GENERAL PROVISIONS

This Regulation on the processing of personal data (hereinafter referred to as the Regulation, this Regulation) was developed by OOO "Vash Correct Reshenie" (hereinafter also referred to as the Operator) and is applied in accordance with paragraph 2 of Part 1 of Article 18.1 of the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data".
This Policy defines the Operator's policy regarding the processing of personal data.
All issues related to the processing of personal data not regulated by this Policy shall be resolved in accordance with current Russian Federation legislation on personal data.
This Policy and amendments thereto are approved by the Operator's manager and implemented by the Operator's order.
In accordance with paragraph 1 of Article 3 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data," personal data of clients or individuals refers to any information related to a client or individual directly or indirectly identified or determinable on the basis of such information (hereinafter, personal data).
Your Right Decision LLC is the operator that organizes and/or processes personal data and determines the purposes and content of personal data processing.
The purpose of personal data processing is:
Ensuring the protection of human and civil rights and freedoms during the processing of their personal data, including the protection of their rights to privacy, personal and family secrets;
Provision by the Operator to individuals and legal entities of services related to the Operator's business activities, including the Operator's contacts with such individuals, including by email, telephone, and at the address provided by the relevant individual;
Providing consultations and responses to inquirers via communication tools and providing the contractual data they provide;
promoting the Operator's goods, works, and services on the market by directly contacting potential consumers via communication tools (permitted only with the prior consent of the personal data subject).
The Operator organizes processing based on the following principles:
The legality of the purposes and methods of processing personal data, and the integrity and fairness of the Operator's activities;
the accuracy of personal data, its sufficiency for the purposes of processing, and the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting the personal data;
processing only personal data that is relevant to the purposes for which it is processed;
The content and volume of processed personal data must be consistent with the stated purposes of processing. Processed personal data must not be excessive in relation to the stated purposes of processing;
The inadmissibility of combining databases containing personal data processed for incompatible purposes;
Ensuring the accuracy, sufficiency, and, where necessary, relevance of personal data in relation to the purposes of personal data processing. The Operator takes or ensures that necessary measures are taken to delete or rectify incomplete or inaccurate data;
Storing personal data in a form that allows identification of the data subject for no longer than is required for the purposes of personal data processing.
Personal data is processed in compliance with the principles and rules set forth in Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" and this Policy.
Personal data is processed with or without the use of automated tools.
In accordance with the stated goals and objectives, the Operator appoints a person responsible for organizing the processing of personal data prior to commencing personal data processing.
The person responsible for organizing the processing of personal data receives instructions directly from the Operator's executive body and reports to it.
The person responsible for organizing the processing of personal data has the right to prepare and sign the notification stipulated by Parts 1 and 3 of Article 22 of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006.
The Operator's employees directly involved in the processing of personal data must be familiar with the provisions of Russian Federation legislation on personal data, including personal data protection requirements, documents defining the Operator's policy on personal data processing, internal regulations on personal data processing, and this Policy and any amendments thereto, prior to commencing work.
When processing personal data, the Operator applies legal, organizational, and technical measures to ensure the security of personal data in accordance with Article 19 of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006.
When collecting personal data using information and telecommunications networks, the Operator is obliged to publish in the relevant information and telecommunications network a document defining its policy regarding the processing of personal data and information on the implemented requirements for the protection of personal data, and also to ensure the possibility of access to the said document using the means of the relevant information and telecommunications network.
Conditions for the Processing of Personal Data by the Operator. The processing of personal data is permitted in the following cases:
Personal data is processed with the consent of the personal data subject to the processing of their personal data;
The processing of personal data is necessary to achieve the goals stipulated by an international treaty of the Russian Federation or by law, or to exercise and fulfill the functions, powers, and duties imposed on the Operator by the legislation of the Russian Federation;
The processing of personal data is necessary for the performance of an agreement to which the personal data subject is a party, beneficiary, or guarantor, including in the event the Operator exercises its right to assign rights (claims) under such an agreement, as well as for concluding an agreement at the initiative of the personal data subject or an agreement under which the personal data subject will be a beneficiary or guarantor;
the processing of personal data is necessary to protect the life, health, or other vital interests of the personal data subject, if obtaining the consent of the personal data subject is impossible;
The processing of personal data is necessary to exercise the rights and legitimate interests of the Operator or third parties, or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the personal data subject;
the processing of personal data is carried out for statistical or other research purposes, with the exception of the purposes specified in Article 15 of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006, subject to mandatory anonymization of personal data;
Personal data is processed that is accessible to an unlimited number of persons by the personal data subject or at their request;
Personal data subject to publication or mandatory disclosure in accordance with federal law is processed.
Personal data must be stored in a form that allows identification of the personal data subject for no longer than required for the purposes of processing, and it must be destroyed upon the achievement of the processing purposes or when the need for achieving them is no longer necessary, in accordance with the procedure set forth in the Operator's Personal Data Storage Policy.
Personal data processed in information systems must be protected from unauthorized access and copying. The security of personal data processed in information systems is ensured by a personal data protection system, which includes organizational measures and information security tools. Hardware and software must meet the requirements established by Russian Federation law to ensure information security.
Interaction with federal executive authorities regarding the processing and protection of personal data of subjects whose personal data is processed by the Operator is carried out within the framework of Russian Federation law.

ENFORCEMENT OF THE RIGHTS OF PERSONAL DATA SUBJECTS BY THE OPERATOR
Personal data subjects or their representatives have the rights stipulated by Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" and other regulatory legal acts governing the processing of personal data.
The Operator ensures the rights of personal data subjects in accordance with Chapters 3 and 4 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data."
The Operator is obligated to provide the personal data subject or their representative with the opportunity to access personal data relating to that personal data subject free of charge at the Operator's location during the Operator's business hours.
The right of a personal data subject to access their personal data may be limited in accordance with federal laws.
If a personal data subject is represented by a representative, the representative's authority is confirmed by a power of attorney executed in the prescribed manner.
If the personal data subject provides written consent to the use of personal data, a simple written form is sufficient.
The Operator guarantees the security and confidentiality of the personal data used.
The processing of personal data for the purpose of promoting goods, works, and services on the market through direct contact with potential consumers via communication tools is permitted only with the prior consent of the personal data subject.

RECEIPT, PROCESSING, AND STORAGE OF PERSONAL DATA
The Operator establishes the following procedure for collecting personal data:
When requesting the Operator's services, the client provides the information required by the relevant forms.
The Operator does not receive or process the client's personal data regarding their race, political views, religious and philosophical beliefs, health, or intimate life, unless otherwise provided by law.
In cases directly related to labor relations, in accordance with Article 24 of the Constitution of the Russian Federation, the Organization has the right to receive and process data about the client's private life only with their written consent.
If a client accepts an offer posted on the Operator's website or enters into another agreement with the Operator, the client's personal data is processed for the performance of the relevant agreement, which entered into force as a result of the client's acceptance of the terms of the offer or the conclusion of another agreement, respectively.
The Operator also has the right to process the personal data of individuals who contact the Operator only with their consent to the use of their personal data.
Consent to the processing of personal data is not required in the following cases:
the personal data is publicly available;
Personal data processing is carried out on the basis of federal law establishing its purpose, the conditions for obtaining personal data, and the scope of subjects whose personal data is subject to processing, as well as the specific powers of the Organization;
at the request of authorized government agencies - in cases stipulated by federal law;
personal data processing is carried out for the purpose of fulfilling an agreement concluded with the Operator;
personal data processing is carried out for statistical or other scientific purposes, subject to mandatory anonymization of the personal data;
The processing of personal data is necessary to protect the life, health, or other vital interests of the client if obtaining their consent is impossible.
The Operator ensures the secure storage of personal data, including:
The storage, compilation, accounting, and use of documents containing personal data are organized in the form of a separate archive maintained by the Operator.
Personal data must be stored in a form that allows identification of the data subject, for no longer than required for the purposes of processing the personal data, unless the storage period is established by federal law or an agreement to which the data subject is a party, beneficiary, or guarantor. Processed personal data must be destroyed or anonymized once the processing purposes are achieved or when these purposes are no longer necessary, unless otherwise provided by federal law.
​
TRANSFER OF PERSONAL DATA
Personal data is transferred in compliance with the following requirements:
Personal data may not be disclosed to third parties without the client's written consent, except in cases where this is necessary to prevent a threat to the client's life or health, or in other cases stipulated by law;
Personal data may not be disclosed for commercial purposes without the written consent of the data subject;
Inform persons receiving personal data that such data may only be used for the purposes for which it was disclosed, and require such persons to confirm that this rule has been observed;
Allow access to personal data only to specially authorized persons, and such persons must be authorized to receive only the personal data necessary to perform specific functions;
Not request information about the client's health, with the exception of information relevant to the client's ability to fulfill their obligations under the contract with the Operator;
Transfer the client's personal data to their representatives in accordance with the procedure established by Federal Law No. 152-FZ "On Personal Data" of July 27, 2006.
​
​
ACCESS TO PERSONAL DATA
The following persons have the right to access personal data:
the Operator's manager;
the Operator's employees working with a specific client;
accounting staff;
employees providing technical support for the Operator's activities.
To ensure the protection of personal data, clients have the following rights:
to full information about their personal data and the processing of this data;
To free and unfettered access to their personal data, including the right to receive copies of any record containing personal data, except in cases stipulated by federal law;
to appoint representatives to protect their personal data;
to request the deletion or correction of incorrect or incomplete personal data, as well as data processed in violation of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006.
Copying and extracting personal data is permitted solely for official purposes with the permission of the manager.
​
LIABILITY FOR VIOLATION OF RULES GOVERNING PERSONAL DATA PROCESSING
Individuals found guilty of violating personal data processing procedures are subject to disciplinary, administrative, civil, or criminal liability in accordance with federal laws.
The heads of the Operator's structural divisions are personally responsible for the performance of their duties by their subordinates.