Privacy Policy

PRIVACY POLICY

Russia, Rostov-on-Don
November fourteenth, two thousand twenty-two

This Privacy Policy defines the policy of Bastion CJSC (the "Operator") regarding the processing of personal data and contains information about the requirements for the protection of personal data implemented by the Operator. This Policy applies to all personal data processed through the Service that the Operator receives or may receive from the User.

1. GENERAL PROVISIONS

1. The Operator has defined the following basic concepts for the purposes of this Policy to have the following meanings:

"Personal data" is any information relating to a directly or indirectly identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier as a name, surname, patronymic (if any), identification number, individual taxpayer number, SNILS (Individual insurance account number), bank details, date and place of birth, address, e-mail address, phone number, marital, social, property status, education, profession, income, metadata, which are transmitted to the Operator while using the Service by means of the software installed on the User's Device (including location data, HTTP headers, IP addresses, cookie data, information about the User's browser, technical characteristics of equipment and software used by the User, date and time of access to the Service, addresses of requested pages of the Service and other similar information), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. In addition, for the purposes of this Policy, personal data also includes information about the User, the processing of which is provided for in the Agreement regulating the use of the Service. Personal data refers to confidential information. The Operator collects only such personal data as is necessary for the execution of the Agreement.
"Federal Law No. 152-FZ" is the Federal Law of the Russian Federation No. 152-FZ "On Personal Data" dated July 27, 2006, which applies to the Operator's activities only when the Operator processes personal data of residents of the Russian Federation.

"Operator" is Bastion Closed Joint Stock Company, OGRN (Primary State Registration Number): 1136195000138, INN (Taxpayer Identification Number): 6163127276, KPP (Tax Registration Reason Code): 616301001, with registered office at 8/7 Krasnovodskaya Street, Rostov-on-Don, Rostov region, 344010, Russia, carrying out the processing of personal data, as well as determining the purposes of personal data processing, composition of data subject to processing, and actions (operations) performed with personal data.
"User" is any natural person with full legal capacity (data subject), acting inter alia for and on behalf of another natural person, who may provide his/her personal data to the Operator while using the Service, either directly or through a natural person represented by him/her, who has expressed his/her consent to the terms and conditions set forth in the Agreement by signing it, including electronically. For the purposes of this Policy, the User is also understood to be the person whose personal data are processed by the Operator on behalf of the User, as specified in the Agreement.
"Service" or "Website" is an Internet resource used by the Administration in order to inform Users about its activities and produced goods, which is made temporarily accessible to Users by the Administration at https://skatbastion.com/, including any subdomains and versions of the Website, such as the mobile version of the Website, the mobile application, the intranet and FTP server, and other hardware platform versions. The Website is an information resource, the totality of information, which is accessed by means of a conventional and publicly available web browser (Internet Explorer, Firefox, Safari, Opera, Flock, Maxthon, Google Chrome, etc., various versions) and otherwise by means of a unified index of the location of the information resource, consisting of letters, numbers, and other signs, allowing to determine its location in the network.
A website is a complex object within the meaning of Article 1240 of the Civil Code of the Russian Federation, and it is created by the Administration. It incorporates computer software, databases, program codes, know-how, algorithms, design elements, fonts, and logos, as well as text, graphic and other materials, information, texts, graphic elements, images, photos, audio and video materials, and other results of intellectual activity.
Exclusive rights to the Service and any of its components belong to the Administration as a right holder or licensee by virtue of law, contract, or other transactions.
"Agreement" is a user agreement in which terms and conditions apply between the User and the Operator, regulating the procedure for using the Service and containing the User's consent and/or authorization for the Operator to process his/her personal data.
"Processing of personal data" means actions (operations) performed on personal data, including collection, recording, organization, accumulation, storage, refinement (updating, modification), extraction, use, transmission (dissemination, provision, access), depersonalization, blocking, erasure, and destruction of data.
"Processor" is a natural or legal person, public authority, agency, or other body that processes personal data for and on behalf of the Operator.
"Recipient" is a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether or not they are third parties. However, public authorities to which personal data may be disclosed in the context of a specific investigation under European Union law or Member State law are not considered recipients; the processing of such data by such public authorities must comply with applicable data protection rules, depending on the purposes of the processing.
"Third party" is a natural or legal person, public authority, agency, or other body other than the data subject, controller, processor, and persons authorized to process personal data under the direct supervision of the Operator or Processor.
"Automated processing of personal data" means the processing of personal data by means of computer technology.
"Non-automated processing of personal data", "Processing of personal data without the use of automation tools" means processing of personal data contained in a personal data information system or extracted from such a system in cases where such actions performed on personal data as the use, refinement, dissemination, or destruction with respect to each data subject are performed with direct human involvement.
"Dissemination of personal data" means actions aimed at disclosing personal data to the public.
"Provision of personal data" means actions aimed at transmitting personal data to a specific person or a specific group of persons.
"Blocking of personal data" means temporary termination of personal data processing (except in cases where processing is necessary to refine personal data).
"Destruction of personal data" means actions that result in the impossibility of restoring the content of personal data in a personal data information system and/or that result in the destruction of tangible media containing personal data.
"Depersonalization of personal data" means actions that result in the impossibility of attributing personal data to a specific data subject without the use of additional information. In the GDPR sense,
it is referred to as "pseudonymization."
"Use of personal data" means actions (operations) performed on personal data for the purpose of decision-making, execution of transactions, or other actions giving rise to legal consequences in respect of data subjects or otherwise affecting their rights and freedoms or the rights and freedoms of other persons.
"Sale of personal data" means actions that result in the transmission of information and databases containing personal data of persons from the Operator to third parties by means of a transaction.
"Publicly available personal data" means personal data accessible to an unlimited number of people with the data subject's consent or not subject to confidentiality requirements under the applicable law.
"Confidentiality of personal data" means the mandatory requirement for the person who has access to personal data not to allow its dissemination without the consent of the data subject or other legal basis.
"Device" or "User Device" means a computer, mobile device, or virtual machine running an operating system compatible with the Service and with a compatible web browser.
"Statistics" means data on the use of the Service, as well as on the browsing of individual elements of the Service (windows, dialogs, interactive elements, pages, frames, content, etc.) by Users, collected by means of Counters, Trackers, cookies, beacons, and other similar technologies.
"Token" is a unique set of characters identifying the User's Device without identifying the User's personal data. It is generated at the moment of the first use of the Service (e.g., at the moment of the first launch of the mobile application on the Device).
"Cookie" means a small block of data sent by a web server and stored on the User's Device. Cookies are text files that contain small amounts of information and are used to store information on web browsers. They allow the storage and retrieval of identifying information and other data on computers, smartphones, phones and other devices. Cookie specifications are described in RFC 2109 and RFC 2965. There are other technologies used for the same purpose, including data stored by web browsers or devices, identifiers associated with devices, and other software. Within the context of this Policy, all of these technologies are referred to as "Cookies."
"Web Beacons" are electronic images (single-pixel (1x1) or blank GIF images) that help the Operator recognize certain types of information on the User's Device, such as cookies, time and date of page viewing, and the description of the page containing the web beacon.
"Counter", "Tracker" means a part of the Service which is a program that uses a code fragment responsible for analyzing cookies and collecting statistics and personal data of Users. The Personal Data is collected in an anonymized form.
"IP address" is a number from the number pool of the data transmission network based on RFC 791 (Internet Protocol), which identifies the subscriber's terminal (computer, smartphone, tablet, other device) or means of communication included in the information system and belonging to the User when providing telematic communication services, including Internet access.
"HTTP header" is a line of text in an HTTP message consisting of a name-value pair separated by a colon. The HTTP header format follows the general ARPA text network message header format described in RFC 822.
"Messenger" is an information system and/or program (mobile application, web service, web application, etc.) that is designed and/or used to receive, transmit, deliver, and/or process electronic messages of Internet users (e.g., Skype, WhatsApp, Viber, Telegram, VK, OK, Facebook Messenger, etc.).
"Applicable law" means the law of the country where the Operator is registered or of which it is a resident. In particular cases, the applicable law may be the law of the country where the User lives or where the User is a resident, if such law takes precedence over the rules of this Policy.

1. All other terms and definitions used in this Policy shall be interpreted by the Parties in accordance with applicable law, current recommendations of international Internet standards organizations (RFCs), and customary rules on the interpretation of relevant terms existing on the Internet.
2. The terms and definitions in this Policy may be used in singular and plural forms, depending on the context, and may be capitalized or written in lower case.
3. The titles of the articles and the structure of the text of the policy are for convenience of reference only and have no literal legal meaning.
4. This Policy has been developed in accordance with the requirements of international law and applicable law.
5. The Policy defines the procedure and conditions of personal data processing by the Operator, including the procedure for transmitting personal data to third parties, features of non-automated processing of personal data, procedure for access to personal data, personal data protection system, procedure for organizing internal control, and responsibility for violations in personal data processing, among other matters.
6. This Policy shall become effective upon its approval by the Operator and will remain in effect for an indefinite period of time until replaced by a new policy.
7. The Operator has the right to make changes to this Policy without the User's consent. All amendments to this policy shall be made through a regulatory document approved by the Operator.
8. This Policy applies to all processes related to the processing of personal data that are performed through the Service without the use of automation tools. The Operator does not control and is not responsible for the services belonging to third parties that the User may access via links posted on the Service.

1. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
2. The Operator processes the User's personal data in accordance with international regulations regarding personal data protection, applicable laws, and, with respect to Users located in the territory of the Russian Federation, Federal Law No. 152-FZ.
3. The User's personal data is processed in accordance with and in fulfillment of the Agreement regulating the procedure of using the Service and other transactions, agreements, or contracts entered into between the User and the Operator, or on the basis of the User's separate consent to such processing.
4. The processing of the User's personal data is performed by the Operator only if the User has reached the age of 16. If the User is under the age of 16, it is required to obtain the consent of the User's legal representatives. Otherwise, the Operator shall delete the User's data from the Service if the User's age does not correspond to this requirement. If the requirements of the applicable law establish a younger or older age, then such requirements shall apply.

1. PURPOSES OF PERSONAL DATA COLLECTION

1. The Operator processes only those personal data that are necessary for the use of the Service or the execution of transactions, agreements and contracts involving the User, except in cases where the applicable law provides for the mandatory storage of personal data for a period specified by law, in particular, in accordance with the laws on accounting and the rules of organization of state archives.
2. When processing personal data, the Operator shall not merge databases containing personal data that are processed for incompatible purposes.
3. The Operator processes the User's personal data for the following purposes:
4. use of the personal data for entering into and executing the Agreement or any other transaction with the Operator;
5. use of the personal data for the proper functioning of the Service in order to meet the expectations of Users, in particular to ensure the accurate identification of Users or the proper functionality of the Service, if these depend on the provision of the data;
6. placing personalized advertisements and/or other information in any section of the Service and interrupting the use of the Service with advertising information;
7. marketing programs, various offers, promotions and advertising activities related to the Service;
8. statistical and other studies of the use of the Service based on the depersonalized data;
9. compliance with the mandatory requirements of applicable laws.

1. AMOUNT AND CATEGORIES OF PROCESSED DATA, CATEGORIES OF DATA SUBJECTS

1. The Operator may receive the User's personal data from various sources, in particular:
2. from the Service in the process of their functioning;
3. when the User uses the Service;
4. when the User contacts the technical support service;
5. when the User participates in marketing programs, various offers, promotions and advertising activities related to the Service.
6. Personal data authorized for processing in compliance with this Policy and provided by Users (natural persons) while using the Service by filling in the relevant input fields may include the following information:
7. surname, given name;
8. email address;
9. phone number;
10. city of residence/location;
11. professional specialization.
12. The personal data processed in compliance with this Policy and automatically transmitted to the Operator when using the Service through the software installed on the User's Device may include the following information:

4.3.1. HTTP headers;
IP address of the Device;
cookie data;
data collected by the counters;
data collected by the web beacons;
information about the web browser;
technical specifications of the Device and software;
technical data on the operation of the Service, including date and time of use and access to the Service;
identifiers of the requested windows of the Service interface.
According to this Policy, the Operator shall process personal data of persons belonging to the following categories of data subjects:

1. natural persons using the Service in accordance with the Agreement on its use;
2. natural persons who use the Operator's services in accordance with the Agreement, other agreements and transactions;
3. natural persons who do not use the Operator's services and the Service but visit publicly accessible pages of the Operator's Websites.

Processing of certain categories of Users' personal data is performed under the following conditions:

1. User information. Certain data is used to provide the functionality of the Service related to the User's data, such as the User's given name, surname, e-mail address, and other data. The token assigned to the User may be used to send messages and notifications to the User's Device (e.g., important alert messages).
2. Information on the use of the Service. Such information is processed in order to study the activities performed on the Service and the Service's interaction with the User, i.e., how long it takes the Service to perform a particular operation at the User's request, which Service's function is used most often, the type of action performed on the Website (click, mouseover, etc.), the date and time of an action performed; URL of pages, Referer, screen resolution, class of HTML element clicked on, data on the number of page views on the Website, clicks on selected hyperlinks, data on the forms filled out on the Website, including errors in filling out the forms, and data on the use of the Service interface (opening dialog boxes, transitions, launches, crashes, etc.). This information helps the Operator solve problems in the operation of the Service, prevent fraudulent activities, improve the Service, increase its performance, and make it more convenient to use.
3. Technical specifications of the User's Device, including its IP address and software. Information such as the type of Device, operating system, IP address, method of connection to the network, etc. may be required to enable the Operator to take into account the features of the functioning of the Service on different devices and on different networks, as well as to ensure its compatibility with third-party software.
4. Information about the approximate location of the User. The Service can collect data on the User's location provided by the User's Device hardware, both in active and background mode, for the purposes of providing the User with Services and information relating to the User's location.

1. TERMS AND PROCEDURES OF PERSONAL DATA PROCESSING

1. The Operator has the right to process the personal data of the User without notice to the authorized body for the protection of the rights of data subjects.
2. The Operator processes the User's personal data through the Service without the use of automation tools in accordance with the regulations of the applicable laws that establish requirements for ensuring the security of personal data during its processing and respecting the rights of data subjects. Activities involving personal data, such as the use, refinement, dissemination, and destruction of personal data with respect to the User, are carried out with the direct participation of the Operator's employees.
3. The Operator processes and stores the User's personal data for a period determined in accordance with the Agreement on the use of the Service, or about which the Operator informed the User upon receipt of the User's consent to the processing of the personal data in another way (in a check-box, a text message, in email, etc.).

5.4. Concerning the personal data of the User, its confidentiality is maintained, except in cases where the User voluntarily provides information about himself or herself to the general public.
The Operator has the right to transmit the User's personal data to the processor, recipient, and third parties using modern methods of connection encryption via the secure HTTPS protocol in the following cases:

1. the User has requested such a transmission from the Operator;
2. there is the User's consent to such actions;
3. such a transmission is necessary for the User in order to use certain functions of the Service (e.g., registration and login) or for the execution of a certain agreement, contract, or transaction with the User;
4. the transmission is provided for by the applicable law or other legal norms as part of the procedure established by laws and regulations;
5. in the event of a transfer of rights to the Service, it is necessary to transmit personal data to the acquirer simultaneously with the obligation to comply with the terms of this Policy in relation to the personal data received;
6. to ensure the protection of the rights and legitimate interests of the Operator or third parties when the User violates this Policy or the Agreement on the use of the Service;
7. in other cases provided for by laws and regulations.

The Processors can be:

• website hosting provider;
• operator of an electronic platform distributing the Service or services provided with it's help

(Apple AppStore, Google Play);

• other persons entrusted with the processing of personal data on behalf of the Operator.

1. In the event that a violation of personal data protection can pose a high risk to the rights and freedoms of natural persons, the Operator shall notify the User about the leakage of personal data without unreasonable delay. A communication to the data subject is not required if any of the following conditions are met: (a) the Operator has taken appropriate technical and organizational protective measures for personal data affected by the leak, including measures that display personal data in an incomprehensible form for any person who does not have the right to access it, including cryptographic protection; (b) the Operator has taken subsequent measures to ensure that the high risk to the rights and freedoms of data subjects is no longer likely to be realized; (c) a disproportionate effort is required. In this case, instead, a communication is made to the public or a similar measure shall be taken by which the data subjects are equally informed.
2. The Operator shall take all the necessary organizational and technical measures to protect the User’s personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, and dissemination, as well as from other unlawful actions of third parties. In particular, all processed data is transmitted using modern methods of connection encryption via the secure HTTPS protocol.
3. The Operator shall, jointly with the User, take all necessary measures to prevent losses or other negative consequences caused by the loss or unauthorized disclosure of the User's personal data.
4. The Operator has the right to transmit personal data to the bodies of inquiry and investigation and other authorized bodies on the grounds stipulated by laws and regulations.
5. When collecting personal data, the Operator records, organizes, accumulates, stores, refines (updates, changes), and extracts the personal data of Users who are citizens of the respective country using databases located in the territory of such country or another country, if this is permissible under the applicable law.
6. The Operator ceases processing of the Users' personal data (which is processed with their consent) upon expiration of the User's consent to the processing or upon withdrawal of the User's consent to the processing of the personal data, as well as in the event of unlawful processing of personal data or the liquidation of the Operator.

1. PROCEDURE FOR COLLECTING PERSONAL DATA THROUGH COOKIES, WEB BEACONS, AND COUNTERS

6.1. Cookies and data from Counters transmitted from the Operator to the User's Device and from the User to the Operator may be used by the Operator to achieve the purposes of personal data processing in accordance with the privacy and personal data processing policy.
The Operator uses various types of cookies and Counters on the Service for various purposes, and depending on the purpose, they may be categorized as one of the following:
Required cookies and data received from the Counters are strictly necessary for the functioning of the critical components of the Service, identification of the technical characteristics of the User's Device and the software used, as well as for the User's login and payments;
Analytical cookies and data received from the Counters allow the Service to recognize Users, count their number, and collect information about their transactions within the Service, including information about actions performed within the Service;
Technical cookies and data received from the Counters allow to collect information about the interaction of Users with the Service in order to identify errors and test new features to improve the performance of the Service;
Functionality cookies and data received from the Counters allow the User to use certain functions of the Service, interact with the interface of the Service and use its capabilities, record information about the actions performed on the Service, and customize the Service in accordance with the needs of the User in order to remember the information entered by the User, save the preferred language, location, etc.;
Third-party cookies and data received from the Counters collect information about the User, including traffic sources, the User's actions, and the advertising displayed for the User, as well as the advertising that the User has made within the Service, in order to display advertising that may be of interest to the User, based on the analysis of the collected data. The indicated types of cookies and data from the Counters are also used for statistical and research purposes.
The Operator does not explicitly require the User's consent when using required cookies and obtaining required data from Counters. If the User does not want his or her personal data to be collected by means of required cookies, he or she may disable their provision to the Operator in the software (web browser) on his or her Device. In this case, the User will no longer have access to the functional capabilities of the Service associated with required cookies, which may lead to complete inoperability or incorrect operation of the Service. Disabling required Counters is technically impossible, since they are part of the Service code.
The Operator can use functionality and analytical cookies only with the User's consent, which is usually expressed by accepting the Agreement and commencing the use of the Service. Otherwise, the User has the right to refuse the use of such cookies by disabling them in the settings of the Service, with no harm to its functionality. Disabling Counters that collect functionality and analytical data is technically impossible since they are part of the Service code.
The User agrees that his or her Devices and software used to access the Service, depending on their version and configuration, may or may not have the function of prohibiting operations with cookies for any or specific websites and applications, as well as the function of deleting previously received cookies (e.g., private mode of the web browser).
The Operator has the right to set a requirement for the User's Device to have obligatory permission to accept and receive cookies due to security requirements.
The structure of the cookie file, its content and technical parameters are determined by the Operator and may be changed without prior notice to the User. The User has the right to obtain all necessary information about cookies by sending a request to the Operator in the manner prescribed by the privacy and personal data processing policy.
The Counters placed by the Operator within the Service can be used by the Operator to analyze
cookies and collect personal data on the use of the Service in order to improve its quality, ease of use, and general improvement of the Service. The technical parameters of the operation of the Counters are determined by the Operator and may be changed without prior notice to the User.

1. The Operator may use Web Beacons, either separately or in combination with cookies, to collect information about the use of the Service. The User has the right to block Web beacons when using the Service by prohibiting the download of images in the settings of his or her software (web browser).

1. ACCESS TO PERSONAL DATA
2. The right to access the personal data of the User is reserved only for the Operator’s and/or Processor's employees, who are allowed by their work duties to work with the User's personal data based on a list of persons authorized to work with personal data that is approved by the Operator and/or Processor.
3. The Operator and/or Processor maintains an up-to-date list of employees who have access to personal data.
4. Access to the User's personal data by persons other than the Operator's and/or Processor's employees without the User's consent is prohibited, except in cases stipulated by laws and regulations.
5. Access of the Operator's and/or Processor's employee to the User's personal data shall be terminated from the date of termination of employment relations or from the date of loss of the employee's right of access to the User's personal data due to a change of job responsibilities, position, or other circumstances in accordance with the Operator's/Processor's established procedure. In case of termination of employment relations, all media with the User's personal data in the possession of the dismissed employee of the Operator/Processor shall be transmitted to the superior employee in accordance with the procedure established by the Operator/Processor.

1. UPDATE, CORRECTION, DELETION, AND DESTRUCTION OF PERSONAL DATA

1. The User may at any time change, update, supplement, or delete the personal data provided or part thereof using the Service interface.
2. If the Operator independently identifies that the personal data used on the Service is incomplete or inaccurate, the Operator shall take all possible measures to update personal data and make appropriate corrections.
3. If it is impossible to update incomplete or inaccurate personal data of the User, the Operator shall delete it.
4. In the event of detection of unlawfulness in the User's personal data processing, their processing by the Operator shall cease, and the personal data shall be deleted.
5. If the Service interface is inoperative or the Service does not have a function for changing, updating, supplementing, or deleting the personal data by the User, as well as in any other cases, the User has the right to demand from the Operator in writing the refinement of his or her personal data, its blocking, or its destruction in cases where the personal data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated processing purpose.
6. The Operator shall make the necessary changes to the personal data that are incomplete, inaccurate, or irrelevant in a period not exceeding seven business days from the date the User provides information confirming that the personal data is incomplete, inaccurate, or outdated.
7. The Operator shall destroy the User’s personal data that is illegally obtained or not necessary for the stated processing purpose within a period not exceeding seven business days from the date the User submits information confirming that such personal data is illegally obtained or is not necessary for the stated processing purpose.
8. The Operator shall notify the User of the changes made and undertaken measures and take reasonable measures to notify third parties who have access to the personal data of the User.
9. The User's rights to change, update, supplement, or delete personal data may be limited in accordance with the requirements of laws and regulations. Such limitations, in particular, may provide for the Operator's obligation to save personal data changed, updated, supplemented, or deleted by the User for a period specified by laws and regulations and to transmit such personal data to state authorities in accordance with the established procedure.

1. RESPONSES TO USER'S REQUESTS FOR ACCESS TO PERSONAL DATA AND ITS DELETION

1. The User has the right to receive information from the Operator regarding the processing of his or her personal data, including:
2. confirmation of the fact that personal data is processed by the Operator;
3. legal grounds and purposes for processing personal data;

9.1.3. methods of processing personal data used by the Operator;
name and location of the Operator, data on persons (except for the employees of the Operator) who have access to personal data or to whom personal data may be disclosed based on an agreement entered into with the Operator or according to laws and regulations;
processed personal data related to the respective User, the source of its receipt, unless otherwise provided for by laws and regulations;
terms for processing personal data, including storage periods for personal data;
the procedure for exercising the User's rights provided for by laws and regulations on personal data;
information on completed or suspected cross-border data transmission;
legal name or full name (surname, given name, patronymic), and address of the person who processes personal data on behalf of the Operator, if the processing is or will be entrusted to such a person;
other data provided for by laws and regulations.

1. The Operator provides the User the opportunity to familiarize him or herself with the personal data processed and stored in the Operator’s information system free of charge within thirty calendar days from the date of receipt of a written request from the User.
2. In case the Operator refuses to provide information on the availability of the User's personal data or to provide personal data to the User upon his or her request, the Operator shall provide a reasoned response in writing constituting the grounds for such refusal within a period not exceeding thirty calendar days from the date of receipt of the User's request.
3. The Operator shall provide an opportunity to send a request for deletion of personal data, details of which have been received by the User through a request to the Operator's e-mail address specified in this Policy.
4. If the User submits such a request, the Operator shall delete the personal data within thirty calendar days from the date of receipt of the User's written request.

1. 10.INFORMATION ON THE REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA AND THEIR IMPLEMENTATION

1. The security of personal data during its processing in the information system is ensured by a personal data protection system that neutralizes current threats.
2. The personal data protection system used by the Operator includes legal, organizational, technical, and other measures to ensure the security of personal data, defined taking into account current threats to the security of personal data and information technologies used in information systems.
3. The Operator has the right to engage, on the basis of a contract, a Processor to ensure the security of personal data during their processing in the information system with regard to personal data in respect of which the User provides consent to their processing by the Processor.
4. When processing personal data in the information system, the Operator shall ensure:
5. taking measures aimed at preventing unauthorized access to the personal data of the User and/or its transmission to persons who are not authorized to access such information;
6. timely detection of unauthorized access to personal data;
7. prevention of any impact on technical means involved in the processing of personal data that may result in disruption of their functioning;
8. ability to immediately restore personal data modified or destroyed due to unauthorized access;
9. continuous monitoring of the security level of personal data.
10. In order to comply with security requirements and implement a personal data security system, the Operator has implemented a private model of security threats to the personal data information system.
11. The Operator has determined the security level of personal data during their processing in the personal data information system owned by the Operator.
12. The Operator has developed and implemented a set of measures to protect and secure personal data based on the determination of the security level of personal data during its processing in the personal data information system without the use of automation tools.
13. The Operator uses hardware and software to process and protect personal data and maintains an electronic register of personal data protection measures.

10.9. The Operator shall keep an electronic register of registration and storage of removable media containing personal data (if any).
The hardware that ensures the functioning of the personal data information system shall be located in the premises owned by the Operator by right of ownership or other proprietary right (lease, gratuitous use, etc.).
All employees of the Operator authorized to work with personal data, as well as those associated with the operation and maintenance of the personal data information system, are familiar with the Operator’s internal documents regulating the procedure for working with personal data.
The Operator has organized the training process for employees on the use of personal data protection means managed by the Operator. The training is held by employees with constant access to personal data, as well as employees associated with the operation and maintenance of the personal data information system and personal data protection means.
The internal documents of the Operator establish that employees must immediately inform the Operator's appropriate official about the loss, damage, or shortage of storage media containing personal data, as well as about attempts to unauthorized disclosure of personal data, its reasons, and conditions.

1. CONSENT TO PERSONAL DATA PROCESSING

1. The User decides to provide his or her personal data and consents to their processing freely, of his or her own free will, and in his or her interest.
2. Consent to the processing of personal data provided by the User is specific, informed, explicit, and given by his or her free will.
3. In cases where the User's personal data is processed on the basis of and in pursuance of the Agreement regulating the use of the Service, and other transactions, agreements, or contracts concluded between the User and the Operator with the use of the Service, such processing of the User's personal data does not require separate consent.
4. In the event that the User's personal data is processed based on a separate consent to such processing, expressed directly when using the Service by clicking on the respective button, ticking the indicator of the corresponding check-box, sending a text message or an email, such consent to the processing of personal data is provided by the User in the form of an electronic document signed with a simple electronic signature in accordance with the Agreement regulating the use of the Service.
5. Consent to the processing of personal data may be revoked by the User following the procedure established by laws and regulations.

1. FINAL PROVISIONS

1. The User's commencement of use of the Service means his or her consent to the terms and conditions of this Policy. If the User disagrees with the terms and conditions of this Policy, he or she should immediately stop using the Service.
2. This Policy and the relationship between the User and the Operator arising from its application shall be subject to applicable law. In particular, the Users located in the territory of the Russian Federation are subject to Federal Law No. 152-FZ.
3. This Policy is available to the public at all times at the following link:

https://skatbastion.com/policy

1. The User may address all suggestions or questions regarding this Policy to the Operator's customer support service by sending an e-mail to the following e-mail address: info@skatbastion.com.