Personal Data Processing Policy

Personal Data Processing Policy

1. General Provisions

This Personal Data Processing Policy has been prepared in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” (hereinafter — the Personal Data Law) and defines the procedure for processing personal data and the measures taken by Nolatech JSC (hereinafter — the Operator) to ensure the security of personal data.

1.1. The Operator considers the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy and personal and family secrecy, to be a fundamental condition of its activities.

1.2. This Policy regarding the processing of personal data (hereinafter — the Policy) applies to all information that the Operator may obtain about visitors to the website https://nolatech.ru.

2. Basic Terms Used in the Policy

2.1. Automated processing of personal data — processing of personal data using computer technology.

2.2. Blocking of personal data — temporary cessation of the processing of personal data (except where processing is necessary to clarify personal data).

2.3. Website — a set of graphical and informational materials, as well as computer programs and databases ensuring their availability on the Internet at https://nolatech.ru.

2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical means ensuring their processing.

2.5. Depersonalization of personal data — actions resulting in the impossibility of determining the принадлежность personal data to a specific User or other subject without additional information.

2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

2.7. Operator — a state authority, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or carries out the processing of personal data, as well as determines the purposes of processing, the composition of personal data, and the actions performed with personal data.

2.8. Personal data — any information relating directly or indirectly to an identified or identifiable User of the website https://nolatech.ru.

2.9. Personal data permitted for distribution — personal data to which access is granted by the subject by giving consent in accordance with the Personal Data Law.

2.10. User — any visitor to the website https://nolatech.ru.

2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or group of persons.

2.12. Dissemination of personal data — actions aimed at disclosing personal data to an indefinite number of persons or making them available to the public, including publication in mass media, posting on the Internet, or providing access by any other means.

2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign authority, individual, or legal entity.

2.14. Destruction of personal data — actions resulting in the irreversible destruction of personal data without the possibility of restoring their content.

3. Rights and Obligations of the Operator

3.1. The Operator has the right to:

— receive accurate information and/or documents containing personal data from the subject;

— continue processing personal data without the subject’s consent where permitted by law;

— independently determine the necessary and sufficient measures to ensure compliance with legal requirements.

3.2. The Operator is obliged to:

— provide the subject, upon request, with information regarding the processing of their personal data;

— organize the processing of personal data in accordance with the legislation of the Russian Federation;

— respond to requests and inquiries from data subjects and their representatives;

— provide information to the authorized authority within the legally established timeframe;

— ensure public access to this Policy;

— take legal, organizational, and technical measures to protect personal data;

— cease processing and destroy personal data in cases предусмотренных законодательством;

— fulfill other obligations established by law.

4. Rights and Obligations of Personal Data Subjects

4.1. Personal data subjects have the right to:

— receive information regarding the processing of their personal data;

— request clarification, blocking, or destruction of their personal data;

— withdraw consent to the processing of personal data;

— appeal actions or inaction of the Operator;

— exercise other rights provided by law.

4.2. Personal data subjects are obliged to:

— provide accurate personal data;

— notify the Operator of any changes to their personal data.

4.3. Persons who provide false information or data about others without consent are liable in accordance with the legislation of the Russian Federation.

5. Principles of Personal Data Processing

5.1. Processing is carried out on a lawful and fair basis.

5.2. Processing is limited to specific, predetermined purposes.

5.3. Combining databases with incompatible purposes is not allowed.

5.4. Only data relevant to the purposes of processing shall be processed.

5.5. The scope of data must not be excessive.

5.6. Accuracy and relevance of data shall be ensured.

5.7. Data shall be stored no longer than necessary.

6. Purposes of Personal Data Processing

Purpose: informing the User by sending emails.

Personal data: full name, email address, phone numbers.

Legal basis: Federal Law “On Information, Information Technologies and Information Protection” dated July 27, 2006 No. 149-FZ.

Processing activities: collection, storage, use, destruction, depersonalization, and sending informational emails.

7. Conditions for Personal Data Processing

7.1. Processing is carried out with the subject’s consent.

7.2. Processing is permitted in cases provided by law.

7.3. Processing is necessary for contract performance.

7.4. Processing is carried out in the legitimate interests of the Operator.

8. Procedure for Processing Personal Data

The Operator takes necessary measures to ensure personal data security.

8.1. The Operator prevents unauthorized access.

8.2. Transfer to third parties is carried out only in legally предусмотренных случаях.

8.3. The subject may update their data.

8.4. The processing period is determined by its purposes.

8.5. Third-party services process data independently.

8.6. Restrictions may not apply in public interest cases.

8.7. Confidentiality is ensured.

8.8. Data is stored within established сроки.

8.9. Processing is terminated upon achieving purposes or at the subject’s request.

9. Operations with Personal Data

9.1. The Operator performs all necessary operations with personal data.

9.2. Processing may be automated or non-automated.

10. Cross-Border Transfer of Personal Data

10.1. The Operator notifies the authorized authority before transfer.

10.2. The Operator obtains necessary guarantees from the receiving party.

11. Confidentiality of Personal Data

The Operator and other authorized persons must not disclose personal data without legal grounds.

12. Final Provisions

12.1. The User may request clarification via email nolatech@mail.ru.

12.2. This Policy remains valid until replaced by a new version.

12.3. The current version is available at https://nolatech.ru/privacy.