceedings shall be filled in by the applicant himself at the moment of filling in the visa application, and in case of rendering the service - according to the applicant - by the Operator and certified by the applicant's signature. Under no circumstances the Operator shall verify such information and has no corresponding access to the databases. Cases of providing the original document - certificate of criminal record (absence) and (or) the fact of criminal prosecution, or termination of criminal prosecution are regulated and established on Customer's websites for certain categories of visas in accordance with the current national legislation of the country - Customer and / or in accordance with Regulation (EU) n 810/2009 of the European Parliament and the Council of the European Union establishing the Community Visa Code. The Operator undertakes to keep such information confidential and transfer the original documents to the diplomatic institutions and/or visa and immigration service not later than the next working day from the moment of accepting such documents by the Operator.

The Applicant may also provide other personal details to the Operator in accordance with additional requests of the Clients in respect of the applicants for the purpose of providing services of receiving and processing visa applications.

The Operator is not entitled to demand from the Applicant to provide and disclose personal details to a greater extent than agreed without the Client's request.

The Client shall use the personal data to the above-mentioned extent for the purposes of executing the concluded and valid contracts with the Russian Federation, as well as on the basis of the national legislation of the country of the Client and/or in accordance with Regulation (EU) No 810/2009 of the European Parliament and of the Council of the European Union establishing the Community Visa Code. For the purpose of fulfilling the Client's requirements and for the purpose of ensuring safety, the applicant shall give his consent to the provision of the image to the Operator as a result of the Operator's video recording without sound accompaniment. Under no circumstances the Operator shall be entitled to use the image on the Internet, as well as make such video recordings publicly available, except for the purposes specified in the Client's regulations. The use of the image is clearly limited to achieving the purpose and shall not be stored by the Operator in any case for more than 6 (six) months from the moment of video recording.

In case of telephone consultation in respect of the Clients, except for the United Kingdom of Great Britain and Northern Ireland, audio recording of calls may be made with prior notification of the applicant that such call may be recorded.

All the above-mentioned personal details shall be used by the Operator for the main purpose - to provide services of receiving and processing visa applications, including but not limited to the following actions performed by the Operator:

  • Confirmation of the applicant's identity;
  • Providing full information about the applicant to Clients - diplomatic or visa-immigration institutions of foreign countries;
  • Appointment of the date and time of reception for the applicant in one of the Visa centers in the Russian Federation;
  • Assistance to an applicant in applying for a visa;
  • Performing further procedures of verification by the Client and/or Operator, except for verification by the Operator of information on the presence (absence) of criminal record, in connection with the visa application;
  • Provision of additional services requested by the applicant in connection with the visa application process;
  • Ensuring monitoring of the stages of the visa application process;
  • Fulfillment of contractual obligations by the Operator to the Customer;
  • Sending to the applicant messages and notifications about the selected service status;
  • Confirmation of the booking appointment in Operator’s Visa Center. Herewith, Operator has the right to offer and provide additional services for optimising and decreasing labour require and Applicants’ convenience. Above mentioned way of offering additional services for Applicant at the step of confirming the application via mobile communication is not considered to be advertising, agitational and/or marketing material. In case if Operator is making calls to the Applicant’s phone after confirming his application with any other aim, in that case Operator must receive Applicant’s agreement for advertising and marketing materials, as was provided for in 14th section of that Policy.

The Operator is not entitled to use personal data, biometric data and genomic information, as well as special categories of personal data for any other purposes that are not established and stipulated in this Policy.

The period of personal data storage, except for biometric data, is established by the contractual relations with the Clients. The scope of processing personal data, the purpose of processing personal details are approved by the current national legislation of the Client’s country and/or according to the Regulation (EU) n 810/2009 of the European Parliament and the Council of the European Union establishing the Community Visa Code.

The term of processing of personal data is terminated due to the expiration of the term given in the consent for the processing of personal data, as well as in case of the requirement to terminate the processing of personal details or withdraw the consent of the personal details subject to their processing, as well as when achieving the purpose of processing personal data.

4. THE SCOPE OF PERSONAL DETAILS PROCESSED BY THE OPERATOR WHILE MAKING PAYMENTS IN CASH OR BY BANK TRANSFER

Cash and non-cash settlements are made on the basis of legal acts of the Russian Federation effective as of the date of preparation and implementation of this Policy:

  • Civil Code of the Russian Federation;
  • Federal Law "On the Central Bank of the Russian Federation (Bank of Russia)" of 10 July 2002 № 86-FZ;
  • Federal Law "On the use of cash registers for cash settlements and electronic payment means" of 22 May 2003 № 54-FZ;
  • Decree of the Central Bank of the Russian Federation "On cash settlements" of 07 October 2013 № 3073-U;
  • Regulation of the Bank of Russia "On the procedure of cash transactions" of 24 April 2008 № 318-P;
  • Decree of the Central Bank of the Russian Federation "On the procedure of cash transactions by legal entities and simplified procedure of cash transactions by individual entrepreneurs and small businesses" of 11 March 2014, № 3210-U;
  • Rules of payment systems, processing centers and settlement bank of the Operator.

In order to make cash payments through the cash desk of the Operator, the Operator shall comply with the above legislation and keep the information on fulfillment of the transaction in the scope and within the terms stipulated by the current legislation of the Russian Federation.

In order to make a cashless payment, the Operator shall engage the accredited fiscal data operators, thus, all information on personal data and payment card shall be stored and processed by fiscal data operators.

If cashless payment is made on the Operator's sites, such payment shall be made using encryption by the Operator. When redirected to the page of the processing center of the payment system for payment and bank card data entry - all payment data, including CVV / CVC (three-digit code of payment card authenticity verification), issue date, expiration date, cardholder's name and surname are processed and stored by the processing center in accordance with the current legislation of the Russian Federation.

The Operator has access only to the data provided by such payment system and/or bank - acquirer, namely: transaction date, internal code of the assigned transaction, transaction amount, time of transaction execution.

Under no circumstances the Operator shall have access to the card data of the holder-applicant and/or representative of the applicant making payments for its benefit.

TOP

5. LEGAL GROUNDS FOR PROCESSING PERSONAL DETAILS OF APPLICANTS - NATURAL PERSONS

Processing, storage and accumulation of personal data to create an account and fill in the application form by the applicant is processed based on the consent of the individual - applicant and the Website user.

Processing, storage and transfer of biometric data and special categories of personal data is carried out on the basis of written consent of an applicant - natural person.

Applicants agree with the terms and conditions of rendering services located on the Operator's sites, as well as in accordance with the Public Offer terms.

The consent to the processing of special categories of personal details and/or biometric data of minors is given by the legal representatives in accordance with the norms of the current civil legislation.

TOP

6. INVOLVEMENT OF THIRD PARTIES TO FULFIL CONTRACTUAL OBLIGATIONS: TERMS OF SERVICE PROVISION

The Operator hereby notifies applicants that the Operator is entitled to involve third parties in fulfillment of their obligations without written consent of the applicant in cases when such involvement is necessary by virtue of law, namely to carry out activities that require licensing and/or special permission: 1) Internet providers, 2) banking institutions, 3) payment systems and agents, 4) courier services companies, 5) telecommunications operators and other cases when the law establishes a requirement to obtain a license and/or permit.

TOP

7. THIRD PARTY INVOLVEMENT

With the consent of the subject of personal details on the basis of item 3 of Article 6 of the Federal Law of the Russian Federation On Personal Data the Operator has the right to assign processing of personal details to another person on the basis of the contract of assignment with such person, which undertakes to observe the current legislation of the Russian Federation and is responsible to the Operator, the Operator undertakes to carry out the control in the following scope: the data will be protected and will remain confidential only for the time necessary to provide the service; in no case the data will be used for any purpose other than to provide the required service; in no case will it be used by a third party for any commercial purpose.

TOP

8. OPERATOR OBLIGATIONS

The Operator undertakes to:

  • 1. Organize the processing of personal details, including the identification and classification of information security threats;
  • 2. To appoint a person responsible for the processing of personal details and to oblige him/her to keep all documents, including logbooks and other documents on destruction/deletion of personal details;
  • 3. To have policies and other company regulations, including orders of the Operator to differentiate access to personal details;
  • 4. To ensure access to personal data only to those persons who need such access in order to perform their official and job duties;
  • 5. To keep records of all systems and information carriers that contain personal details of applicants;
  • 6. To use cryptographic means for encryption and construction of protected data transmission channels, which are not prohibited by the current legislation of the Russian Federation;
  • 7. To respond to requests of personal data subjects on the status of personal data processing and the scope of processing, the purposes of processing, as well as on all other issues related to the processing of personal data;
  • 8. To store personal data in accordance with the requirements imposed by the current legislation of the Russian Federation;
  • 9. Provide an answer to the request to the subject of personal details in accordance with the requirements of the current legislation of the Russian Federation;
  • 10. Monitor the facts of unauthorized access to personal data and take security and prevention measures;
  • 11. To restore personal data, to modify or delete them in case of unauthorized access;
  • 12. To establish the rules of access to the personal data processed in the information system of personal data, as well as to ensure the registration and recording of all actions carried out with personal data in the information system of personal data;
  • 13. To carry out the control over the measures undertaken to ensure the personal data security and the level of security of the information systems of personal data;
  • 14. To observe the confidentiality of personal data, excepting:
    - In case of depersonalization of personal data;
    - In case of public personal data.
  • 15. To consider objections of personal data subjects who has given their consent to the processing of personal data based solely on the automated processing of personal data.

In case if processing of personal data by the Operator is recognized as unlawful, the Operator of personal details undertakes to stop processing of personal details in accordance with paragraph 3 of article 21 of the Federal Law On Personal Data, as well as to provide the fact of confirmation of termination of processing of personal data to the subject of personal data or to the authorized body on protection of rights of subjects of personal data in the Russian Federation.

In case of receiving a request from the subject of personal data for clarification, the Operator undertakes within 7 (seven) working days to consider the request and to correct or block processing of personal data, as well as to provide an answer to the subject of personal data on consideration of such request in accordance with paragraph 2 of article 21 of the Federal Law On Personal Data.

In case of withdrawal of the consent to the personal data processing, the Operator undertakes to perform the destruction of personal data within a period not exceeding 30 (thirty) days from the moment of receiving the withdrawal. In case there is no possibility to destroy the personal data within a period not exceeding 30 (thirty) days from the moment of receiving the withdrawal, the Operator is obliged to block the personal data and limit their use, at the same time the Operator is obliged to destroy the personal data, except for those stored in accordance with the norms of the current legislation, within a period not exceeding 6 (six) months.

TOP

9. PRIVACY RIGHTS

Personal data subject - applicant has the right to get access to personal details, processed by the Operator:

  • Confirmation of the fact of personal data being processed by the Operator;
  • Legal grounds and purposes of personal data processing;
  • Purposes and methods of personal data processing applied by the Operator;
  • Name and location of the Operator;
  • Information about the third parties (except for the Operator's employees), who have access to the personal details or to whom the personal data can be disclosed on the basis of the contract with the Operator or on the basis of the Federal Law On Personal Data;
  • Personal data being processed, related to the respective personal data subject, the source of their receipt, if other procedure of such data presentation is not stipulated by the federal law;
  • Terms of processing the personal data, including terms of their storage;
  • The order of realization by the subject of the personal data of the rights provided by the Federal Law On Personal Data;
  • Information on the carried out or future transboundary data transfer;
  • Name and address of the legal entity that carries out processing of personal data by the operator's order, if processing is or will be entrusted to such legal entity;
  • Other information, etc.

If the subject of the personal data considers that the Operator carries out processing of its personal data with infringement of requirements of the legislation of the Russian Federation, such subject has the right to appeal processing of the personal data to the authorized body on protection of the rights of subjects of the personal data in the Russian Federation.

The subject of personal data has the right to protect his rights and legal interests, including the compensation of losses and (or) compensation of moral damage in court.

The personal data subject has the right to appeal the actions or inactions of the operator in a judicial procedure.

In accordance with paragraph 2 of article 21 of the Federal Law On Personal Data, the subject of personal data has the right to clarify the personal data, to inform the Operator about the actual personal data when they are changed and by all available means to provide complete and reliable personal data in order to process them.

The subject of personal data has the right to withdraw the consent of personal data in accordance with paragraph 5 of article 21 of the Federal Law on Personal Data.

TOP

10. TRANSBORDER TRANSFER OF PERSONAL DATA TO THE COUNTRIES ENSURING ADEQUATE PROTECTION OF THE PERSONAL DATA SUBJECTS' RIGHTS

The main purpose of personal data processing of applicants is the provision of services by the Operator for the acceptance and processing of visa applications. At the same time, taking a decision on the visa application is in the competence of diplomatic or consular institutions, the Operator carries out the transfer of a set of documents in electronic format and / or in original by transferring the set of documents through cross-border data transfer according to the article 12 paragraph 1 of the Federal Law On Personal Data.

In case of trans-border transfer of personal data of applicants, the Operator is obliged to undertake the following actions:

  • 1. To determine whether such country is a party to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, ratified by the Russian Federation in accordance with the Federal Law № 160-FZ of 19 December 2005, or whether such country is equated to the countries that ensure adequate protection of personal data according to the Order of the Federal Service for Supervision of Communications of Information Technology and Mass Media № 274 of 15 March 2013 and;
  • 2. To make sure that there are contractual relations with the official representatives of foreign states and/or commercial companies to which the personal data are transferred, which establish the technical and organizational measures for such transfer, as well as the legal framework and objectives of personal data processing.

As a result of the cross-border transfer of data, the legislation of the State to which such information was transmitted is applied to the personal data processing.

In case the access to personal data is necessary for the employees of the group of companies that carry out activities and are outside the jurisdiction of the Russian Federation, the Operator undertakes to fulfill all the obligations stipulated in paragraph 1,2 of section 10 of this Policy.

Also, as additional legal, organizational and technical measures ensuring the legal processing and protection of personal data, as well as to prevent unauthorized disclosure of personal data, the Operator has concluded with all commercial companies - legal entities belonging to the Group TLScontact's mandatory corporate rules for the transfer and processing of personal data, which all legal entities of the group undertake to comply with.

The Operator shall make sure that the cross-border data transfer is not redundant and corresponds to the main purpose - provision by the Operator of services for receiving and processing visa applications.

The applicant hereby understands that in case the consent to the personal data processing is given to the Operator, including, but not limited to: processing of biometric data and processing of a special category of personal data, the Operator transmits personal data by transboundary transfer of personal data to current Customers.

In case of personal data transfer to the European Economic Area Clients, such processing is regulated and carried out in accordance with the Regulation (EU) n 2016/679 of the European Parliament and of the Council of the European Union on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as on the repeal of the Directive 95/46/EC.

In case of personal data transfer to the countries which ensure adequate protection of the rights of personal data subjects, but which are not members of the European Union, the national effective legislation of the country to which such transfer of personal data was made shall apply to the processing of personal data from the moment of their transborder transfer.

The operator has no obligation to control and respond to the personal data subjects' requests regarding personal data processed by the Clients from the moment of their transborder transfer.

In case the personal data subject applies to him, Operator assists in the transfer and response from the respective diplomatic representation of the Client country and/or visa immigration service of the Client country.

TOP

11. TRANSBORDER TRANSFER OF PERSONAL DATA TO THE COUNTRIES THAT DO NOT ENSURE ADEQUATE PROTECTION OF THE RIGHTS OF PERSONAL DATA SUBJECTS

The main purpose of personal data processing of applicants is the provision of services by the Operator for the reception and processing of visa applications, at the same time, taking a decision on the visa application is in the competence of diplomatic or consular institutions, the Operator carries out the transfer of a set of documents in electronic format and / or in the original by transferring the set of documents by means of cross-border data transfer according to the article 12, paragraph 1 of the Federal Law On Personal Data to the territory of countries that do not provide adequate protection of the subjects' rights namely, they are not the countries-participants of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, as well as are not specified in the Order of the Federal Service for Supervision of Communications, Information Technology and Mass Communications № 274 of 15 March 2013 and are not equated to such countries that provide adequate protection of the rights of personal data subjects, the Operator undertakes to carry out the transfer of personal data only if the following is observed:

  • 1. The subject's consent in writing for cross-border data transfer to such country. Such consent must meet the requirements of article 9 of the Federal Law On Personal Data, namely it must be specific, conscious and informed, and
  • 2. To ensure that the purpose of personal data transfer to such countries is not redundant and complies with the conditions defined in accordance with the current legislation, as well as in the international treaties in force and concluded by the Russian Federation, and
  • 3. There are contractual relations with the official representatives of foreign states and/or commercial companies, to which the personal data transfer is carried out, which establish technical and organizational measures for such transfer, as well as the legal basis and purposes of personal data processing.

As a result of the transborder transfer of data, the legislation of the State to which such information was transmitted is applied to the personal data processing.

TOP

12. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

The Operator has the right to disclose personal data to third parties, namely to state and regulatory authorities on the basis of their request in the extent provided by such request and / or in relation to the subject of personal data on which such request was received.

The Operator has the right to disclose personal data of unsubs to third parties if this procedure is envisaged by matters of law of Russian Federation.

In order to monitor our service provision, to prevent human trafficking and to protect vulnerable people, our Government Clients may request access to real-time footage of the activity in our Visa Application Centres.

TOP

13. THE PERSON RESPONSIBLE FOR THE ORGANIZATION AND PROCESSING OF PERSONAL DATA ON THE TERRITORY OF THE RUSSIAN FEDERATION AND BEYOND ITS JURISDICTION

The person responsible for organizing the processing of personal data in accordance with paragraph 1 of article 22.1 of the Federal Law of Personal Data is the Data Protection Officer – Vadim Traydakalo.

Contact person's full name is Vadim Traydakalo.

Requests for DPO of S.L. “TLSContact (RU)”- Vadim Traydakalo, are to be sent to legal address: 105120, Russian Federation, Moscow, 2nd Syromyatnicheskiy pereulok, h. 1, floor 3, premises I, room 16.

The person responsible for the organization of processing of personal data carries out the duties in the amount not less than it is established by the current legislation of the Russian Federation in accordance with paragraph 4 of article 22.1. of the Federal Law On Personal Data, namely: a) the implementation of internal control over the compliance of the operator and its employees with the legislation of the Russian Federation on personal data, including requirements for the protection of personal data; b) bringing to the attention of the operator's employees the provisions of the legislation of the Russian Federation on personal data, local laws on personal data processing, and requirements for personal data protection; c) organizing the acceptance and processing of appeals and requests of personal data subjects or their representatives and / or exercising control over the acceptance and processing of such appeals and requests.

Any request of the personal data subject can be sent to the Authorized employee on work with personal data, whose area of responsibility includes the jurisdiction - Russian Federation on the group level:

TLScontact Personal Data Protection Commissioner:

E-mail address:

DPO@tlscontact.com

Address: 67, rue Saint Lazare 75009 Paris, France (France)

Attention: TLScontact Personal Data Protection Commissioner

At the same time, the Operator responds to requests of subjects of personal data regarding the information and to the extent that is processed by the Operator in accordance with the Federal Law On Personal Data, as well as the fact, purpose and principles of trans-border transfer of personal data to current Clients.

TOP

14. MARKETING AND DISTRIBUTION OF INFORMATION AND ADVERTISING MESSAGES TO PERSONAL DATA SUBJECTS

The Operator hereby notifies that it does not perform information, advertising, agitation and other mailings related to direct marketing and advertising in accordance with the Federal Law On Advertising to its applicants.

The Operator shall be obliged to send informational, advertising, promotional and other messages only subject to observance of the conditions stipulated by the article 15 of the Federal Law On Personal Data, that is with the consent of the subject of personal data. The obligation to provide the proof of the subject's consent is imposed on the Operator.

The Operator uses the contact data, namely phone number and e-mail address only for the purpose of informing the applicant about the status of providing the services and for confirming of appointment in Operator’s Visa Centre with using of Operator’s call-centre (once).

TOP

15. AMENDMENT OF THIS POLICY

The Operator may from time to time make changes to this Policy by publishing a new version of the Policy. The amendments made by the Operator shall not contradict the current legislation and contain guarantees and obligations to the extent lower than it is provided for by the current legislation of the Russian Federation. The current version of the Policy is a public document developed by the Operator and available to any Internet user.

TOP

16. PROFILING

The operator is not engaged in profiling.

TOP

17. COOKIES

Operator sites use cookies for proper operation and easy navigation.

Operator websites use Google Analytics, a service that transmits traffic data to Google servers. Google Analytics will not associate your IP address with any other data held by Google. The reports provided by Google Analytics will be used to help the website analyze traffic patterns and the use of the website.

In addition, the operator uses a cookie session. This allows the operator sites to track the movement of users from page to page.

The user of the Operator's website can disable cookies for the site on the browser settings page:

TOP

18. OPERATIONALIZATION

The present Policy has been put into effect by the Order of the General Director of LLC "TLScontact (RU)" № 04-09/2020 in September 04, 2020.

TOP

19. OTHER INTERNAL REGULATIONS OF THE OPERATOR

The Operator undertakes to have other local normative legal acts regulating the processing of personal data, as well as to keep records of information and data carriers in accordance with the current legislation of the Russian Federation.

TOP