Policy on Personal Data Processing

1. General Provisions

This personal data processing policy has been prepared in accordance with the requirements of the Federal Law of July 27, 2006, No. 152-FZ "On Personal Data" (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data undertaken by the Moscow Bar Association "Tomashevskaya & Partners" (hereinafter referred to as the Operator).


1.1. The Operator's most important goal and condition for its activities is to respect human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal, and family secrets.

1.2. This Operator’s policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may receive about visitors to the website https://tp-law.com/.

2. Basic Terms Used in the Policy

2.1. Automated processing of personal data – processing of personal data using computer technology.

2.2. Blocking of personal data – temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify personal data).

2.3. Website – a set of graphical and information materials, as well as computer programs and databases, ensuring their availability on the Internet at the network address https://tp-law.com/.

2.4. Personal data information system – a set of personal data contained in databases and information technologies and technical means ensuring their processing.

2.5. Depersonalization of personal data – actions resulting in the inability to determine the ownership of personal data by a specific User or another subject without additional information.

2.6. Processing of personal data – any action (operation) or set of actions (operations) performed with personal data, with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.7. Personal data – any information relating directly or indirectly to an identified or identifiable User of the website https://tp-law.com/.

2.8. Personal data allowed by the subject for distribution – personal data that the subject allows public access to by giving consent for the processing of personal data for distribution under the procedure established by the Personal Data Law (hereinafter referred to as personal data allowed for distribution).

2.9. User – any visitor to the website https://tp-law.com/.

2.10. Provision of personal data – actions aimed at disclosing personal data to a specific person or a certain circle of persons.

2.11. Distribution of personal data – any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or familiarizing an indefinite circle of persons with personal data, including publication in the media, posting in information and telecommunication networks, or providing access to personal data in any other way.

2.12. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual, or a foreign legal entity.

2.13. Destruction of personal data – any actions resulting in the irreversible destruction of personal data without the possibility of further recovery in the personal data information system and/or destruction of the physical media containing personal data.

3. Basic Rights and Obligations of the Operator

3.1. The Operator has the right to:

  • receive accurate information and/or documents containing personal data from the User;
  • continue processing personal data without the User's consent in cases of withdrawal of consent or a request for termination, as permitted by the Personal Data Law;
  • independently determine the composition and list of measures sufficient to fulfill the obligations under the Personal Data Law, unless otherwise specified by federal law.

3.2. The Operator must:

  • provide Users, upon request, with information about the processing of their personal data;
  • organize the processing of personal data as required by the applicable legislation of the Russian Federation;
  • respond to User inquiries and requests regarding the processing of their personal data;
  • inform the authorized body for the protection of personal data subjects of necessary information within ten business days of receiving a request;
  • publish or otherwise ensure unrestricted access to this Policy;
  • take legal, organizational, and technical measures to protect personal data from unauthorized access and other illegal actions;
  • cease the transfer and processing of personal data as required by the Personal Data Law;
  • fulfill other obligations under the Personal Data Law.

4. Basic Rights and Obligations of Personal Data Subjects (Users)

4.1. Personal data subjects have the right to:

  • receive information on the processing of their personal data, except as required by federal law;
  • request corrections or deletion of personal data that is incomplete, outdated, or unlawfully obtained;
  • demand prior consent for processing data for marketing purposes;
  • withdraw consent for data processing;
  • file complaints to the authorized body or court regarding illegal data processing;
  • exercise other rights as provided by Russian law.

4.2. Personal data subjects must:

  • provide accurate personal information;
  • notify the Operator of updates or changes to their personal data.

5. Principles of Personal Data Processing

5.1. Processing is conducted on a lawful and fair basis, limited to legitimate goals.

6. Purposes of Personal Data Processing

7. Conditions for Personal Data Processing

7.1. The processing of personal data by the User is conducted in accordance with local regulations on personal data processing in the Company, as well as this Policy and applicable legislation.

7.2. This Policy specifies the full range of purposes for personal data processing, categories of subjects and data, processing terms and methods, and the procedure for data destruction with respect to the Website.

8. Procedure for Collecting, Storing, Transferring, and Other Types of Personal Data Processing

The security of personal data processed by the Operator is ensured through legal, organizational, and technical measures necessary to meet fully the requirements of current legislation on personal data protection.


8.1. The Operator ensures the confidentiality of personal data and takes all possible measures to prevent unauthorized access.

8.2. Personal data will not be disclosed to third parties unless required by law or with the User’s consent for contractual obligations.

8.3. Users can update their data by sending a notification to the Operator at info@tp-law.com, marked "Data Update."

8.4. The duration of personal data processing is determined by the achievement of processing goals, unless specified by law or a contract.

8.5. Information collected by third-party services, such as payment systems and communication tools, is stored and processed by these services under their agreements and privacy policies. The Operator is not responsible for third-party actions.

8.6. Restrictions on data transfer or processing set by the subject do not apply when processing for state or public interest under Russian law.

8.7. The Operator ensures the confidentiality of personal data.

8.8. The Operator stores personal data in a form that allows the identification of the subject, no longer than required for the purposes of processing, unless otherwise provided by law or contract.

8.9. Data processing may cease if the processing purpose is achieved, the User withdraws consent, or unlawful processing is detected.

9. List of Actions Performed by the Operator with Personal Data

9.1. The Operator may collect, record, systematize, accumulate, store, clarify, retrieve, use, transfer, depersonalize, block, delete, and destroy personal data.

9.2. The Operator may process data with or without automated systems.

10. Cross-Border Transfer of Personal Data

10.1. Before cross-border data transfer, the Operator must notify the relevant authority.

10.2. The Operator must obtain necessary information from foreign authorities or entities receiving the data.

11. Confidentiality of Personal Data

The Operator and others with access to personal data must not disclose or disseminate it without the User’s consent, unless required by law.

12. Final Provisions

12.1. Users may contact the Operator at info@tp-law.com for questions regarding personal data processing.

12.2. This document will reflect any updates to the Policy, effective until a new version is published.

12.3. The current version of the Policy is available at https://tp-law.com/privacy.

Made with Scene