Personal Data Processing Policy

1.1. The Operator's main objective and condition for conducting its activities is to respect the rights and freedoms of individuals when processing their personal data, including protection of the right to privacy, personal and family secrets.

1.2. This policy of the Operator regarding personal data processing (hereinafter referred to as the Policy) applies to all information that the Operator may receive about visitors to the website https://cubit.su.

2.1. Automated personal data processing — processing of personal data using computing technology.

2.2. Blocking of personal data — temporary cessation of processing personal data (except in cases where processing is necessary to clarify personal data).

2.3. Website — a collection of graphical and informational materials, as well as computer programs and databases that provide access to them over the Internet at the network address https://cubit.su.

2.4. Personal data information system — a set of databases containing personal data and ensuring their processing using information technologies and technical means.

2.5. Anonymization of personal data — actions that result in it being impossible to determine the ownership of personal data by a specific user or another subject of personal data without the use of additional information.

2.6. Personal data processing — any action (operation) or a set of actions (operations) performed with personal data using automation tools or without such tools, including collection, recording, systematization, accumulation, storage, updating (modification), extraction, usage, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.

2.7. Operator — a state authority, municipal authority, legal entity, or individual, independently or jointly with other persons organizing and/or performing personal data processing and determining the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.

2.8. Personal data — any information relating directly or indirectly to a specific or identifiable user of the website https://cubit.su.

2.9. Personal data authorized by the data subject for dissemination — personal data to which the data subject has granted access to an unlimited number of persons by giving consent for its processing for distribution in the manner provided by the Personal Data Law.

2.10. User — any visitor to the website https://cubit.su.

2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or group of persons.

2.12. Distribution of personal data — any actions aimed at disclosing personal data to an indefinite number of persons (transferring personal data) or familiarizing an indefinite number of persons with personal data, including publishing personal data in mass media, placing them in information and telecommunications networks, or providing access to personal data by any other means.

2.13. Cross-border transfer of personal data — the transfer of personal data to a foreign country to a foreign government authority, foreign individual, or foreign legal entity.

2.14. Destruction of personal data — any actions that result in the irreversible destruction of personal data with no possibility of restoring the content of personal data in the personal data information system and/or destruction of the material carriers of personal data.

3.1. The Operator has the right to:

— receive accurate information and/or documents containing personal data from the data subject;

— if the data subject withdraws consent to the processing of personal data, or requests to stop processing personal data, the Operator may continue processing personal data without the consent of the data subject in the cases specified in the Personal Data Law;

— independently determine the set of measures necessary and sufficient to ensure compliance with the obligations provided by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.

3.2. The Operator is obliged to:

— provide the data subject, upon request, with information regarding the processing of their personal data;

— organize personal data processing in accordance with the applicable laws of the Russian Federation;

— respond to requests and inquiries from data subjects and their legal representatives in accordance with the Personal Data Law;

— provide the authorized body for personal data protection with necessary information upon request within 10 days from the receipt of such request;

— publish or otherwise ensure unrestricted access to this Policy regarding personal data processing;

— take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, distribution of personal data, as well as other unlawful actions with personal data;

— cease the transfer (distribution, provision, access) of personal data, stop processing and destroy personal data in the cases provided by the Personal Data Law;

— perform other obligations as specified by the Personal Data Law.

4.1. Data subjects have the right to:

— receive information about the processing of their personal data, except in cases provided by federal laws. The information will be provided to the data subject in an accessible form, and it must not contain personal data relating to other data subjects, except where there are legal grounds for disclosing such data.

— require the operator to clarify their personal data, block or delete them if they are incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.

— raise conditions for prior consent when processing personal data for the purpose of promoting goods, works, and services;

— revoke consent to the processing of personal data, as well as request the cessation of the processing of personal data;

— appeal to the authorized body for personal data protection or the court for unlawful actions or inactions of the Operator in processing their personal data;

— exercise other rights provided by the laws of the Russian Federation.

4.2. Data subjects are obliged to:

— provide the Operator with accurate data about themselves;

— notify the Operator about any clarification (updating, modification) of their personal data.

4.3. Individuals who have provided inaccurate information about themselves or about another data subject without the latter’s consent shall be held liable in accordance with the laws of the Russian Federation.

5.1. Personal data processing is carried out on a lawful and fair basis.

5.2. Personal data processing is limited to achieving specific, predefined, and lawful purposes. Personal data processing incompatible with the purposes of collection is not allowed.

5.3. Personal data databases containing data processed for incompatible purposes must not be merged.

5.4. Only personal data that meets the processing objectives will be processed.

5.5. The content and volume of processed personal data must correspond to the stated purposes. Excessive processing of personal data is not allowed.

5.6. When processing personal data, accuracy, sufficiency, and relevance to the processing goals must be ensured. The Operator must take necessary measures to remove or correct incomplete or inaccurate data.

5.7. Personal data is stored in a form that allows identification of the data subject for no longer than required by the purposes of processing.