RU
EN
Support service COS Project
 VK group
 The community in MAX
website icon
COS PROJECT
Personal Data Processing Policy

1. General Provisions


This Personal Data Processing Policy has been drafted in accordance with the requirements of the Federal Law of July 27, 2006, No. 152-FZ “On Personal Data” (hereinafter — the Personal Data Law) and establishes the procedure for processing personal data and the measures to ensure the security of personal data undertaken by LLC "COS PROJECT" (hereinafter — the Operator).


1.1. The Operator considers the protection of human rights and freedoms in processing personal data, including privacy, personal, and family secrets, as a primary goal and essential condition for conducting its activities.
1.2. This Policy applies to all information that the Operator may obtain about visitors to the website t.me/circle_os_store_bot.

2. Basic Concepts Used in the Policy


2.1. Automated processing of personal data — processing personal data using computing technology.
2.2. Blocking of personal data — temporary suspension of personal data processing (except when processing is necessary to clarify personal data).
2.3. Website — a set of graphical and informational materials, software, and databases providing access to information over the Internet at t.me/circle_os_store_bot.
2.4. Personal Data Information System — a set of personal data contained in databases and the information technologies and technical means that ensure its processing.
2.5. Anonymization of personal data — actions making it impossible to identify a specific individual without additional information.
2.6. Personal data processing — any action (operation) or set of actions (operations) performed using automation tools or without them with personal data, including collection, recording, systematization, accumulation, storage, updating, extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
2.7. Operator — a state body, municipal body, legal entity, or individual independently or jointly organizing and/or processing personal data, determining processing goals, data types, and actions performed.
2.8. Personal data — any information directly or indirectly relating to a specific or identifiable user of the website t.me/circle_os_store_bot.
2.9. Personal data permitted for disclosure — personal data made publicly accessible by the subject through consent to process and distribute them according to the Personal Data Law.
2.10. User — any visitor to the website t.me/circle_os_store_bot.
2.11. Providing personal data — actions aimed at disclosing personal data to a specific individual or group of individuals.
2.12. Distribution of personal data — actions aimed at disclosing personal data to an unspecified circle of persons or making them publicly accessible, including publication in mass media, posting in information and telecommunications networks, or providing access in any other way.
2.13. Cross-border transfer of personal data — transfer of personal data to a foreign country to authorities, individuals, or legal entities.
2.14. Destruction of personal data — actions resulting in irreversible destruction of personal data, making it impossible to restore its content, and/or destruction of physical media containing personal data.

3. Main Rights and Responsibilities of the Operator


3.1. The Operator has the right to:
  • Obtain accurate information and/or documents containing personal data from the data subject;
  • Continue processing personal data without consent in cases specified by the Personal Data Law, even if the subject withdraws consent;
  • Independently determine the necessary and sufficient measures to comply with the Personal Data Law, unless otherwise provided by law.
3.2. The Operator is obliged to:
  • Provide information about the processing of personal data upon request;
  • Organize personal data processing in accordance with Russian legislation;
  • Respond to requests from data subjects and their legal representatives according to the law;
  • Provide required information to the authorized body for personal data protection within 10 days of request;
  • Publish or provide unrestricted access to this Policy;
  • Take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, dissemination, and other unlawful actions;
  • Stop transferring or processing personal data and destroy it as prescribed by law;
  • Fulfill other obligations under the Personal Data Law.

4. Rights and Responsibilities of Personal Data Subjects


4.1. Data subjects have the right to:
  • Receive information about processing of their personal data, except in cases provided by law;
  • Request correction, blocking, or destruction of personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for processing purposes;
  • Require prior consent for marketing purposes;
  • Withdraw consent and request cessation of personal data processing;
  • Challenge unlawful actions or inaction of the Operator in court or via the authorized body;
  • Exercise other rights provided by Russian law.
4.2. Data subjects are obliged to:
  • Provide accurate data to the Operator;
  • Notify the Operator of updates or changes to their personal data.
4.3. Individuals providing false information or data about another subject without consent bear responsibility under Russian law.

5. Principles of Personal Data Processing


5.1. Processing shall be lawful and fair.
5.2. Processing is limited to specific, predetermined, and lawful purposes.
5.3. Databases with incompatible purposes shall not be merged.
5.4. Only personal data relevant to processing purposes shall be processed.
5.5. Data content and volume shall not exceed what is necessary for stated purposes.
5.6. Data shall be accurate, sufficient, and up-to-date.
5.7. Data shall be stored in identifiable form no longer than required by processing purposes and shall be anonymized or destroyed upon achievement of purposes or loss of necessity unless otherwise stipulated by law.

6. Purposes of Personal Data Processing


Purpose: Provide user access to services, information, and/or materials on the website.
Personal data includes:
  • Full name
  • Email address
  • Phone numbers
  • Date and place of birth
  • Photographs
  • Certificates
  • Legal grounds
  • Contracts concluded between the Operator and the data subject
Types of processing: collection, recording, systematization, accumulation, storage, destruction, anonymization.

7. Conditions for Personal Data Processing


7.1. Processing is carried out with the consent of the data subject.
7.2. Processing is necessary to achieve objectives under international treaties or Russian law.
7.3. Processing is necessary for justice or execution of court or other official acts.
7.4. Processing is necessary for contract execution or conclusion.
7.5. Processing is necessary to protect rights or legitimate interests of the Operator or third parties, or for public interest purposes without violating rights of the data subject.
7.6. Publicly accessible data may be processed.
7.7. Data subject to mandatory publication may be processed.

8. Procedure for Collecting, Storing, Transferring, and Other Processing


8.1. Security is ensured by legal, organizational, and technical measures.
8.2. Operator ensures personal data is protected from unauthorized access.
8.3. Personal data will not be transferred to third parties unless required by law or with consent for contractual obligations.
8.4. Users may update their data by emailing production@alldi.ru with the subject “Personal Data Update.”
8.5. Processing period depends on purpose unless otherwise specified by contract or law.
8.6. Users may withdraw consent by emailing production@alldi.ru with the subject “Withdrawal of Consent to Personal Data Processing.”
8.7. Data collected by third-party services (payment systems, communication providers) is managed by those entities under their terms; the Operator is not responsible for them.
8.8. Restrictions set by the data subject do not apply to public or state-interest processing.
8.9. Confidentiality is ensured.
8.10. Data is stored in identifiable form no longer than required by processing purposes.
8.11. Processing ceases upon achievement of purposes, consent expiry, withdrawal, request to cease processing, or detection of unlawful processing.

9. Actions Performed by the Operator


9.1. The Operator collects, records, systematizes, accumulates, stores, updates, extracts, uses, transfers, anonymizes, blocks, deletes, and destroys personal data.
9.2. Automated processing may involve information transfer over telecommunications networks or without them.

10. Cross-Border Transfer of Personal Data


10.1. Prior to cross-border transfer, the Operator must notify the authorized body.
10.2. The Operator must obtain information from foreign authorities or entities receiving personal data before transfer.

11. Confidentiality of Personal Data


11.1. The Operator and other persons with access to personal data must not disclose or distribute data without consent unless required by law.

12. Final Provisions


12.1. Users may request clarifications on personal data processing by contacting production@alldi.ru.
12.2. Changes to this Policy will be reflected in updates. The Policy remains in force until replaced by a new version.