Personal Data Processing Policy

1. General Provisions
This Personal Data Processing Policy was elaborated under the requirements of the Federal Law dated July 27, 2006 No. 152-FZ “On Protection of Personal Data” (hereinafter referred to as the “Law on Protection of Personal Data”) and determines the order of processing personal data and measures to ensure the security of personal data taken by Architect Wizards LLC (hereinafter referred to as the “Operator”).
1.1. The Operator sets as its most important goal and condition for the implementation of its activities the observance of human and civil rights and freedoms in the processing of his/her personal data including the protection of the rights to privacy and personal and family secrets.
1.2. This Operator’s policy regarding the processing of personal data (hereinafter referred to as the “Policy”) applies to all information the Operator may receive about visitors to https://archwiz.ru.

2. General Definitions Applied in the Policy
2.1. “Automated personal data processing” means the processing of personal data using computer equipment.
2.2. “Personal data blocking” means temporary suspension of personal data processing (unless the processing is necessary to clarify personal data).
2.3. “Website” means a set of graphic and information materials, as well as programs for computers and databases that ensure their accessibility on the Internet at the network address https://archwiz.ru.
2.4. “Personal data information system” means a set of personal data contained in databases, as well as information technologies and technical means ensuring their processing.
2.5. “Depersonalization of personal data” means actions resulting in the impossibility to determine, without additional information, whether personal data belongs to a specific personal data subject.
2.6. “Personal data processing” means any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data including collection, recording, systematization, accumulation, storage, clarification (updating and modification), retrieval, use, transfer (distribution, provision, and access), depersonalization, blocking, deletion, and destruction of the personal data.
2.7. “Operator” means a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of personal data processing, the content of personal data to be processed, and actions (operations) performed with personal data.
2.8. “Personal data” means any information directly or indirectly relating to a specific or specified User of the website https://archwiz.ru.
2.9. “Personal data allowed by the personal data subject for distribution” means personal data, access of an unlimited number of persons to which is provided by the personal data subject by giving consent to personal data processing allowed by the personal data subject for distribution in the manner prescribed by the Law on Protection of Personal Data (hereinafter referred to as the “personal data allowed for distribution”).
2.10. “User” means any visitor to the website https://archwiz.ru.
2.11. “Provision of personal data” means actions aimed at disclosing personal data to a certain person or a certain set of persons.
2.12. “Distribution of personal data” means actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or at making an unlimited number of persons familiar with personal data including publication of personal data in mass media and information or telecommunications networks or otherwise granting access to personal data.
2.13. “Cross-border transfer of personal data” means the transfer of personal data to the territory of a foreign state to a foreign government authority, a foreign individual, or a foreign legal entity.
2.14. “Destruction of personal data” means actions resulting in the impossibility to restore the contents of personal data in the personal data information system and (or) in the destruction of personal data storage media.

3. Basic rights and obligations of the Operator
3.1. The Operator is entitled to:
– receive from the personal data subject reliable information and/or documents containing personal data;
– if the personal data subject withdraws consent to personal data processing, the Operator is entitled to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Law on Protection of Personal Data;
– independently determine the set and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Protection of Personal Data and regulatory legal acts adopted in accordance therewith unless otherwise provided by the Law on Protection of Personal Data or other federal laws.
3.2. The Operator is obliged to:
– provide the personal data subject, at his/her request, with information relating to the processing of his/her personal data;
– organize the personal data processing in the manner prescribed by the current legislation of the Russian Federation;
– respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the Law on Protection of Personal Data;
– inform the authorized body for the protection of the rights of the personal data subjects, at the request of this body, of the necessary information within 30 days from the date of receipt of such a request;
– publish or otherwise provide unrestricted access to this Personal Data Processing Policy;
– take the necessary organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions concerning personal data;
– stop the transfer (distribution, provision, and access) of personal data, stop processing them and destroy personal data in the manner and the cases provided for by the Law on Protection of Personal Data;
– perform other duties stipulated by the Law on Protection of Personal Data.

4. Basic rights and obligations of personal data subjects
4.1. Personal data subjects are entitled to:
– receive information regarding their personal data processing, except for cases provided for by federal laws. – the information is provided to the personal data subject by the Operator in an accessible form, and it does not contain personal data relating to other personal data subjects unless there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Law on Protection of Personal Data;
– require the Operator to clarify its personal data, blocking or destroying them if the personal data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing, as well as take measures prescribed by law to protect their rights;
– provide a condition of prior consent when processing personal data to promote goods, works, and services in the market;
– withdraw consent to the personal data processing;
– appeal to the authorized body for the protection of the rights of personal data subjects or through the court against illegal actions or inaction of the Operator in processing their personal data;
– exercise other rights provided for by the legislation of the Russian Federation.
4.2. Personal data subjects are obliged to:
– provide the Operator with reliable data about themselves;
– inform the Operator about the clarification (update or change) of their personal data.
4.3. Persons who provided the Operator with false information about themselves or information about another personal data subject without the consent of the latter are liable in accordance with the legislation of the Russian Federation.

5. The Operator is entitled to process the following User’s data:
5.1. Surname, name, and patronymic.
5.2. Email address.
5.3. Telephone numbers.
5.4. In addition, the website performs the collection and processing of depersonalized data on visitors (including cookie files) using Internet statistics services (Yandex Metrix, Google Analytics, etc.).
5.5. The aforementioned data hereinafter in the text of the Policy are referred to as “personal data”.
5.6. The Operator does not process special categories of personal data concerning race, ethnicity, political views, religious or philosophical beliefs, or intimate life.
5.7. Personal data processing permitted for distribution from among the special categories of personal data specified in part 1 of Article 10 of the Law on Protection of Personal Data is allowed if the prohibitions and conditions provided for in Article 10.1 of the Law on Protection of Personal Data are observed.
5.8. The User’s consent to the processing of personal data allowed for distribution is issued separately from other consents to his/her personal data processing. At the same time, the terms provided, in particular, by Article 10.1 of the Law on Protection of Personal Data are observed. The requirements for the content of such consent are established by the authorized body for the protection of the rights of personal data subjects.
5.8.1. The User provides consent to the processing of personal data allowed for distribution directly to the Operator.
5.8.2. The Operator is obliged to publish information about the processing conditions, the availability of prohibitions, and conditions for the processing of personal data by an unlimited number of persons allowed for distribution within three working days from the date of obtaining the specified consent of the User.
5.8.3. The transfer (distribution, provision, or access) of personal data allowed by the personal data subject for distribution shall be terminated at any time at the request of the personal data subject. This requirement should include the surname, name, patronymic (if any), contact information (phone number, e-mail address, or postal address) of the personal data subject, as well as a list of personal data, the processing of which is subject to termination. The personal data specified in this requirement may be processed only by the Operator to whom it is sent.
5.8.4. Consent to the processing of personal data allowed for distribution ceases to be valid from the moment the Operator receives the requirement specified in clause 5.8.3 of this Personal Data Processing Policy.

6. Principles of Personal Data Processing
6.1. Personal data processing is carried out on a legal and fair basis.
6.2. Personal data processing is restricted by achieving specific, predetermined, and legitimate purposes. Personal data processing incompatible with the purposes of collecting personal data is prohibited.
6.3. It is not allowed to unify databases containing personal data to be processed for purposes incompatible with each other.
6.4. Only personal data that meets the purposes of their processing is subject to processing.
6.5. The content and volume of personal data processed correspond to the stated processing purposes. The redundancy of the processed personal data in relation to the stated purposes of their processing is not allowed.
6.6. When processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, relevance to the purposes of processing personal data are ensured. The Operator takes the necessary measures and/or ensures their taking upon deleting or clarifying incomplete or inaccurate data.
6.7. Storage of personal data is carried out in a form that allows determining a personal data subject, no longer than required by the purposes of processing personal data, if the period of storage of personal data is not established by federal law or an agreement, to which the personal data subject is a party, beneficiary, or guarantor. The personal data processed is destroyed or depersonalized upon the achievement of the processing purposes or, in case of loss of the need to achieve these objectives, unless otherwise provided by federal law.

7. Personal data processing purposes
7.1. Purposes of processing the User’s personal data are as follows:
– informing the User by sending emails;
– conclusion, execution, and termination of civil contracts;
– providing the User with access to services, information, and/or materials contained on the website https://archwiz.ru.
7.2. The Operator is also entitled to notify the User of new services and products, as well as special offers and events. The User may always refuse to receive informational messages by sending an email to the Operator at arch.wiz@mail.ru with the note “I refuse to receive notifications about new products, services, and special offers”.
7.3. The depersonalized data of the Users collected using Internet statistics methods serves for the data collection on activities of the Users on the website and improvement of the website quality and its content.

8. Legal basis of personal data processing
8.1. The legal grounds for personal data processing by the Operator are as follows:
– Federal Law “On Information, Information Technologies and Information Protection” No. 149-FZ dated July 27, 2006;
– federal laws and other regulatory legal acts in the field of personal data protection;
– the Users’ consents to their personal data processing, to the processing of personal data allowed for distribution.
8.2. The Operator processes the User’s personal data only if they are filled in and/or sent by the User independently through special forms located on the website https://archwiz.ru or sent to the Operator by e-mail. By filling the appropriate forms and/or sending its data to the Operator the User expresses his/her agreement with this Policy.
8.3. The Operator processes the User’s depersonalized data if it is permitted in the settings of the User’s browser (if saving “cookie” files and using JavaScript technology are activated).
8.4. The personal data subject shall decide to provide his/her personal data and consent to its processing freely, by his/her own will, and in his/her interest.

9. Terms of personal data processing
9.1. Personal data is processed with the consent of the personal data subject to the processing of his/her personal data.
9.2. Personal data processing is necessary to achieve the purposes provided for by an international agreement of the Russian Federation or by law, for the implementation and execution of the functions, powers, and duties entrusted by the legislation of the Russian Federation to the Operator.
9.3. Personal data processing is necessary for the administration of justice and the execution of a judicial act or an act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings.
9.4. Personal data processing is necessary for the execution of an agreement, to which the personal data subject is a party, beneficiary, or guarantor, as well as for concluding an agreement on the initiative of the personal data subject, or an agreement, to which the personal data subject will be a beneficiary or guarantor.
9.5. Personal data processing is necessary to exercise the rights and legitimate interests of the Operator or third parties or to achieve socially significant purposes, provided that this does not violate the rights and freedoms of the personal data subject.
9.6. Personal data is processed with the access to it of an unlimited number of persons provided by the personal data subject or at his/her request (hereinafter referred to as the “publicly available personal data”).
9.7. Personal data is processed subject to publication or mandatory disclosure in accordance with the federal law of the Russian Federation.

10. Procedure for collection, storage, and other types of personal data processing
The security of the personal data to be processed by the Operator is ensured by the implementation of legal, organizational, and technical measures necessary to fully comply with the requirements of the current legislation in the field of personal data protection.
10.1. The Operator ensures the security of personal data and takes all possible measures that prevent access to the personal data of unauthorized persons.
10.2. The User’s personal data will never, under any circumstances, be transferred to third parties, except for cases related to the implementation of the current legislation or if the personal data subject gives consent to the Operator to transfer his/her personal data to a third party for the fulfillment of its obligations under a civil contract.
10.3. If inaccuracies are found in personal data, the User can update it independently, by sending a notification to the Operator’s e-mail at arch.wiz@mail.ru with the subject “Personal data update”.
10.4. The period of personal data processing is determined by the achievement of the purposes for which the personal data were collected unless another period is provided for by the agreement or the current legislation.
At any time, the User may revoke his/her consent to personal data processing by sending a notification to the Operator’s e-mail at arch.wiz@mail.ru with the subject “Revocation of consent to personal data processing”.
10.5. All information that is collected by third-party services including payment systems, means of communication, and other service providers is stored and processed by these persons (Operators) in accordance with their User Agreement and Privacy Policy. The personal data subject and/or the User is obliged to independently get himself/herself familiar with the specified documents in due time. The Operator is not liable for the actions of third parties including the service providers specified in this paragraph.
10.6. The prohibitions established by the personal data subject on transfer (except for granting access) and on processing or processing conditions (except for obtaining access) of personal data allowed for distribution, do not apply in cases of personal data processing in the state, common, and other public interests defined by the legislation of the Russian Federation.
10.7. When processing personal data, the Operator ensures the confidentiality of personal data.
10.8. The Operator carries out storage of personal data in a form that allows determining a personal data subject, no longer than required by the purposes of processing personal data, if the period of storage of personal data is not established by federal law or an agreement, to which the personal data subject is a party, beneficiary, or guarantor.
10.9. The condition for terminating the personal data processing may be the achievement of the purposes of personal data processing, the expiration of the validity period of the consent of the personal data subject, or the revocation of consent provided by the personal data subject, as well as the detection of unlawful processing of personal data.

11. The list of actions performed by the Operator with personal data received
11.1. The Operator carries out collection, recording, systematization, accumulation, storage, clarification (update and change), retrieval, usage, transfer (distribution, provision, and providing access), depersonalization, blocking, deletion, and destruction of personal data.
11.2. The Operator carries out automated processing of personal data with the receipt and/or transfer of personal data received via information and telecommunication networks or without it.

12. Cross-border transfer of personal data
12.1. Before the cross-border transfer of personal data, the Operator must ensure that the foreign state, to the territory of which it is planned to transfer personal data, ensures reliable protection of the rights of personal data subjects.
12.2. Cross-border transfer of personal data to the territories of foreign countries that do not meet the above requirements can only be carried out in case of written consent of the personal data subject to the cross-border transfer of his/her personal data and/or execution of an agreement, to which the personal data subject is a party.

13. Personal data confidentiality
The Operator and other persons who provided access to personal data shall not disclose to third parties and shall not distribute personal data without the consent of the personal data subject unless otherwise provided by federal law.

14. Final provisions
14.1. The User can receive any clarifications on issues of interest relating to his/her personal data processing by contacting the Operator via e-mail at arch.wiz@mail.ru.
14.2. This document will reflect any changes to the Personal Data Processing Policy applied by the Operator. The Policy is valid indefinitely until its replacement with a new revision.
14.3. The relevant version of the Policy is freely available on the Internet at https://archwiz.ru/privacy.