Privacy Notice

1. General Provisions

1. 1.1. This Policy outlines the procedures for processing personal data and describes the security measures taken by Anton (hereinafter referred to as the "Operator") to protect personal data.
2. 1.2. The Operator regards compliance with the rights and freedoms of individuals—particularly the right to privacy and to confidentiality of personal and family matters—as its primary objective and prerequisite when processing personal data.
3. 1.3. The Operator's Personal Data Processing Policy (hereinafter referred to as the "Policy") applies to all information the Operator may obtain about visitors to the website.

2. Key Terms Used in This Policy

1. 2.1. Automated processing of personal data – Processing personal data by means of computer technology.
2. 2.2. Blocking of personal data – Temporarily stopping personal data processing (except in cases where processing is needed to clarify personal data).
3. 2.3. Website – A collection of graphic and informational materials, along with computer software and databases, ensuring online access to these materials at the network address .
4. 2.4. Information system of personal data – A set of personal data contained in databases, as well as information technologies and technical means that enable their processing.
5. 2.5. Anonymization of personal data – Any action making it impossible to identify a specific User or another subject of personal data without additional information.
6. 2.6. Processing of personal data – Any action (operation) or series of actions (operations) performed with or without automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, or destruction of personal data.
7. 2.7. Operator – A state body, municipal body, legal entity, or individual that independently or jointly with other entities arranges and/or carries out the processing of personal data, and defines the purposes, scope, and operations (actions) related to the processing of personal data.
8. 2.8. Personal data – Any information that directly or indirectly relates to an identified or identifiable User of the website.
9. 2.9. Personal data permitted by the subject for distribution – Personal data to which an unlimited number of individuals have been granted access by the subject of personal data giving consent for processing such data for distribution, as prescribed by applicable personal data laws (hereinafter, "personal data permitted for distribution").
10. 2.10. User – Any visitor to the website.
11. 2.11. Provision of personal data – Actions aimed at disclosing personal data to a specific person or a specific group of people.
12. 2.12. Distribution of personal data – Actions aimed at disclosing personal data to an indefinite number of individuals.
13. 2.13. Cross-border transfer of personal data – Transfer of personal data to a foreign state authority, foreign individual, or foreign legal entity.
14. 2.14. Destruction of personal data – Any actions resulting in the irrecoverable destruction of personal data, making further restoration of the data or the medium holding it impossible.

3. Basic Rights and Obligations of the Operator

3.1. Operator's rights:

• Request reliable information and/or documents containing personal data from the subject of personal data.
• Continue processing personal data without consent from the data subject if the data subject withdraws their consent or requests the cessation of personal data processing, provided there are grounds for doing so under personal data laws.
• Decide independently whether to provide personal data requested by third parties, unless otherwise mandated by federal law.
• Publish or otherwise provide unrestricted access to this Policy.
• Independently determine the scope and list of necessary measures to ensure compliance with the obligations outlined by personal data laws and associated regulations, unless otherwise required by such laws or other federal legislation.
• Fulfill other obligations set forth by personal data legislation.

3.2. Operator's obligations:

• Process personal data strictly in accordance with the purposes specified in Section 4 of this Policy.
• Ensure the confidentiality of personal data received.
• Take precautions to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, distribution, and other unlawful actions by third parties.
• Block personal data relating to the data subject from the moment the data subject or their representative or an authorized body for personal data protection submits a request to limit processing (unless the Operator has the right to continue processing).
• Update, clarify, or destroy personal data at the request of the data subject or their representative or an authorized body for personal data protection, if the data is incomplete, outdated, inaccurate, illegally acquired, or no longer necessary for the stated processing purpose.
• Inform the data subject about the processing of their personal data upon request, unless otherwise provided by federal law.
• Respond to inquiries and requests from data subjects and their legal representatives in accordance with personal data laws.
• Notify the data subject of the purposes and scope of personal data processing at the time of data collection, or if the data is obtained from third parties.
• Provide reliable information about the processing of personal data upon request by the data subject.
• Ensure the security of personal data processed by taking necessary and sufficient legal, organizational, and technical measures to meet the requirements of applicable personal data laws.
• Supply the authorized body that protects personal data subjects' rights with any required information within 10 days of receiving such a request.
• Publish or otherwise provide unrestricted access to this Policy.
• Implement legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, or other illegal actions.
• Fulfill other obligations set forth by personal data legislation.

4. Rights and Obligations of Personal Data Subjects

4.1. Rights of personal data subjects:

• Receive information concerning the processing of their personal data by the Operator, free of charge, within the timeframes established by personal data laws.
• Request the Operator clarify, block, or destroy personal data if such data is incomplete, outdated, inaccurate, illegally acquired, or no longer necessary for the stated processing purpose, and take legal steps to protect their rights.
• Request information about the processing of their personal data by the Operator, including information about third parties to whom personal data has been or may be transferred, unless otherwise provided by federal law. Information is provided in an accessible format and must not contain personal data related to other data subjects, except where a legal basis for disclosure exists. The scope of information and the process for obtaining it are established by personal data laws.
• Withdraw consent to personal data processing at any time by notifying the Operator in writing, unless otherwise provided by federal law.
• Require prior consent when personal data is processed for marketing goods, works, or services.
• Object to decisions based solely on automated processing of personal data that produce legal consequences or otherwise affect the data subject.
• File a complaint with an authorized body for personal data protection or seek protection of rights in court if the data subject believes that the Operator is violating their rights and legitimate interests.
• Submit a complaint to the authorized body for personal data subjects' rights protection or file a lawsuit against illegal actions or omissions by the Operator in the processing of their personal data.
• Exercise other rights granted by personal data laws.

4.2. Obligations of personal data subjects:

• Provide the Operator with accurate personal data necessary for the purposes specified in Section 4 of this Policy.
• Inform the Operator of any updates or changes to personal data.
• Fulfill other obligations set forth by personal data legislation.

4.3. Liability for false information

Individuals who provide the Operator with false information about themselves or another data subject without proper consent bear liability under applicable legislation.

5. Principles of Personal Data Processing

1. 5.1. Personal data processing must be lawful and fair.
2. 5.2. Personal data processing is limited to achieving the purposes specified in Section 4 of this Policy. It is not permissible to process personal data for purposes incompatible with these objectives.
3. 5.3. Personal data processing must be compatible with the stated processing purposes.
4. 5.4. Only personal data relevant to the stated processing purposes are subject to processing.
5. 5.5. The scope and content of processed personal data should be consistent with the stated processing purposes. Processing excess personal data beyond what is necessary for those purposes is not allowed.
6. 5.6. Personal data must be accurate, sufficient, and—where necessary—up to date with regard to the objectives for which they are processed. The Operator must take or ensure all necessary steps to remove or rectify any incomplete or inaccurate data.
7. 5.7. Personal data is stored in a form that makes it possible to identify the data subject only as long as required to fulfill the purposes of personal data processing, unless a federal law or a contract to which the personal data subject is a party, beneficiary, or guarantor sets a different storage period. Once processing purposes are achieved or are no longer necessary, any processed personal data shall be destroyed or anonymized unless otherwise required by federal law.

6. Conditions for Personal Data Processing

1. 6.1. Processing of personal data is carried out with the data subject's consent.
2. 6.2. Processing is necessary for achieving purposes set by international agreements or laws related to the functions, powers, and obligations imposed on the Operator by current legislation.
3. 6.3. Processing is necessary for the administration of justice, execution of a court decision, or another authority's or official's ruling under enforcement legislation.
4. 6.4. Processing is necessary for fulfilling a contract to which the data subject is a party, beneficiary, or guarantor, and for forming a contract at the data subject's initiative, or a contract under which the data subject will be a beneficiary or guarantor.
5. 6.5. Processing is necessary to exercise the Operator's or third parties' rights and legitimate interests or to achieve socially significant goals, provided that such processing does not violate the data subject's rights and freedoms.
6. 6.6. Processing is carried out for personal data that the data subject has made publicly accessible, or upon the data subject's request (hereinafter referred to as "publicly accessible personal data").
7. 6.7. Processing is carried out for personal data that is subject to publication or mandatory disclosure under federal law.

7. Procedure for Collecting, Storing, Transferring, and Other Types of Personal Data Processing

1. 7.1. The Operator ensures the security of processed personal data by implementing legal, organizational, and technical measures necessary for full compliance with current data protection legislation.
2. 7.2. The Operator guarantees the safety of personal data and takes all possible measures to prevent unauthorized access to such data.
3. 7.3. The User's personal data will not be disclosed to any third parties under any circumstances, except as required by applicable laws or if the data subject has provided consent to the Operator to transfer the data to a third party to fulfill obligations under a civil law contract.
4. 7.4. If personal data is found to be inaccurate, the User may update it by sending a notification to the Operator's email at extension.dev.lab@gmail.com with the subject "Updating personal data."
5. 7.5. The duration of personal data processing is determined by the purpose of collection unless otherwise specified by contract or current legislation. The User may revoke consent to personal data processing at any time by sending an email to extension.dev.lab@gmail.com with the subject "Withdrawal of consent to personal data processing."
6. 7.6. All data collected by third-party services, including payment systems, communication platforms, and other providers, is handled and stored by these entities (Operators) under their own User Agreements and Privacy Policies. The data subject should familiarize themselves and agree with those documents. The Operator is not liable for actions taken by these third parties.
7. 7.7. Any prohibitions set by the personal data subject on the transfer (except for granting access), processing, or conditions of processing (except for granting access) of personal data permitted for distribution do not apply when personal data is processed in the interest of the state, public bodies, or other public interests in accordance with current legislation.
8. 7.8. The Operator maintains the confidentiality of personal data during processing.
9. 7.9. The Operator stores personal data in a manner that allows identifying the data subject only as long as it is needed for the purposes of processing, unless a longer period is mandated by federal law or a contract to which the data subject is a party, beneficiary, or guarantor.
10. 7.10. Grounds for ending personal data processing include the attainment of processing goals, the expiration of the data subject's consent, the withdrawal of consent by the data subject, or a request to discontinue processing personal data, as well as any discovery of unlawful processing. The Operator will discontinue the transfer (distribution, provision, access) of personal data, cease processing, and destroy personal data in the manner and under the circumstances provided for by personal data laws.

8. Actions Carried Out by the Operator with Received Personal Data

1. 8.1. The Operator collects, records, systematizes, accumulates, stores, clarifies (updates, modifies), retrieves, uses, transfers (distributes, provides access), anonymizes, blocks, deletes, and destroys personal data.
2. 8.2. The Operator may process personal data automatically with the receipt and/or transfer of information via information and telecommunication networks or without such means.

9. Cross-Border Transfer of Personal Data

1. 9.1. Before initiating the cross-border transfer of personal data, the Operator must inform the authorized body responsible for safeguarding personal data subject rights regarding its intent to carry out such a transfer (this notice is separate from the notice of intent to process personal data).
2. 9.2. Prior to submitting the above-mentioned notice, the Operator must gather the relevant information from foreign state agencies, foreign individuals, or foreign legal entities involved in the planned cross-border transfer of personal data.

10. Confidentiality of Personal Data

The Operator and any other persons granted access to personal data are obliged to maintain confidentiality and must not disclose personal data to third parties or distribute it without the consent of the data subject, unless otherwise mandated by federal law.

11. Contact Information

If you have any questions about this Privacy Notice or the processing of your personal data, please contact the Operator at:

Email: bikishovd@gmail.com

12. Final Provisions

1. 12.1. Users may request clarifications on any aspects of personal data processing by emailing the Operator at bikishovd@gmail.com.
2. 12.2. Any updates to this personal data processing Policy will be reflected in this document. This Policy remains valid indefinitely until it is superseded by a new version.