Terms of use

Public offer agreement
Service level agreement (SLA)
Privacy policy
Last updated on 2026-02-01
Public offer agreement

This offer (hereinafter – Offer, Agreement) is an official proposal (public offer) by the Individual Entrepreneur Stepan Stepanovich Khalatyan (TIN 226301589886, OGRNIP 324220200104148) (hereinafter – Service Provider) to conclude a service agreement (hereinafter – Services) on the terms set out below.

In accordance with paragraph 2 of Article 437 of the Civil Code of the Russian Federation, if the conditions outlined below are accepted and the Services are paid for, the person accepting the offer becomes the Customer (in accordance with paragraph 3 of Article 438 of the Civil Code of the Russian Federation, the acceptance of the offer is equivalent to concluding an agreement on the terms outlined in the offer).

Acceptance of this Offer is registration of the Customer in the System, payment for the tariff, or the actual use of the System’s functionality. By accepting, the Customer guarantees that they are already familiar with and accept all the terms of the Offer as outlined in the text of the Offer, and that they are aware of the cost of the Services specified by the Service Provider.

The Offer is valid for any legally capable adults and legal entities and is posted on the Service Provider's website https://hronos.app (hereinafter – the Service Provider’s website) indefinitely until revoked. The Offer can only be revoked by posting the corresponding notice on the Service Provider’s website; the revocation does not affect the contracts that have already been accepted and paid by Customers.

Terms and Definitions Used in the Offer

System (Platform) – the software suite of the Service Provider (web application, mobile applications, Telegram bot), hosted on the website https://hronos.app, designed for tracking working hours and controlling employee attendance via geolocation.

Services – providing the Customer with remote access to the System on the terms of this Offer.

Users – employees and other persons engaged by the Customer, whose data is processed in the System.

1. General Provisions and Subject of the Offer

1.1. The Service Provider provides the Customer with access to the System, and the Customer accepts and pays for the Services according to the selected tariff.
1.2. The System is intended for:

  • recording the start and end times of work;
  • confirming the presence of Users at specified geographic locations;
  • generating reports on working hours and attendance.

1.3. The Services are purely informational and technological in nature and are not services for controlling labor discipline in a legal sense.
1.4. The Customer confirms and guarantees that the implementation and use of the System are carried out in accordance with the labor legislation of the Russian Federation, including the presence of internal regulations, employee notification, and obtaining all necessary consents.
1.5. The Customer guarantees that Users have been properly informed about the purposes, scope, methods, and duration of the processing of their personal data, including location data.
1.6. The Service Provider does not verify the presence, form, and content of Users' consents and solely relies on the guarantees of the Customer.
1.7. All risks associated with violations of labor legislation, personal data legislation, and the rights of Users are borne by the Customer.

2. Procedure for Providing Services

2.1. Access to the System is provided via the Internet.
2.2. The Service Provider has the right to modify the functionality of the System without the Customer’s consent while maintaining its primary purpose.
2.3. The Service Provider has the right to involve third parties to provide technical support for the System’s operation.
2.4. The Service Provider has the right to terminate the relationship with the Customer at any time without explanation, provided that the Customer is refunded for the paid but undelivered Services within 10 days.
2.5. The Customer is prohibited from performing analysis, decompilation, reverse engineering, or any other actions aimed at uncovering the sources of information, data processing algorithms, or the architecture of the Platform.
2.6. The Customer has the right to refuse the Services by ceasing to use the System.
2.7. The Service Provider has the right to terminate access unilaterally if the Customer violates the terms of the Offer.

3. Service Cost and Payments

3.1. The cost of the Services and the payment procedure are determined in accordance with the Service Provider’s tariffs posted on the Platform or in a separate document agreed upon by the parties.
3.2. The Service Provider's obligation to provide the Services arises after the payment is received. The Services are considered provided in a proper manner from the moment access to the System is granted.
3.3. The Service Provider has the right to unilaterally change the tariffs and functional characteristics of the Platform by posting information on the Service Provider’s website. The new terms apply to Services provided after such posting.

4. Rights and Obligations of the Parties

The Service Provider is obliged to:
4.1.1. Ensure the functioning of the System, except for scheduled and emergency maintenance.
4.1.2. Provide the Services to the Customer at the agreed time.
4.1.3. Maintain the confidentiality of the information received during the work.
4.1.4. Provide the Services to the Customer properly and inform the Customer in a timely manner about any circumstances that may affect the quality of the Services.
4.2. The Service Provider has the right to:
4.2.1. Refuse to provide the service to the Customer in case of non-payment (partial payment) within the established time.
4.2.2. Not begin providing the Services under this Agreement or suspend them in the following cases:

  • until the Customer has fully met their payment/prepayment obligations;
  • if the Customer fails to provide the required information, in full or correctly, which is necessary for providing the Services; the Service Provider will promptly notify the Customer about the circumstances preventing the provision of the Services, without applying any penalties for non-compliance with the service deadlines;
  • if the circumstances preventing the provision of the Services last more than 3 days after notifying the Customer, the Service Provider has the right to unilaterally refuse to provide the Services.

4.2.3. Refuse to provide the service without explanation, returning payment for undelivered Services.
4.3. The Customer is obliged to:
4.3.1. Timely and fully provide the Service Provider with the necessary information to ensure the proper provision of the Services.
4.3.2. Use the System only for legal purposes.
4.3.3. The Customer is prohibited from interfering with the operation of the System, performing reverse engineering, or bypassing technical limitations.

5. Liability of the Parties

5.1. The Parties shall be liable for any violation of their obligations under the Agreement in accordance with applicable law.
5.2. The Service Provider is not liable for the mismatch of the provided service with the Customer’s expectations and/or their subjective assessment, decisions made by the Customer based on using the System. Such a mismatch or negative subjective assessment is not grounds for refunding the paid funds.
5.3. The Service Provider is not liable for technical communication failures on the Customer’s side. The Service Provider does not guarantee uninterrupted operation of the System 100% of the time.
5.4. The Service Provider is not liable for the management and personnel decisions of the Customer.
5.5. The total liability of the Service Provider is limited to the amount paid by the Customer for the last billing period.
5.6. The data generated by the System is for informational and accounting purposes only and is not unconditional proof of a violation of labor discipline, working hours, or other obligations of the Users.

6. Confidentiality and Personal Data

6.1. The Customer, in accordance with the Federal Law of the Russian Federation No. 152-FZ 'On Personal Data' dated July 27, 2006, agrees to the processing, storage, and other use of personal data contained in documents and other information provided to the Service Provider for the purpose of fulfilling the contract.
6.2. The Personal Data Processing Policy and Consent for Personal Data Processing are posted on the Service Provider’s website.
6.3. The Customer guarantees the presence of legal grounds and consents from the Users for processing their personal data, including location data.
6.4. The Customer is the personal data operator, and the Service Provider is the processor performing the processing on behalf of the operator.
6.5. The Customer bears full responsibility for the legality of the collection and processing of Users' personal data.
6.6. Geolocation data of Users is considered personal data and is processed by the Service Provider solely to the extent necessary for the functioning of the System and achieving the goals outlined in this Offer.
6.7. Geolocation data is recorded only at times provided by the System’s functionality (including the start and end of working hours) and does not involve continuous or hidden tracking of Users’ locations.
6.8. The Service Provider does not independently monitor, control, or analyze Users’ movements and does not use geolocation data for any purposes other than technical support of the System.
6.9. The Service Provider does not determine the order, frequency, and conditions of geolocation tracking of Users; such parameters are set by the Customer independently within their internal documents and System settings.
6.10. The Service Provider is not liable for the legal consequences of the Customer’s use of Users' geolocation data, including disputes with employees, claims from regulatory authorities, and legal proceedings.

7. Dispute Resolution

7.1. Any disputes and disagreements that may arise between the Parties will be resolved through negotiations in accordance with the laws of the Russian Federation.
7.2. Disputes not resolved through negotiations will be settled in court at the location of the Service Provider in accordance with the law of the Russian Federation.

8. Exclusive Rights

8.3. The exclusive rights to the System, its source code, architecture, algorithms, design, interfaces, databases, and other elements belong to the Service Provider in full.
8.2. The Customer is granted a non-exclusive, non-transferable right to use the System solely within its functional purpose and for the duration of the Agreement.
8.3. The Customer does not acquire any rights to the System, except as expressly provided in this Offer.
8.4. Copying, modifying, distributing, decompiling, or otherwise using the System outside the terms of this Offer is prohibited.

9. Final Provisions

9.1. The Agreement is valid until the Parties fully perform their obligations under the Agreement.
9.2. Posting a new version of the Offer replaces the previous one from the moment it is published.

10. Information about the Service Provider

Individual Entrepreneur Stepan Stepanovich Khalatyan
TIN 226301589886, OGRNIP 324220200104148
E-mail: info@hronos.app

Payment details
Bank: AO 'ALFA-BANK'
BIC: 044525593
Account: 40802810317800000500
Correspondent account: 30101810200000000593

Service level agreement (SLA)

1. General Provisions

1.1. This Service Level Agreement (hereinafter – Agreement, SLA) defines the availability, quality, and support metrics for the hronos.app service, as well as the interaction procedure between the service provider – Individual Entrepreneur Stepan Stepanovich Khalatyan (INN 226301589886, OGRNIP 324220200104148), hereinafter – Service Provider, and the legal entity or individual entrepreneur using the service, hereinafter – Customer.
1.2. This Agreement is an integral part of the contract (offer) for using the service https://hronos.app and applies exclusively to Customers – legal entities and Individual Entrepreneurs.
1.3. SLA does not regulate labor relations between the Customer and their employees. The Service Provider is not the employer of the Customer's employees.
1.4. The Service Provider guarantees the declared level of service exclusively within the technological zone of their responsibility, including software, server, and network infrastructure used for the operation of the Service.

2. Terms and Definitions

Service, System – the software https://hronos.app, including the web interface, mobile interfaces, and Telegram bot.

Service Availability (Uptime) – the percentage of time during the reporting period that the Service is available for use.

Incident – an event that causes full or partial unavailability of the Service functionality.

Support Business Hours – the time period during which the Service Provider handles Customer inquiries.

Customer's Incident Request – a message from the Customer about the unavailability of the Service, accepted through official email addresses and/or phone numbers of the Service Provider’s technical support.

Planned Maintenance Work – a set of preventive actions to maintain the proper condition of equipment, network, engineering systems, and the Service Provider’s infrastructure. These are carried out by the Service Provider and their contractors.

Emergency Work – a set of unplanned actions that need to be performed urgently to eliminate or prevent various emergency situations and malfunctions of equipment, network, engineering systems, and infrastructure of the Service Provider.

Response Time – the period from the moment the Customer’s request is registered to the confirmation of the request acceptance by the Service Provider.

Reply Time – the period from the moment the request is registered to the first substantive reply from the Service Provider regarding the status of the incident, the potential causes, and estimated resolution times.

Restoration Time – the period from the moment the request is registered to the restoration of the Service’s operability or the corresponding functionality.

3. Service Availability Level

3.1. The Service Provider ensures the availability of the Service at a level not lower than 99% per calendar month.
3.2. The following are not included in the availability calculation:

  • planned maintenance work;
  • failures and outages at communication providers and data centers;
  • actions by third parties and force majeure circumstances;
  • failures of the Customer's equipment and software.

3.3. Planned maintenance work is generally performed during nighttime hours and, if possible, with prior notice to the Customer.

3. Technical Support

4.1. Technical support is provided to the Customer via email and/or other communication channels specified on the website https://hronos.app.
4.2. Support business hours: weekdays from 09:00 to 18:00 (MSK).
4.3. Classification of requests:

Incident Level Description (Examples) Response Time Reply Time Restoration Time
High Complete unavailability of the System; the System returns standard HTTP errors (500, 502, 503, 404); geolocation tracking is not working (sending check-in does not return a response, check-ins are not displayed in the system). Up to 1 hour Up to 1 hour Up to 8 hours
Medium Incorrect operation of functionality related to settings and configuration of check-ins: employee forms, points, accesses, schedules, duties. Up to 4 hours Up to 8 hours Up to 24 hours
Low Incorrect operation of features not directly affecting check-ins: feedback forms, exports, reports, statistics. Up to 1 business day Up to 2 business days Up to 5 business days

4.3.1. The classification of the incident by severity level (High / Medium / Low) is made by the Service Provider based on the actual signs of the incident and descriptions provided in the table.
4.3.2. The Customer has the right to specify the presumed incident level when making a request, but the final decision on assigning the severity level is made by the Service Provider.
4.3.3. Until the severity level is agreed upon, the level determined by the Service Provider applies.
4.4. Response time, reply time, and restoration time are calculated within the technical support business hours specified in paragraph 4.2 of the SLA, unless otherwise agreed by the Parties.

5. Parties' Obligations

5.1. The Service Provider is obliged to:

  • Ensure the declared level of service availability;
  • Resolve incidents within reasonable time frames;
  • Ensure the confidentiality and security of the Customer's data;
  • Notify the Customer of significant changes in the Service operation.

5.2. The Customer is obliged to:

  • Use the Service in accordance with the documentation and intended purpose;
  • Ensure the legality of processing employee personal data;
  • Obtain all necessary consents from employees, including consent for geolocation processing;
  • Avoid actions that violate the Service’s operation.

6. Limitation of Liability

6.1. The Service Provider is not liable for:

  • Actions or inactions of the Customer's employees;
  • The accuracy of geolocation data, which depends on devices and communication networks;
  • Losses of the Customer related to management decisions made based on the Service’s data.
  • Failures of servers, network nodes, computational infrastructure, and communication channels beyond the direct control of the Service Provider;
  • Delays in data propagation in communication networks and network infrastructure;
  • Actions of the Customer or their authorized representatives, including using their own software;
  • Failures of the Customer’s software and communication equipment, including caching in software when accessed via the HTTP protocol, including DNS information delays that may cause temporary unavailability of the service;
  • Directed DDOS attacks and other similar impacts on the Service Provider’s network;
  • Exceeding the resources provided by the Service Provider for the chosen tariff plan.

6.2. The total liability of the Service Provider under the SLA is limited to the amount of the reward actually paid by the Customer for the last billing period.
6.3. SLA metrics do not apply if the incident is caused by:

  • Actions or inactions of the Customer or Users;
  • Incorrect configuration of the Service by the Customer;
  • Failures of third-party services, data centers, hosting providers, or communication operators;
  • Force majeure circumstances.

6.4. SLA defines target service level metrics and is not a guarantee of the absence of failures, errors, or interruptions in the Service’s operation.

7. Compensation

7.1. SLA does not provide for automatic penalties.
7.2. In case of a substantial and confirmed violation of the Service availability level, the Service Provider may offer the Customer a service credit or other compensation at their discretion.

8. Confidentiality and Data

8.1. The data processed in the Service belongs to the Customer.
8.2. The Service Provider uses the data exclusively for providing the services and operating the Service.

9. Final Provisions

9.1. SLA comes into effect upon the acceptance of the contract (offer) and remains in force for the duration of the Service usage.
9.2. The Service Provider has the right to unilaterally amend the SLA by posting the updated version on the website https://hronos.app.
9.3. In matters not regulated by this SLA, the parties are guided by the agreement and the legislation of the Russian Federation.

Privacy policy

1. General Provisions

1.1. This Privacy Policy of Individual Entrepreneur Stepan Stepanovich Khalatyan (TIN 226301589886, OGRNIP 324220200104148) (hereinafter - Policy) is developed in compliance with the requirements of p. 2 art. 18.1 of the Federal Law No. 152-FZ 'On Personal Data' dated 27.07.2006 (hereinafter – Personal Data Law) to ensure the protection of the rights and freedoms of an individual and citizen when processing their personal data, including the protection of the right to privacy, personal, and family secrets.
1.2. The Policy applies to all personal data processed by Individual Entrepreneur Stepan Stepanovich Khalatyan (hereinafter - Operator).
1.3. The Policy applies to the relationships in the field of personal data processing that arise between the Operator both before and after the approval of the Policy.
1.4. In accordance with the requirements of part 2 of article 18.1 of the Personal Data Law, the Policy is published in the public domain on the Operator’s website https://hronos.app (hereinafter – Operator’s Website).

2. Terms and Definitions

Personal Data (PD) – any information related to a directly or indirectly identified or identifiable individual (personal data subject).

Personal Data, Authorized by the Data Subject for Distribution – personal data to which unrestricted access is granted to the general public by the data subject through consent for the processing of personal data authorized by the data subject for distribution.

Personal Data Operator (Operator) – a government body, municipal body, legal entity, or individual, acting independently or jointly with others, who organizes and/or carries out the processing of personal data, and determines the purposes of processing, the categories of data to be processed, and the actions (operations) performed with the data.

Personal Data Processing – any action (operation) or set of actions (operations) performed with personal data, whether or not using automation tools.
Personal data processing includes, but is not limited to:
Collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (providing, access), distribution, anonymization, blocking, deletion, destruction.

Automated Personal Data Processing – processing of personal data using computing tools.

Provision of Personal Data – actions aimed at disclosing personal data to a specific person or a specific group of people.

Distribution of Personal Data – actions aimed at disclosing personal data to an undefined group of people.

Blocking of Personal Data – temporary cessation of personal data processing (except where such processing is necessary for updating personal data).

Destruction of Personal Data – actions that make it impossible to restore the content of personal data in the information system and/or the destruction of the physical media containing personal data.

Anonymization of Personal Data – actions that make it impossible to identify the personal data subject without the use of additional information.

Information System of Personal Data – a set of personal data contained in databases and providing their processing, information technologies, and technical means.

Cross-border Transfer of Personal Data – transfer of personal data to a foreign country, a foreign governmental authority, a foreign individual, or a foreign legal entity.

Protection of Personal Data – activities aimed at preventing leakage, unauthorized, and unintended exposure of personal data.

3. Purposes and Grounds for Processing Personal Data

3.1. Only personal data necessary for the purposes of their processing will be processed.
3.2. The processing of personal data by the Operator is carried out for the following purposes:

  • ensuring compliance with the Constitution, federal laws, and other legal acts of the Russian Federation;
  • carrying out civil law relationships;
  • providing access to the functionalities of the Website and online services https://hronos.app;
  • registering users and creating accounts;
  • identifying the user when using their personal account;
  • ensuring access to facilities, territories, and information systems of the Operator and its clients, including issuing electronic passes, registration upon entry/exit, maintaining visitor logs;
  • maintaining accounting records;
  • providing services to the data subjects;
  • controlling and improving the quality of the Operator's services, including those offered on the Operator’s Website;
  • monitoring working hours;
  • recording the time of entry and exit from work;
  • controlling employee attendance within defined geofences;
  • generating reports for employers;
  • preventing abuses and fraudulent attendance records;
  • maintaining personnel records;
  • assisting employees in employment, obtaining education, and career advancement, ensuring personal security, controlling the quantity and quality of work performed, ensuring the safety of property;
  • attracting and selecting candidates for work with the Operator;
  • organizing individual (personalized) accounting for employees in the system of mandatory pension insurance;
  • completing and submitting required reports to government agencies and other authorized organizations;
  • providing feedback to the data subjects.

3.3. The legal basis for processing personal data is a combination of normative legal acts, documents, and internal regulations under which the Operator processes personal data, including: the Constitution of the Russian Federation, the Civil Code of the Russian Federation, the Labor Code of the Russian Federation, the Tax Code of the Russian Federation, Federal Law No. 402-FZ of 06.12.2011 'On Accounting', Federal Law No. 167-FZ of 15.12.2001 'On Mandatory Pension Insurance in the Russian Federation', Government Decree No. 1119 of 01.11.2012 'On the Approval of Requirements for the Protection of Personal Data When Processed in Personal Data Information Systems', Government Decree No. 687 of 15.09.2008 'On the Approval of the Rules for the Processing of Personal Data Without the Use of Automation Tools', other normative legal acts regulating relationships related to the Operator’s activities, contracts between the Operator and the data subjects, and consents from the data subjects to process their personal data.

4. Categories of Personal Data Subjects, Volume, and Categories of Processed Personal Data

4.1. The Operator may process personal data of the following categories of data subjects:
Clients and Contractors of the Operator (individuals, representatives of legal entities):

  • surname, first name, patronymic;
  • date and place of birth;
  • passport details;
  • address of registration and actual place of residence;
  • contact details (phone, email);
  • payment details;
  • geolocation;
  • device location data (including GPS/GLONASS coordinates);
  • data on entering and exiting geofences;
  • date and time of geolocation check-ins;
  • other personal data provided by clients and contractors necessary for the conclusion and performance of contracts;
  • cookies data.

Visitors to the Operator’s Website, individuals who contacted through the feedback form:

  • surname, first name, patronymic;
  • contact details (phone, email);
  • address (city);
  • payment details;
  • social media account details;
  • interest information;
  • device location data (including GPS/GLONASS coordinates);
  • data on entering and exiting geofences;
  • date and time of geolocation check-ins;
  • cookies data;
  • other personal data provided by visitors to the Operator’s Website, individuals who contacted through the feedback form.

Candidates for employment and employees and former employees of the Operator:

  • surname, first name, patronymic;
  • gender, age;
  • date and place of birth;
  • citizenship;
  • passport details;
  • address of registration and actual place of residence;
  • postal and email addresses;
  • phone number (home, mobile);
  • photographs;
  • documents on education, qualifications, professional training, data on professional development;
  • marital status, family composition information, necessary for providing benefits under labor and tax law;
  • military service status;
  • work history, previous employment details, income from previous jobs;
  • taxpayer identification number;
  • individual insurance account number;
  • information on employment, transfer, dismissal, and other events related to employment;
  • information about financial status, income, debt, previous positions, and work experience;
  • data on business and other personal qualities, of an evaluative nature.

5. Rights and Obligations

5.1. Basic Rights of the Personal Data Subject.
The data subject has the right to access their personal data and the following information:

  • confirmation of the fact of personal data processing by the Operator;
  • legal grounds and purposes for processing personal data;
  • purposes and methods of personal data processing applied by the Operator;
  • name and location of the Operator, details of persons (other than the Operator’s employees) who have access to personal data or to whom personal data may be disclosed under the contract with the Operator or in accordance with federal law;
  • period of processing personal data, including storage time;
  • procedure for exercising the data subject's rights under the law;
  • name or surname, first name, patronymic, and address of the person processing the personal data on behalf of the Operator if processing is delegated to such a person;
  • appeals to the Operator and sending requests;
  • appealing actions or inactions of the Operator.

5.2. The Operator has the right:

  • to independently determine the set of measures necessary and sufficient to ensure compliance with the Personal Data Law and related legal acts unless otherwise provided by the Personal Data Law or other federal laws;
  • to delegate the processing of personal data to another party with the consent of the data subject, unless otherwise provided by federal law, based on a contract. The third party processing personal data on behalf of the Operator must comply with the principles and rules for processing personal data established by the Personal Data Law;
  • in case of withdrawal of consent by the data subject, the Operator may continue processing personal data without consent based on the grounds outlined in the Personal Data Law.

5.3. The Operator’s obligations:

  • when collecting personal data, provide information on personal data processing;
  • if personal data was not obtained from the data subject, notify the subject;
  • publish or otherwise ensure unrestricted access to the document defining its policy on personal data processing, including information on security requirements for personal data;
  • take necessary legal, organizational, and technical measures to ensure the security of personal data from unauthorized or accidental access, destruction, modification, blocking, copying, disclosure, distribution, or other unauthorized actions;
  • respond to requests and appeals from the data subject, their representatives, and the authorized body for the protection of the rights of data subjects.

6. Conditions for Processing and Storing Personal Data

6.1. Personal data is processed with the consent of the data subject or without it, in cases provided by Russian Federation legislation.
6.2. Consent for the processing of personal data authorized by the data subject for distribution is made separately from other consents for personal data processing.
6.3. Consent for the processing of personal data authorized by the data subject for distribution may be provided to the Operator:

  • directly;
  • through the information system of the authorized body for the protection of personal data.

6.4. The Operator may process personal data using both manual and automated methods.
6.5. Personal data is processed by:

  • collecting personal data in verbal and written form with the consent of the data subject for processing or distribution of their personal data;
  • inserting personal data into the Operator's journals, registers, and information systems;
  • using other methods of personal data processing.

6.6. Disclosure to third parties and distribution of personal data without the data subject’s consent is not allowed unless otherwise required by federal law.
6.7. The Operator may transfer personal data to counterparties only for the purposes specified by the Operator and the data subject’s consent.
6.8. The Operator may transfer personal data to law enforcement and other authorized organizations in accordance with Russian Federation laws.
6.9. The Operator takes necessary legal, organizational, and technical measures to protect personal data from unauthorized access, destruction, modification, and other unauthorized actions.

7. Protection of Personal Data

7.1. In accordance with the requirements of legal documents, the Operator has created a personal data protection system (PDPS), which includes legal, organizational, and technical protection subsystems.
7.2. The legal protection subsystem consists of legal, organizational, and regulatory documents ensuring the creation, functioning, and improvement of the PDPS.
7.3. The organizational protection subsystem includes the structure for managing the PDPS, the access control system, and information protection.
7.4. The technical protection subsystem includes a set of technical, software, and hardware tools ensuring personal data protection.
7.5. The main measures for protecting personal data used by the Operator are:
7.5.1. Appointing a person responsible for processing personal data who organizes personal data processing, training, internal monitoring of compliance with personal data protection requirements.
7.5.2. Identifying current security threats during personal data processing and developing measures for personal data protection.
7.5.3. Developing regulations regarding personal data processing.
7.5.4. Assigning individual passwords for employees of the Operator based on their job responsibilities.
7.5.5. Certified antivirus software with regularly updated databases.
7.5.6. Ensuring the confidentiality of personal data and preventing unauthorized access.
7.5.7. Detecting unauthorized access to personal data and taking appropriate actions.
7.5.8. Restoring personal data modified or destroyed due to unauthorized access.
7.5.9. Training employees of the Operator directly involved in personal data processing on Russian Federation personal data laws and internal regulations.
7.5.10. Conducting internal audits.

8. Processing of Electronic User Data

8.1. The consent of the website visitor (the person who started using the Operator’s Website/its functions) may be obtained by the Operator in the form of conclusive actions by the data subject:

  • accepting the terms of the offer, the rules for using the Operator’s informational resources;
  • continuing to use the Operator’s Website, interacting with its user interfaces after the user is notified of data processing;
  • filling out relevant fields in forms;
  • corresponding by email regarding the processing of personal data;
  • other actions indicating the user's consent.

8.2. The completion of these actions by the data subject, in accordance with the Policy, implies consent to the processing of personal data.
8.3. The Operator is not responsible for the actions or omissions of third parties whose websites a visitor to the Operator's Website may visit through links on the Site. Links to third-party sites are for informational purposes and are not guarantees of anything.
8.4. The Operator may, with the data subject’s consent, transfer personal data to third parties: the Operator’s partners for identification purposes.
8.5. The Operator may automatically collect electronic user data on its website. In this case, visitors may be shown pop-up notifications about the collection and processing of cookies data.
8.6. These notifications indicate that cookies data may be saved and processed during the use of the Operator’s Website. The Operator does not use cookies to collect personally identifiable information.
8.7. Apart from cookies placed by the Operator’s websites, cookies from third-party sites may also be used.
8.8. Cookies are necessary for the Operator to operate the website, improve efficiency, and conduct marketing campaigns.
8.9. The acceptance of cookies conditions by the website visitor or closing the pop-up notification means consent to process cookies on the Operator’s Website.
8.10. If the visitor disagrees with the processing of cookies, they can disable them in their browser settings or leave the website.

9. Updating, Correcting, Deleting, and Destroying Personal Data, Responding to Data Subject Requests

9.1. The Operator provides the data subject with information about the processing of their personal data upon request.
9.2. The data subject’s right to access their personal data may be limited in accordance with the Personal Data Law.
9.3. In case of inaccurate personal data, the Operator will block the personal data until it is corrected.
9.4. If inaccurate personal data is confirmed, the Operator will update the data within seven working days.

10. Liability

10.1. The liability for violating the requirements of the Personal Data Law is determined in accordance with Russian Federation law.
10.2. The Policy comes into force upon approval and remains valid until a new Policy is adopted.

Consent for the processing of personal data
Consent for the processing of location data