Personal Data Processing Policy

Personal Data Processing Policy
1. General provisions
This personal data processing policy has been compiled in accordance with the requirements of Federal Law No. 152-FZ dated 07/27/2006 "On Personal Data" (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data taken by the operator (hereinafter referred to as the Operator).
1.1. The Operator sets as its most important goal and condition for the implementation of its activities the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. This Operator's policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator can receive about visitors to its website.
2. Basic concepts used in the Policy
2.1. Automated processing of personal data — processing of personal data using computer technology.
2.2. Blocking of personal data — temporary termination of the processing of personal data (except in cases where processing is necessary to clarify personal data).
2.3. Website — a set of graphic and information materials, as well as computer programs and databases that ensure their availability on the Internet.
2.4. Personal data information system — a set of personal data contained in databases and information technologies and technical means that ensure their processing.
2.5. Depersonalization of personal data — actions as a result of which it is impossible to determine, without using additional information, the identity of personal data to a specific user or other subject of personal data.
2.6. Processing of personal data — any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Operator — a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and/or processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, and actions (operations) performed with personal data.
2.8. Personal data — any information related directly or indirectly to a specific or identifiable user of the website.
2.9. Personal data authorized for dissemination — personal data, access to which is provided to an unlimited number of persons by the subject of personal data in accordance with the procedure established by law.
2.10. User — any visitor to the Operator’s website.
2.11. Provision of personal data — actions aimed at disclosing personal data to a certain person or a specific circle of persons.
2.12. Dissemination of personal data — actions aimed at disclosure of personal data to an indefinite circle of persons, including publication or posting on the Internet.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to its authority, a foreign individual, or a foreign legal entity.
2.14. Destruction of personal data — actions resulting in permanent destruction of personal data with the impossibility of restoration.
3. Basic rights and obligations of the Operator
3.1. The Operator has the right to:
— receive reliable information and/or documents containing personal data from the subject of personal data;
— continue processing personal data without the consent of the subject if there are grounds provided for by law;
— determine independently the composition and list of measures necessary and sufficient to fulfill obligations established by law.
3.2. The Operator is obliged to:
— provide the subject of personal data, at their request, with information concerning the processing of their data;
— organize personal data processing in accordance with applicable legislation;
— ensure the protection of personal data against unauthorized or accidental access, destruction, modification, blocking, copying, provision, or dissemination;
— stop personal data processing and destroy data in cases provided for by law.
4. Rights and obligations of personal data subjects
4.1. Subjects have the right to:
— receive information regarding the processing of their personal data;
— demand correction, blocking, or destruction of incomplete, outdated, inaccurate, or unlawfully obtained personal data;
— require consent for the processing of personal data for marketing purposes;
— revoke consent to the processing of personal data;
— appeal against illegal actions or inaction of the Operator related to data processing.
4.2. Subjects are obliged to:
— provide accurate personal data;
— inform the Operator about updates or changes to their personal data.
4.3. Persons providing false information or data about others without consent are liable under the law.
5. Principles of personal data processing
Personal data processing is carried out lawfully, fairly, and for specified legitimate purposes. Only relevant and necessary data are processed, stored no longer than required, and securely protected.
6. Purposes of processing
The processing of personal data is carried out for user communication, including sending informational messages.
7. Terms of processing
Processing is performed with the subject’s consent or in other cases prescribed by law, including for execution of contracts or to protect legitimate interests, provided this does not violate the rights and freedoms of individuals.
8. Collection, storage, transfer, and other processing procedures
The Operator ensures the security and confidentiality of personal data and takes all necessary measures to prevent unauthorized access.
8.1. Personal data are not transferred to third parties, except when required by law or with the subject’s consent.
8.2. The period of processing is determined by the time required to achieve purposes of collection or as established by law.
8.3. The subject may withdraw consent to processing at any time by sending a written notice to the Operator.
8.4. Information collected by third-party services, including payment systems or communication tools, is processed by those entities under their own policies.
8.5. The Operator keeps personal data no longer than necessary for the purposes of processing.
8.6. The Operator stops processing upon achievement of objectives, expiration of consent, or identification of unlawful processing.
9. List of actions performed with personal data
The Operator collects, records, systematizes, accumulates, stores, clarifies (updates or changes), uses, transfers, depersonalizes, blocks, deletes, and destroys personal data.
10. Cross-border transfer of personal data
Prior to cross-border transfer, the Operator notifies the competent authority and ensures the foreign recipient provides adequate data protection guarantees.
11. Confidentiality of personal data
The Operator and persons with access to personal data are prohibited from disclosing such information to third parties without consent, unless required by law.
12. Final provisions
12.1. The User may request clarification regarding the processing of personal data by contacting the Operator through available communication channels.
12.2. This document reflects any changes to the Operator’s personal data processing policy and remains in effect until replaced by a new version.
12.3. The current version of the Policy is publicly available on the Internet.