Personal Data Processing Policy
Last updated: 17.06.2025
This document defines the Personal Data Processing Policy of NeuroVision LLC (TIN: 9731092853; hereinafter referred to as the “Operator”) with regard to Processing of Personal Data and implementation of personal data protection requirements (hereinafter referred to as the “Policy”) in accordance with Article 18.1 of the Federal Law of 27.07.2006 № 152-FZ “On Personal Data”.
The Policy is developed in accordance with the legislation of the Russian Federation on personal data and applies to all Operator‘s processes related to the personal data Processing when using the Website and Operator‘s software, as well as when Processing personal data according to the Client‘s instructions.
1. General Provisions
1.1. The Policy is a publicly available document declaring the basics of the Operator’s activities in Processing Personal Data and is subject to publication on the Operator’s official website in the information and telecommunications network “Internet” (hereinafter referred to as the “Internet”) at https://neuro-vision.ru and https://platform.neuro-vision.ru (hereinafter referred to as the “Website”).
1.2. The consent of the Personal Data Subject to the Processing of his/her Personal Data shall be confirmed, including the fact of their provision or performance of any actions through the use of the Website. The User unconditionally accepts the provisions of this Policy without any exceptions, limitations and/or exclusions, and agrees with the terms and conditions of Personal Data Processing specified herein. In case of disagreement with the Processing of Personal Data and/or this Policy, the User shall not use the Website.
2. Definitions
2.1. The following concepts, terms and abbreviations are used in this Policy:
| Personal Data | Any information relating to a directly or indirectly identified or identifiable individual (Personal Data Subject). |
| Operator | NeuroVision LLC (legal address: 123112, Moscow, Presnenskaya emb., 12, room 7/35). |
| Website | Official websites of the Operator, available at the following Internet addresses: https://neuro-vision.ru, https://platform.neuro-vision.ru. |
| Processing of Personal Data | Any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data. |
| Personal Data Subject | User whose Personal Data is processed by the Operator, including the Client’s employee, Client’s User, other User. |
| User | A person who visits the Operator’s website or uses the Operator’s software for any purpose, or legally provides their own or other’s personal data (including company’s data). |
| Client’s User | User whose Personal Data the Operator processes on the basis of the Client’s instruction. |
| Operator’s Client (Client) | A person who has access to the “NEUROVISION” CVP on the basis of a license agreement with the Operator, and who instructs the Operator to process the data and determines the purposes of Processing the personal data of Client’s Users. |
| “NEUROVISION Computer Vision Platform” with KYC Subsystem (“NEUROVISION” CVP) | The software that is the result of intellectual activity of NeuroVision LLC, the right to use which is granted to the Client in accordance with the agreement. “NEUROVISION” CVP is registered in the Russian Software Registry, registry entry No. 19972 dated November 13, 2023. Access to the software is provided, among other things, through a website available on the Internet at: https://platform.neuro-vision.ru. |
2.2. All other terms appearing in the text of the Policy shall be interpreted by the Parties in accordance with the legislation of the Russian Federation and the usual rules of interpretation of the relevant terms in the Internet.
3. Legal Basis for Processing of Personal Data
3.1. The Operator’s policy in the field of Processing of Personal Data shall be determined in accordance with:
- Constitution of the Russian Federation;
- Civil Code of the Russian Federation;
- Labor Code of the Russian Federation;
- Federal Law of 27.07.2006 №152-FZ “On Personal Data”;
- Federal Law of 27.07.2006 №149-FZ “On Informatization, Information Technologies and Information Protection”.
- Resolution of the Government of the Russian Federation №687 dated 15.09.2008 “On Approval of the Regulations on the Specifics of Processing of Personal Data Performed Without the Use of Automation Tools”;
- other regulatory legal acts of the Russian Federation related to the issue of Processing and protection of Personal Data;
- consent to Processing of Personal Data;
- agreement with the Client;
- Client’s insrtuction for Processing of Personal Data of the Client’s Users.
4. Rights and Obligations of the Operator
4.1. The Operator is entitled to:
4.1.1. Receive reliable information containing Personal Data from the Personal Data Subject;
4.1.2. If the Personal Data Subject revokes consent to the Processing of Personal Data, the Operator shall continue the Processing of Personal Data without consent on the grounds established by the legislation of the Russian Federation. If a request to revoke consent to the Processing of Personal Data is submitted by a Client’s User, the Operator shall not be entitled to make a decision on such an application and shall terminate the Processing based on the results of the Client’s decision;
4.1.3. Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the legislation on Personal Data and regulatory legal acts adopted in accordance therewith, unless otherwise provided for by the legislation on Personal Data or other federal laws, or by the Client’s instruction.
4.2. The Operator undertakes to:
4.2.1. Provide the Personal Data Subject, upon his/her request, with information regarding the Processing of his/her Personal Data;
4.2.2. Organize the Processing of Personal Data in accordance with the procedure established by the legislation of the Russian Federation;
4.2.3. Respond to appeals and requests of the Personal Data Subjects and their legal representatives in accordance with the requirements of the legislation on Personal Data;
4.2.4. Publish or otherwise provide unrestricted access to this Policy with respect to the Processing of Personal Data;
4.2.5. Take legal, organizational and technical measures to protect Personal Data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of Personal Data, as well as from other unlawful actions in relation to Personal Data;
4.2.6. Terminate the transfer (distribution, provision, access) of the Personal Data, terminate the Processing and destroy the Personal Data in the manner and cases provided for by the legislation on Personal Data. If the relevant request is sent by the Client’s User, the Operator undertakes to redirect the request to the Client and terminate the transfer (dissemination, provision, access) of Personal Data, terminate the Processing and destroy Personal Data based on the results of the Client’s decision;
4.2.7. Fulfill other obligations stipulated by the legislation on Personal Data.
5. Rights and Obligations of the Subject of Personal Data
5.1. The Personal Data Subject is entitled to:
5.1.1. Receive information related to the Processing of his/her Personal Data, except for cases stipulated by federal laws. Information shall be provided to the Personal Data Subject by the Operator in an accessible form and shall not contain Personal Data relating to other Personal Data Subjects, unless there are legal grounds for disclosure of such Personal Data. The list of information and the procedure for obtaining such information is established by the legislation on Personal Data;
5.1.2. Require the Operator to clarify his/her Personal Data, block or destroy them if they are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of Processing, and take measures provided for by law to protect his/her rights;
5.1.3. Refuse to give consent to the Processing of Personal Data for the purpose of marketing of goods, works and services;
5.1.4. Withdraw consent to the Processing of Personal Data;
5.1.5. To appeal to the authorized body for the protection of the rights of the Personal Data Subjects or in court against the Operator’s unlawful actions or omissions in the course of the Processing of his/her Personal Data;
5.1.6. Exercise other rights provided for by the legislation of the Russian Federation.
5.2. The Personal Data Subject undertakes to:
5.2.1. Provide the Operator with reliable data about himself/herself;
5.2.2. Notify the Operator of any clarification (update, change) of his/her Personal Data.
5.3. A person who has provided the Operator with unreliable information about himself/herself or information about another Personal Data Subject without the consent of the latter shall be liable in accordance with the legislation of the Russian Federation.
6. Principles of Personal Data Processing
6.1. The Operator shall process Personal Data on the basis of the following principles:
- Processing of Personal Data is carried out in accordance with the purposes of their Processing;
- the content and volume of processed Personal Data correspond to the stated purposes of Processing and are not redundant in relation to the stated purposes of their Processing;
- during Processing of Personal Data, the accuracy of Personal Data, their sufficiency, and, where necessary, their relevance in relation to the purposes of Processing of Personal Data is ensured (necessary measures are taken to delete or clarify incomplete or inaccurate data);
- storage of Personal Data is carried out in a form that allows to determine the accuracy of the Personal Data, their sufficiency, and, where necessary, their relevance in relation to the purposes of Processing of Personal Data.
6.2. Personal Data Subjects are responsible for providing the Operator with accurate information and for timely updating the provided data in case of any changes.
7. Purposes, grounds for Processing and categories of Personal Data
7.1. The Operator shall process Personal Data belonging to Users and Clients received in accordance with the procedure established by the legislation of the Russian Federation.
7.2. The Operator shall process only those Personal Data that meet the purposes of their Processing. The Personal Data shall not be processed if their nature and scope do not meet the set purposes.
7.3. The Operator processes the following Personal Data for the purposes and on the grounds specified in this clause of the Policy:
| Purpose of Personal Data Processing | Personal Data Subject | Personal Data category | Basis for Processing of Personal Data |
| Interaction with the Website | All Users | Cookies | Consent to the Processing of Personal Data |
| Registration and authorization of the Client on the Website | Employees and representatives of the Client | Full name; Client’s name; E-mail address | Agreement with the Client |
| Use of the “NEUROVISION” CVP by the Client, including provision of technical support to the Client | Employees and representatives of the Client | Full name; Name of the Client; ID inside “NEUROVISION” CVP; Technical information about the device; Date and time of authorization on “NEUROVISION” CVP; List of used tools; Information and documents sent to the Operator’s technical support. | Agreement with the Client |
| Execution of the Client’s instructions to process Users’ data | Client’s Users | Full name; Personal identification document data, including passport series, number, date of issue and issuing authority, place and date of birth, registration address; Photo; Personal data contained in the passport copy uploaded to the “NEUROVISION” CVP; Phone number; | Client’s instruction |
| Processing of completed contact forms | All Users | Phone number; E-mail address; Full name; Other personal data requested in the contact form | Consent to the Processing of Personal Data |
| Processing of requests to the Operator’s e-mail | All Users | E-mail address; Personal Data contained in the text of the letter | Exercising of rights and legitimate interests of the Operator |
| Implementation of marketing mailings | All Users | E-mail address; Phone number | Consent to receive newsletters |
| Recruitment and hiring | Users who are potential candidates for vacant positions | Full name; Gender; Date of birth; Nationality; Passport details; Address; Telephone number; E-mail address; Educational background; Work experience; Professional skills; Information contained in the CV | Consent to the Processing of Personal Data in the course of personnel recruitment |
7.4. The specified Personal Data may also be processed by the Operator for the following purposes:
- Sending notices, requests and information regarding the use of the Website, fulfillment of agreements and contracts, as well as Processing of requests and applications from the User;
- Improving the quality of the Website, convenience of its use for the User, development of new services and services, interaction with the User;
- Conducting statistical and other research based on anonymized data;
- In other cases stipulated by the Operator’s local acts or agreement with the User, when it is allowed by the legislation. The general list of Personal Data processed by the Operator may be approved, as well as expanded or reduced by the Operator, which will be notified by the Operator through amendments to this Policy.
7.5. The Operator does not process special categories of Personal Data related to nationality, political views, religious or philosophical beliefs.
8. List of actions with Personal Data and methods of their Processing
8.1. The Operator shall collect, record, systematize, accumulate, store, clarify (update, change) retrieve, use, transfer (provide, access), depersonalize, block, delete and destroy Personal Data.
8.2. The Operator shall process Personal Data:
- with the use of automation tools (automated Processing of Personal Data);
- without the use of automation tools.
9. Procedure for collection, storage, transfer and other types of Personal Data Processing by the Operator
9.1. The Operator receives Personal Data from the Personal Data Subjects or authorized third parties.
9.2. Consent to the Processing of Personal Data of persons aged 16 to 18 years is provided by them independently with the permission of their parents/ legal representatives (both preliminary and subsequent).
9.3. Provision of Personal Data by the Operator to third parties (transfer of Personal Data) may be carried out solely to achieve the purposes stated for the Processing of Personal Data in this Policy.
9.4. The transfer of Personal Data to third parties is carried out with the written consent of the Personal Data Subject, which is executed in the form prescribed by the legislation, or in other cases stipulated by the federal laws.
9.5. In order to comply with the legislation of the Russian Federation for the purpose of achieving the goals of Personal Data Processing, the Operator in the course of its activities shall provide Personal Data to the following third parties:
- to authorized state authorities in cases provided for by the federal laws;
- to the Operator’s contractual counterparties, subject to the consent of the Personal Data Subject;
- to other persons – in cases and in accordance with the procedure provided for by the federal laws and/or subject to the consent of the Personal Data Subject.
9.6. Personal Data is stored on the Operator’s servers in accordance with legal requirements and shall be processed until the purpose of Processing is achieved and for 5 (five) years from that moment, unless another period of Processing follows from the requirements of the legislation of the Russian Federation.
9.7. The User may revoke his/her consent to the Processing of Personal Data at any time by sending a notice to the Operator by e-mail to the Operator’s e-mail address top@neuro-vision.ru, marked “Revocation of consent to the Processing of Personal Data”. The Operator shall consider the request within 5 (five) business days.
9.8. Personal Data shall be destroyed/deleted upon achievement of the Processing purposes or in case of loss of necessity to achieve them, as well as in case of revocation of the Consent to Process Personal Data, unless otherwise provided for by federal laws or by the Operator.
9.9. Processing of biometric data is carried out exclusively for the purposes of manual verification. Biometric vector extraction technologies are not applied.
10. Measures to ensure the security of Personal Data during their Processing
10.1. When Processing Personal Data, the Operator shall take all necessary legal, organizational and technical measures to protect them from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions against them. The security of Personal Data may be ensured, in particular, in the following ways:
- appointment of persons responsible for organizing the Processing of Personal Data;
- issuance of local acts regarding the Processing of Personal Data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations;
- separation of Personal Data processed without the use of automation tools from other information, in particular by recording them on separate material carriers of Personal Data, in special sections;
- ensuring separate storage of Personal Data and their tangible carriers, which are processed for different purposes and contain different categories of Personal Data;
- application of modern technical tools of protection, including data encryption, protection of information transmission channels, use of authentication tools and access control;
- ensuring registration and accounting of personal data actions in information systems, which allows to promptly identify and eliminate possible security incidents;
- regular auditing of the information infrastructure and control of the effectiveness of personal data protection measures;
- training of employees working with personal data, carried out on a continuous basis to improve their competence in the field of information protection;
- accounting of machine-readable data carriers;
- storage of tangible data carriers under conditions that ensure the safety of personal data and prevent unauthorized access to them;
- detection of unauthorized access to personal data and taking appropriate measures;
- recovery of personal data modified or destroyed as a result of unauthorized access to them;
- other measures provided for by the legislation of the Russian Federation in the field of personal data. Including: data encryption, access control, security audit.
11. Consideration of requests (inquiries) from Personal Data Subjects
11.1. Personal Data Subjects have the right to receive information regarding the Operator’s Processing of their Personal Data to the extent provided for in this section of the Policy, in accordance with Article 14 of Federal Law of 27.07.2006 №152-FZ “On Personal Data”.
11.2. Information shall be provided to the Personal Data Subject in an accessible form and shall not include Personal Data relating to other Personal Data Subjects, unless there are legitimate grounds for disclosure of such Personal Data.
11.3. Information is provided to the Personal Data Subject or his/her representative by the Operator’s subdivision performing the Processing of Personal Data upon application or upon receipt of a request.
11.4. The request must contain the number of the main identity document of the Personal Data Subject or his/her representative, information on the date of issue of the said document and the issuing authority, information confirming the participation of the Personal Data Subject in the relationship with the Operator (contract number, date of the contract, word designation and (or) other information), or information otherwise confirming the fact of the Operator’s Processing of the Personal Data, and the signature of the Personal Data Subject or his/her representative. If the Personal Data Subject’s application (request) does not contain the specified information, a reasoned refusal shall be sent to the Personal Data Subject.
11.5. If the requested information has been made available to the Personal Data Subject at his/her request, he/she has the right to reapply to the Operator or send a repeated request in order to obtain this information and familiarize himself/herself with it not earlier than 30 (thirty) calendar days after the initial application or initial request, unless a shorter period of time is provided for by regulatory acts or an agreement to which the Personal Data Subject is a party or a beneficiary or guarantor.
11.6. Before the expiration of this term, the Personal Data Subject has the right to reapply to the Operator or send a repeated request if such information and/or processed Personal Data has not been provided to him/her for review in full as a result of consideration of the initial request. The repeated request, along with the information specified in clause 11.4 of the Policy, must contain a justification for the repeated request.
11.7. The Operator has the right to refuse to fulfill a repeated request to the Personal Data Subject that does not meet the conditions stipulated in clause 11.5 of the Policy. Such refusal shall be motivated.
11.8. The Personal Data Subject’s right to access his/her Personal Data may be restricted in accordance with Article 14 of Federal Law of 27.07.2006 №152-FZ “On Personal Data” if the Personal Data Subject’s access to his/her Personal Data violates the rights and legitimate interests of third parties.
11.9. Responses to written requests of the Personal Data Subjects and organizations shall be given in writing to the extent that the confidentiality of the Personal Data is ensured. A reasoned refusal to provide the requested information shall be sent if the Personal Data Subject or organization does not have access rights to the requested information or the request does not comply with the requirements of Federal Law of 27.07.2006 №152-FZ “On Personal Data”.
11.10. Upon receipt of requests from Client’s Users, the Operator undertakes to forward the said requests to the Client for their consideration in accordance with the Clients’s Personal Data Processing Policy and to fulfill the Client’s decision regarding the Client’s User’s request, if it does not contradict the rights and legitimate interests of the Operator, as well as the agreement with the Client.
12. Final Provisions
12.1. The User may send all suggestions, questions, requests and other appeals regarding this Policy and the use of his/her Personal Data to the Operator:
- by e-mail: top@neuro-vision.ru;
- or by postal address: 123112, Moscow, Presnenskaya emb., 12, room 7/35.
12.2. This document will reflect any changes to the Policy. The Policy is valid indefinitely until it is replaced by a new version.
12.3. The current version of the Policy is freely available on the Website.