Legal Information

Personal Data Processing Policy

1. General Provisions

This document (hereinafter referred to as the "Policy") defines the purposes and general principles of personal data processing, as well as the measures implemented for the protection of personal data by the Operator. The Policy is a publicly available document of the Operator and allows any individual to familiarize themselves with its contents.
The Policy remains in effect indefinitely after its approval until it is replaced by a new version.
The terms and definitions used in this Policy correspond to their meanings as defined in Federal Law No. 152-FZ "On Personal Data."
The Operator processes personal data in compliance with the principles and conditions established by this Policy and the legislation of the Russian Federation on personal data.

2. Legal Grounds for Personal Data Processing

The processing of personal data by the Operator is carried out on a lawful and fair basis, in accordance with the following legal documents:
- The Constitution of the Russian Federation;
- The Labor Code of the Russian Federation;
- The Civil Code of the Russian Federation;
- The Tax Code of the Russian Federation;
- Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006;
- Federal Law No. 63-FZ "On Electronic Signatures" dated 06.04.2011;
- Federal Law No. 99-FZ "On Licensing Certain Types of Activities" dated 04.05.2011;
- Federal Law No. 126-FZ "On Communications" dated 07.07.2003;
- Federal Law No. 27-FZ "On Individual (Personalized) Accounting in the System of Mandatory Pension Insurance" dated 01.04.1996;
- Federal Law No. 125-FZ "On Archival Affairs in the Russian Federation" dated 22.10.2004;
- Federal Law No. 273-FZ "On Education in the Russian Federation" dated 29.12.2012.

3. Procedures and Conditions for Personal Data Processing

The Operator processes personal data using both automated and non-automated methods.
The following actions are performed with personal data: collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (provision, access), anonymization, blocking, deletion, and destruction.
The accuracy, sufficiency, and relevance of personal data are ensured in relation to the purposes of processing. If inaccurate or incomplete personal data is detected, it is updated accordingly.
In cases stipulated by Federal Law No. 152-FZ, the collection and processing of personal data require the written consent of the data subject. Consent in the form of an electronic document signed with a qualified electronic signature is considered equivalent to written consent on paper with a handwritten signature.
Consent for personal data processing may be provided by the data subject or their representative in any form that allows confirmation of its receipt, unless otherwise specified by Federal Law No. 152-FZ.
The Operator does not process special categories of personal data related to racial or ethnic origin, political views, religious or philosophical beliefs, or intimate life.
Information that characterizes an individual’s physiological features and allows for personal identification (biometric personal data) may be processed only with the data subject’s written consent.
Personal data processing and storage are conducted for no longer than required by the purposes of processing unless there are legal grounds for extended processing.
Personal data processing under contracts, agreements, or assignments of the Operator is carried out according to the terms specified in such documents. These documents may define, in particular:
1. The purposes, conditions, and duration of personal data processing;
2. The obligations of the parties, including security measures for personal data protection;
3. The rights, responsibilities, and liabilities of the parties regarding personal data processing.
In cases not explicitly provided for by applicable law or agreements, processing is carried out upon obtaining the data subject’s consent. Consent may be expressed through actions, acceptance of contract terms, marking relevant checkboxes, filling out forms, or by providing written consent in accordance with the law.
The Operator takes necessary legal, organizational, and technical measures to ensure the security of personal data and protect it from unauthorized (including accidental) access, destruction, alteration, blocking, and other unauthorized actions. These measures include:
1. Appointing employees responsible for organizing and ensuring personal data security;
2. Including confidentiality clauses in contracts when necessary;
3. Issuing internal regulations on personal data processing and informing employees about them;
4. Ensuring physical security of premises and processing facilities, access control, security measures, and video surveillance;
5. Restricting and differentiating employee access to personal data and processing tools, as well as monitoring data access actions;
6. Identifying potential security threats and developing threat models based on them;
7. Implementing security tools (antivirus software, firewalls, access control tools, cryptographic protection), including certified security solutions;
8. Keeping records and securely storing data carriers to prevent theft, unauthorized copying, or destruction;
9. Performing regular data backups to ensure recovery capabilities;
10. Conducting internal audits to ensure compliance with established procedures, evaluating the effectiveness of security measures, and responding to security incidents.

4. Rights of Personal Data Subjects

The data subject has the right to withdraw consent for personal data processing by submitting a request to the Operator via mail or in person.
The data subject has the right to receive information regarding the processing of their personal data, including:
1. Confirmation of whether their data is being processed by the Operator;
2. Legal grounds and purposes of processing;
3. Methods used for processing personal data;
4. The name, location, and details of entities (excluding the Operator’s employees) with access to personal data or those to whom data may be disclosed under a contract or federal law;
5. Personal data being processed, its source (if different from the data subject);
6. Processing duration, including storage periods;
7. Information about cross-border data transfers;
8. The name, surname, and address of any entity processing personal data on behalf of the Operator;
9. Other details as provided by Federal Law No. 152-FZ or other federal laws.
The data subject may request corrections, blocking, or deletion of personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for processing purposes.
If a data subject believes that the Operator processes their data in violation of Federal Law No. 152-FZ or otherwise infringes upon their rights, they may file a complaint with the regulatory authority (Roskomnadzor) or seek legal action.
The data subject has the right to claim compensation for damages and/or moral harm in court.

5. Rights and Obligations of the Operator

The rights and obligations of the Operator are determined by applicable laws and agreements.
Compliance with this Policy is monitored by the person responsible for personal data processing.
Entities processing personal data on behalf of the Operator are held liable for misuse in accordance with contractual obligations and confidentiality agreements.
Individuals responsible for violations of personal data processing and protection laws may face civil, administrative, disciplinary, or criminal liability as prescribed by federal laws, internal regulations, and agreements.
The Personal Data Processing Policy is developed by the responsible personnel and enacted upon approval by the Operator’s management. Suggestions and comments for amendments should be sent to support@amnezia-vps.live. The Policy is reviewed annually and updated as necessary.

Personal Data Processing Policy

1. General Provisions

This document (hereinafter referred to as the "Policy") defines the purposes and general principles of personal data processing, as well as the measures implemented for the protection of personal data by the Operator. The Policy is a publicly available document of the Operator and allows any individual to familiarize themselves with its contents.

The Policy remains in effect indefinitely after its approval until it is replaced by a new version.

The terms and definitions used in this Policy correspond to their meanings as defined in Federal Law No. 152-FZ "On Personal Data."

The Operator processes personal data in compliance with the principles and conditions established by this Policy and the legislation of the Russian Federation on personal data.

2. Legal Grounds for Personal Data Processing

The processing of personal data by the Operator is carried out on a lawful and fair basis, in accordance with the following legal documents:

The Constitution of the Russian Federation;
The Labor Code of the Russian Federation;
The Civil Code of the Russian Federation;
The Tax Code of the Russian Federation;
Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006;
Federal Law No. 63-FZ "On Electronic Signatures" dated 06.04.2011;
Federal Law No. 99-FZ "On Licensing Certain Types of Activities" dated 04.05.2011;
Federal Law No. 126-FZ "On Communications" dated 07.07.2003;
Federal Law No. 27-FZ "On Individual (Personalized) Accounting in the System of Mandatory Pension Insurance" dated 01.04.1996;
Federal Law No. 125-FZ "On Archival Affairs in the Russian Federation" dated 22.10.2004;
Federal Law No. 273-FZ "On Education in the Russian Federation" dated 29.12.2012.

3. Procedures and Conditions for Personal Data Processing

The Operator processes personal data using both automated and non-automated methods.

The following actions are performed with personal data: collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (provision, access), anonymization, blocking, deletion, and destruction.

The accuracy, sufficiency, and relevance of personal data are ensured in relation to the purposes of processing. If inaccurate or incomplete personal data is detected, it is updated accordingly.

In cases stipulated by Federal Law No. 152-FZ, the collection and processing of personal data require the written consent of the data subject. Consent in the form of an electronic document signed with a qualified electronic signature is considered equivalent to written consent on paper with a handwritten signature.

Consent for personal data processing may be provided by the data subject or their representative in any form that allows confirmation of its receipt, unless otherwise specified by Federal Law No. 152-FZ.

The Operator does not process special categories of personal data related to racial or ethnic origin, political views, religious or philosophical beliefs, or intimate life.

Information that characterizes an individual’s physiological features and allows for personal identification (biometric personal data) may be processed only with the data subject’s written consent.

Personal data processing and storage are conducted for no longer than required by the purposes of processing unless there are legal grounds for extended processing.

Personal data processing under contracts, agreements, or assignments of the Operator is carried out according to the terms specified in such documents. These documents may define, in particular:

The purposes, conditions, and duration of personal data processing;
The obligations of the parties, including security measures for personal data protection;
The rights, responsibilities, and liabilities of the parties regarding personal data processing.

In cases not explicitly provided for by applicable law or agreements, processing is carried out upon obtaining the data subject’s consent. Consent may be expressed through actions, acceptance of contract terms, marking relevant checkboxes, filling out forms, or by providing written consent in accordance with the law.

The Operator takes necessary legal, organizational, and technical measures to ensure the security of personal data and protect it from unauthorized (including accidental) access, destruction, alteration, blocking, and other unauthorized actions. These measures include:

Appointing employees responsible for organizing and ensuring personal data security;
Including confidentiality clauses in contracts when necessary;
Issuing internal regulations on personal data processing and informing employees about them;
Ensuring physical security of premises and processing facilities, access control, security measures, and video surveillance;
Restricting and differentiating employee access to personal data and processing tools, as well as monitoring data access actions;
Identifying potential security threats and developing threat models based on them;
Implementing security tools (antivirus software, firewalls, access control tools, cryptographic protection), including certified security solutions;
Keeping records and securely storing data carriers to prevent theft, unauthorized copying, or destruction;
Performing regular data backups to ensure recovery capabilities;
Conducting internal audits to ensure compliance with established procedures, evaluating the effectiveness of security measures, and responding to security incidents.

4. Rights of Personal Data Subjects

The data subject has the right to withdraw consent for personal data processing by submitting a request to the Operator via mail or in person.

The data subject has the right to receive information regarding the processing of their personal data, including:

Confirmation of whether their data is being processed by the Operator;
Legal grounds and purposes of processing;
Methods used for processing personal data;
The name, location, and details of entities (excluding the Operator’s employees) with access to personal data or those to whom data may be disclosed under a contract or federal law;
Personal data being processed, its source (if different from the data subject);
Processing duration, including storage periods;
Information about cross-border data transfers;
The name, surname, and address of any entity processing personal data on behalf of the Operator;
Other details as provided by Federal Law No. 152-FZ or other federal laws.

The data subject may request corrections, blocking, or deletion of personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for processing purposes.

If a data subject believes that the Operator processes their data in violation of Federal Law No. 152-FZ or otherwise infringes upon their rights, they may file a complaint with the regulatory authority (Roskomnadzor) or seek legal action.

The data subject has the right to claim compensation for damages and/or moral harm in court.

5. Rights and Obligations of the Operator

The rights and obligations of the Operator are determined by applicable laws and agreements.

Compliance with this Policy is monitored by the person responsible for personal data processing.

Entities processing personal data on behalf of the Operator are held liable for misuse in accordance with contractual obligations and confidentiality agreements.

Individuals responsible for violations of personal data processing and protection laws may face civil, administrative, disciplinary, or criminal liability as prescribed by federal laws, internal regulations, and agreements.

The Personal Data Processing Policy is developed by the responsible personnel and enacted upon approval by the Operator’s management. Suggestions and comments for amendments should be sent to support@amnezia-vps.live. The Policy is reviewed annually and updated as necessary.