on the procedure of personal data processing (consent to personal data processing)

1. General Provisions.

1.1 This Agreement (hereinafter referred to as the Agreement, Policy) is a public offer and defines the terms of use of materials and services posted on the website at https://______________/ (hereinafter referred to as the "Service", "Portal") by the users of the Portal (hereinafter referred to as the "Client", "User"). The Policy is aimed at preserving the confidentiality of personal data of customers using the Service, protection of human and civil rights and freedoms in the processing of personal data, including the protection of the rights to privacy, personal and family secrecy.

This agreement has been developed in accordance with the current provisions of the legislation of the Russian Federation.

The User confirms that acceptance of the Agreement by clicking the "Consent to Personal Data Processing" button by the User means full agreement with all its terms and conditions.

The User shall refuse to confirm this Agreement and leave the Portal if any of its terms is unacceptable to him/her.

Obtaining the Customer's consent to the processing of his/her personal data is a prerequisite for the Customer's use of the Service or registration on the Service.

1.2 The processing of the Customers' personal data is carried out by the Service Operator, ______________ LLC (OGRN __________________-; legal address: ___________________), hereinafter and earlier referred to as the Company, the Operator.

1.3 The Operator shall ensure protection of processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal Law dated July 27, 2006 No. 152-FL "On Personal Data" (hereinafter "Personal Data Law") and Order of the Federal Service for Technical and Export Control of Russia No. 21 dated 18.02.2013 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data when Processing in Personal Data Information Systems".

1.4 This Policy establishes the list of processed personal data of Customers, basic principles, purposes, methods, conditions of personal data processing, functions and list of actions of the Service and its employees related to the processing of personal data of Customers.

1.5 The Service may process the following personal data of the Customers: surname, first name, home/mobile phone number, personal e-mail address, year of birth, passport data, bank card data, cookies and other personal data, the indication of which is necessary for the use of the Service, as well as payment information such as name, payment address, account number and payment card details (including card number, expiration date and security code) for payments processed by the Operator.

1.6 The Operator does not collect and process the Client's personal data about his race, nationality, political views, religious or philosophical beliefs, private life.

1.7 The Clients' personal data is confidential information of limited access.

1.8 Confidentiality of personal data is not required in case of their depersonalization, as well as in relation to publicly available personal data.

1.9. The Operator has the right to make changes to this Policy. The new version of the Policy shall come into force from the moment of its posting on the Website, unless otherwise provided by the new version of the Policy. In case of a material change in the terms of this Agreement, the Operator shall notify the Customers thereof by posting a corresponding notice on the Website.

1.10. If you do not agree with the provisions of this privacy document, we ask you to refrain from using our services and immediately leave the Service. By continuing to use the Service, the Customer gives his/her consent to the Operator in accordance with the Federal Law of 27.07.2006 No. 152-FL "On Personal Data" to perform the following actions:

- processing of personal data (surname, name, date and place of birth, passport data, address of registration and residence, citizenship, bank card details, contact information, home/mobile phone number, personal e-mail address, other personal data, including cookies, the collection and use of which is carried out on the Service in accordance with this Policy);

- transfer of personal data to third parties, including those that do not ensure adequate protection of the rights of personal data subjects in accordance with subpar. 4 p. 4 of Art. 12 of the Federal Law of 27.07.2006 No. 152-FL "On Personal Data", in written or electronic form, for the purposes of providing the following services:

- to provide any services;

- conclusion and execution of contracts in favor of the Customer;

- directing funds to pay for the services ordered;

- participation in bonus and loyalty programs of the Operator and its partners;

- sending messages (including advertising messages) via e-mail;

- for other purposes related to the provision of the ordered services to the Customer;

- transfer by the Operator of the authority to process personal data to another person in accordance with part 3 of Article 6 of the Personal Data Law.

This consent is given by the Client until the full fulfillment of obligations by the Operator and/or until the expiration of the personal data storage period established by the legislation of the Russian Federation, and may be withdrawn by submitting a written application to the Operator. The Client also gives his/her consent to transfer his/her personal data to third parties for the purpose of their further processing in compliance with all principles and rules of personal data processing provided by the Federal Law N 152-FL "On Personal Data". The decision to provide his/her personal data and consent to their processing is given of his/her own free will and in his/her own interest. Refusal to provide his/her personal data makes it impossible for the Operator to provide services.

2. terms and definitions.

2.1 Authorization - identification of the User on the Website by entering their personal data.

2.2 Personal data, confidential information - any information relating to a directly or indirectly defined or identifiable person (subject of personal data);

2.3 User - any legally capable person who has entered into this Agreement by acceptance under the specified terms and conditions, a visitor of the Portal.

2.2 Operator - the company _________ LLC (RF), organizing and carrying out the processing of personal data, as well as determining the purposes of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data;

2.3 Processing of personal data - any action (operation) or set of actions (operations) performed with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.3 Transmitting Party (Disclosing Party) - a Party that provides the other Party with access to Confidential Information of which it is the owner, including by transmitting Confidential Information both on a tangible medium and on any electronic media or transmitted via the Internet, and/or imposes a requirement on the other Party to observe confidentiality of information contained in materials developed by the other Party or transmitted to the other Party in the course of execution of the contract concluded by the Parties

2.4 Receiving Party (Receiving Party) - a Party that receives from the other Party access to Confidential Information, the owner of which is the Transferring Party.

2.5 Processing of personal data - any action (operation) or set of actions (operations) with personal data performed with or without the use of automation tools. Processing of personal data includes, inter alia: collection; recording; systematization; accumulation; storage; clarification (updating, modification); extraction; use; transfer (distribution, provision, access); depersonalization; blocking; deletion; destruction.

2.6 Automated processing of personal data - processing of personal data by means of computer hardware.

2.7 Personal data information system (PDIS) - a set of personal data contained in databases and information technologies and technical means ensuring their processing.

2.8 Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.

2.9 Other terms and definitions appearing in this Policy shall be interpreted in accordance with the provisions of the Personal Data Law.

3. Purposes of processing personal data of the Service's Customers.

3.1 The Service processes personal data of Customers for the following purposes:

- Service Provision. Personal data is used to place an order for the services available on the Service.

- Support of Clients. In case of necessity the Service renders necessary help to Clients, including choice of necessary service, decisions of problem situations and answers to other questions.

- Improvement of quality of services. The service is oriented on constant improvement of quality of provided services and development of new convenient tools for rendering services.· Улучшение качества услуг. Сервис ориентирован на постоянное улучшение качества предоставляемых услуг и разработку новых удобных инструментов для оказания услуг.

- Marketing. The Customer's personal data may be used to send news about products and services, individual offers, information on promotions and contests held on the Service, offers to participate in research. The Customer is given the opportunity to unsubscribe from the relevant mailing list at any time.

- Reliability and security of services. The operator may use the data for testing purposes, to solve problems and to improve the functionality and quality of our services.

- Legal purposes. Data is used to process and resolve legal disputes, for investigations at the request of public authorities and compliance with legal regulations, and to enforce the terms and conditions under which the Service provides services.

4.Procedure and conditions for processing personal data and confidential information.

4.1 For the purposes of this Agreement, each party, depending on whether it discloses or receives confidential information, may act as either the Receiving Party or the Transmitting Party.

4.2 The provisions of this Policy shall apply to the Party's Confidential Information regardless of the type of media on which it is recorded.

4.3 Processing of personal data is carried out by the Service as from the moment the Customer starts using the Service.

4.4 Some data may be collected automatically without the Customer's involvement, such as IP address, date and time when the Customer used the Service, information about the hardware, software and Internet browser the Customer uses.

4.5 Personal data may be disclosed to third parties. including:

- To the competent state authorities. The Service reserves the right in cases stipulated by the legislation of the Russian Federation to disclose personal data of Customers to the relevant authorized state and municipal authorities.

- Other persons, including organizations, who, in accordance with concluded contracts and applicable law, including:

- insure the property interests of individuals and legal entities related to financial and service obligations;

- make debits from the bank card;

- to credit organizations (banks);

- partners of the Service, carrying out entrepreneurial activities, affiliates of the Operator, as well as other third parties in cases and in accordance with the procedure stipulated by the relevant agreements and the legislation of the Russian Federation.

4.6 The Service shall collect, record, systematize, accumulate, store, clarify (update, change), extract, use, transfer, including cross-border (distribution, provision, access), depersonalization, blocking, deletion and destruction of personal data.

4.7 The storage of data in a form that allows to identify the Customer shall be carried out for no longer than required for the purposes of their processing, and they shall be destroyed upon achievement of the purposes of processing or in case of loss of necessity in their achievement.

Thus at transfer of the personal data to the abovementioned persons Service does not bear further responsibility for legality of the further processing of the personal data carried out by these persons.

5. Commitment.

5.1 The Company shall take technical, organizational and legal measures to ensure protection of information that the parties provide (transfer, disclose) to each other in the course of cooperation in providing access to the Website and the User's personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions, by means of internal checks of data collection, storage and processing processes and security measures, as well as implementation of measures to ensure the protection of the User's personal data from unlawful or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions.

5.2 The Company shall have the right to aggregate, systematize and analyze the information received from the User, including confidential information, in order to create information and analytical reports of various kinds and databases, with the Company guaranteeing non-proliferation and safety of confidential information contained in the reports and databases in accordance with the current legislation. The Company shall be the owner of exclusive rights to such information and analytical reports and databases as intellectual property objects.

5.3 The Receiving Party shall:

- use the disclosed information solely for the purpose of realization of interaction between the parties for the purposes of using the Portal and providing access to the Portal;

- limit the list of persons who have access to confidential information exclusively to their employees.

5.4 The Receiving Party undertakes to maintain confidentiality with respect to the Confidential Information of the Transferor, including preventing its disclosure and use to the detriment of the Transferor, and to ensure special measures for the protection and use of the Transferor's Confidential Information, with the level of protection of the Transferor's Confidential Information not being lower than that for the protection of the Receiving Party's own confidential information.

The Receiving Party shall have the right to independently determine the methods of protection of Confidential Information of the Transmitting Party.

6. Cookie Failure Provisions.

6.1 The Operator may use cookies and other tracking technologies to support the operation of the Service, analyze traffic or for advertising purposes. Cookies used on the Service refer to anonymized information and do not allow to identify the Client and do not refer to personal data.

By using the Service, the Customer confirms his/her consent to the use of cookies described in this Policy.

6.2 The Operator uses the following types of cookies:

- Account Management. When the Client accesses the Site, cookies are automatically generated that allow to know when the Client started a session on the Service and when it ended. The Service uses this type of cookies to determine from which account the Client logged in and what options are available to him.

- Region and Language Preference Settings. This type of cookie is used when the Customer selects a preferred region and language for convenient use of the Service.

- Basic cookie. Used to enable the Customer to navigate through the pages of the Service and use its features effectively.

- Analytics Cookies. These cookies are set by analytics systems that collect information about how the Customer uses the Service. This type of cookie is used for statistical purposes only.

- Advertising cookies (including third party cookies). This type of cookie is used to collect information about websites and individual pages visited by Customers. These cookies are used to display advertisements and marketing communications that are most relevant to the Customer's interests. Advertising cookies of partners may be placed on the Service.

- Other cookies (including third party cookies) required by the Operator.

If the Client has previously used a social network through his/her account, the social network may automatically memorize the Client's credentials. If the Customer uses such plug-ins as "Like", "Post", "Share", "Tell friends", the relevant information is transferred to the social network directly and stored there. Plugins on the Service work according to the same principle.

6.3 Customer can set all of its mobile devices to accept cookies, notify you when cookies are received, or disable the acceptance of cookies.

The settings for changing or disabling cookies may vary depending on the browser type: The Client should use tabs such as "help", "settings" or "preferences" etc. in his/her browser menu.

6.4 If the Customer chooses to refuse certain technical and/or functional cookies, certain features of the Service may not be available to the Customer.

7.Rights of personal data subjects.

7.1 The personal data subject has the right to withdraw his/her consent to the processing of personal data, as well as to their deletion. In order to exercise these rights, the personal data subject must send a corresponding application to the Operator's e-mail address specified in the "Contacts" section of the Service, with mandatory duplication by written registered mail to the Company's registered office. The subject of personal data is obliged to provide the Operator with evidence that the personal data, in respect of which the request is sent, belongs to this subject. The Service considers the received request and ensures termination of processing of the subject's personal data, as well as deletes the subject's personal data within 5 (five) business days from the date of receipt of the subject's request.

8. Control over compliance with personal data protection requirements.

8.1. Internal control over compliance of the Operators' structural subdivisions with the legislation of the Russian Federation and local regulations in the field of personal data shall be exercised by the person responsible for organization of personal data processing and security.

8.2 The Operator reserves the right to exclude the Client (delete the Client's profile on the Service) without the Client's consent and to warn the Client in case the Client violates the rules of work on the Service, as well as incorrect behavior of the Client.

8.3 All employees of the Operator who process personal data shall be obliged to keep confidentiality of information containing personal data in accordance with the Policy and requirements of the legislation of the Russian Federation.

8.4 Persons guilty of violating the requirements of this Policy shall bear responsibility provided for by the legislation of the Russian Federation.

9. Liability. Dispute resolution.

9.1 The current legislation of the Russian Federation shall apply to the relations between the User and the Company.

In case of any disputes or disagreements related to the execution of the Agreement, the User and the Company shall make every effort to resolve them through negotiations between them. If the disputes are not resolved through negotiations, the disputes shall be resolved in accordance with the procedure established by the current legislation of the Russian Federation.

9.2 Before filing a claim in court for disputes arising from the relations between the User and the Company, it is obligatory to file a claim.

Within ten (10) calendar days from the date of receipt of the claim, the recipient of the claim shall notify the claimant in writing of the results of its review.

If no agreement is reached, the dispute will be referred to a judicial body for consideration in accordance with the current legislation of the Russian Federation at the location of the Company.

10. Term of validity. Other provisions.

10.1 This Agreement shall be valid for an indefinite period of time, and with regard to the User's consent to the processing of personal data - until its revocation by the User by sending a corresponding written request to the Company's legal address.

10.2 Termination of the User's use of the Website does not release the Receiving Party from fulfillment of obligations assumed in accordance with this Policy during the period of use of the Website in respect of Confidential Information of the Transmitting Party, transferred to the Receiving Party before the termination of this Policy, and also does not release from liability established by the legislation of the Russian Federation and this Policy.

10.3 The obligations established by the Policy in terms of confidential information protection shall be valid for 3 (three) years from the date of confidential information transfer.

10.4 This Agreement is an open and publicly available document, located on the Portal at: https://_________________/.

* The Agreement was approved by the Order of the General Director of the Company dated ____________ (version from ________________)