• Home
  • Personal Data Processing Policy

Personal Data Processing Policy

Moscow, December 1, 2021

This Personal Data Processing Policy (hereinafter referred to as the “Policy”) is issued in accordance with Part 2, Article 18.1 of Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006, and defines the policy of JSC "MiraxBioPharma" (TIN 7730532561) (hereinafter referred to as the “Operator”) with respect to the processing of personal data. It also contains information about the measures implemented by the Operator to ensure the protection of personal data. This Policy applies to all personal data received by the Operator from users of the website.

1. GENERAL PROVISIONS

1.1. The terms used in this Policy are defined as follows:

Personal data — any information relating directly or indirectly to an identified or identifiable individual (data subject);

Personal data made publicly available by the data subject — personal data to which the data subject has granted access to an unlimited number of persons by giving consent for the processing and distribution of such data in accordance with the procedures established by the applicable Federal Law. This definition also includes information automatically transmitted to the Operator during the use of the Website via software installed on the User’s device, such as cookie data, browser information, and other similar data;

Operator — JSC "MiraxBioPharma", independently carrying out the processing of personal data, determining the purposes of processing, the scope of personal data to be processed, and the actions (operations) performed with personal data;

Processing of personal data — any action (operation) or set of actions performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data;

Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons;

Blocking of personal data — temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify the personal data);

Destruction of personal data — actions that result in the irreversible elimination of personal data from a personal data information system and/or the destruction of physical media containing personal data, making it impossible to restore their content;

Anonymization of personal data — actions that make it impossible to determine the identity of the data subject without the use of additional information;

Confidentiality of personal data — a mandatory requirement for any person who has access to personal data to prevent its disclosure without the consent of the data subject or other legal basis;

Automated processing of personal data — processing of personal data using computer technology;

Non-automated processing of personal data — processing of personal data without the use of automation tools, including data contained in a personal data information system or extracted from such a system, in cases where operations such as use, clarification, distribution, or destruction of personal data with respect to each data subject are performed with direct human involvement;

User — any individual (data subject) who may, in the course of using the Website, provide the Operator with their personal data and who has independently agreed to the terms set forth in the Policy;

Website — the Operator’s website available at: https://mbpharma.ru;

Cookies — data fragments sent by a web server and stored on the User’s device. Cookies contain small pieces of text and are used to store information about browser activity. They enable the storage and retrieval of identifying information and other data on computers, smartphones, phones, and other devices. This also includes other technologies, such as data stored by browsers or devices, device-related identifiers, and other software.

1.2. Other terms shall be interpreted in accordance with the legislation of the Russian Federation, current recommendations (RFCs) of international standardization bodies in the field of the Internet, and commonly accepted terminology usage on the Internet.

1.3. This Policy applies to all processes of personal data processing carried out through the Website without the use of automation tools.

2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

2.1. The following regulatory acts serve as the legal basis for data processing:

— Constitution of the Russian Federation;

— Civil Code of the Russian Federation;

— Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”;

— Federal Law No. 149-FZ of July 27, 2006 “On Information, Information Technologies and Information Protection”;

— Decree of the Government of the Russian Federation No. 687 of September 15, 2008 “On Approval of the Regulation on Specific Features of Personal Data Processing Without the Use of Automation Tools”.

2.2. The User’s personal data is processed on the basis of and for the execution of agreements between the User and the Operator.

3. PURPOSES OF PERSONAL DATA COLLECTION

3.1. The Operator processes personal data that is necessary for the use of the Website or for the execution of agreements and contracts with the User, except in cases where the legislation of the Russian Federation requires the mandatory storage of personal data for a period established by law.

3.2. When processing personal data, the Operator does not combine databases containing personal data that are processed for incompatible purposes.

3.2.1. The Operator processes the User’s personal data for the following purposes:

3.2.2. to provide feedback to potential counterparties and for subsequent processing of inquiries and requests;

3.2.3. to report adverse effects of medicinal products within the framework of pharmacovigilance;

3.2.4. to comply with the mandatory requirements of the legislation of the Russian Federation.

4. SCOPE AND CATEGORIES OF PERSONAL DATA PROCESSED, CATEGORIES OF PERSONAL DATA SUBJECTS

4.1. The Operator processes the following personal data provided by Users acting on their own behalf when using the Website, by filling in the appropriate input fields:

4.1.1. last name, first name, patronymic;

4.1.2. email address;

4.2. Personal data automatically transmitted to the Operator during the use of the Website through the software installed on the User’s device:

4.2.1. cookie data;

4.2.2. information about the User’s browser;

4.3. The Operator processes personal data of the following categories of data subjects:

4.3.1. Individuals providing personal data on their own behalf in accordance with the Policy;

4.3.2. Individuals providing personal data on behalf of the physical or legal entity they represent, in accordance with the Policy.

5. PROCEDURE AND CONDITIONS FOR PERSONAL DATA PROCESSING

5.1. The Operator processes the User’s personal data on the website both with and without the use of automation tools, in accordance with the regulatory legal acts of the Russian Federation that establish requirements for ensuring the security of personal data during processing and for respecting the rights of data subjects. The use, clarification, distribution, and destruction of personal data related to the User are carried out by the Operator in accordance with the provisions approved by the Government Resolution of the Russian Federation No. 687 of September 15, 2008.

5.2. The Operator stores personal data in a form that allows identification of the data subject for 1 year, unless the data subject withdraws their consent for processing before the expiration of this period.

5.3. The confidentiality of the User’s personal data is maintained, except in cases where the User voluntarily provides data to an unlimited number of persons.

5.4. The Operator has the right to transfer the User’s personal data to third parties if:

5.4.1. There is consent from the User for the processing of personal data, authorized by the data subject for distribution in the manner prescribed by law;

5.4.2. The transfer is required by the legislation of the Russian Federation or other applicable laws, in accordance with the legal procedure established;

5.4.3. In other cases provided by law.

5.5. In the event of loss or unauthorized disclosure of personal data, the Operator will notify the User.

5.6. The Operator takes the necessary organizational and technical measures to protect the User’s personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, and other unlawful actions.

5.7. The Operator, together with the User, takes all necessary measures to prevent any losses or other negative consequences caused by the loss or unauthorized disclosure of the User’s personal data.

5.8. The Operator has the right to transfer personal data to authorized bodies based on the grounds provided by the applicable legislation of the Russian Federation.

5.9. When collecting personal data, the Operator records, systematizes, accumulates, stores, clarifies (updates, modifies), and retrieves personal data of Users who are citizens of the Russian Federation, using databases located in the territory of the Russian Federation.

5.10. The Operator ceases the processing of the User’s personal data, which is carried out with their consent, upon the expiration of the consent or the withdrawal of the User’s consent to process their personal data, as well as in cases of unlawful processing of personal data or the liquidation of the Operator.

5.11. Only the Operator has the right to access the User's personal data.

5.12. Access to personal data by third parties without the User's consent is prohibited, except in cases established by the legislation of the Russian Federation.

6. PROCEDURE FOR COLLECTING PERSONAL DATA USING "COOKIE" FILES

6.1. The Operator may use cookies to achieve the purposes of personal data processing.

6.2. The Operator uses only necessary cookies on the Website, which are essential for the functioning of critical components of the Website.

6.3. The Operator does not explicitly request consent when using necessary cookies.
If the User does not want their personal data to be collected through mandatory cookies, they can disable their provision to the Operator in the browser on their device. In this case, the User will lose access to certain functional features of the Website related to necessary cookies, which may lead to complete inoperability or incorrect functioning of the Website.

6.4. The User's devices and software used to interact with the Website, depending on their version and configuration, may or may not have the option to disable cookie operations or delete previously received cookies.

6.5. The Operator has the right to require the User's device to allow cookies for security purposes.

6.6. The structure, content, and technical parameters of cookies are determined by the Operator and may change without prior notice to the User. The User is entitled to receive all necessary information about cookies by sending a request to the Operator in accordance with the Policy.

7. UPDATE, CORRECTION, DELETION, AND DESTRUCTION OF PERSONAL DATA

7.1. The User can modify, update, supplement, or delete the personal data provided by them at any time.

7.2. If the Operator identifies any incompleteness or inaccuracy in the User’s personal data, the Operator will update the personal data and make corrections.

7.3. If it is not possible to update the personal data, the Operator will delete them.

7.4. If it is determined that the processing of the User’s personal data is unlawful, the processing will be stopped, and the personal data will be deleted.

7.5. In case the Website is inoperative or the User is unable to modify, update, supplement, or delete their personal data, or in other cases, the User has the right to request, in writing, that the Operator clarify their personal data, block, or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained, or no longer necessary for the processing purpose.

7.6. The Operator will make the necessary changes to incomplete, inaccurate, or outdated personal data within 7 working days from the date the User provides information confirming that the personal data is incomplete, inaccurate, or outdated.

7.7. The Operator will destroy unlawfully obtained or unnecessary personal data within 7 working days from the date the User provides information confirming that such personal data was unlawfully obtained or is unnecessary for the stated purpose of processing.

7.8. The Operator will notify the User about the changes made and the measures taken.

7.9. The User's rights to modify, update, supplement, or delete personal data may be restricted in accordance with the requirements of the law. Such restrictions may include the Operator’s obligation to retain personal data for a legally defined period and to transfer personal data to government authorities.

8. RESPONSES TO USER REQUESTS FOR ACCESS TO PERSONAL DATA

8.1. The User has the right to receive from the Operator information regarding the processing of their personal data, including:

8.1.1. confirmation of the fact of personal data processing by the Operator;

8.1.2. legal grounds and purposes for processing personal data;

8.1.3. purposes and methods of personal data processing applied by the Operator;

8.1.4. the name and location of the Operator, information about individuals who have access to personal data or to whom personal data may be disclosed based on an agreement with the Operator or federal law;

8.1.5. personal data related to the User, the source of its collection, unless another procedure for providing this information is established by federal law;

8.1.6. the periods of personal data processing, including retention periods;

8.1.7. the procedure for exercising the User’s rights under Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006;

8.1.8. the name, surname, patronymic, and address of the person processing personal data on behalf of the Operator;

8.1.9. other information provided by law.

8.2. The Operator provides the User with free access to the personal data processed and stored in the Operator’s information system upon the User's request within thirty days from the date of receiving the User's written request.

8.3. In case of the Operator's refusal to provide information about the existence of personal data of the User or personal data to the User upon their request, or upon receiving the User's request, the Operator provides a written reasoned response, which serves as the basis for such refusal, within no more than 30 working days from the date of the User's request or from the date the User's request was received.

9. PERSONAL DATA PROTECTION

9.1. The security of personal data in the information system is ensured through a personal data protection system that neutralizes current threats.

9.2. The personal data protection system used by the Operator includes legal, organizational, technical, and other measures to ensure the security of personal data, defined in accordance with current threats to personal data security and the information technologies used in the information systems.

9.3. With respect to personal data for which the User has given consent for processing by third parties, the Operator has the right to engage another entity, under a contract, to ensure the security of personal data during its processing.

9.4. During the processing of personal data in the Operator’s information system, the following
is ensured:

9.4.1. Implementation of measures aimed at preventing unauthorized access to the User’s personal data and/or transfer of data to individuals without access rights;

9.4.2. Timely detection of unauthorized access to personal data;

9.4.3. Prevention of any impact on the technical means involved in the processing of personal data that could disrupt their functionality;

9.4.4. The ability to promptly restore personal data that has been modified or destroyed as a result of unauthorized access;

9.4.5. Continuous monitoring of the level of protection of personal data.

9.5. The Operator has defined the level of protection for personal data during its processing in the personal data information system owned by the Operator.

9.6. The Operator has developed and implemented a comprehensive set of measures to protect and ensure the security of personal data.

9.7. The Operator uses technical means and software to process and protect personal data, and keeps a log of the personal data protection tools used.

9.8. The Operator keeps a log of removable media containing personal data.

9.9. The technical means ensuring the operation of the personal data information system are located in premises owned by the Operator under lease.

10. CONSENT TO THE PROCESSING OF PERSONAL DATA

10.1. Consent to the processing of personal data provided by the User is specific, informed, and conscious.

10.2. The User’s personal data is processed with the User's consent. Consent is given by clicking a button or ticking a checkbox on the Website next to the link to the consent text. The validity period of consent is specified in the text of the consent.

10.3. Consent to the processing of personal data may be withdrawn by the User by sending a letter to the Operator’s email address.

11. FINAL PROVISIONS

11.1. The Policy and the relationships between the User and the Operator arising from its application are governed by the laws of the Russian Federation.

11.2. The Policy is effective from the moment it is approved by the Operator and remains in effect indefinitely until replaced by a new policy.

11.3. The Operator has the right to make changes to the Policy without the User’s consent.

11.4. The Policy is publicly available on the Website.

Any inquiries regarding the Policy may be sent to the Operator via email at

12. OPERATOR DETAILS

JSC "MiraxBioPharma"
TIN: 7730532561 | OGRN: 1057749051645
e-mail: info@mbpharma.ru
contact phone: +7 (495) 183-99-58
Address: 5 Bryanskaya St., Moscow, 121059, Russia
Production Address: 2A Rabochaya St., Bldg. 1, Khimki, Moscow Region, 141401

Contact us

Select a service*

Pharmacovigilance

MiraxBioPharma is committed to ensuring the quality and safety of its products and pays special attention to collecting and analyzing information about adverse reactions and complaints associated with the use of our products.

If you become aware of any adverse reactions to the medicinal product Cezarox® Epi or of a lack of therapeutic effect, please report it via email at: adversareaction@drugsafety.ru or by phone: +7 (800) 777-86-04.

If you become aware of any adverse reactions to other MiraxBioPharma medicinal products or of a lack of therapeutic effect, please report it via email at: GVP@mbpharma.ru, by phone: +7 (495) 183-38-41 or by filling out the electronic form below

Adverse reaction reporting form
Specify gender*
Suspected medicinal product information
Reporter information

Preferred method of contact*
We use cookies

By using this website, you consent to the collection and processing of your personal data, including through third-party services, and the use of cookies and web analytics tools, under the terms outlined in the Personal Data Processing Policy.