1.1. Public policy of personal data processing (hereinafter referred to as the «Policy») adopted by Individual entrepreneur Abouzov Arthur Ivanovich, business address: 20 Daev lane, floor 4, off. 406, Moscow, Russia, 107045, Business centre Daev Plaza, OGRNIP: 315774600039124, TIN: 770301662192 (hereinafter referred to as the «Operator») stipulates the basic principles, objectives, procedures and conditions of personal data processing, measures to ensure security and protection of personal data.

1.2. Definitions
«Subjects» - all natural persons who provide their personal data to the Operator;
«Personal data» - any information relating to a directly or indirectly defined or identifiable natural person;
«Customers» - persons purchasing services from the Operator or persons who have expressed a desire to purchase services in the future;
«Operator» - Individual entrepreneur Abouzov Arthur Ivanovich;
«Consent» - the Subject's specific, informed and conscious decision to provide his/her personal data for processing by the Operator, given in the form provided for in the Policy;
«Site» - the Operator's site located at: https://ab-lawyers.ru/
«Corporate e-mail» - the Operator's corporate e-mail address ending in @ab-lawyers.ru
The definitions used in this Policy shall be interpreted as defined in the Federal Law of the Russian Federation dated July 27, 2006 № 152-FL «On Personal Data» (hereinafter referred to as the «Federal Law «On Personal Data»).

1.3. This Policy regulates the relations connected with the processing of Personal Data by the Operator of all persons who provide their personal Data to the Operator, with or without the use of automation tools.

1.4. This Policy has been developed in accordance with the requirements of the Constitution of the Russian Federation, legislative and other regulatory acts of the Russian Federation on personal data and has been published for unrestricted access on the Site.

1.5. The Operator guarantees confidentiality with respect to the received personal data considering the provisions of this Policy and undertakes to use it only for the purposes specified in the Policy.

1.6. The Subjects whose personal data can be processed by the Operator:

• Visitors to the Operator's Site;
• Applicants for vacancies;
• Customers and/or counterparties of the Operator, including potential customers and/or counterparties (and their representatives).

The Operator may process personal data for the following purposes:

• Compliance with the legislation of the Russian Federation;
• Compliance with the requirements established by the applicable law, exercising the rights and legitimate interests of the Operator and/or third parties;
• Communication with users of the Operator's Site and third parties;
• Supporting the operation of the Operator's Site;
• Recruitment.

The Operator processes personal data based on the following principles:

• Legality of the purposes and methods of personal data processing, their compliance with the requirements of regulatory legal acts;
• Compliance of the purposes of personal data processing with the purposes predetermined and stated during collection of personal data;
• Compliance of the scope and content of processed personal data, methods of personal data processing with the purposes of personal data processing;
• Reliability of personal data, its sufficiency for processing purposes, inadmissibility of processing of personal data, excessive in relation to the purposes stated in the collection of personal data;
• Ensuring confidentiality of processed personal data;
• Inadmissibility of combination of databases containing personal data, created for incompatible purposes;
• Storage of personal data in a form that allows to identify the Subject of personal data, no longer than required by the purposes of its processing;
• Destruction upon attainment of personal data processing objectives or in case of loss of necessity for their attainment.

3.1. The legal basis for the processing of personal data by the Operator are the Civil Code of the Russian Federation, other normative legal acts of the Russian Federation, regional and municipal authorities in the Russian Federation, local regulations of the Company, the consent of Subjects of personal data to the processing of personal data, contracts with or for the benefit of Subjects of personal data, including the User Agreement of the Site, the exercise and performance of the functions, powers and duties assigned to the Company, the exercise of rights and legitimate interests of the Company or third parties and other grounds in accordance with applicable law.

3.2. If processing of Personal Data requires Consent, it considered to be obtained when the Subject of Personal Data performs one of the following actions:

• Signing the printed Consent form if the processing of Personal Data under applicable law requires written consent;
• Marking the appropriate box in the form and clicking on the button to submit the form on any page of the Site. Consent is considered to be given at the moment of ticking the box next to the phrase «I give my consent to the processing of my Personal Data» / a similar phrase or clicking the button with a similar phrase;
• Clicking on the button to send an e-mail containing the Subject's personal data to the Operator's corporate e-mail address;
• Loading the page of the Site.

3.3. The list of personal data that can be processed by the Operator on the Site: last name, first name, surname, phone number, e-mail address, IP address, cookies.

The Operator can process other personal data depending on the purpose of their processing.

4.1. Processing of personal data is carried out by the Operator both with and without the use of automation tools.

4.2. The Operator's processing of Personal Data includes the collection, recording, systematization, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, deletion and destruction of Personal Data.

4.3. The Operator does not process special categories of personal data, as well as biometric data.

4.4. During processing of personal data, the Operator shall ensure the accuracy of personal data, its sufficiency and relevance in relation to the purposes of processing. If inaccurate or incomplete personal data is detected, it must be corrected and updated.

4.5. The Operator takes the necessary legal, organizational and technical measures to ensure the security of personal data for its protection against unauthorized (including accidental) access, destruction, modification, blocking of access and other unauthorized actions. Such measures include, but are not limited to:

• Appointment of employees responsible for organization of processing and security of personal data;
• Issuance of local acts on the processing of personal data, familiarization of employees with them;
• Ensuring physical security of places of storage and tools of personal data processing;
• Restriction and delimitation of access of employees and other persons to personal data and tools of processing, control over operations with personal data
• Application of security measures (antivirus, firewalls, etc.);
• Accounting and storage of data carriers, excluding their theft, replacement, unauthorized copying and destruction;
• Backing up information for the possibility of recovery;
• Internal control over compliance with the personal data processing procedure, verification of the effectiveness of the measures taken.

4.6. Processing and storage of personal data shall be carried out within the period necessary for the purposes of personal data processing, if there are no legal grounds for further processing of personal data, for example, if the federal law does not specify the period of storage.

4.7. Compliance with the requirements of this Policy shall be monitored by the Operator's persons responsible for organizing the processing of personal data within the scope of their authority.

5.1. Processed personal data shall be destroyed or depersonalized by the Operator when the following conditions occur:

• Attainment of the purposes of personal data processing or the maximum retention periods established by law - within 30 (thirty) calendar days;
• Loss of necessity in attainment the objectives of personal data processing - within 30 (thirty) calendar days;
• Submission by the Subject or his/her legal representative of a confirmation that the personal data is illegally obtained or is not necessary for the stated processing purpose - within 7 (seven) calendar days;
• Subject's withdrawal of consent to process personal data - within 30 (thirty) calendar days;
• In other cases, expressly provided by law.

5.2. The Subject is entitled to withdraw her/his consent to the processing of personal data by sending a corresponding request to the Operator in writing. The request can be sent as an original by mail or submitted personally by the Subject to the Operator, and can also be sent as a scanned copy by e-mail to: info@ab-lawyers.ru

5.3. The Subject is entitled to receive information relating to the processing of his/her personal data, including the following:

• Confirmation of the fact of processing of personal data by the Operator;
• Legal grounds and purposes of personal data processing;
• Methods of personal data processing used by the Operator;
• Name and location of the Operator, information about persons (except for the Operator's employees), who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of federal law;
• Processed personal data of the Subject and its source;
• Terms of processing of personal data, including the terms of their storage;
• The procedure for exercising the Subject's rights under the Federal Law «On Personal Data»;
• Information on the performed or expected cross-border transfer of data;
• Name of organization or full name and address of the person processing personal data on behalf of the Operator, if the processing is or will be assigned to such organization or person;
• Other information as required by law.

5.4. The Subject is entitled to require the Operator to clarify his/her personal data, to block or to destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing.

6.1. This Policy is subject to change or amendment in the event of relevant changes or amendments to the applicable laws of the Russian Federation on personal data and may be amended at any time at the sole discretion of the Operator. The current version of the Policy is always available for viewing by an unlimited number of persons on the Site. The Subject agrees with the provisions of this Policy, confirms his familiarization with it at the time of downloading any page of the Site. In case of disagreement with this Policy Subject is entitled to leave the Site.

6.2. The Subject of personal data confirms its familiarity with the Policy at the time of downloading any page of the Site. If the Subject of personal data does not agree with the provisions of this Policy, the Subject is entitled to leave the Site.

6.3. All relations with the participation of the Operator, concerning the processing and protection of personal data, which are not directly reflected in this Policy, shall be governed by the provisions of the current legislation of the Russian Federation on personal data.

Approved by the Order of the Individual Entrepreneur
Abouzov Arthur Ivanovich № 01-12/2021 dated December 01, 2021