PERSONAL DATA PROCESSING POLICY

1.1.Personal Data Confidentiality – the obligation of persons who have gained access to Personal Data not to disclose it to third parties or disseminate Personal Data without the consent of the Personal Data Subject, unless otherwise provided by the legislation of the Russian Federation; ‍1.1. Personal Data Confidentiality – the obligation of persons who have gained access to Personal Data not to disclose it to third parties or disseminate Personal Data without the consent of the Personal Data Subject, unless otherwise provided by the legislation of the Russian Federation;

1.2.Personal Data Processing - any action (operation) or set of actions (operations) performed with Personal Data, with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (dissemination, provision, access), anonymization, deletion, and destruction of Personal Data;‍1.2. Personal Data Processing - any action (operation) or set of actions (operations) performed with Personal Data, with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (dissemination, provision, access), anonymization, deletion, and destruction of Personal Data;

1.3.Operator - Limited Liability Company "CEO Cases" (OGRN: 1187746011001, INN/KPP: 9701097974/770101001), registered at: 101000, Moscow, Armyansky Lane, bldg. 7, rm. VI; office 1-8. Actual address: 123112, Moscow, Presnenskaya Embankment, bldg. 6, structure 2, entrance 3, floor 44, room 4404.‍1.3. Operator - Limited Liability Company "CEO Cases" (OGRN: 1187746011001, INN/KPP: 9701097974/770101001), registered at: 101000, Moscow, Armyansky Lane, bldg. 7, rm. VI; office 1-8. Actual address: 123112, Moscow, Presnenskaya Embankment, bldg. 6, structure 2, entrance 3, floor 44, room 4404.

1.4. Personal Data - any information relating directly or indirectly to an identified or identifiable natural person (Personal Data Subject);‍1.4. Personal Data - any information relating directly or indirectly to an identified or identifiable natural person (Personal Data Subject);

1.5. User or Personal Data Subject - an individual who accesses the Website (visits the Website) and/or performs other actions to use its functionality, including viewing or searching for information posted on the Website, registering on the Website, sending messages via web forms on the Website, etc., and who provides their Personal Data to the Operator;‍1.5. User or Personal Data Subject - an individual who accesses the Website (visits the Website) and/or performs other actions to use its functionality, including viewing or searching for information posted on the Website, registering on the Website, sending messages via web forms on the Website, etc., and who provides their Personal Data to the Operator;

1.6. Operator's Website - The Operator's official website, operating in the Operator's interests and accessible at the following internet address: https://www.ccases.ceo/.1.6. Operator's Website - The Operator's official website, operating in the Operator's interests and accessible at the following internet address: https://www.ccases.ceo/. 1.6. Operator's Website - The Operator's official website, operating in the Operator's interests and accessible at the following internet address: https://www.ccases.ceo/.

1.7.Cookies - small pieces of data sent by a web server and stored in the User's browser, which ensure efficient Website management and assist in customizing the user interface.‍1.7. Cookies - small pieces of data sent by a web server and stored in the User's browser, which ensure efficient Website management and assist in customizing the user interface.

‍‍‍

2. GENERAL PROVISIONS2.2.

2.1. This Personal Data Processing Policy (hereinafter – "Policy") has been developed by the Operator and is a publicly available document outlining the principles of the Operator's activities regarding the processing and protection of Personal Data, as well as ensuring the security of their processing operations.‍2.1. This Personal Data Processing Policy (hereinafter – "Policy") has been developed by the Operator and is a publicly available document outlining the principles of the Operator's activities regarding the processing and protection of Personal Data, as well as ensuring the security of their processing operations.

2.2. This Policy discloses, among other things, the methods, principles, and purposes of Personal Data processing by the Operator, as well as the rights and obligations of the Operator and the User.‍2.2. This Policy discloses, among other things, the methods, principles, and purposes of Personal Data processing by the Operator, as well as the rights and obligations of the Operator and the User.

2.3. This Policy shall be published on the Website.2.3. This Policy shall be published on the Website.2.3. This Policy shall be published on the Website.

‍‍‍

3. PRINCIPLES, PURPOSES, AND CONTENT OF PERSONAL DATA PROCESSING3.

‍‍‍

Таблица обработки персональных данных

	Цели обработки	Категории и перечень обрабатываемых Персональных данных	Правовое основание обработки Персональных данных
3.1.	Осуществление сотрудниками Оператора обратной связи с Пользователем по запросам Пользователя (в т.ч. направление уведомлений, осуществление звонков, направление предложений и рекомендаций, адаптированных под пользовательские потребности, интересы, предпочтения)	Адрес электронной почты	Согласие на Обработку Персональных данных
3.2.	Продвижение собственных услуг и бренда на рынке при помощи маркетинговых коммуникаций (информирование Пользователя об акциях, конкурсах, специальных предложениях, о новых услугах, скидках, рекламных материалах и других сервисах, а также получение коммерческой или рекламной информации и бесплатной продукции, выполнение маркетинговых исследований и уведомление обо всех специальных инициативах для клиентов)	Адрес электронной почты	Согласие на Обработку Персональных данных Согласие на получение рассылок
3.3.	Сбор cookie-файлов	IP-адрес, уникальные идентификаторы пользователя, маркетинговые и аналитические cookies	Согласие на Обработку Персональных данных

‍‍‍

3.4. The specified categories of Personal Data may also be processed for the purpose of conducting statistical and other research based on anonymized data.3.4. The specified categories of Personal Data may also be processed for the purpose of conducting statistical and other research based on anonymized data.

3.5. The Operator does not process special categories of Personal Data concerning ethnic origin, political opinions, religious, or philosophical beliefs3.5. The Operator does not process special categories of Personal Data concerning ethnic origin, political opinions, religious, or philosophical beliefs.

3.6.When considering inquiries, the User may, on their own initiative, provide the Operator with additional Personal Data (including those contained in documents and messages). The Operator processes such Personal Data to the extent necessary to provide services.‍3.6. When considering inquiries, the User may, on their own initiative, provide the Operator with additional Personal Data (including those contained in documents and messages). The Operator processes such Personal Data to the extent necessary to provide services.

3.7.The Operator processes Personal Data on a lawful and fair basis. 3.7. The Operator processes Personal Data on a lawful and fair basis. 3.7. The Operator processes Personal Data on a lawful and fair basis.

3.8. The processing of personal data is limited to achieving specific, predetermined, and legitimate purposes. The processing of personal data that is incompatible with the purposes for which it was collected is not permitted. ‍3.8. The processing of personal data is limited to achieving specific, predetermined, and legitimate purposes. The processing of personal data that is incompatible with the purposes for which it was collected is not permitted.

3.9.Only Personal Data that meet the purposes of their processing are subject to processing.‍3.9. Only Personal Data that meet the purposes of their processing are subject to processing.

3.10.The content and scope of the processed personal data correspond to the stated processing purposes. The processed personal data are not excessive in relation to their stated processing purposes.‍‍‍3.10. The content and scope of the processed personal data correspond to the stated processing purposes. The processed personal data are not excessive in relation to their stated processing purposes.

‍‍‍

4. METHODS OF PROCESSING AND ACTIONS PERFORMED BY THE OPERATOR WITH PERSONAL DATA4.4.

‍4.1.The Operator collects, records, systematizes, accumulates, stores, refines (updates, modifies), extracts, uses, transfers (disseminates, provides, grants access to), anonymizes, deletes, and destroys Personal Data.4.1. The Operator collects, records, systematizes, accumulates, stores, refines (updates, modifies), extracts, uses, transfers (disseminates, provides, grants access to), anonymizes, deletes, and destroys Personal Data.

4.2. Personal Data processing by the Operator is carried out using automation tools, as well as without the use of automation tools.

‍

5. PERSONAL DATA PROCESSING PERIOD

5.1. Consent for Personal Data processing is granted by the Personal Data Subject for the entire period necessary for the Operator to achieve the processing purposes.

5.2. Consent for personal data processing may be withdrawn by the Personal Data Subject.

5.3. Should consent for Personal Data Processing be refused, the Operator will be obliged to deny the Personal Data Subject the actions stipulated by the aforementioned purposes of personal data processing.

5.4. Upon achieving the purposes of Personal Data processing, and also if the Personal Data Subject withdraws consent for their processing, Personal Data shall be destroyed within a period not exceeding 30 (thirty) business days from the date the purpose is achieved or from the date such withdrawal is received, respectively.

5.5. Should the Personal Data Subject request the cessation of Personal Data processing, the Operator undertakes to cease Personal Data processing within 30 (thirty) business days from the date of receiving such a request.

5.6. The Personal Data Subject has the right to withdraw consent for the processing of their Personal Data or to submit a request to cease Personal Data processing by notifying the Operator in writing using one of the following methods:

5.6.1. by written application sent to the address: 123112, Moscow, Presnenskaya Embankment, building 6, structure 2, entrance 3, floor 44, room 4404.

5.6.1. by email sent to: ask@ccases.ceo.

‍

6. TRANSFER OF PERSONAL DATA

6.1. The Operator has the right to engage third parties in the processing of Personal Data by entrusting third parties with the processing of Personal Data and/or by transferring Personal Data to third parties without entrusting processing.

6.2. Third parties may be engaged in the processing of Personal Data only on the condition that such parties process Personal Data to the minimum extent necessary and solely for achieving the stated purposes of Personal Data processing, and also on the condition that such parties ensure the confidentiality and security of Personal Data during processing (should third parties fail to comply with these conditions, they will be held liable based on their contractual obligations to the Operator and/or in accordance with the provisions of applicable Personal Data legislation). Such parties may include, but are not limited to:

6.2.1. authorized state authorities in cases stipulated by federal laws;

6.2.2. the Website's hosting provider;

6.2.3. service providers for monitoring user actions (behavior) on the Website.

‍

7. CONDITIONS FOR CESSATION OF PERSONAL DATA PROCESSING

7.1. The Operator ceases Personal Data processing and irrevocably deletes it from its information systems (destroys it) within the timeframes established by Federal Law No. 152-FZ, if at least one of the following conditions occurs:

7.1.1. the user has withdrawn their consent to Personal Data processing or requested the cessation of Personal Data processing;

7.1.2. the term of the Consent to Personal Data processing has expired;

7.1.3. the purpose of Personal Data processing has been achieved;

7.1.4. unlawful processing of personal data has been identified;

7.1.5. the operator has ceased supporting the Website;

7.1.6. the operator has ceased its activities.

7.2. The processing of Personal Data ceases:

7.2.1. by blocking Personal Data;

7.2.2. by deleting Personal Data;

7.2.3. by destroying Personal Data.

‍

8. MEASURES FOR PROPER ORGANIZATION OF PERSONAL DATA PROCESSING AND PERSONAL DATA PROCESSING SECURITY

8.1. When processing Personal Data, the Operator takes all necessary legal, organizational, and technical measures to protect it from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, distribution, as well as from other unlawful actions concerning Personal Data.

8.2. The security of Personal Data processing is ensured by the following measures taken by the Operator:

8.2.1. appointment of a person responsible for organizing the processing of Personal Data;

8.2.2. implementation of internal control and/or audit of Personal Data processing compliance with the requirements of Federal Law 152-FZ and regulatory legal acts adopted in accordance therewith, as well as the Operator's local regulatory legal acts;

8.2.3. restriction of access to Personal Data and granting access only to authorized persons;

8.2.4. familiarization of persons involved (admitted) by the Operator in the processing of Personal Data with the requirements of applicable Personal Data legislation and the Operator's local regulatory legal acts regarding Personal Data processing;

8.2.5. application of organizational and/or technical measures to ensure the security of Personal Data during its processing;

8.2.6. inclusion of provisions for ensuring the security of Personal Data in contracts with third parties to whom Personal Data is transferred, including requirements not to disclose or disseminate Personal Data without the consent of the Personal Data Subject, unless otherwise provided by the legislation of the Russian Federation.

‍

9. RIGHTS AND OBLIGATIONS OF THE PERSONAL DATA SUBJECT AND THE OPERATOR

9.1. The Personal Data Subject has the right to:

9.1.1. to receive information concerning the Processing of their Personal Data, except in cases provided by federal laws;

9.1.2. to demand from the Operator the clarification of their Personal Data, its blocking or destruction if the Personal Data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of Processing, and to take measures provided by law to protect their rights;

9.1.3. to refuse to give consent for the Processing of Personal Data for the purpose of promoting goods, works, and services on the market;

9.1.4. to withdraw consent for the Processing of Personal Data;

9.1.5. to appeal to the authorized body for the protection of Personal Data Subjects' rights or to a court regarding unlawful actions or inactions of the Operator during the Processing of their Personal Data;

9.1.6. to exercise other rights provided by the legislation of the Russian Federation.

9.2. The Personal Data Subject is obliged to:

9.2.1. to provide the Operator with accurate Personal Data;

9.2.2. to inform the Operator about the clarification (update, change) of their Personal Data.

9.3. A person who has provided inaccurate information about themselves to the Operator shall be liable in accordance with the legislation of the Russian Federation.

9.4. If requests, forms, or accompanying documents sent by Users via the Website contain personal data of third parties, Users guarantee that they have proper legal grounds for transferring such personal data to the Operator. The Operator does not verify the legal grounds for Users transferring personal data of third parties but reserves the right to request confirmation of the necessary legal grounds at any time, and the User undertakes to provide it immediately.

9.5. The Operator has the right to:

9.5.1. obtain accurate information containing Personal Data from the Personal Data Subject;

9.5.2. in the event the User withdraws consent for Personal Data Processing, continue Personal Data Processing without consent if there are grounds established by the legislation of the Russian Federation;

9.5.3. independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by personal data legislation and regulatory legal acts adopted in accordance therewith, unless otherwise provided by personal data legislation.

9.6. The Operator is obliged to:

9.6.1. provide the User, upon their request, with information regarding the Processing of their Personal Data;

9.6.2. organize the Processing of Personal Data in the manner established by the current legislation of the Russian Federation;

9.6.3. respond to requests and inquiries from Personal Data Subjects and their legal representatives in accordance with personal data legislation requirements;

9.6.4. publish or otherwise ensure unrestricted access to this Policy;

9.6.5. take legal, organizational, and technical measures to protect Personal Data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination of Personal Data, as well as from other unlawful actions concerning Personal Data;

9.6.6. perform other duties stipulated by personal data legislation.

‍

10. AUTOMATICALLY COLLECTED USER INFORMATION. USE OF COOKIES.

10.1. Cookies are used by the Operator to ensure the correct and secure functioning of certain sections of the Website, to simplify navigation, and to display information on the Website more effectively. Cookies are also used to recognize the User's computer or device, which facilitates and personalizes Website usage. Additionally, the Operator uses cookies to collect statistical information about Website usage for analytics and continuous improvement of its functionality.

10.2. Cookies contain information about how and by whom the Website is used, as well as information about User actions performed on the Website.

10.3. A Website Visitor can manage cookies by adjusting browser settings. If cookies are deleted, all data regarding the Website Visitor's preferences will be removed, including the preference to opt out of cookie usage.

10.4. If cookies are blocked, changes may affect the user interface, and some Website components may become unavailable.

10.5. Data collected via cookies includes: IP address data, Media Access Control (MAC) address, browser and computer type and version, screen resolution, time zone and location, browser plugin types and their versions, other technologies the User employs to access the Website, information on how the User uses the Website, and device type and identifier if the User accesses the Website via a mobile device.

10.6. When using cookies, the Operator does not use the IP address to identify the User. Furthermore, cookies do not store email addresses or other information that could identify the User. However, they do allow the Operator to "recognize" the User when the User visits the Website and to remember the User's preferences.

10.7. The Operator notes that cookies that do not collect Personal Data do not require consent for their processing or any other grounds for processing.

10.8. The Operator uses the following types of cookies:

10.8.1. Essential (necessary) cookies. These cookies are necessary for the Website to function and cannot be disabled. Typically, these cookies are set in response to a User's request for the Website to perform a specific action, such as setting privacy preferences or filling out a registration form. The User can configure their browser to block or alert them about these cookies. However, in such a case, some parts of the Website will not function. Essential cookies do not collect or store Personal Data.

10.8.2. Functional cookies. These cookies are used to improve interaction with the Website and allow it to provide enhanced functionality and personalization. The User may prohibit the use of functional cookies, but in such a case, some or all services hosted on the Website may not function correctly.

10.8.3. Analytical and statistical cookies. These cookies may be used, among other things, to collect statistics and information about User behavior patterns.

10.9. To stop receiving cookies, the Operator is advised to refer to the instructions provided by the browser developer or device manufacturer that the Operator uses. Disabling some cookies may affect the Website's functionality, which may cause the User to experience some inconvenience when using it.

‍

11. FINAL PROVISIONS

11.1. This Policy is valid indefinitely until it is replaced by a new version.

11.2. In the event of changes to this Policy, the amended version of the Policy will be published on the Website.

11.3. Visiting / using the Website by Personal Data subjects after the amended version of the Policy comes into effect signifies that Personal Data Subjects have familiarized themselves with its provisions.

11.4. By expressing consent in the relevant forms / banners / checkboxes or by sending a question or request to an email address containing @ccases.ceo, you confirm that you agree to the terms of Personal Data processing specified in the Policy.

11.5. Please note that your consent is not required in cases where other grounds for processing Personal Data apply. For example, the following:

11.5.1. the processing of Personal Data is necessary for the conclusion of a contract;

11.5.2. the processing of personal data is necessary for statistical or other research purposes, provided that the Personal Data is anonymized;

11.5.3. personal data must be published or disclosed in accordance with federal laws (for example, when it is necessary to respond to legitimate and reasoned requests from law enforcement agencies, prosecutor's offices, security agencies, and other bodies authorized to request information in accordance with legislation);

11.5.4. the processing of Personal Data is necessary for us to fulfill our duties, functions, and powers as mandated by law.

11.6. The current version of the Policy is publicly available on the Website.

‍