Privacy policy

1. General Provisions

1.1. This Personal Data Processing Policy (hereinafter referred to as the “Policy”) is developed in implementation of the requirements of the Russian Federation legislation on personal data processing and security.

The Policy applies to Schlumberger Group in Russia, which is understood as a group of legal entities established and registered under the Russian Federation laws, as well as legal entities established and registered on the territory of foreign states that have separate divisions on the territory of the Russian Federation. Furthermore, for the purposes of the Policy specified above, Schlumberger Group in Russia and each company individually are referred to as Schlumberger. Tomsk Branch of Technology Company Schlumberger LLC is a part of Schlumberger Group.

1.2. The provisions of the Policy serve as the basis for the development of other Schlumberger internal policies and procedures regulating personal data processing in the course of activities on the territory of the Russian Federation. Schlumberger Group may introduce global technical and organizational measures to protect personal data, applied to/used by Schlumberger in Russia to the extent they are consistent with the Russian legislation.

1.3. This document is publicly available and will be posted on the Schlumberger official website (hereinafter referred to as the “Website”).

1.4. Terms and definitions used in the Policy are specified in Appendix No. 1.

1.5. Legal basis for personal data processing:

  • Labor Code of the Russian Federation;
  • Federal Law dated July 27, 2006 No. 152-FZ “On Personal Data”;
  • Decree of the President of the Russian Federation dated March 6, 1997 No. 188 “On Approval of the List of Information of Confidential Nature”;
  • Resolution of the Government of the Russian Federation dated September 15, 2008 No. 687 “On Approval of the Regulations on Special Aspects of Non-Automatic Personal Data Processing”;
  • Resolution of the Government of the Russian Federation dated November 1, 2012 No. 1119 “On Approval of Requirements for Personal Data Protection during Their Processing in Personal Data Information Systems”;
  • Other applicable statutory regulations of the Russian Federation and regulatory documents of competent government authorities;
  • Internal policies and procedures and other documents regulating personal data processing, applied in Schlumberger Group;
  • Consent of personal data subjects to their personal data processing;
  • Contracts concluded by Schlumberger with other legal entities and personal data subjects.

1.6. Depending on its purposes, Schlumberger will process personal data:

  • With the consent from personal data subjects to process their personal data, unless otherwise provided for by Russian Federation laws;
  • For the purpose of implementing the Russian Federation laws, international treaties, resolutions of the Government of the Russian Federation and other statutory regulations of the Russian Federation;
  • For the purpose of executing or concluding an agreement to which a personal data subject is a party or beneficiary or warrantor, including in the event when Schlumberger exercises its right to assign rights (claims) under such an agreement.

2. Personal Data Object Categories and Personal Data Types

2.1 Schlumberger may process personal data of the following categories of personal data subjects:

  • Candidates for employment, Schlumberger employees, former employees, and family members of these persons;
  • Individuals who have entered into civil contracts with Schlumberger;
  • Representatives/employees of Schlumberger counterparties (legal entities), as well as legal entities intending to purchase Schlumberger goods or services or provide goods or services to Schlumberger;
  • Other personal data subjects (including shareholders, members of legal entities, visitors to Schlumberger offices, production bases and centers).

2.2. Types of processed personal data are determined based on Schlumberger day-to-day production operations and administrative and economic activities, taking into account purposes of personal data processing. The suggested list of personal data that may be processed by Schlumberger is given in Appendix No. 2.

3. Purposes of Personal Data Processing

3.1 Compliance with the requirements of the Russian Federation legislation and Schlumberger internal policies and procedures;

3.2 Execution of court orders, binding orders of other authorities, officials;

3.3 Pursuit of types of activities provided for by the Schlumberger Charter, constituent documents and other internal policies and procedures;

3.4 Preparation and submission of reports to governmental agencies and other authorized organizations as required by the law;

3.5 Implementation of employer’s rights and obligations by Schlumberger in its relations with employees. Assisting employees in professional development and career advancement, workload and work quality records and control. Building a succession pipeline.

3.6 Provision of additional guarantees and compensations to employees and their family members, including non-state pension schemes, voluntary health insurance, medical services and other types of social assistance;

3.7 Management of the access control procedure and internal security policy at Schlumberger and contractors’ facilities, safekeeping of Schlumberger assets. Protection of personal data subjects’ life, health and other vital interests;

3.8 Identity verification of contractors’ or other third parties’ representatives to ensure their safety, to protect Schlumberger and Schlumberger personnel from fraud, and prevent any illegal actions, unauthorized transactions, including cyberattacks, attempted identity theft;

3.9 Conclusion, execution and termination of civil contracts concluded by Schlumberger. Participation in third parties’ tenders; Schlumberger’s selection of contractors, negotiations, contractors’ due diligence, credit/solvency validation, and business ethics compliance.

3.10 Accounting maintenance, mutual settlements with Schlumberger contractors and employees;

3.11 Generation and maintenance of corporate information directories, posting of publications on corporate intranet websites, information boards, stands and in-house systems, mobile applications containing personal data provided by a personal data subject for processing with their consent;

3.12 Distribution of messages or marketing materials containing information about Schlumberger activities, new products and services; generation of potential customers lists; tracking sales prospects, conducting market studies, surveys; assessment of advertisement and marketing campaign effectiveness and their management;

3.13 Handling of requests, applications, and complaints received from personal data subjects, preparation and sending responses;

3.14 Organization and execution of marketing and commercial events, including conferences, workshops and master classes; provision of information services (hereinafter referred to as “events”); provision of information about events, invitation distribution and registration of participants for such events;

3.15 Investor/partner relations;

3.16 Product and service management, development of new products and services including online services, mobile applications;

3.17 Conducting internal investigations, audits to ensure compliance with current legal, contractual requirements, and Schlumberger internal policies;

3.18 Assurance of security of Schlumberger products, services, online channels, network services, and information resources;

3.19 Website hosting, administration, and technical support; analysis and forecast of website user preferences by identifying most relevant requests, analyzing website user actions in order to improve the website functional performance, and the quality of service and information provided.

4. Rights of Personal Data Subjects and Schlumberger

4.1 Personal Data Subject is entitled to:

  1. 4.1.1. Receive information regarding their personal data processing;
  2. 4.1.2. Require clarification, blocking, destruction of their personal data if the personal data is incomplete, outdated, unreliable, obtained illegally, is not necessary for the stated purpose of processing or is used for purposes not previously stated when providing consent to personal data processing;
  3. 4.1.3. Take measures provided by law to enforce their rights.

4.2 Schlumberger is entitled to:

  1. 4.2.1. Process personal data in accordance with the legislation of the Russian Federation;
  2. 4.2.2. Delegate personal data processing to another entity with the personal data subject consent, unless otherwise provided by federal law.

5. Terms of Personal Data Processing

5.1 Schlumberger processes personal data in accordance with the general principles provided for in              Art. 5 of Federal Law dated July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the Federal Law “On Personal Data”), as well as Schlumberger internal policies and procedures.

5.2 Personal data processing is restricted to attainment of specific and legitimate purposes.

5.3 The content and amount of processed personal data should correspond to the stated purposes of personal data processing and should not be in excess of its processing purposes.

5.4 When processing personal data, personal data accuracy, sufficiency and where necessary relevance to its processing purposes must be ensured.

5.5 Processed personal data should be destructed or depersonalized upon achievement of the processing purposes or if there is no further need to achieve these purposes, unless otherwise provided by federal law.

5.6 Information related to personal data that becomes known to Schlumberger is confidential.

5.7 Personal data is stored for the period required for the purposes of personal data processing, or for the period stipulated by applicable law. The duration of personal data storage period may be determined by the duration of the relationship between Schlumberger and a personal data subject; storage periods required by applicable law; terms provided for the protection of Schlumberger rights granted by the law (for example, the period of limitation of actions, participation in legal proceedings, administrative inspections).

5.8 Schlumberger processes personal data with the use of automation media (personal data soft copies, information systems, databases, mobile applications) and manually (personal data hard copies).

5.9 Schlumberger may collect and process personal data using data telecommunications networks including the Internet, websites and mobile applications.

5.10 Schlumberger may delegate the processing of personal data to other entities in accordance with the requirements of the Federal Law “On Personal Data”.

5.11 For the purposes specified in this Policy or in the consent to personal data processing, Schlumberger may transfer personal data to its affiliates within Schlumberger Group.

5.12 Schlumberger transfers personal data internationally in accordance with the requirements for personal data cross-border transfer provided for by the Federal Law “On Personal Data”.

5.13 Access to processed personal data will be provided only to Schlumberger employees whose official duties necessitate such access.

5.14 Personal data hard copies will be stored in locked rooms with limited access, in cabinets or vaults.

5.15 To achieve personal data processing purposes, users of Schlumberger website and mobile applications, at own discretion, can provide their personal data specified in relevant feedback forms via the Internet data and telecommunications network. To verify data provided via the Internet, Schlumberger reserves the right to require proof of identity online or offline.

5.16 Upon providing their personal data by filling out the website form, the user may receive a Message Sent Successfully confirmation. The user may withdraw their consent to personal data processing by sending a written statement as specified in Section 7 of this Policy.

5.17 The website may contain links to other Internet resources. Schlumberger is not responsible for content, quality and security policy of such Internet resources, and for the procedures implemented to protect personal data. Availability of links to third-party Internet resources does not mean that Schlumberger in any way approves or agrees with the methods used by such Internet resource to protect personal data and other confidential information.

5.18 Special categories of personal data may be subject to processing by Schlumberger in cases provided for by the legislation of the Russian Federation with the consent from personal data subjects, and to achieve legal purposes.

5.19 Schlumberger may process personal data that is not classified as special, but allows certain conclusions to be made regarding personal data (for example, processing data about food preferences or restrictions of participants at the events organized by Schlumberger). Such personal data will be processed solely to achieve purposes for which it was provided by a personal data subject.

6. Measures to Ensure Personal Data Security during Processing

6.1 Schlumberger will undertake necessary organizational and technical measures to protect personal data from accidental or unauthorized access; destruction, modification, access denial and other unauthorized actions.

6.2 Protection measures implemented by Schlumberger when processing personal data, include:

  • Adoption of local internal policies and procedures and other documents related to personal data processing and protection;
  • Ensuring that necessary conditions for working with physical carriers and information systems where personal data is processed, including provision of security systems and organization of access control to personal data storage rooms, timely software updating, setting passwords for Schlumberger employees to access information systems where personal data is processed;
  • Storage of personal data hard copies in compliance with conditions that ensure personal data safety and prevent unauthorized access;
  • Internal control over compliance with the Russian Federation legislation during personal data processing.

7. Consideration of requests/submissions from personal data subjects and their representatives

7.1 Personal data subjects and their representatives may contact Schlumberger regarding the following issues: access granting to their personal data previously provided to Schlumberger, termination of unlawful processing of their personal data, correcting inaccuracies in the personal data processed, withdrawal of the consent to personal data processing by sending a written request or appearing in person.

7.2 If unlawful processing, inaccurate personal data are detected during the application of a personal data subject or their representative or at the request of a personal data subject or their representative, or a data protection authority, Schlumberger will block or ensure blocking of such unlawfully processed personal data for the period of examination, if blocking of personal data does not violate the Russian Federation legislation.

7.3 The Federal Law “On Personal Data” stipulates deadlines for personal data clarification, termination of personal data unlawful processing, personal data destruction or implementation of the mentioned measures.

7.4 If a personal data subject withdraws their consent to personal data processing, Schlumberger within the period stipulated by the Federal Law “On Personal Data”, will terminate or ensure termination of the personal data processing, and also destroy personal data if the Russian Federation legislation does not obligate Schlumberger to store such personal data.

7.5 Content of the request must comply with the requirements of the Federal Law “On Personal Data.

7.6 Schlumberger may verify the authority of a person from whom the request regarding personal data was received.

7.7 The right of a personal data subject to access their personal data may be limited in accordance with federal laws.

7.8 Deadlines for providing information regarding personal data or granting access to personal data, substantiated refusal to provide such information or access are stipulated by the applicable legislation governing personal data processing.

7.9 Requests referred to in this Section 7 regarding personal data processing using data and telecommunications network tools, including Schlumberger websites and mobile applications, may be processed in accordance with separate procedures for using respective tools.

8. Methods of Communication

Personal data subjects, authorized body representatives may contact Schlumberger regarding personal data processing using the following methods:

  • By sending email to Geofit-CS-HelpDesk@slb.com. It is not recommended to provide bank card details or other specific personal data in electronic messages;
  • By sending a written request or contacting in person at the following address: 6, Kolarovsky Trakt, Tomsk.

Attachments:

1. Terms and Definitions
2. Types of Processed Personal Data

Attachment No. 1 to the Personal Data Processing Policy

Terms and Definitions

1. “Personal data” – any information relating to a directly or indirectly identified or identifiable individual (“personal data subject”);

2. “Schlumberger” (Personal Data Operator, Operator) – a legal entity of Schlumberger Group in the Russian Federation, independently or jointly with other persons organizing and (or) processing personal data, and determining purposes of personal data processing, scope of personal data to be processed, actions (operations) performed with personal data. The list of legal entities of Schlumberger Group in the Russian Federation is given in paragraph 1.2. of the Policy;

3. “Processing of personal data” – any action (operation) or set of automated or non-automated actions (operations) with personal data, including collection, recording, systematization, accumulation, storage, improvement (updating, modifying), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;

4. “Automated processing of personal data” – processing of personal data using computer technology;

5. “Distribution of personal data” – actions aimed at disclosing personal data to the public;

6. “Provision of personal data” – actions aimed at disclosing personal data to a certain person or a group of persons;

7. “Cross-border (international) transfer of personal data” – transfer of personal data to the territory of a foreign state, a foreign state authority, a foreign individual, or a foreign legal entity;

8. “Blocking of personal data” – suspension of personal data processing (except for cases where processing is necessary to clarify personal data);

9. “Destruction of personal data” – actions as a result of which it is impossible to restore the content of personal data in a personal data information system and (or) actions that result in the destruction of physical media on which personal data are stored;

10. “Depersonalization of personal data” – actions as a result of which it becomes impossible, without the use of additional information, to attribute the ownership of personal data to a specific personal data subject;

11. “Personal data information system” – a set of personal data contained in databases, and information technologies and technical means that ensure personal data processing;

12. “Website” – an Internet resource www.GEOFIT.ru and its subdomains; websites of companies included in Schlumberger Group;

13. “User” – a personal data subject who provides personal data through the Internet data and telecommunications network;

14. “Personal data subject” – an individual who is directly or indirectly identified with the use of personal data;

15. “Mobile application” – software developed for use on smartphones, tablets and other mobile devices.

Attachment No. 2 to the Personal Data Processing Policy

1. Personal data that may be processed in relation to candidates for employment:
Surname, first name, patronymic name, date of birth, place of birth, registration address, place of residence or permanent address, telephone or mobile phone number (business and personal), email address (business and personal), and other contact information, information about citizenship, information about electronic signature, foreign passport data, information about participation in other legal entities; information about business activities, marital status, information about existing dependents, minor children; profession, occupation; information about the previous employer, work experience, education, military registration card; other personal data provided by candidates in CVs, questionnaires, cover letters, biometric data (image of the subject).

2. Personal data that may be processed when using the website:
Schlumberger and contractors who have been delegated the authority to process personal data and/or administer the website can collect and process the following personal data through Internet sites, programs and mobile applications: last name, first name, patronymic name, email address, mobile phone, postal address, IP address, place of work and job title, information about the browser and device; application usage data; information collected by using cookies, pixel tags and other technologies, and other information that does not directly identify a specific individual; collection of other information not directly related to personal data.

Processing of information received through the browser or device: media access control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, name and version of applications used by the subject.

Use of Cookies: In order to improve the website performance and personalize provided services, as well as the website interface, Schlumberger may use cookies during the website navigation.

Cookies are small pieces of information that are stored locally on a user computer and retrieved by the website server when the user returns to the same website. More detailed conditions of cookie use are given in the Website Terms and Conditions of Use (http://geofit.ru/agreement/).

By visiting the website, users give Schlumberger their consent to processing of information specified in this Section.

3. Personal data that may be processed in relation to Schlumberger representatives:
Last name, first name, patronymic name, telephone or mobile phone number (business and personal), email address (business and personal); job title.

4. Personal data that may be processed in relation to employees and individuals with whom civil contracts have been concluded:
Last name, first name, patronymic name, date of birth, place of birth, registration address, place of residence or permanent address, telephone or mobile phone number (business and personal), email address (business and personal), and other contact information; information about family members (including for emergency communications, as well as for executing voluntary health insurance or life insurance policies), individual insurance account (insurance policy) number, internal corporate data (job title, job responsibilities, job code), job promotions/rotations, direct manager, functional manager), information systems IDs (login, account data, GIN, ID numbers); information about the assigned: civil service class rank, diplomatic rank, military or special reserve (retired) rank, results of employee medical examinations; civil service qualification category (by whom and when assigned), state awards, other awards and badges of honor (by whom and when awarded); information about participation in elected representative bodies, public organizations; criminal history records; information about participation in wars and military conflicts; federal service class rank, diplomatic rank, military or special reserve (retired) rank, information about citizenship, foreign passport; information about qualifications and availability of work permits, driver’s license information, passport data, information about electronic signature, biometric data (image of the subject).