PERSONAL DATA PROCESSING POLICY

1. General provisions

1. This document (hereinafter referred to as the Policy) defines the policy regarding the processing of personal data of Friflex Limited Liability Company (hereinafter referred to as the Operator).
2. The policy was developed in pursuance of the requirements of paragraph 2 of part 1 of Art. 18.1 of the Federal Law of July 27, 2006 N 152-FZ "On Personal Data" (hereinafter referred to as the Law on Personal Data) and determines the procedure for collecting, storing, transferring and other types of processing of personal data, as well as information on the implemented requirements for the protection of personal data.
3. The concepts contained in Art. 3 of the Personal Data Law are used in this Policy with the same meaning.

2. Composition of personal data

4. Information constituting personal data is any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).
5. All personal data processed by the Operator is confidential, strictly protected information, in accordance with the law.

3. Purposes of personal data processing

6. Personal data is processed by the Operator for the purpose of organizing and conducting events, loyalty programs, marketing and / or promotions, research, surveys by the Operator (including with the involvement of third parties); fulfillment of obligations under the service agreement by the Operator; provision of other services to personal data subjects; promoting the services and/or goods of the Operator and/or the Operator's partners on the market by making direct contacts with the Operator's customers using various means of communication, including, but not limited to, by phone, e-mail, mailing list, on the Internet, etc. ; for other purposes, if the actions of the Operator do not contradict the current legislation.
7. The Operator, in order to properly perform its duties as an Operator, processes the following personal data:

• surname, name, patronymic of the subject of personal data;
• place of residence (region/city);
• company/educational institution;
• position;
• specialty/area of ​​professional interests;
• cell phone number;
• email address (e-mail);
• profiles in social networks;
• history of requests and views on the Operator's websites and its services (for website visitors and users of mobile applications);
• other information (the above list may be reduced or expanded depending on the specific case and the purposes of processing).

4. The procedure for collecting, storing, transferring and other types of processing of personal data

8. The processing of personal data is carried out by the Operator subject to obtaining the consent of the subject of personal data (hereinafter referred to as the Consent), except for the cases established by the legislation of the Russian Federation when the processing of personal data can be carried out without such Consent.
9. The subject of personal data decides to provide their personal data and gives Consent freely, by their own will and in their own interest.
10. Consent is given in any form that allows you to confirm the fact of its receipt.
11. When processing personal data, the operator takes or ensures that the necessary legal, organizational and technical measures are taken to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
12. The Operator, in order to achieve the purposes of processing, has the right to transfer personal data to third parties - partners of the Operator on the basis of relevant agreements and with the consent of the subjects of personal data.

5. Rights and obligations of the personal data operator

13. The operator of personal data has the right:

1. to defend its interests in court;
2. to provide personal data of the subjects to third parties, if this is provided for by the agreement with the subject and the current legislation (tax, law enforcement agencies, etc.);
3. to refuse to provide personal data in cases provided for by law;
4. to use the personal data of the subject without their consent in cases provided for by law.

14. The operator of personal data is obliged:

1. to process personal data in the manner prescribed by the current legislation of the Russian Federation;
2. to consider the appeals of the subject of personal data (their legal representative) on the processing of personal data and give reasoned answers;
3. to provide the subject of personal data (their legal representative) with the opportunity of free access to their personal data;
4. to take measures to clarify, destroy the personal data of the subject of personal data in connection with their (their legal representative) treatment with legal and reasonable requirements;
5. to organize the protection of personal data in accordance with the requirements of the legislation of the Russian Federation.

6. Rights and obligations of the subject of personal data

15. The subject of personal data has the right:

1. to demand clarification of their personal data, its blocking or destruction if personal data is incomplete, outdated, unreliable, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights;
2. to require a list of their personal data processed by the Operator and the source of its receipt;
3. to receive information about the terms of processing of their personal data, including the terms of its storage;
4. to demand notification of all persons who were previously informed of their incorrect or incomplete personal data of all exceptions, corrections or additions made to it;
5. to appeal to the authorized body for the protection of the rights of subjects of personal data or in court against illegal actions or omissions in the processing of their personal data;
6. to protect their rights and legitimate interests, including damages and (or) compensation for moral damage in court.

16. The subject of personal data is obliged:

1. to provide the Operator with only reliable data about themself;
2. to provide documents containing personal data to the extent necessary for the purpose of processing;
3. to notify the Operator about the clarification (update, change) of their personal data.

7. Cookie Policy

17. Cookies are used on the Operator's websites to improve the quality of interaction of visitors (users) with these websites, allowing the latter to "remember" visitors (users) during their first visit or during repeated visits. In some cases, cookies are used to personalize information on websites based on the location of visitors and/or their preferences when visiting websites.
18. The Operator uses cookies that are necessary to move visitors (users) around the site or to operate certain basic functions. Cookies are used to improve the functionality of the website, for example by storing visitor (user) settings. The Operator also uses cookies to improve the performance of its websites, in order to improve the quality of the interaction of visitors (users) with them.
19. The Operator does not use cookies to collect information that allows it to identify visitors (users).
20. The following cookies may be used when visiting the Operator's websites:

1. own cookies are set by the site you are visiting and can only be read by that site;
2. third-party cookies are set by other organizations whose services are used by the Operator. For example, the Operator uses third-party analytics services, and the providers of these services set cookies on behalf of the Operator to tell the Operator which sections of the Operator's websites are popular and which are not. The Operator's websites may contain materials downloaded from, for example, YouTube, and such third-party websites may set their own cookies.

21. If a visitor does not want to receive cookies, they can set their browser to be notified each time they try to send cookies, or to reject all cookies. You can also delete existing cookies.
22. If a visitor wishes to restrict or block cookies placed on their device, they can do so using their browser settings as directed by the browser's Help. Instructions on how to do this in the browser of the mobile device should be given in the manual of this device.
23. The Operator's websites and applications may contain links to other sites and services that are beyond the control of the Operator and outside the jurisdiction of this policy. The operators of these sites and services may collect information about visitors and use it in accordance with their policies, which may differ from the policies of the Operator.

8. Final provisions

24. This Policy is subject to change, addition in the event of the emergence of new legislative acts and special regulatory documents on the processing and protection of personal data.
25. The Operator reserves the right to change and/or update the Policy at any time. The new version of the Policy comes into force from the moment it is posted on the website or in the mobile application of the Operator, unless otherwise provided by the new version of the Policy.
26. Control over the fulfillment of the requirements of this Policy is carried out by the person responsible for ensuring the security of the personal data of the Operator.