Policy regarding the processing of personal data in BIG JACK LLC

Version No. 1 from:

"____" _______________ 201__

1. GENERAL PROVISIONS
   1. Policy regarding the processing of personal data (hereinafter referred to as the Policy) is a document establishing the relationship between individuals - subjects of personal data (hereinafter referred to as the "User" or "You") and BIG JACK LLC ОГРН 1167746430598, ИНН 9717024629, КПП 770301001, location 123112, Moscow, 'Presnenskaya embankment, 12, room 10/45' (hereinafter referred to as the "Operator" or "Company") in part processing of personal data.
   2. The Policy was developed in accordance with Clause 2 of Part 1 of Article 18.1 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (hereinafter referred to as the Federal Law "On Personal Data").
   3. The Policy contains information subject to disclosure in accordance with Part 1 of Article 14 of the Federal Law "On Personal Data", is a public document and is located at https://bigjack24.ru/.
   4. The Company has the right to change this Policy at any time by publishing the appropriate changes. This Policy cannot be changed except by publishing the amended document on the Company's Website. The relations between the User and the Company arising in connection with the application of this Policy shall be subject to the law of the Russian Federation.
2. CONCEPTS
   1. Personal data – any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).
   2. Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
   3. The operator of personal data is BIG JACK LLC, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing

personal data, their composition to be processed, actions (operations) performed with the personal data of Users.

Confidentiality of personal data is the obligation of the Operator and other persons who have gained access to personal data not to disclose to third parties and not to distribute them without the consent of the subject of personal data, unless otherwise provided by federal law.

Website - an Internet resource located on the Internet at https://bigjack24.ru/, owned by the Company. The company does not allow any changes to the content of this site. The Company's website contains links to other websites and in this case the Company is not responsible for the confidentiality of information on other resources.

USER RIGHTS

1. Users have the right to:
   1. To receive personal data relating to this User and information regarding their processing;
   2. To clarify, block or destroy his personal data if they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
   3. To withdraw his consent to the processing of personal data;
   4. To protect their rights and legitimate interests, including compensation for damages and compensation for moral damage in court;
   5. To appeal against the actions or inaction of the Company to the authorized body for the protection of the rights of subjects of personal data or in court.

GROUNDS FOR PROCESSING PERSONAL DATA

1. The Company processes personal data on a legal and fair basis to perform the functions, powers and duties assigned by law, to exercise the rights and legitimate interests of the Company and Users.
2. The Company receives personal data directly from Users and processes them only with the consent of the Users. The Company receives the User's personal data through the Site.
3. Databases of information containing personal data of Users who are citizens of the Russian Federation are located on the territory of the Russian Federation.

PROCESSING OF USERS' PERSONAL DATA

1. This Policy establishes the Company's obligations for non-disclosure and ensuring the protection of the confidentiality of personal data that

the user provides when using the Site.

The Company processes the personal data of Users in order to comply with the norms of the legislation of the Russian Federation, as well as:

1. conclusion and execution of contracts;
2. informing about new goods and services;
3. preparation of individual proposals;
4. conducting advertising activities;
5. processing applications on the Company's Website.

The Company processes the personal data of Users with their consent, by ticking the consent box under the personal data collection form posted on the Site.

Categories of personal data that the Company collects to achieve the purposes specified in clause 5.2. Policy:

1. Surname;
2. Name;
3. Patronymic;
4. Date of birth;
5. Month of birth;
6. Contact phone number;
7. E-mail address;
8. Post;
9. The source of access to the Company's website;
10. Information of a search or advertising query.

The Company does not process special categories of personal data of Users.

The Company does not process biometric categories of Users' personal data.

This Policy applies only to information processed in the course of using the Site. The Company does not control and is not responsible for the processing of information by third-party sites and services to which Users can click on the links available within the Site.

The Company does not verify the accuracy of the personal data provided by the User, and does not have the ability to assess his legal capacity. However, the Company assumes that Users provide reliable and sufficient personal data and keep them up to date.

CONDITIONS FOR THE PROCESSING OF PERSONAL DATA OF USERS

1. The processing of Users' personal data is limited to the period for achieving the purposes of processing.
2. The Company processes the personal data of Users in an automated way, using computer technology, as well as in a non-automated way.
3. Actions for the processing of personal data include collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.
4. With regard to the personal data of P

Users maintain their confidentiality, except in cases where Users voluntarily provide information about themselves for general access to an unlimited number of persons.

The Company has the right to transfer the User's personal data to third parties in the following cases:

1. Users have consented to such actions;
2. The transfer is necessary for Users to use certain functions of the Site or to fulfill a certain agreement or contract;
3. The transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law;
4. Such transfer takes place as part of the sale or other transfer of business (in whole or in part), while the acquirer assumes all obligations to comply with the terms of this Policy in relation to the personal data received by him;
5. As a result of the processing of personal data of Users by depersonalizing them, anonymized statistical data is obtained, which is transferred to a third party for research, performance of work or provision of services on behalf of the Company;
6. Users' personal data may be transferred to the authorized state authorities of the Russian Federation on the grounds and in the manner established by the current legislation of the Russian Federation.

When processing personal data of Users, the Company is guided by:

1. Federal Law No. 152-FZ of 27.07.2006 "On Personal Data";
2. Decree of the Government of the Russian Federation dated 01.11.2012 No. 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems";
3. Decree of the Government of the Russian Federation of 15.09.2008 No. 687 "On Approval of the Regulation on the Specifics of Personal Data Processing Carried Out Without the Use of Automation Tools";
4. Order of the FSTEC of Russia dated February 18, 2013 No. 21 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems";
5. Order of the Federal Security Service of Russia dated 10.07.2014 No. 378 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems using the means of

riptographic protection of information necessary to fulfill the requirements established by the Government of the Russian Federation for the protection of personal data for each of the levels of security.

The Company takes the necessary organizational and technical measures to protect the User's personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

The Company, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of personal data.

MANDATORY DATA RETENTION

1. The rights of Users provided for in this Policy may be limited in accordance with the requirements of applicable law. In particular, such restrictions may include the Company's obligation to keep the information changed or deleted by Users for the period established by law, and/or transfer such information in accordance with the legally established procedure to a state body.

INFORMATION ON ENSURING THE SECURITY OF PERSONAL DATA

1. The Company appoints a person responsible for organizing the processing of personal data to fulfill the obligations provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it.
2. The Company applies a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and protect them from illegal actions:
   1. Establishes rules for access to personal data processed in the Company's information system, as well as ensures registration and accounting of all actions with them;
   2. Assesses the harm that may be caused to Users in case of violation of the Federal Law "On Personal Data";
   3. Identifies threats to the security of personal data during their processing in the Company's information system;
   4. Applies organizational and technical measures and uses information security tools necessary to achieve the established level of protection of personal data;
   5. Detects unauthorized access to personal data and takes measures to respond to

Including the recovery of personal data modified or destroyed as a result of unauthorized access to them;

Assesses the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the Company's information system;

Carries out internal control over the compliance of the processing of personal data with the Federal Law "On Personal Data", regulatory legal acts adopted in accordance with it, requirements for the protection of personal data, the Policy, Regulations and other local acts, including control over the measures taken to ensure the security of personal data and their level of security when processed in the Company's information system.

OPERATOR INFORMATION

1. The database of information containing personal data of Users who are citizens of the Russian Federation is located on the territory of the Russian Federation.
2. To exercise their rights and legitimate interests, Users have the right to contact the Operator or send a request in person or with the help of a representative to the address specified in clause 9.1. Policies or through the feedback form. The request must contain the information specified in Part 3 of Article 14 of the Federal Law "On Personal Data".