Personal Data Processing Policy
This personal data processing policy has been drafted in accordance with the requirements of the Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” and defines the procedure for processing personal data as well as measures to ensure the security of personal data undertaken by the State Autonomous Educational Institution of Higher Professional Education of Moscow “Moscow City University” (hereinafter referred to as the Operator).
1. General Provisions
1.1. The Operator considers compliance with the rights and freedoms of individuals during the processing of their personal data, including the protection of the right to privacy, personal and family confidentiality, as its primary objective and essential condition for its activities.
1.2. This Operator’s policy regarding the processing of personal data (hereinafter – the Policy) applies to all information that the Operator may obtain about visitors to the website.
2. Key Concepts Used in the Policy
2.1. Automated processing of personal data – processing of personal data using computing equipment.
2.2. Blocking of personal data – temporary suspension of personal data processing (except when processing is necessary to clarify personal data).
2.3. Website – a set of graphical and informational materials, as well as software and databases, providing access via the Internet at https://vestnik.mgpu.ru/.
2.4. Personal data information system – a set of personal data contained in databases and the information technologies and technical means enabling their processing.
2.5. Anonymization of personal data – actions making it impossible to identify the personal data of a specific user or other subject without using additional information.
2.6. Processing of personal data – any action (operation) or set of actions (operations) performed with personal data using automation tools or without them, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
2.7. Operator – a state body, municipal body, legal entity, or individual that independently or jointly with others organizes and/or carries out the processing of personal data, and also determines the purposes of processing, the composition of personal data subject to processing, and the actions (operations) performed with personal data.
2.8. Personal data – any information directly or indirectly relating to a specific or identifiable website user.
2.9. User – any visitor to the website, including authors of articles (results of scientific research, reviews, and critiques published in the journal), members of the editorial board and editorial council, journal editors, and reviewers.
2.10. Provision of personal data – actions aimed at disclosing personal data to a specific person or group of persons.
2.11. Dissemination of personal data – actions aimed at disclosing personal data to an unspecified group of persons.
2.12. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a government body, foreign individual, or foreign legal entity.
2.13. Destruction of personal data – actions that make it impossible to restore the content of personal data in the information system and/or result in the destruction of physical carriers of personal data.
3. Types of Personal Data Collected
3.1. The Operator may process the following personal data of the user:
- surname, first name, patronymic;
- email address;
- position, place of work.
3.2. The website also collects and processes anonymized visitor data (including cookies) using internet analytics services such as Yandex.Metrica, Google Analytics, etc.
3.3. The above data are collectively referred to as personal data in this Policy.
4. Purposes of Personal Data Processing
4.1. The purposes of processing User personal data are:
- identification of authorship of a scientific work;
- peer review of articles (with anonymization of the reviewed work);
- communication with the author;
- pre-publication preparation of the article;
- presentation of editorial board members, editors, and technical staff on the journal website and in bibliometric databases and scientific communities;
- organization of the article review process (according to the double-blind peer review system adopted by the journal);
- conclusion, execution, and termination of civil-law contracts;
- providing the User with access to services, information, and/or materials on the website.
4.2. The Operator may also send the User notifications about new products and services, and various events. Users may opt out of receiving such messages by sending an email to the Operator marked “Opt-out of notifications about new products, services, and special offers.”
4.3. Anonymized data collected via internet analytics services is used to analyze User activity on the website and improve the quality and content of the site.
5. Legal Grounds for Personal Data Processing
5.1. The Operator processes User personal data only if the User voluntarily provides or submits it to the email addresses listed in the “Contacts” section (different for each journal series). By submitting personal data, the User expresses consent to this Policy.
5.2. The Operator processes anonymized data if permitted in the User’s browser settings (cookies enabled and JavaScript technology used).
6. Operator Responsibilities
6.1. The Operator is obliged to provide personal data of all categories of subjects to investigative authorities and other authorized bodies as required by the current legislation of the Russian Federation.
6.2. The Operator must provide the data subject or their representative free access to personal data relating to that subject.
6.3. The Operator must notify the data subject or their representative of any changes made and measures taken and take reasonable steps to notify third parties to whom the subject’s data were previously disclosed.
7. Procedure for Collecting, Storing, Transferring, and Processing Personal Data
7.1. The security of personal data processed by the Operator is ensured through legal, organizational, and technical measures required by law.
7.2. The Operator ensures the protection of personal data and takes all possible measures to prevent unauthorized access.
7.3. Personal data will never be shared with third parties, except as required by law.
7.4. If a User identifies inaccuracies in their personal data, they may update them by sending a notice to the Operator marked “Personal Data Update.”
7.5. The processing period for personal data is unlimited. A User may withdraw consent at any time by sending an email to the Operator marked “Withdrawal of consent to personal data processing.”
8. Cross-Border Transfer of Personal Data
8.1. Before initiating cross-border transfer, the Operator must ensure that the foreign state provides reliable protection of data subject rights.
8.2. Cross-border transfer to states that do not meet these requirements is allowed only with the written consent of the data subject and/or for contract execution involving the data subject.
9. Data Subject Rights
9.1. The data subject has the right to obtain information about the processing of their personal data, including:
- confirmation of processing by the Operator;
- legal grounds and purposes of processing;
- objectives and methods used;
- name and location of the Operator, and persons with access to personal data;
- personal data being processed, and their source, if not otherwise specified by law;
- processing periods, including storage;
- procedure for exercising these rights;
- information about actual or planned cross-border transfers;
- name and address of any person processing data on behalf of the Operator;
- other relevant information.
9.2. If a data subject believes their rights are violated, they may appeal to the authorized body for data protection or seek legal recourse.
10. Final Provisions
10.1. Users may obtain clarifications regarding personal data processing by contacting the Operator via email.
10.2. This document reflects any updates to the Operator’s policy. The Policy remains in effect until replaced by a new version.
10.3. The current version of the Policy is publicly available online.
10.4. Authors’ manuscripts are treated with due respect for confidentiality. Reviewers are also entitled to confidentiality.
10.5. Editors of Vestnik MGPU do not disclose information about manuscripts (receipt, content, status, critique, overall evaluation) except to authors and reviewers. Reviewers and editorial staff respect authors’ rights, do not publicly discuss manuscripts, and do not use ideas before publication. Reviewers may not make copies of manuscripts for personal use or distribution. Reviewer comments must not be published or disclosed without the permission of the reviewer, author, and editor.
10.6. If authors provide research results with participant names or images, they must obtain prior consent for publication.
10.7. If the editor doubts informed consent or suspects a conflict of interest, they may request written consent from research participants.
10.8. If personal data in the article are modified to protect anonymity, authors must ensure these changes do not distort the scientific meaning (this must be noted in the article).