Fori Felse Privacy Policy:

1. Introduction

1.1 This document defines the policy of Fori Felse LLC (hereinafter the "Operator") regarding the processing of personal data (hereinafter the "Personal Data") and contains information on the implemented requirements for the protection of Personal Data.

1.2. In accordance with the laws of the Russian Federation, FORI FELS LLC (hereinafter - the Operator) is the operator of personal data.

This Policy is an internal document of the Operator and as the Operator collects Personal Data through the Internet, the unrestricted access to this Policy is provided by publishing it on the website sst.cat in execution of Part 2 of Article 18.1 of the Federal Law of 27.07.2006 №152-FZ "On Personal Data".

Basic notions

The terms, connected to processing of personal data, are used in the meaning, in which they are mentioned in Federal Law №152-FZ of 27.07.2006 "On Personal Data" (hereinafter - the Federal Law №152-FZ, the Federal Law "On Personal Data"), Decree of the Government of the Russian Federation of 01.11. 2012 № 1119 "On approval of the requirements for the protection of personal data at their processing in the information systems of personal data", the Decree of the Government of the Russian Federation of 15.09.2008 № 687 "On approval of the Regulations on the specifics of the processing of personal data carried out without the use of automation", in particular

personal data - any information relating to a directly or indirectly identified or defined individual (the subject of the personal data) (paragraph 1 of Article 3 of the Act)
Processing of personal data - any action (operation) or set of actions (operations), performed with or without the use of automation with personal data, including the collection, recording, systematization, collection, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data (paragraph 3 of Article 3 of the Act)
Dissemination of personal data - actions aimed at the disclosure of personal data to an indefinite range of persons (paragraph 5 of Article 3 of the Act);
Provision of personal data - actions aimed at the disclosure of personal data to a specific person or a certain range of persons (paragraph 6 of Article 3 of the Act); Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in a personal information system
This Policy applies to all processes of collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data, carried out with or without the use of automation.

3 The purposes and principles of personal data processing

The objectives of the processing of personal data are different and are set by the operator, depending on the categories of subjects of personal data and (or) for specific groups of subjects of personal data belonging to the same category. At the same time, the purposes of processing must be specific, predetermined and legitimate, and the processing of personal data must be limited to achieving these goals.

The content and scope of personal data processed shall be consistent with the stated processing purposes.

Processing of Personal Data shall be based on the following principles:

3.1. processing of Personal Data shall be lawful and fair;

3.2. processing of Personal Data shall be limited to achieving specific, predetermined and legitimate purposes;

3.3. Processing of Personal Data incompatible with the purposes of Personal Data collection shall not be permitted;

3.4. databases containing Personal Data, processed for purposes incompatible with each other, shall not be combined;

3.5. the content and scope of processed Personal Data corresponds to the declared processing purposes. Processed Personal Data shall not be redundant with respect to the declared processing purposes;

3.6. the processing of Personal Data shall ensure the accuracy of Personal Data and their adequacy, if necessary, and relevance of Personal Data in relation to their declared processing purposes;

3.7. storage of Personal Data shall be in a form enabling identification of the subject of Personal Data no longer than required by the purposes of Personal Data processing, unless the term of storage of Personal Data is fixed by the federal law, an agreement to which the subject of Personal Data is a party, a beneficiary or a guarantor under which such subject of Personal Data is a beneficiary or a guarantor

3.8. processed Personal Data shall be destroyed or depersonalized upon attainment of the processing objectives or when it is no longer necessary to attain such objectives, unless otherwise provided for by the federal law.

Translated with www.DeepL.com/Translator (free version)

4. Terms of personal data processing

Processing of Personal Data shall be carried out in compliance with the principles and rules established by the Federal Law "On Personal Data".

4.1 The operator processes subjects' personal data in cases stipulated by Russian Federation legislation in the field of personal data. One of such cases is subject's consent to process his personal data. The subject of personal data decides to provide his personal data and consents to its processing freely, willingly and in his own interest. The operator ensures that the data subject gives explicit, informed and conscious consent to the processing of his or her personal data.

4.2 Unless otherwise stipulated by federal law, the following actions shall be carried out by the operator only with the consent of the personal data subject:

- entrusting the processing of personal data to another person on the basis of a contract concluded with that person;

- Disclosure and distribution of personal data to third parties.

- In addition, the consent of the subject of personal data is required in other cases provided by the legislation of the Russian Federation.

- When consent is required, the Operator shall obtain it in any form that allows confirmation of its receipt, except in cases where, in accordance with federal law, personal data is processed only with consent in writing.

- The consent for processing of personal data may be withdrawn by the subject of personal data. In the event of withdrawal of consent to process personal data, the Operator shall continue to process personal data if it is not inconsistent with personal data legislation.

4.3 Biometric Personal Data (information that characterizes a person's physiological and biological characteristics, on the basis of which his identity can be established, and which is used by the operator to establish the identity of the subject of personal data) shall not be processed by the operator.

4.4 The Operator does not transfer Personal Data across borders to foreign countries.

4.5 No decisions shall be made based solely on the automated processing of Personal Data that produce legal consequences with respect to the subject of Personal Data or otherwise affect their rights and legitimate interests.

4.6 In the absence of the subject's written consent to the processing of his Personal Data, the subject's consent may be given by the subject of Personal Data or his representative in any form that makes it possible to obtain the fact of its receipt.

4.7 When entrusting another person to process Personal Data, the Operator shall enter into a contract (hereinafter - the Operator's assignment) with that person and obtain the consent of the subject of Personal Data, unless otherwise provided for by federal law. In this case, the Operator shall oblige the person processing Personal Data on behalf of the Operator to comply with the principles and rules of Personal Data processing stipulated by Federal Law No. 152-FZ "On Personal Data".

4.8 In cases where the Operator instructs another person to process Personal Data, the Operator shall be liable to the subject for such person's actions. The person who processes Personal Data on behalf of the Operator shall be liable to the Operator.

4.9 The Operator undertakes and obliges other persons who have obtained access to Personal Data not to disclose or distribute Personal Data to third parties without the consent of the subject of Personal Data, unless otherwise provided for by federal law.

Translated with www.DeepL.com/Translator (free version)

5. Obligations of the Operator

In accordance with the requirements of Federal Law No. 152 - FZ "On Personal Data", the Operator shall

5.1. provide to the subject of Personal Data upon his/her request information concerning the processing of his/her Personal Data, or legally provide a waiver: within thirty days from the date of receipt of the request of the subject of Personal Data or his/her representative;

5.2. on demand of the subject of Personal Data, clarify, block or delete processed Personal Data, if Personal Data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated processing purpose: within seven working days from the date of provision by the subject of Personal Data or his representative of information confirming these facts;

5.3. Keep records of PD subjects' requests, which shall record PD subjects' requests for PD, as well as the facts of providing PD on such requests;

5.4. notify the subject of Personal Data about processing of Personal Data if Personal Data was not received from the subject of Personal Data. The following are exceptions:

- The subject of Personal Data has been notified about the Operator's processing of his/her Personal Data;

- Personal information was received by the Operator in connection with an agreement, to which the subject of personal information is a party or a beneficiary or guarantor, or under a federal law;

- Personal data was made publicly available by the subject of the Personal Data or was obtained from a publicly accessible source;

- The operator processes Personal Data for statistical or other research purposes, for professional journalistic activities or scientific, literary or other creative activities, if this does not violate the rights and legitimate interests of the subject of Personal Data;

- providing the subject of Personal Data with information contained in the Personal Data Processing Notice violates the rights and legitimate interests of third parties;

5.5. In case the purpose of Personal Data processing is attained, immediately stop processing Personal Data and destroy the respective Personal Data within thirty days of attaining the purpose of Personal Data processing, unless otherwise provided by the agreement, a party to which Personal Data subject is a beneficiary or guarantor under any agreement between the Operator and the subject of Personal Data, or if the Operator is not entitled to process Personal Data without the consent of the subject of Personal Data on the grounds stipulated by №152 - Federal Law "On Personal Data" or other federal laws;

5.6. In case the subject of Personal Data revokes his/her consent to process his/her Personal Data, terminate the processing of Personal Data and destroy the Personal Data within thirty days from the date of receipt of such revocation, unless otherwise provided for by the agreement between the Operator and the subject of Personal Data. The Operator shall notify the subject of the Personal Data about the destruction of the Personal Data;

5.7. in case the subject of Personal Data is requested to cease processing Personal Data received for the purpose of promoting goods, works, services on the market, immediately cease processing of Personal Data.

Translated with www.DeepL.com/Translator (free version)

6. Information about the implemented requirements for the protection of personal data

6.1 The operator implements the following requirements of legislation in the field of personal data:

- requirements to observe confidentiality of personal data;

- Requirements for ensuring the personal data subject's exercise of their rights (including access to information);

- Requirements to ensure the accuracy of personal data, and if necessary, relevance in relation to the purposes of personal data processing (taking (ensuring taking) measures to remove or clarify incomplete or inaccurate data)

- Requirements for the protection of personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as other illegal actions in relation to personal data;

- other legal requirements.

6.2 In accordance with Part 1 of Article 18.1 of the Act, and unless otherwise provided by the Act or other federal laws, the operator itself determines the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations under the legislation in the field of personal data. In particular, the protection of personal data is achieved by the Operator by:

- Issuing this Policy by the Operator, as well as developing other documentation, taking into account the requirements of personal data legislation;

- Organization of employees' access to information containing personal data on subjects of personal data, in accordance with their official (functional) duties; establishing rules of access to personal data being processed in personal data information system

- Compliance by the employees entitled to process the subjects' personal data with the requirements set forth by the personal data laws of the Russian Federation and the local regulatory acts of the Operator.

7. Rights of the subject of personal data and restrictions

In accordance with Federal Law "On Personal Data" a subject of personal data shall have the right to

7.1. obtain information concerning the processing of Personal Data by the Operator, namely:

- confirmation of the fact of processing of Personal Data by the Operator;

- The legal grounds and objectives for the Operator's processing of Personal Data;

- Personal Data processing methods applied by the Operator;

- name and location of the Operator, information about persons (except for the Operator's employees), who have access to the Personal Data or to whom the Personal Data may be disclosed based on the agreement with the Operator or on the basis of the federal law;

- Processed Personal Data pertaining to the respective subject of Personal Data, the source of their receipt, unless other procedure of presentation of such data is stipulated by the federal law;

- The deadlines for the Operator's processing of Personal Data, including their retention period;

- The procedure for exercising by the subject of personal data the rights provided for by the Federal Law "On Personal Data";

- Information about completed or proposed cross-border data transfer;

- Name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be assigned to such a person;

- Other information required by the Federal Law "On Personal Data" or other federal laws;

7.2. demand that the Operator clarify, block or destroy his Personal Data if the Personal Data is incomplete, outdated, inaccurate, illegally obtained or unnecessary for the stated purpose of processing;

7.3. to withdraw consent to the processing of Personal Data in cases provided by law.

7.4 The subject's right to access his or her Personal Data shall be restricted if the provision of Personal Data violates the rights and legitimate interests of others.

7.5 In case information related to Personal Data processing, as well as processed Personal Data was made available to the subject of Personal Data upon his/her request, the subject of Personal Data shall be entitled to make a repeated request to obtain information related to Personal Data processing and to become acquainted with such Personal Data no earlier than thirty days after the initial request, unless a shorter period is established by federal law, a legal act adopted in accordance with it or an agreement, to which the party or beneficiary or guarantor

The subject of Personal Data shall be entitled to send the Operator a repeated request for information about Personal Data processing, and for acquaintance with processed Personal Data, before the deadline referred to in clause 7.5 if such information and/or processed Personal Data were not made available to him/her in full upon examination of the initial request. A repeat request must contain a justification for sending a repeat request.

7.7 Operator shall be entitled to limit the subject of Personal Data on access to his Personal Data pursuant to Part 8 of Article 14 of Russian Federation Federal Law of 27.07.2006 #152 - FZ "On Personal Data".