POLICY

This document defines the policy of the Limited Liability Company "Internet Technologies" (hereinafter referred to as the "Company") regarding the processing of personal data and the implementation of requirements for the protection of personal data (hereinafter referred to as the "Policy") in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data."

The Policy applies to the personal data of users obtained using the telecommunications network "Internet." The processing of personal data of employees is carried out in accordance with the local regulatory acts of LLC "Internet Technologies."

1. Terms and Definitions

1.1. This Policy uses special terms, the meanings of which are defined in the order specified below. Other terms and definitions not reflected in the Policy will be interpreted by the parties based on current legislation:

• - Automated processing of personal data - processing of personal data using computing technology;
• - Blocking of personal data - temporary cessation of processing personal data (except in cases where processing is necessary to clarify personal data);
• - Information system of personal data - a set of personal data contained in databases and ensuring their processing through information technologies and technical means;
• - Anonymization of personal data - actions that make it impossible to determine the ownership of personal data to a specific subject of personal data without using additional information;
• - Processing of personal data - any action (operation) or a set of actions (operations) performed using automation tools or without such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data;
• - Personal data - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data);
• - Provision of personal data - actions aimed at disclosing personal data to a specific person or a specific group of persons;
• - Distribution of personal data - actions aimed at disclosing personal data to an indefinite number of persons;
• - Special categories of personal data - data concerning racial or ethnic origin, political views, religious or philosophical beliefs, health status, as well as biometric personal data;
• - Subject of personal data (hereinafter referred to as SPD) - an individual to whom personal data directly or indirectly relates;
• - Destruction of personal data - actions that make it impossible to restore the content of personal data in the information system of personal data and/or as a result of which material carriers of personal data are destroyed;
• - Cookies - text files, usually small in size, or fragments of information that can be stored in the computer's memory when visiting a website;
• - Service (or services) - provision of a computing environment in the global Internet, as provided for in the public offer agreement posted on the websites: https://byhost.net.

2. Legal Grounds for Processing Personal Data

The processing of personal data is carried out in accordance with the requirements of the legislation:

• - Civil Code of the Russian Federation;
• - Labor Code of the Russian Federation;
• - Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
• - Federal Law No. 126-FZ of July 7, 2003 "On Communications";
• - Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies, and Information Protection".

3. Acceptance of the Terms of this Policy

3.1. The use of the SPD of the site, its individual parts, or services means agreement with this Policy and the conditions for processing personal data, as well as consent to the processing of personal data.

3.2. The Policy is considered accepted, and consent to the processing of data is obtained when the SPD performs any of their actions:

• - registration of the SPD in the personal account and/or in the billing system;
• - conclusion of a contract with the Company, including in the form of acceptance, performing actions to fulfill the terms of the contract;
• - filling out fields in forms that provide for the provision of personal data;
• - providing personal data via email, through the online consultant system, when ordering a callback, through an attachment (file upload), and/or the SPD communicated them in any other form;
• - sending a resume for a job position;
• - actual use of services.

3.3. If the User does not agree with the terms of this Policy, the SPD must stop using the site, its part, or service, refuse to provide data, and refusal to provide data may result in the inability to provide services. In this case, the Company is not responsible for any violation of its obligations, as well as the inability to achieve the expected result for the SPD.

3.4. This Policy applies only to the site, services, and service of the Company. The Company does not control and is not responsible for third-party websites to which the SPD may go through links available on the site.

3.5. The SPD is responsible for the completeness and accuracy of the data provided. In case of discrepancies and/or inaccuracies in the provided data, they must be changed, including by contacting the Company.

4. Principles of Processing Personal Data

4.1. The processing of personal data is carried out on a lawful and fair basis.

4.2. The processing of personal data is limited to achieving specific, predetermined, and lawful purposes. Processing of personal data incompatible with the purposes of their collection is not allowed.

4.3. The combination of databases containing personal data, the processing of which is carried out for purposes incompatible with each other, is not allowed.

4.4. Only personal data that meet the purposes of their processing are subject to processing.

4.5. The content and volume of processed personal data correspond to the stated purposes of processing and are not excessive in relation to the stated purposes of their processing.

4.6. When processing personal data, the accuracy of personal data, their sufficiency, and relevance to the purposes of processing personal data are ensured, and, if necessary, necessary measures are taken to delete or clarify incomplete or inaccurate data.

4.7. The storage of personal data is carried out in a form that allows identifying the SPD no longer than is required for the purposes of processing personal data, unless the storage period for personal data is established by federal law, a contract, or an agreement with the SPD.

4.8. Personal data is destroyed upon achieving the purposes of processing or in case of loss of the need to achieve these purposes, unless otherwise provided by federal law.

5. Storage of Personal Data

5.1. The Company ensures the collection of personal data and their processing using databases located on the territory of the Russian Federation.

6. Purposes of Processing Personal Data:

6.1. The Company processes only those personal data that are necessary for providing services to the SPD, conducting the Company's activities, ensuring compliance with current legislation, and protecting the rights and legitimate interests of third parties while not violating the rights of the SPD.

6.2. Personal data of the SPD may be processed by the Company for the following purposes:

• - conducting research using anonymized data;
• - identifying the SPD;
• - providing services to the SPD by the Company;
• - providing services with the involvement of authorized registrars, certification centers, payment systems, and/or other persons involved in providing the services ordered by the SPD;
• - communication with the SPD on issues arising from the provision of services, employment, including sending information, notifications, SMS messages, messages using messengers, e-mail newsletters, requests related to the provision of services, as well as processing requests and applications from the SPD;
• - sending informational and advertising newsletters, if the corresponding subscriptions of the SPD have not been canceled;
• - quality control of services;
• - providing technical support;
• - making payments;
• - evaluating the SPD when making a hiring decision, forming a talent pool.

6.3. The Company does not collect and process special categories of personal data.

7. Composition of Personal Data

7.1. The Company may process personal data: last name, first name, patronymic, e-mail, phone, fax, identity document data, residence/temporary residence data, payment details, place of work, position, date and place of birth. For the purpose of evaluating the SPD during employment, the following personal data may be processed: passport data, questionnaire and biographical data, information about education and training, information about specialty or profession, information about work and general experience, data of the insurance certificate of mandatory pension insurance, taxpayer identification number, information about military registration, information about health status, actual residence address, home and mobile phone, e-mail address, information about family composition, criminal record, position held, information about employee salary. The composition of processed data is determined based on the volume of information necessary to assess the compliance of the SPD with the position they are applying for. The Company does not process special categories of data unless the processing is mandatory for verifying the compliance of the SPD with the position they are applying for.

7.2. The Company may also collect and process other personal data if their presence is necessary for providing services to the SPD and for complying with the requirements of Russian legislation in the field of personal data protection.

7.3. The Company may also collect data related to the IP address, statistical information about actions taken when using the Company's services, unique identifiers automatically generated when using the services, data on completed transactions, the language of the territory from which access to the services is made, as well as other information about the SPD.

7.4. The Company uses cookies. The Company uses both temporary (session) and permanent cookies on its website. Temporary cookies are deleted after closing the web browser, while permanent cookies remain in the computer's memory until they are manually deleted or until their storage period expires. The SPD can change their web browser settings so that already saved cookies are deleted and new cookies are not saved (detailed information about this is usually contained in the user manual for each specific web browser). If cookies are deleted and/or the web browser is set so that new cookies are not saved, some or all of the site's capabilities and services may be unavailable. In the latter case, the Company is not responsible for the inability to use its services and/or the inability to provide them.

8. Processing of Personal Data:

8.1. The processing of personal data is carried out by the Company with the consent of the SPD, both using automation tools and without such tools.

8.2. The Company does not provide or disclose information containing the personal data of the SPD to third parties without the consent of the SPD, except in cases established by current legislation of the Russian Federation in the field of personal data protection (at the request of an authorized body), as well as for the purpose of fulfilling obligations to the SPD, investigating cases of fraud in payments, and carrying out any other illegal activities, in order to protect the rights of the injured party when there are reasonable suspicions of potential or existing violations of rights, in cases of infringement of intellectual property rights, in the event of claims regarding the activities of the SPD.

8.3. In the event that the SPD withdraws consent to the processing of personal data, the Company has the right to continue processing personal data without consent in cases provided for by current legislation.

8.4. In the event that personal data, as well as documents containing them, are provided/stored in written form, their destruction is carried out in a way that excludes the possibility of restoring the content of personal data in the information system of personal data and/or as a result of which material carriers of personal data are destroyed.

8.4.1. The Company blocks personal data in the manner and under the conditions provided for by legislation in the field of personal data.

8.4.2. Upon achieving the purposes of processing personal data or in case of loss of the need to achieve these purposes, personal data is destroyed or anonymized. Exceptions may be provided by federal law.

8.4.3. If the SPD provides confirmed information that personal data is incomplete, inaccurate, or outdated, they must be changed, including by contacting the Company.

9. Confidentiality of Personal Data

9.1. Information related to personal data is confidential.

9.2. The Company, before providing access to personal data to persons processing them, ensures the signing of a non-disclosure obligation regarding confidential information and warns about the established responsibility in the field of personal data protection.

10. Measures to Protect Personal Data

10.1. In order to protect personal data, the Company:

• - appoints a person responsible for organizing the processing of personal data in the Company;
• - approves local acts on the issues of processing personal data, establishing procedures aimed at preventing and detecting violations of legislation of the Russian Federation, eliminating the consequences of such violations;
• - applies legal, organizational, and technical measures provided for by the relevant regulatory legal acts to ensure the security of personal data during their processing;
• - organizes periodic checks of the conditions for processing personal data;
• - informs employees directly involved in the processing of personal data about the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents, and other internal documents of the Company on the issues of processing personal data.

10.2. An internal investigation is conducted if a fact of unauthorized or accidental transfer (disclosure, distribution, access) of personal data is identified, which has led to a violation of the rights of the SPD (hereinafter referred to as an Incident).

10.2.1. In the event of an Incident, the Company notifies Roskomnadzor within 24 (Twenty-four) hours:

• - about the incident;
• - its probable causes and harm caused to the rights of the SPD (several SPDs);
• - measures taken to eliminate the consequences of the incident;
• - the representative of the Company who is authorized to interact with Roskomnadzor on issues related to the incident.

10.2.2. Within 72 (Seventy-two) hours, the Company is obliged to do the following:

• - notify Roskomnadzor of the results of the internal investigation;
• - provide information about the persons whose actions caused the Incident (if available).

10.2.3. In the event of providing the SPD (its representative) with confirmed information that personal data is incomplete, inaccurate, or outdated, they must be changed within 7 (Seven) working days. The Company notifies the SPD (its representative) in writing about the changes made and informs (via email) third parties to whom personal data has been transferred.

11. Rights of Personal Data Subjects

11.1. The SPD has the right to receive information from the Company about the processing of their personal data, the right to protection, the right to withdraw consent to the processing of personal data, as well as other rights provided by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and other regulatory legal acts.

12. Publication of the Policy

12.1. To ensure unrestricted access to the Policy, its text is to be posted on the Company's website.

12.2. The Company has the right to unilaterally make changes to this Policy at any time. All changes take effect from the date specified in such changes, and in the absence of such a specification, 10 (Ten) days from the moment of posting on the Company's website.

12.3. The SPD independently takes the necessary and sufficient measures to familiarize themselves with the changes in this Policy, for which they should review the changes and/or other information at least once a month.

12.4. The Company does not provide additional notifications; notification of changes to the Policy is made only by posting on the official website.

13. Sending Inquiries

13.1. Any inquiries from the SPD should be sent to the Company's address: 144002 Elektrostal, Gorky Street, 14, Office 105