Privacy Policy

Appendix No. 1

to the public offer agreement.

Organization's policy on the processing and protection of personal data (privacy policy)

As amended on 20.07.2020.

1. General Provisions

1.1. This Policy is implemented by IP Malkov D.V. (hereinafter referred to as the "Organization") in relation to the processing and protection of personal data of individuals (subjects of personal data) on the basis of Article 24 of the Constitution of the Russian Federation and Federal Law No. 152-FZ "On Personal Data".
1.2. The Policy applies to all personal data (of subjects) that may be obtained by the Organization in the course of its activities, including the Organization's clients.
1.3. The purpose of the Policy is to provide persons providing their personal data with the necessary information to assess what personal data and for what purposes are processed by the Organization, what methods of ensuring their security are implemented.
1.4. The Policy ensures the protection of the rights and freedoms of subjects when processing their personal data using automation tools or without using such tools, and also establishes the liability of persons who have access to personal data for failure to comply with the requirements governing the processing and protection of personal data.
1.5. Clients, using the services and services of the Organization, having communicated their personal data to the Organization, including through third parties, acknowledge their consent to the processing of personal data in accordance with this Policy.
1.6. Consent to the processing of personal data may be revoked by the subject of the personal data. In the event that the subject of personal data revokes consent to the processing of personal data, the operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified by current legislation.
1.7. This Policy may be amended by the Organization.

2. Concept and composition of personal data

2.1. For the purposes of this Policy, personal data means any information related directly or indirectly to a specific individual (subject of personal data).
2.2. Depending on the subject of personal data, the Organization may process personal data of the following categories of subjects in order to carry out its activities and fulfill its obligations:

• personal data of the Organization's employee — information required by the Organization in connection with labor relations and concerning a specific employee.
• Client data — information required by the Organization to fulfill its obligations within the framework of contractual relations with the Client and to comply with the requirements of the legislation of the Russian Federation.
• personal data of the Client provided during registration on the website https://virtualdc.ru, https://my.virtualdc.ru including when the Client places Orders.

3. Grounds and purposes of personal data processing

3.1. The Organization processes personal data to carry out its activities, including providing services to Clients. The Organization has the right to:

• perform the functions assigned to the Organization by the legislation of the Russian Federation in accordance with the Federal Law "On Personal Data" and other laws and regulatory legal acts of the Russian Federation, as well as the Charter and regulatory acts of the Organization;
• The Organization collects and stores the personal data of the Client necessary for the provision of services, the execution of agreements and contracts, the fulfillment of obligations to the Client.

3.2. The Organization may use the Client's personal data for the following purposes:

• identification of the Client within the framework of contracts;
• communication with the Client if necessary, including sending proposals, notifications, information and requests, both related and not related to the provision of services, as well as processing the Client's applications, requests and requests;
• improving the quality of services provided by the Company.

4. Terms of processing personal data

4.1. The terms of processing personal data are determined based on the purposes of processing in the Organization's information systems, in accordance with the term of the contract, agreement with the subject of personal data.

5. Circle of persons authorized to process personal data

5.1. In order to achieve the objectives of Article 3 of this Policy, only those employees of the Organization who are assigned such responsibility in accordance with their official (labor) duties are allowed to process personal data. Access to other employees may be granted only in cases stipulated by law. The Organization requires its employees to maintain confidentiality and ensure the security of personal data when processing them.
5.2. The Organization has the right to transfer personal data to third parties in the following cases:

• The subject of personal data has explicitly expressed their consent to such actions;
• The transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.

In this case, all obligations to comply with the terms of this Policy in relation to the data received by it are transferred to the acquirer.

6. Methods of processing personal data

6.1. In the process of providing services, when implementing internal business activities, the Organization uses automated and non-automated processing of personal data.

7. Implementation of personal data protection

7.1. The Organization's activities in processing personal data in information systems are inextricably linked with the Organization's protection of the confidentiality of the information received. All employees of the Organization are obliged to ensure the confidentiality of personal data, as well as other information established by the Organization, if this does not contradict the current legislation of the Russian Federation.
7.2. The security of personal data when processing them in the Organization's information systems is ensured by an information security system.
7.3. The exchange of personal data when processing them in information systems is carried out through communication channels protected by technical means of information protection.
7.4. When processing personal data in the Organization's information systems, the following is ensured:

• implementing measures aimed at preventing unauthorized access to personal data and (or) transferring them to persons who do not have the right to access such information;
• timely detection of unauthorized access to personal data;
• preventing impact on technical means of automated processing of personal data, as a result of which their functioning may be disrupted;
• the ability to immediately restore personal data modified and destroyed due to unauthorized access to them;
• constant monitoring of the level of security of personal data.