Personal Data Processing Policy

1. General provisions
   1. The most important condition for the realization of the goals of the activity of JUG Ru Group LLC (hereinafter individually referred to as the Operator) is to ensure the necessary and sufficient level of data informational security, which includes personal data.
   2. The Policy regarding the processing of personal data of the Operator (hereinafter referred to as the Regulations) determines the procedure for collecting, storing, transferring and other types of processing of personal data, as well as information on the current requirements for protection of personal data.
   3. This Policy was developed in accordance with the current legislation of the Russian Federation.
2. Personal data composition
   1. Information constituting personal data is any information related directly or indirectly to a determined or determined individual (subject of personal data). A detailed list of personal data is recorded in the local regulatory documentation of the Operator.
   2. All personal data processed by the Operator is confidential, strictly protected information in accordance with the legislation.
3. Purposes for personal data processing
   1. Personal data are processed by the Operator in order to organize and conduct by the Operator (including those involving third parties) loyalty programs, marketing and / or promotional actions, research, surveys and other activities; fulfillment by the Operator of obligations under the service contract; rendering of other services to subjects of personal data; promotion of services and / or goods of the Operator and / or the Operator’s partners in the market through direct contacts with the Operator’s customers through various means of communication, including but not limited to telephone, e-mail, mailing, Internet, etc.; for other purposes, if the actions of the Operator do not contradict the current legislation.
   2. The Operator processes the following personal data in order to properly perform its duties: Surname, First name, Patronymic, contact phone number, e-mail address; and, if necessary, the city and country of residence.
4. The order of collection, storage, transfer and other types of processing of personal data
   1. The processing of personal data, carried out without the use of automation, is carried out in such a way that it is possible to determine the places of storage of personal data (material carriers) with respect to each category of personal data. The Operator establishes a list of persons who process personal data or have access to them. Separate storage of personal data (material carriers) is provided, the processing of which is carried out for various purposes. The Operator ensures the safety of personal data and takes measures to prevent unauthorized access to personal data.
   2. The processing of personal data with the use of automation equipment is carried out subject to the following actions: the Operator carries out technical measures aimed at preventing unauthorized access to personal data and (or) transferring them to persons who do not have the right to access such information; protective tools are set up for the timely detection of unauthorized access to personal data; technical means of automated processing of personal data are isolated in order to prevent exposure to them, as a result of which their operation may be disrupted; The Operator makes a backup of the data in order to be able to immediately restore personal data, modified or destroyed due to unauthorized access to them; carries out constant monitoring of ensuring the level of protection of personal data.
5. Information about the personal data protection requirements
   1. The Operator conducts the following activities: determines threats to the security of personal data during processing, forms threat models on their basis; develops, based on the threat model, a personal data protection system that provides neutralization of the alleged threats using methods of protecting personal data provided for the relevant class of information systems; forms a plan for conducting inspections of the readiness of new means of protecting information for use with drawing up conclusions on the possibility of their operation; carries out installation and commissioning of information protection means in accordance with operational and technical documentation; conducts training of persons using information security tools used in information systems, rules of work with them; carries out the account of applied means of protection of the information, the operational and technical documentation to them, carriers of the personal data; carries out the account of the persons admitted to work with the personal data in the information system; monitors compliance with the terms of use of information protection tools provided for by operational and technical documentation; has the right to initiate proceedings and draw up conclusions on the facts of non-observance of the conditions for storage of personal data carriers, use of information protection means that may lead to violation of the confidentiality of personal data or other violations that lead to a reduction in the level of protection of personal data, development and adoption of measures to prevent possible dangerous consequences of such violations; has a description of the system for protecting personal data.
   2. To develop and implement specific measures to ensure the safety of personal data when processing them in an information system, the Operator or an authorized person is responsible for the Operator’s information technology unit. Persons whose access to personal data processed in the information system is necessary to perform official (labor) duties are allowed to the relevant personal data on the basis of a list approved by the Operator. Requests for users of the information system to receive personal data, as well as the facts of the provision of personal data for these requests are recorded by automated means of the information system in the electronic log of appeals. The content of the electronic log of applications is periodically checked by the relevant officials (employees) of the Operator or authorized person. In case of violation of the procedure for the provision of personal data, the Operator or an authorized person shall immediately suspend the provision of personal data to users of the information system until the causes of violations are identified and these causes are eliminated.
6. Rights and obligations of the Operator
   1. The Operator of personal data has the right:
      • to defend own interests in court;
      • to provide personal data to third parties, if this is provided by the current legislation (tax, law enforcement agencies, etc.);
      • to refuse to provide personal data in cases stipulated by law;
      • to use the personal data of a subject without his/her consent, in cases stipulated by law.
7. Rights and obligations of the subject of personal data
   1. The subject of personal data has the right:
      • to demand the specification of his/her personal data, their blocking or destruction in the event that personal data are incomplete, outdated, unreliable, illegally obtained or are not necessary for the stated purpose of processing, and also take legal measures to protect his/her rights;
      • to request a list of his/her personal data processed by the Operator and the source of their receipt; receive information on the processing of his/her personal data, including the time of their storage;
      • to demand the notification of all persons who were previously informed of his/her incorrect or incomplete personal data about all exceptions, corrections or additions made in them;
      • to appeal to the authorized body for the protection of the rights of subjects of personal data, or in the judicial order, improper acts or omissions when processing his/her personal data;
      • to protect his/her rights and legitimate interests, including compensation for damages and (or) compensation for moral harm in the courts.
8. Cookie Policy
   1. This section is a part of the Privacy Policy and describes the use of cookies on the JUG Ru Group websites.
   2. Cookies are used on the Operator’s websites to improve the quality of visitors’ interaction with these websites, allowing websites to «remember» visitors during their first or repeated visits. In some cases, cookies are used to personalize information on websites based on the location of visitors and / or their preferences when visiting websites.
   3. The Operator uses cookies that are necessary to move visitors to the website or work certain basic functions. Cookies are used to improve the functionality of a website, for example, by storing visitor settings. The Operator also uses cookies to improve the performance of the websites in order to improve the quality of visitors’ interaction with them.
   4. To avoid ambiguity: The Operator does not use cookies to collect information that allows visitors to be identified.
   5. The following cookies can be used while visiting Operator’s websites:
      • own cookies are set by the visited website and can be read only by this website;
      • third-party cookies are installed by other organizations whose services are used by the Operator. For example, the Operator uses third-party analytical services, and the providers of these services install cookies on behalf of the Operator to inform the Operator which sections on the Operator’s websites are popular and which are not. Operator websites may contain materials that are downloaded, for example, from YouTube, and such third-party websites may install their cookies.
   6. If a visitor does not want to receive cookies, he/she can set his/her browser to receive notifications every time it tries to send cookies or reject all cookies. It is also possible to delete existing cookies.
   7. If a visitor wants to limit or block cookies placed on his/her device, he/she can do this using the browser settings as specified in the Help for this browser. Instructions on how to do this in the browser of the mobile device must be found in the manual of this device.
   8. The operator’s websites may contain links to other websites that are beyond the control of the Operator and outside the jurisdiction of this Policy. Operators of these websites can collect information about visitors and use it in accordance with their policies, which may differ from the Policy of the Operator.
   9. The operator reserves the right to change and / or update the Policy at any time.
9. Final provisions
   1. This Policy is subject to amendment, addition in the event of the emergence of new legislation and special regulations for the processing and protection of personal data.
   2. This Policy is an internal document of the Operator and is to be posted on the Operator’s websites.
   3. Control over the fulfillment of the requirements of this Policy is carried out by the person responsible for ensuring the safety of the personal data of the Operator.