This personal data processing policy is drawn up in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006, 'On Personal Data,' and defines the procedure for processing personal data and measures to ensure the security of personal data undertaken by Ivanov Ivan Ivanovich (hereinafter referred to as the Operator).

1. General Provisions

2. The Operator sets as its most important goal and condition for carrying out its activities the observance of human and civil rights and freedoms when processing their personal data, including the protection of the rights to privacy, personal and family secrets.

3. This Operator's policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may obtain about visitors to the website https://temp2.ronerent.ru.

4. In case of disagreement of the personal data subject or the subject's inability to comply with the Policy, the personal data subject has the right not to start using the website https://temp2.ronerent.ru.

5. Basic concepts used in the Policy.

6. Automated processing of personal data – processing of personal data using computer technology.

7. Blocking of personal data – temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data).

8. Website – a set of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet at the network address https://temp2.ronerent.ru.

9. Personal data information system – a set of personal data contained in databases and the information technologies and technical means ensuring their processing.

10. Depersonalization of personal data – actions as a result of which it is impossible to determine, without the use of additional information, the belonging of personal data to a specific User or other subject of personal data.

11. Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

12. Operator – a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

13. Personal data – any information relating directly or indirectly to a specific or identifiable subject of personal data, including the User of the Website.

14. User – any visitor to the Website.

15. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific circle of persons.

16. Distribution of personal data – any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or at familiarizing an unlimited number of persons with personal data, including the publication of personal data in the media, placement in information and telecommunication networks, or providing access to personal data in any other way.

17. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign state authority, foreign individual, or foreign legal entity.

18. Destruction of personal data – any actions as a result of which personal data are destroyed irrevocably with the impossibility of further restoring the content of personal data in the personal data information system and (or) material carriers of personal data are destroyed.

19. Purposes and Conditions of Personal Data Processing

20. The processing of personal data is limited to achieving specific, predetermined, and legitimate purposes. Processing of personal data incompatible with the purposes of collecting personal data is not permitted.

21. The Operator's processing of personal data is carried out for the purposes specified in Appendix No. 1 to the Policy. For each purpose of personal data processing, the Operator has defined categories and lists of personal data, categories of Subjects, methods and terms of processing and storage of personal data, and the procedure for destruction of personal data (Appendix No. 1 to the Policy).

22. The Operator does not process special categories of personal data concerning race, nationality, religious or philosophical beliefs, health status, or intimate life, except in cases provided for by the legislation of the Russian Federation.

23. By accepting the Policy, the User agrees to receive notifications about new products and services, special offers, and various events of the Operator. The User can always refuse to receive informational messages by sending the Operator a letter to the email address specified in section 13 of the Policy, marked 'Refusal of notifications about new products and services and special offers.'

24. Legal Grounds for Processing Personal Data

25. All personal data is provided by the subject personally and voluntarily.

26. The legal grounds for the Operator's processing of personal data are the set of legal acts, in execution and in accordance with which the Operator processes personal data, including: the Civil Code of the Russian Federation, federal laws and regulatory legal acts adopted on their basis regulating relations related to the Operator's activities; agreements concluded between the Operator and personal data subjects; consents to the processing of personal data.

27. Procedure for Collection, Storage, Transfer, and Other Types of Personal Data Processing

28. Personal data may be provided by the User by interacting with certain functions of the Operator's Website. If the User does not wish to provide their personal data to the Operator, they have the right not to interact with the functionality of the Operator's Website that involves the collection of personal data.

29. The collection and subsequent processing of personal data of subjects who are citizens of the Russian Federation is carried out exclusively using databases located on the territory of the Russian Federation.

30. As a general rule, the Operator does not verify the accuracy of personal data provided by subjects and does not exercise control over their legal capacity. The risk of providing inaccurate personal data, including providing third-party data as one's own, is borne by the subject themselves.

31. When processing personal data based on the subject's consent, the subject guarantees that they are a fully capable individual. If the subject is not a fully capable individual, consent to the processing of their personal data is expressed by the subject's legal representative.

32. Depending on the legal basis for processing personal data, the subject's data may be processed by the Operator for: the term of the subject's consent to the processing of personal data; the term of the civil law contract of which the subject is a party or beneficiary; or another term established by the legislation of the Russian Federation.

33. The Operator hereby notifies about the processing of personal data specified in section 14 of Appendix No. 1 to the Policy, in relation to subjects who have visited the Operator's Website, by using metric programs and analytics systems on the Operator's Website, such as 'Yandex.Metrica.' Additional information about this analytics tool can be found at: https://yandex.ru/support/metrika/. The Operator's use of metric programs and analytics systems is not intended to identify a specific visitor to the Operator's Website.

34. Procedure for Processing Personal Data

35. In relation to the personal data processed by the Operator, the Operator carries out the following operations: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.

36. Distribution and transfer of personal data to third parties is carried out by the Operator only upon obtaining separate consent to perform these actions.

37. Only the Operator's employees authorized to work with personal data and who have concluded a non-disclosure agreement with the Operator, including personal data, have access to the processing of subjects' personal data.

38. Employees authorized to work with subjects' personal data perform their duties in accordance with the Operator's local regulations.

39. Storage of Personal Data

40. Subjects' personal data is stored primarily on electronic media and processed using automation tools, except for cases where non-automated processing of personal data is necessary in connection with the fulfillment of legal requirements.

41. All personal data of subjects who are citizens of the Russian Federation is stored in databases located on the territory of the Russian Federation.

42. Storage of subjects' personal data is carried out no longer than required by the purposes of processing, unless otherwise provided by the legislation of the Russian Federation.

43. During the storage period, personal data cannot be depersonalized or destroyed.

44. Upon expiration of the storage period, personal data may be depersonalized or destroyed in accordance with the procedure established by the current legislation of the Russian Federation.

45. Transfer of Personal Data

46. The Operator may transfer subjects' personal data to third parties without instructing them to process such data in the following cases: to comply with the provisions of legislation applicable to the Operator that require the Operator to disclose personal data in a certain exchange; if the subject has consented to the processing of personal data with permission to transfer personal data to a third party; to fulfill the Operator's obligations under a contract of which the subject is a party or beneficiary; if there are other legal grounds in accordance with the legislation of the Russian Federation.

47. Before transferring the Subject's personal data to third parties, the said persons provide the Operator with an obligation of non-disclosure of personal data, specifying liability measures for their disclosure.

48. The Operator does not carry out cross-border transfer of Subjects' personal data.

49. Destruction of Personal Data

50. Destruction of personal data occurs by deleting information about the subject from the Operator's databases.

51. Destruction of personal data is carried out upon the subject's written application or in connection with a requirement of the legislation of the Russian Federation.

52. The procedure for destruction of personal data is determined by the legislation of the Russian Federation and local regulations in force at the Operator.

53. When destroying a subject's personal data, the Operator's employees cannot gain access to the personal data.

54. The operation of destroying personal data is irreversible.

55. Measures and Implemented Requirements for the Protection of Personal Data

56. Protection of personal data is carried out by the Operator in the manner established by the legislation of the Russian Federation.

57. The Operator takes all necessary organizational, administrative, and technical measures to protect Subjects' personal data: storage locations for personal data are defined; a list of persons processing personal data and having access to them is defined; threats to the security of personal data during their processing in personal data information systems are defined; technical means for processing personal data are located within a protected area; access control is organized on the Operator's territory; accounting of machine media of personal data is organized; the possibility of restoring personal data modified or destroyed due to unauthorized access is provided; detection of facts of unauthorized access to personal data is carried out; separate storage of personal data processed for different purposes is ensured.

58. The Operator ensures the confidentiality and security of personal data during their processing using the following technical means and methods: antivirus protection of servers containing personal data using antivirus software; duplication and backup of network blocks and subsystems that are important for data preservation.

59. Procedure for Processing Requests, Notifications, and Statements from Personal Data Subjects

60. The Subject has the right to: receive personal data relating to this subject and information concerning their processing by the Operator; demand clarification, blocking, or destruction of their personal data if they are incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing; withdraw the consent they provided to the Operator for the processing of personal data.

61. To exercise their rights and legitimate interests, including the rights specified in clause 11.1 of the Policy, the Subject has the right to send a written request to the Operator at the email address specified in section 13 of the Policy.

62. When sending a withdrawal of consent to the processing of personal data, the email must contain the note 'Withdrawal of consent to the processing of personal data.'

63. Final Provisions

64. The Policy is published on the Operator's Website and comes into force from the date of its publication.

65. If it is necessary to bring the Policy into compliance with newly adopted legislative acts, changes to the Policy are made by publishing the Policy in a new edition on the Operator's Website.

66. The Policy applies to all Users of the Operator's Website, as well as to the Operator's employees who have access to and process personal data of subjects.

67. Operator's Details: