Operator's Personal Data Processing Policy
Edition dated May 29, 2025

1. General Provisions
1.1. The Operator's Personal Data Processing Policy (hereinafter – the Policy) is developed to ensure the protection of the rights and freedoms of the personal data subject during the processing of their personal data, including protection of privacy rights, personal and family secrets.
1.2. Key terms used in the Policy:

• personal data – any information relating directly or indirectly to an identified or identifiable natural person (personal data subject);
• processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data;
• mixed processing of personal data – processing of personal data by a person using computing equipment;
• distribution of personal data – actions aimed at disclosing personal data to an indefinite number of persons;
• provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
• blocking of personal data – temporary cessation of personal data processing (except when processing is necessary for data clarification);
• destruction of personal data – actions resulting in impossibility of restoring the content of personal data in the personal data information system and/or resulting in destruction of the material carriers of personal data;
• anonymization of personal data – actions resulting in impossibility to identify the personal data subject without additional information;
• personal data operator (Operator) – Individual Entrepreneur Stepanov Nikita Alekseevich, Taxpayer Identification Number (INN): 890105617181, Primary State Registration Number of the Individual Entrepreneur (OGRNIP): 322213000015704
• Website – yuga.vision

1.3. The Operator who has obtained access to personal data is obliged to maintain confidentiality of personal data – not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.

2. Purposes of Personal Data Collection
2.1. Processing of personal data is limited to achieving specific, pre-defined, and lawful purposes. Processing incompatible with the purposes of data collection is not allowed.
2.2. The Operator's purposes of processing personal data include:
establishing feedback with the personal data subject, including sending notifications and requests.
3. Legal Grounds for Personal Data Processing
3.1. Legal grounds for processing personal data include:
consent to personal data processing.
3.2. Consent to personal data processing is expressed by the subject by placing a “V” mark next to the clause “I agree with the terms of the personal data processing policy” and “I give consent to the processing of personal data” or any other clause similar in content on the Operator’s Website.

4. Categories and List of Processed Personal Data, Categories of Personal Data Subjects
4.1. The content and volume of processed personal data correspond to the declared purposes of processing. Processed personal data must not be excessive in relation to the declared purposes.
4.2. Category of processed personal data: general.
4.3. List of processed personal data:

• Phone number;
• Full name.

4.4. Categories of personal data subjects:
Website users.
4.5. For obtaining general information on how the Operator’s website is used by visitors, the Operator uses tracking technologies (cookies) to collect personal data such as browser type or operating system, referrer page, site path, internet service provider domain, etc. Cookies enable improving the Operator’s website according to visitors’ needs. The Operator stores all information collected via cookies in a format that does not allow personal identification. Information obtained through cookies is not transferred to third parties.

5. Rights and Obligations of the Parties
5.1. The Operator has the right to:

• receive reliable information from the personal data subject;
• continue processing personal data after withdrawal of consent if there are legal grounds;
• determine measures to fulfill obligations under the legislation.

5.2. The Operator is obliged to:

• provide the User with information about their personal data;
• respond to User’s requests within 30 days from receipt, unless otherwise provided by Russian legislation;
• organize personal data processing in accordance with Russian law;
• protect personal data from unauthorized access and leaks;
• provide unrestricted access to this Policy.

5.3. The User has the right to:

• receive information about their personal data;
• require clarification, blocking, or destruction of their personal data;
• withdraw consent to personal data processing;
• appeal the Operator’s actions to authorized bodies.

5.4. The User is obliged to:
provide the Operator with accurate data about themselves.

6. Procedure and Conditions for Personal Data Processing
6.1. The Operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), anonymization, blocking, deletion, destruction.
6.2. Personal data processing is carried out by mixed means without internal network transfer but with internet transfer.
6.3. The Operator does not perform cross-border data transfer.
6.4. Processing is limited to specific, pre-defined, lawful purposes set in this policy. Only personal data meeting the processing purposes and listed in this policy are processed. The content and volume of personal data processed must correspond to the declared purposes.
6.5. The source of personal data is the Website.
6.6. The place of personal data storage is the Operator’s local computer.
6.7. The condition for termination of processing is termination of the Operator’s activities and thus the Website.
6.8. The personal data retention period is no more than 10 years from the date of receipt by the Operator.
6.9. Transfer of personal data to third parties is possible in the following cases:

• for fulfillment of the contract between the Operator and the User;
• to comply with Russian legislation requirements.

6.10. The Operator and other persons with access to personal data must not disclose or distribute personal data without consent of the personal data subject. Transfer (distribution, provision, access) of personal data permitted by the subject for distribution must be stopped at any time upon the subject’s demand. Such a demand must include full name, contact information (phone number, email, or postal address) of the personal data subject, and a list of personal data to stop processing. The specified personal data may be processed only by the Operator to whom the demand is sent.
6.11. The Operator takes the following measures to ensure personal data security:

• appointment of a responsible person for personal data processing organization (if Operator is a legal entity);
• issuing documents defining the Operator’s personal data processing policy (if Operator is a legal entity);
• acquainting employees directly processing personal data with Russian legislation, data protection requirements, Operator’s policies, and local regulations, and/or training such employees;
• establishing access rules and registration of all actions with personal data in the information system.

6.12. The Operator ensures personal data security by means of licensed software protection tools (antivirus programs).