Personal Data Processing Policy

1. General Provisions

This Personal Data Processing Policy is drawn up in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006, “On Personal Data” (hereinafter referred to as the “Personal Data Law”) and defines the procedure for processing personal data and the measures taken by Individual Entrepreneur Kim Oleg Igorevich (hereinafter referred to as the “Operator”) to ensure the security of personal data.

1.1. The Operator regards the observance of the rights and freedoms of individuals and citizens in the processing of their personal data as its paramount objective and a fundamental condition for carrying out its activities, including the protection of the right to privacy, personal and family secrets.

1.2. This Personal Data Processing Policy of the Operator (hereinafter referred to as the “Policy”) applies to all information that the Operator may obtain about visitors to the website https://gzpayment.com/.

2. Key Terms Used in the Policy

2.1. Automated personal data processing — processing of personal data by means of computer technology.

2.2. Blocking of personal data — temporary suspension of personal data processing (except where processing is necessary to clarify the personal data).

2.3. Website — a collection of graphical and informational materials, as well as computer programs and databases that ensure their availability on the internet at the web address https://gzpayment.com/.

2.4. Personal data information system — a set of personal data contained in databases, along with the information technologies and technical means used to process such data.

2.5. Anonymization of personal data — actions as a result of which it becomes impossible to identify the affiliation of personal data to a specific User or other personal data subject without the use of additional information.

2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automated means in relation to personal data, including collection, recording, organization, accumulation, storage, clarification (updating, modification), retrieval, use, transmission (dissemination, provision, access), anonymization, blocking, deletion, and destruction of personal data.

2.7. Operator — a state authority, municipal body, legal entity, or individual who independently or jointly with others organizes and/or carries out the processing of personal data, and also determines the purposes of such processing, the scope of personal data to be processed, and the actions (operations) performed on personal data.

2.8. Personal data — any information relating directly or indirectly to a specific or identifiable User of the website https://gzpayment.com/.

2.9. Personal data authorized by the data subject for dissemination — personal data for which the data subject has granted consent to unrestricted access by an unlimited number of persons, in accordance with the procedure established by the Personal Data Law (hereinafter referred to as “personal data authorized for dissemination”).

2.10. User — any visitor to the website https://gzpayment.com/.

2.11. Disclosure of personal data — actions aimed at making personal data available to a specific person or a specific group of persons.

2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an unspecified group of persons (transfer of personal data) or making personal data accessible to an unlimited number of persons, including publication in mass media, posting on information and telecommunications networks, or providing access to personal data by any other means.

2.13. Cross-border transfer of personal data — the transfer of personal data to the territory of a foreign state to a foreign government authority, a foreign individual, or a foreign legal entity.

2.14. Destruction of personal data — any actions as a result of which personal data are irreversibly destroyed, making it impossible to further restore the content of personal data in the personal data information system and/or resulting in the destruction of physical media containing personal data.

3. Principal Rights and Obligations of the Operator

3.1. The Operator shall have the right to:

— obtain accurate information and/or documents containing personal data from the data subject;

— continue processing personal data without the data subject’s consent in the event the data subject withdraws consent or submits a request to discontinue processing, provided that grounds for such processing exist as stipulated by the Personal Data Law;

— independently determine the scope and list of measures necessary and sufficient to fulfill the obligations imposed by the Personal Data Law and related regulatory legal acts, unless otherwise required by the Personal Data Law or other federal laws.

3.2. The Operator shall be obligated to:

— provide the data subject, upon request, with information regarding the processing of their personal data;

— ensure that personal data is processed in compliance with the applicable legislation of the Russian Federation;

— respond to requests and inquiries from data subjects and their lawful representatives in accordance with the requirements of the Personal Data Law;

— provide the authorized body for the protection of data subjects’ rights with the requested information within 10 days of receiving such a request;

— publish or otherwise ensure unrestricted public access to this Personal Data Processing Policy;

— implement legal, organizational, and technical measures to protect personal data against unauthorized or accidental access, destruction, alteration, blocking, copying, disclosure, dissemination, or any other unlawful actions concerning personal data;

— cease the transfer (dissemination, provision, access) of personal data, discontinue processing, and destroy personal data in the manner and under the circumstances prescribed by the Personal Data Law;

— fulfill any other obligations established by the Personal Data Law.

4. Principal Rights and Obligations of Data Subjects

4.1. Data subjects shall have the right to:

— obtain information regarding the processing of their personal data, except in cases provided for by federal laws. Such information shall be provided by the Operator in an accessible form and shall not include personal data relating to other data subjects, unless there are lawful grounds for disclosing such data. The list of information to be provided and the procedure for obtaining it are established by the Personal Data Law;

— request that the Operator correct, block, or destroy their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated purpose of processing, and to take lawful measures to protect their rights;

— require prior consent for the processing of their personal data for direct marketing purposes (i.e., promotion of goods, works, or services);

— withdraw consent to the processing of their personal data and/or submit a request to discontinue such processing;

— lodge a complaint with the authorized body for the protection of data subjects’ rights or seek judicial recourse against unlawful actions or omissions by the Operator in relation to the processing of their personal data;

— exercise any other rights granted under the legislation of the Russian Federation.

4.2. Data subjects shall be obligated to:

— provide the Operator with accurate information about themselves;

— notify the Operator of any corrections (updates or changes) to their personal data.

4.3. Individuals who provide the Operator with false information about themselves or disclose another person’s personal data without that person’s consent shall be held liable in accordance with the legislation of the Russian Federation.

5. Principles of Personal Data Processing

5.1. Personal data shall be processed lawfully and fairly.

5.2. Personal data processing shall be limited to specific, pre-defined, and lawful purposes. Processing of personal data incompatible with the purposes for which it was collected is not permitted.

5.3. Merging of databases containing personal data processed for incompatible purposes is prohibited.

5.4. Only personal data relevant to the stated processing purposes shall be processed.

5.5. The content and scope of processed personal data shall correspond to the declared processing purposes. Excessive collection or processing of personal data in relation to these purposes is not permitted.

5.6. Personal data shall be accurate, sufficient, and, where necessary, up to date in relation to the processing purposes. The Operator shall take necessary measures, or ensure that such measures are taken, to delete or rectify incomplete or inaccurate data.

5.7. Personal data shall be stored in a form that permits identification of the data subject no longer than necessary for the purposes of processing, unless a retention period is established by federal law or by a contract to which the data subject is a party, beneficiary, or guarantor. Personal data shall be destroyed or anonymized upon achievement of the processing purposes or if the need for such purposes ceases to exist, unless otherwise required by federal law.

6. Purposes of Personal Data Processing

Purpose of processing:
To inform the User by sending electronic messages.

Personal data processed:
— Email address
— Phone number(s)
— First name
— Organization name

Legal basis:
The Operator’s charter (founding) documents

Types of personal data processing:
Sending informational emails to the User’s email address

7. Conditions for Personal Data Processing

7.1. Personal data is processed with the consent of the data subject to the processing of their personal data.

7.2. Personal data processing is necessary to achieve purposes stipulated by an international treaty of the Russian Federation or by law, or to perform functions, powers, and obligations imposed on the Operator by the legislation of the Russian Federation.

7.3. Personal data processing is necessary for the administration of justice, enforcement of a court decision, or enforcement of a decision issued by another authorized body or official, which is subject to compulsory execution under the legislation of the Russian Federation on enforcement proceedings.

7.4. Personal data processing is necessary for the performance of a contract to which the data subject is a party, beneficiary, or guarantor, as well as for entering into a contract at the initiative of the data subject or a contract under which the data subject will act as a beneficiary or guarantor.

7.5. Personal data processing is necessary for the exercise of the Operator’s or third parties’ rights and legitimate interests, or for achieving publicly significant objectives, provided that the rights and freedoms of the data subject are not violated.

7.6. Processing concerns personal data that the data subject has made publicly available or requested to be made publicly available (hereinafter referred to as “publicly accessible personal data”).

7.7. Processing concerns personal data that must be published or disclosed pursuant to federal law.

8. Procedure for Collection, Storage, Transfer, and Other Types of Personal Data Processing

The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary to fully comply with the requirements of applicable legislation on personal data protection.

8.1. The Operator ensures the confidentiality and integrity of personal data and takes all reasonable measures to prevent unauthorized access to such data by unauthorized persons.

8.2. The User’s personal data shall never, under any circumstances, be disclosed to third parties, except where required by applicable law or where the data subject has provided explicit consent to the Operator for disclosure to a third party for the purpose of fulfilling obligations under a civil law contract.

8.3. In the event of inaccuracies in personal data, the User may update such data independently by sending a notification to the Operator at the email address zubkov1995@gmail.com with the subject line “Update of Personal Data.”

8.4. The duration of personal data processing is determined by the achievement of the purposes for which the data were collected, unless otherwise stipulated by a contract or applicable legislation.

The User may withdraw consent to personal data processing at any time by sending a notice to the Operator via email at zubkov1995@gmail.com with the subject line “Withdrawal of Consent to Personal Data Processing.”

8.5. All information collected by third-party services—including payment systems, communication platforms, and other service providers—is stored and processed by those entities (Operators) in accordance with their respective Terms of Use and Privacy Policies. The data subject is deemed to have reviewed and accepted these documents upon using such services. The Operator shall not be liable for the actions of third parties, including the service providers mentioned in this clause.

8.6. Restrictions imposed by the data subject on the transfer (except granting access), processing, or conditions of processing (except granting access) of personal data authorized for dissemination shall not apply where processing is carried out in the interests of the state, public, or other legitimate public interests as defined by the legislation of the Russian Federation.

8.7. The Operator ensures the confidentiality of personal data during processing.

8.8. The Operator stores personal data in a form that permits identification of the data subject only for as long as necessary to fulfill the stated processing purposes, unless a longer retention period is established by federal law or by a contract to which the data subject is a party, beneficiary, or guarantor.

8.9. Grounds for termination of personal data processing include:
— achievement of the processing purposes;
— expiration of the data subject’s consent;
— withdrawal of consent by the data subject or submission of a request to discontinue processing;
— discovery of unlawful processing of personal data.

9. List of Actions Performed by the Operator with Personal Data Received

9.1. The Operator carries out the collection, recording, organization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, provision, granting access), anonymization, blocking, deletion, and destruction of personal data.

9.2. The Operator performs automated processing of personal data, with or without the transmission and/or receipt of information via information and telecommunications networks.

10. Cross-Border Transfer of Personal Data

10.1. Prior to commencing activities involving the cross-border transfer of personal data, the Operator is required to notify the authorized body for the protection of data subjects’ rights of its intention to carry out such a transfer. This notification shall be submitted separately from the notification regarding the intention to process personal data.

10.2. Before submitting the aforementioned notification, the Operator must obtain relevant information from the foreign government authorities, foreign individuals, or foreign legal entities to which the personal data is intended to be transferred.

11. Confidentiality of Personal Data

The Operator and any other persons who have gained access to personal data are obligated not to disclose or disseminate such data to third parties without the consent of the data subject, unless otherwise provided by federal law.

12. Final Provisions

12.1. The User may obtain clarifications on any questions regarding the processing of their personal data by contacting the Operator via email at zubkov1995@gmail.com.

12.2. Any amendments to the Operator’s Personal Data Processing Policy will be reflected in this document. The Policy remains in force indefinitely until replaced by a new version.

12.3. The current version of the Policy is freely accessible on the Internet at: https://gzpayment.com/privacy.html.