Privacy Policy Regarding Personal Data Processing
1. General Provisions
This personal data processing policy has been developed in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006, 'On Personal Data' (hereinafter referred to as the 'Personal Data Law') and defines the procedures for processing personal data and measures taken by rexex.io (hereinafter referred to as the 'Operator') to ensure the security of personal data.
1.1. The Operator's primary objective and a fundamental condition of its operations is compliance with the rights and freedoms of individuals and citizens in the processing of their personal data, including the protection of the right to privacy, personal and family secrets.
1.2. This Operator's policy regarding personal data processing (hereinafter referred to as the 'Policy') applies to all information that the Operator may obtain about visitors to the website https://rexex.io.
2. Key Concepts Used in the Policy
2.1. Automated personal data processing — processing personal data using computing equipment.
2.2. Blocking of personal data — temporary suspension of personal data processing (except when processing is necessary to clarify the data).
2.3. Website — a collection of graphic and informational materials, software, and databases that make these materials accessible via the internet at the network address https://rexex.io.
2.4. Personal data information system — a collection of personal data stored in databases and the information technologies and technical means used to process them.
2.5. Anonymization of personal data — actions that make it impossible to identify the specific user or data subject without additional information.
2.6. Personal data processing — any action (operation) or set of actions performed with or without automation involving personal data, including collection, recording, systematization, accumulation, storage, updating, modification, retrieval, use, transmission (distribution, provision, access), anonymization, blocking, deletion, or destruction of personal data.
2.7. Operator — a state or municipal body, legal entity, or individual who organizes and/or carries out personal data processing, determines the purposes of processing, the categories of data to be processed, and the actions performed with personal data.
2.8. Personal data — any information relating directly or indirectly to a specific or identifiable user of the website https://rexex.io.
2.9. Personal data permitted for dissemination by the data subject — personal data for which the subject has granted unrestricted public access by providing consent for processing in accordance with the Personal Data Law (hereinafter referred to as 'data permitted for dissemination').
2.10. User — any visitor to the website https://rexex.io.
2.11. Disclosure of personal data — actions aimed at revealing personal data to a specific person or a defined group of people.
2.12. Dissemination of personal data — any actions aimed at revealing personal data to an undefined group of people (transfer of personal data) or making personal data accessible to the public, including publication in media, posting on information-telecommunication networks, or providing access by other means.
2.13. Cross-border transfer of personal data — transfer of personal data to a foreign state, its governmental authority, foreign individual, or foreign legal entity.
2.14. Destruction of personal data — any actions resulting in irreversible destruction of personal data in the personal data information system and/or destruction of physical data carriers, making further recovery impossible.
3. Main Rights and Obligations of the Operator
3.1. The Operator has the right:
— to obtain accurate information and/or documents containing personal data from the data subject;
— in the event of the data subject revoking consent for personal data processing or submitting a request to cease processing, the Operator may continue processing personal data without consent if legally justified under the Personal Data Law;
— to independently determine the composition and set of measures necessary and sufficient to fulfill obligations under the Personal Data Law and related regulations, unless otherwise specified by law.
3.2. The Operator is obligated:
— to provide the data subject, upon request, information regarding the processing of their personal data;
— to organize personal data processing in accordance with current Russian legislation;
— to respond to inquiries and requests from data subjects and their legal representatives as required by the Personal Data Law;
— to provide the authorized data protection authority with necessary information within 10 days upon receiving a request;
— to publish or otherwise ensure unrestricted access to this Personal Data Processing Policy;
— to implement legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, dissemination, or other unlawful actions;
— to cease transmission (distribution, provision, access), processing, and to destroy personal data in accordance with the Personal Data Law;
— to fulfill other obligations established by the Personal Data Law.
4. Main Rights and Obligations of Data Subjects
4.1. Data subjects have the right:
— to receive information about the processing of their personal data, except in cases provided by federal laws. Such information shall be provided in an accessible format and must not include personal data relating to other individuals, except where legally justified. The list of information and the procedure for obtaining it are defined by the Personal Data Law;
— to request the Operator to clarify, block, or destroy their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated processing purpose, and to take legally prescribed measures to protect their rights;
— to require prior consent for processing personal data for marketing purposes;
— to withdraw consent for personal data processing and to submit a request to cease processing;
— to appeal unlawful actions or inaction by the Operator in personal data processing to the authorized data protection authority or in court;
— to exercise other rights provided by Russian legislation.
4.2. Data subjects are obligated:
— to provide the Operator with accurate information about themselves;
— to inform the Operator of any updates (modifications) to their personal data.
4.3. Individuals who provide the Operator with false information about themselves or about another data subject without consent shall be liable under Russian law.
5. Principles of Personal Data Processing
5.1. Personal data processing is carried out lawfully and fairly.
5.2. Processing is limited to achieving specific, pre-defined, and lawful purposes. Processing incompatible with the stated purposes is prohibited.
5.3. Databases containing personal data processed for incompatible purposes must not be combined.
5.4. Only personal data relevant to the processing purposes may be processed.
5.5. The content and volume of processed personal data must correspond to the stated processing purposes. Excessive data relative to these purposes is prohibited.
5.6. Accuracy, sufficiency, and, where necessary, relevance of personal data must be ensured. The Operator takes or ensures the taking of necessary measures to delete or correct incomplete or inaccurate data.
5.7. Personal data must be stored in a form allowing identification of the data subject, no longer than required for processing purposes, unless a longer retention period is established by federal law, contract, or other legal grounds. Processed personal data must be destroyed or anonymized upon achieving processing purposes or when no longer necessary, unless otherwise required by law.
6. Conditions for Personal Data Processing
6.1. Personal data processing is carried out with the data subject’s consent.
6.2. Processing is necessary to achieve goals stipulated by international treaties or laws of the Russian Federation, or to fulfill functions, powers, and duties assigned to the Operator by Russian legislation.
6.3. Processing is necessary for judicial proceedings, enforcement of court decisions, or acts of other authorities enforceable under Russian enforcement law.
6.4. Processing is necessary to perform a contract to which the data subject is a party, beneficiary, or guarantor, or to conclude a contract initiated by the data subject or one where the data subject will be a beneficiary or guarantor.
6.5. Processing is necessary to exercise the rights and legitimate interests of the Operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the data subject are not violated.
6.6. Processing of personal data made publicly accessible by the data subject or at their request (hereinafter referred to as 'publicly available personal data').
6.7. Processing of personal data required to be published or disclosed under federal law.
7. Procedures for Collection, Storage, Transfer, and Other Processing of Personal Data
The security of personal data processed by the Operator is ensured through legal, organizational, and technical measures required by applicable data protection laws.
7.1. The Operator ensures the confidentiality of personal data and takes all possible measures to prevent unauthorized access.
7.2. Personal data of Users will never be disclosed to third parties under any circumstances, except when required by law or when the data subject has given consent for transfer to a third party to fulfill a civil law contract.
7.3. The duration of personal data processing is determined by the achievement of the purposes for which the data was collected, unless otherwise specified by contract or applicable law.
Users may revoke their consent to personal data processing at any time by sending a notice to the Operator via email marked 'Withdrawal of Consent for Personal Data Processing'.
7.4. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by these parties in accordance with their User Agreements and Privacy Policies. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this clause.
7.5. Restrictions set by the data subject on transfer (except access provision), processing, or conditions (except access) for data permitted for dissemination do not apply in cases involving processing for state, public, or other public interests as defined by Russian law.
7.6. The Operator ensures the confidentiality of personal data during processing.
7.7. The Operator stores personal data in a form allowing identification of the data subject, no longer than necessary for processing purposes, unless otherwise established by federal law, contract, or other legal grounds.
7.8. Processing may be terminated upon achieving the processing purposes, expiration of consent, withdrawal of consent, a request to cease processing, or detection of unlawful processing.
8. List of Actions Performed by the Operator with Personal Data
8.1. The Operator performs collection, recording, systematization, accumulation, storage, updating, modification, retrieval, use, transmission (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
8.2. The Operator performs automated processing of personal data, with or without transmission via information-telecommunication networks.
9. Cross-Border Transfer of Personal Data
9.1. Before commencing cross-border transfer of personal data, the Operator must notify the authorized data protection authority of its intention (this notification must be submitted separately from the general processing notification).
9.2. Before submitting the above notification, the Operator must obtain relevant information from foreign governmental authorities, individuals, or legal entities to whom the personal data is intended to be transferred.
10. Confidentiality of Personal Data
The Operator and any other persons with access to personal data must not disclose or disseminate such data to third parties without the data subject’s consent, unless otherwise permitted by federal law.
11. Final Provisions
11.1. Users may obtain clarifications on any questions regarding personal data processing by contacting the Operator via email.
11.2. This document will reflect any changes to the Operator’s personal data processing policy. The policy remains in effect indefinitely until replaced by a new version.