1.1 This Privacy Policy (hereinafter referred to as the “Policy”) has been approved by Columbia Shipmanagement (St Petersburg) Limited Liability Company  (TIN 7826076479, OGRN 1027810248058), located at the address: 191119, Saint Petersburg, emb. 93 Obvodny Kanal, k. a 5/4 (hereinafter referred to as the “Operator”, “Site Administration”) in accordance with Federal Law No. 152-FZ of 27.07.2006″ On Personal Data” in order to establish the procedure for processing and protecting personal data of Site Visitors.

1.2 The policy regulates relations between the Site Administration and its Visitors regarding the processing of personal data, defines the Operator’s obligations to not disclose and ensure the confidentiality of personal data provided by a Visitor to the site owned by the Operator, as well as the Visitor’s rights to maintain confidentiality in relation to his personal data.

1.3 This Policy is designed to provide Visitors with information about the procedure for processing personal data that can be obtained through the Site.

1.4 The User’s use of the Site means that they agree to the terms of this Policy. In case of disagreement with the terms of this Policy, the User must immediately stop using the Site.

1.5 This Policy applies to a site located at the following domain address: https://csmru.com/ (hereinafter referred to as the “Site”), as well as on its subdomains. The site administration does not control and is not responsible for third-party sites to which the User can click on the links available on the Site.

1.6 Within the framework of this Policy, the following are considered as personal data:

– data provided by the User independently when using the Site

– data that is automatically collected by Web analytics services during the use of the Site, including the IP address, cookie information, information about the browser used by the User, access time, and the address of the requested page.

2.1. The following terms are used in this Privacy Policy:
2.1.1. “Site Administration of https://csmru.com / (hereinafter – Administration)” – the Operator, as well as its employees authorized to manage the Site, who organize and (or) process personal data through the Site, as well as determine the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data on the Site.
2.1.2. “Personal data” means any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data).
2.1.3. “Processing of personal data” means any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, transfer) of personal data. access), blocking, deletion, or destruction of personal data.
2.1.4. “Confidentiality of personal data” is a mandatory requirement for the Operator or other person who has obtained access to personal data to prevent their dissemination without the consent of the personal data subject or other legal grounds.
2.1.5. “Site” – a set of interconnected web pages placed on the Internet at a unique address (URL): https://csmru.com/, as well as on its subdomains.
2.1.6. “Subdomains” – pages or a collection of pages located on third-level and higher domains that belong to the Site, as well as other temporary pages, at the end of which the Administration’s contact information is indicated.
2.1.7. “Site Visitor (hereinafter referred to as the Visitor)” means individuals who have full legal and legal capacity, have access to the Site via the Internet and use the information, materials and services of the site.
2.1.8. “Cookie” – a fragment of text data sent by the Website’s web server and stored on the User’s computer. On each subsequent visit to the site, the User’s browser reads information from the cookie file and transmits it to the Site’s web server.
2.1.9. “IP address” — a unique network address that identifies a device on the Internet or local network.
2.1.10. “Web analytics” is a system for measuring, collecting, analysing, presenting and interpreting information about website visitors in order to improve and optimize them.
2.1.11. “Checkbox” — an element of the graphical user interface that allows the User to control a parameter with two states ☑ “enabled and ☐ “disabled”, and is used on the Site to confirm the User’s consent to the processing of their personal data.

3.1. For the purpose of providing feedback, the Site may process personal data of the Site Visitor:
– Surname
– Name
– Middle name
– Phone number
– Email address
– Company name

3.1.1. The basis for processing personal data is the Consent of the subject.
3.1.2. Processing of personal data is carried out by collecting, recording, systematizing, accumulating, storing, clarifying (updating, changing), extracting, using, transferring, blocking, deleting and destroying personal data.
3.1.3. Personal data is processed until the purpose of processing is achieved or until the User withdraws their consent to processing.

4.1. All personal data of the Visitor is processed in accordance with the legislation of the Russian Federation on personal data.
4.2. The processing of personal data is carried out both with the use of automation tools and without their use.
4.3. By providing the Operator with their personal data, the Visitor consents to the Operator’s processing of personal data in any way with or without the use of automation tools.

4.4. The Administration takes the necessary organizational and technical measures to protect the Visitor’s personal data from unauthorized or accidental access, destruction or modification, as well as blocking, copying, distribution, or other illegal actions of third parties.
4.5. The Administration, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User’s personal data.
4.6. The Administration grants access to the User’s personal data only to employees of the Operator who are authorized to work with personal data and have signed an Obligation of Non-disclosure of personal data.
4.7. The Administration has the right to use the information provided by the User, including personal data, in order to ensure compliance with the requirements of the current legislation of the Russian Federation (including for the purpose of preventing and/or suppressing illegal and / or illegal actions of Visitors). Disclosure of personal data provided by the Visitor can only be made in accordance with the current legislation of the Russian Federation at the request of the court, law enforcement agencies, as well as in other cases provided for by the legislation of the Russian Federation. In such cases, the transfer of personal data is carried out to organizations, bodies and persons, the transfer of personal data of the Visitor to which is mandatory in accordance with the legislation of the Russian Federation.
4.8. The Administration does not check the accuracy of the information provided by the User, and assumes that the User provides reliable and sufficient information in good faith, and takes care to make timely changes to the previously provided information if necessary.

5.1. The site uses the following categories of cookies:
− Functional features that help improve the User’s interaction with the Site, such as saving the selected language
− Required items required for providing basic Site functions
5.2. The Site can also use the Yandex.Web Analytics service to process User data Yandex. Metrica”.
5.3. According to the Terms of Use of the Yandex. Web Analytics service Yandex. Metrica”, Site administration can use cookies to receive the cookie following information about a User:
5.3.1. Standard reports:
− Traffic
− Conversions
− Sources
5.3.2. Users:
− Geography
− Age
− Paul
− Traffic by time of day
− Time spent on the site
5.3.3. Content:
− Popular
− Login Pages
− Exit Pages
5.3.4. Technologies:
− Browsers
− Monitor Resolution
− Operating systems
− Devices (mobile devices, desktop PCs)
5.3.5. Monitoring:
− Site load
− Traffic by minute
− Page opening speed
5.4. According to the Terms of Use of the Yandex. Web Analytics service. Yandex. Metrica”, the User understands and agrees that the tag installed on the Site collects anonymous (without linking to the personal data of Visitors) data about Site visits and data about the end User’s device and automatically transmits them to Yandex LLC in order to obtain generalized statistical information available for further use using the service both the Administration and Yandex LLC for their own purposes.
5.5. All data collected and stored by the web analytics service is considered by Yandex LLC as confidential information of the User, and in cases stipulated by applicable law, as a commercial secret of the User. It undertakes to keep the data confidential and not transfer such data to third parties (except for persons belonging to the same group as Yandex LLC”), except for cases when the User allows such transmission or independently allows access to data for third parties.
5.6. Functionality of the web analytics service, as well as the terms of processing and protection by Yandex. Yandex. Metrica” User’s personal data can be changed without the consent of the Site Administration, and therefore the User can independently familiarize themselves with the principles of the Yandex.Metrica service. Yandex. Metrica ” on the page by following the link: https://yandex.ru/support/metrica/general/how-it-works.html.
5.7. The User’s consent is the basis for using the cookies specified in this Policy.
5.8. The user can disable the use of cookies in the browser they use.
5.9. The User understands that disabling cookies, as well as refusing to give consent to their use, may result in the inability to display certain materials on the Site and the inability to use some of its functions.

6.1. A link to this Privacy Policy is provided in all forms of personal data collection available on the Site.
6.2. Confirmation of consent to the processing of personal data is carried out by the User by checking the corresponding checkbox in the “enabled” position☑, which is present in all collection forms available on the Site.
6.3. The User confirms their consent to the processing of cookies by clicking the appropriate button in the pop – up window of the notification about the use of cookies and web analytics services.

7.1. The visitor has the right to receive information related to the processing of their personal data, including information containing:
− Confirmation of the processing of personal data by the Operator
− Legal grounds and purposes of personal data processing
− Purposes and methods of processing personal data used by the Operator
− Name and location of the Operator, information about persons (with the exception of personal data of the Operator’s employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of a federal law
− List of processed personal data related to the relevant personal data subject, the source of their receipt, unless a different procedure for submitting such data is provided for by federal law
− Terms of processing of personal data, including the terms of their storage
− Procedure for the exercise by the subject of personal data of the rights provided for by the legislation of the Russian Federation
− Information about cross-border data transfers that have been made or are expected to be made
− Name or surname, first name, patronymic and address of the person who processes personal data on behalf of the Operator, if the processing is or will be entrusted to such a person
7.2. The visitor has the right to withdraw consent to the processing of their personal data or request their destruction.
7.3. If the Visitor withdraws consent to the processing of their personal data, the Operator is obliged to stop processing them or ensure the termination of such processing, destroy personal data or ensure their destruction (if the processing of personal data is carried out by another person acting on behalf of the Operator) within a period not exceeding thirty days from the date of receipt of the specified withdrawal.
7.4. If a Visitor requests the Operator to stop processing personal data, the Operator is obliged to stop processing them within a period not exceeding ten working days from the date of receipt of the relevant request by the Operator, or to ensure that such processing is stopped (if such processing is carried out) by the person processing personal data. The specified period may be extended, but not for more than five business days, if the Operator sends a reasoned notification to the User indicating the reasons for extending the deadline for providing the requested information.

8.1. To protect personal data, the Operator uses the following information security tools:
– Appointment of employees responsible for organizing the processing of personal data (including in information systems)
– Approval of the list of persons whose access to personal data processed in the information system is necessary for the performance of their official (labour) duties
– Implementation of internal control over the compliance of personal data processing with the current legislation of the Russian Federation
– Assessment of the damage that may be caused to personal data subjects in case of violation of the legislation of the Russian Federation
– Familiarizing employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data;
– Identification of threats to the security of personal data when processing them in personal data information systems
– Application of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems necessary to meet the requirements for personal data protection, the implementation of which ensures the levels of personal data security established by the legislation of the Russian Federation
– Application of information security tools that have passed the compliance assessment procedure in accordance with the established procedure
– Evaluation of the effectiveness of measures taken to ensure the security of personal data prior to commissioning of the personal data information system
– Detection of unauthorized access to personal data and taking measures
– Recovery of personal data modified or destroyed due to unauthorized access to them
– Establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system
– Control over the measures taken to ensure the security of personal data and the level of security of personal data information systems
– Accounting for machine-generated personal data carriers
– Ensuring the security of personal data carriers
– Organization of a security regime for premises where the personal data information system is located, preventing the possibility of uncontrolled entry or stay in these premises by persons who do not have the right of access to these premises
– Placement of technical means for processing personal data within a protected area
– Use of information security tools that have passed the procedure for assessing compliance with the requirements of the legislation of the Russian Federation in the field of information security, if the use of such tools is necessary to neutralize current threats

9.1. When processing personal data, the Operator is guided by the Federal Law” On Personal Data ” No. 152-FZ of 27.07.2006, as well as other applicable legislation in the field of personal data protection.
9.2. The protection of personal data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary and sufficient to meet the requirements of the personal data legislation, in particular, the Operator has (i) appointed a person responsible for organizing the processing of personal data; (ii) approved local regulations governing the processing of personal data, including: this Policy; (iii) the Operator’s employees who directly process personal data have been familiarized with the provisions of the Russian Federation legislation on personal data, including the requirements for personal data protection, documents defining the Operator’s policy on personal data processing, and local acts on personal data processing; (iv) access rules have been established access to personal data (personal data is available only to strictly defined employees of the Operator); (v) rules for storing personal data are established (data storage (databases) is organized on electronic media with a password; on paper media – in lockable cabinets); (vi) records of machine-based personal data carriers are kept; (vii) personal data storage is carried out. control over the measures taken to ensure the protection of personal data and their compliance with the requirements of the current legislation in the field of personal data processing, this Policy and local regulatory acts of the Operator regarding the processing of personal data.

10.1. Make a free decision on the provision of their personal data necessary for the use of the functions provided to them through the Site, and consent to their processing.
10.2. Update or supplement the previously provided personal data if they are changed.
10.3. The Visitor has the right to receive information from the Administration regarding the processing of their personal data by sending a request in accordance with the requirements of Article 14 of Federal Law No. 152-FZ of 27.07.2006 “On Personal Data”. The Visitor has the right to demand that the Administration clarify their personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.
10.4. The visitor has the right to withdraw their consent to the processing of personal data at any time by sending a corresponding application to the Administration.

11.1. Make changes to this Privacy Policy without the User’s consent, and then publish a new version of the Policy on the Site.
11.2. Request the User to update their previously provided personal data.
11.3. If the User withdraws consent to the processing of personal data, the Site Administration has the right to continue processing personal data without the consent of the personal data subject, if there are grounds specified in paragraphs 2-11 of Part 1 of Article 6, Part 2 of Article 10 and Part 2 of Article 11 of this Federal Law No. 152 – FZ of 27.07.2006 “On Personal Data”.

12.1. Read the terms of the current version of this Policy before submitting your personal data to the Administration.
12.2. Observe precautions regarding the confidentiality of your personal data.
12.3. Update or supplement the personal data provided to the Administration in case of changes.

13.1. Use the received information exclusively for the purposes specified in this Privacy Policy.
13.2. Ensure that confidential information is kept confidential, not disclosed without the User’s prior written permission, and not sold, exchanged, published, or otherwise disclosed by the User’s transmitted personal data.
13.3. Take precautionary measures to protect the confidentiality of the Visitor’s personal data in accordance with the requirements established by the legislation of the Russian Federation on personal data.
13.4. Perform blocking of personal data related to the relevant Visitor from the moment of the request or request of the Visitor or his legal representative or the authorized body for the protection of the rights of personal data subjects for the period of verification, in case of detection of unreliable personal data or illegal actions.

14.1. Confirmation of the destruction of personal data in cases stipulated by Federal Law No. 152-FZ of 27.07.2006 “On Personal Data” is carried out in accordance with the requirements established by the authorized body for the protection of the rights of personal data subjects.
14.2. If the processing of personal data is carried out by the Operator without the use of automation tools, the document confirming the destruction of personal data of personal data subjects is the Act on the Destruction of Personal Data.
14.3. If the processing of personal data is carried out by the Operator using automation tools, the documents confirming the destruction of personal data of personal data subjects are the act on the destruction of personal data that meets the requirements contained in paragraphs 3 and 4 of Order No. 179 of the Federal Service for Supervision of Communications, Information Technologies and Mass Communications of October 28, 2022 “On approval of Requirements to confirm the destruction of personal data” and uploading from the event log in the personal data information system (hereinafter referred to as uploading from the log).
14.4. Personal data is subject to destruction in the following cases:
– if the purpose of personal data processing is achieved or if it is no longer necessary to achieve the purpose of personal data processing, unless otherwise provided by the Federal Law “On Personal Data”
– when changing or invalidating regulatory legal acts that establish the legal basis for processing personal data
– when identifying the fact of illegal processing of personal data
– when a personal data subject withdraws consent, unless otherwise provided by the Federal Law “On Personal Data”
14.5. Responsible employees for document management and archiving carry out systematic control and identification of documents containing personal data with expired storage periods.
14.6. The issue of destruction of documents containing personal data with expired retention periods is considered by the commission, the composition of which is approved by the order of the Manager/General Director.
14.7. Based on the results of the meeting, a protocol and an act on the allocation of documents for destruction, an inventory of the cases to be destroyed are drawn up. The act of allocating documents for destruction is signed by the chairman and members of the commission.
14.8. Destruction of personal data at the end of the term of their processing on electronic media is carried out by mechanical violation of their integrity, which does not allow reading and restoring personal data, or deletion from electronic media by methods and means of guaranteed deletion of residual information.

15.1. The Administration that fails to fulfil its obligations is liable for losses incurred by the Visitor in connection with the misuse of personal data, in accordance with the legislation of the Russian Federation, with the exception of cases provided for in this Policy.
15.2. In case of loss or disclosure of personal data, the Site Administration is not responsible if they:
− Became public domain prior to their loss or disclosure
− Were received from a third party prior to their receipt by the Administration
− Were disclosed with the User’s consent
15.3. The Administration has the right to refuse further processing of personal data specified by the User if it considers the information provided by them unacceptable or incomplete.
15.4. The User agrees that the information provided to them as part of the Site may be an object of intellectual property, the rights to which are protected and belong to the Operator or other persons.
15.5. The Administration is not responsible for any direct or indirect damages that occur due to the inability to use the Site or certain services, as well as due to unauthorized access to the User’s communications.

16.1. The current legislation of the Russian Federation applies to this Privacy Policy and the relations between the Visitor and the Administration.