Privacy Policy and Personal Data Protection Policy for Users of LLC "Broud"

1. General Provisions

1.1. The Privacy Policy and Personal Data Protection Policy for Users of the website (hereinafter referred to as the "Policy") have been developed by LLC "Broud" (hereinafter referred to as the "Operator") in accordance with Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" and other regulatory legal acts in the field of personal data.

1.2. This Policy applies to all information that the Operator may obtain about the user (hereinafter referred to as the "User") and/or about a third party on behalf of and in the interests of whom the User is acting when using the website broud-legal.ru, its services, programs, and products (if available).

1.3. The purpose of the Policy is to ensure the protection of the rights and freedoms of the User and/or third parties on behalf of and in the interests of whom the User is acting in the processing of their personal data, including the protection of the right to privacy, personal and family secrets, and strict compliance with the requirements of Russian legislation in the field of personal data.

1.4. Users of the website, by using the services and providing their personal data to the Operator, including through the intermediary of third parties, acknowledge their consent to the processing of personal data in accordance with this Policy.

1.5. Consent to the processing of personal data may be revoked by the subject of personal data. In case of withdrawal of consent by the subject of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified by the current legislation.

1.6. The Operator publishes the Policy on the website at the following address: broud-legal.ru, and also provides unlimited access to it to anyone who contacts the Operator directly.

1.7. This Policy applies only to the website broud-legal.ru and does not control or take responsibility for third-party websites that the User may access through links available on the website broud-legal.ru (if available).

2. Purposes of Personal Data Processing. The purposes of personal data processing by the Operator include

  • - Providing the ability to respond to questions sent by the User through the web form on the website (by contacting the Operator);
  • - Providing the ability for other feedback between Operator employees and the User;
  • - Ensuring the fulfillment of the Operator's obligations to Users;
  • - Organizing communication, including via telephone, with Operator employees using the User's phone number, through email correspondence, or other available forms of interaction;
  • - Ensuring the functionality and security of the website;
  • - Other purposes, if the corresponding actions of the Operator do not contradict the current legislation, the Operator's activities, and consent has been obtained for the specified processing.

3. Within the framework of this Policy, the User's personal information includes:

3.1. Any personal information that the User provides voluntarily during the use of feedback forms, including: last name, first name, middle name, phone number, email address, and other information directly specified in the User's consent for personal data processing.

3.2. Data automatically transmitted by the website services during their use, through the software installed on the User's device, including IP address, cookie data, information about the User's browser (or other program used to access the services), technical characteristics of the equipment and software used by the User, date and time of access to the services, addresses of requested pages, and similar information.

3.3. Data about the User's geographical location, internet service provider, data obtained from the User through access to the camera, microphone, and similar devices.

3.4. Other information about the User that is necessary for the use of the website.

4. Principles of Personal Data Processing

4.1. The actions of the Operator are based on the following principles:

  • - Timeliness and accuracy of obtaining consent for personal data processing;
  • - Confidentiality;
  • - Processing only personal data that is relevant to the purposes of its processing;
  • - Prevention of the combination of databases containing personal data, the processing of which is carried out for incompatible purposes;
  • - Accuracy, sufficiency, relevance, and reliability;
  • - Legality of technical measures aimed at personal data processing;
  • - Reasonableness and appropriateness of personal data processing.

4.2. The processing of personal data by the Operator is carried out in accordance with the principles and rules provided for by:

  • Federal Law No. 152-FZ of July 27, 2006, "On Personal Data";
  • Universal Declaration of Human Rights of 1948;
  • International Covenant on Civil and Political Rights of 1966;
  • European Convention for the Protection of Human Rights and Fundamental Freedoms of 1950;
  • Provisions of the Commonwealth of Independent States Convention on Human Rights and Fundamental Freedoms (Minsk, 1995), ratified by the Russian Federation on August 11, 1998;
  • Provisions of the Okinawa Charter on Global Information Society adopted on July 22, 2000;
  • Resolution of the Government of the Russian Federation No. 1119 of November 1, 2012, "On Approval of Requirements for Personal Data Protection during their Processing in Personal Data Information Systems";
  • Order of the Federal Service for Technical and Export Control of Russia No. 21 of February 18, 2013, "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data during their Processing in Personal Data Information Systems.";
  • Other regulatory and non-regulatory legal acts governing personal data processing;
  • This Policy.

5. Obtaining Personal Data

5.1. The user must approach the placement of their personal data on the website reasonably and responsibly.

5.2. The operator obtains personal data in the following ways: - By the user sending a message via email by filling out the form on the website, including when attaching documents to the email; - By the user sending messages via phone/fax; - By automatically collecting information about the user using technologies and services such as web protocols, cookies, and web beacons, which are activated only when the user enters their data; - By other means that do not contradict the legislation of the Russian Federation and international data protection requirements.

5.3. The operator receives and begins processing personal data from the moment of obtaining the user's consent. The user's consent for personal data processing is given through a combination of the following conclusive actions: - By directly using (including viewing) the operator's website; -By agreeing (accepting) the Consent Form before sending an email, by checking the box that says, "I have read the Privacy Policy and consent to the processing of personal data of the website users of LLC 'Broad.'"

5.4. The user can withdraw their consent for personal data processing at any time. To withdraw consent for personal data processing, the user must submit a corresponding written statement to the operator. In this case, the operator must cease their processing or ensure the cessation of such processing. If the retention of personal data is no longer required for processing purposes, the operator must destroy or ensure the destruction of personal data within a period not exceeding 30 (thirty) days from the date of receiving the withdrawal statement.

5.5. The user has the right to send a written request to the operator to cease the processing of personal data. The operator must, within a period not exceeding 10 (ten) business days from the date of receiving the respective request, cease processing personal data or ensure the cessation of such processing, except in cases provided for by applicable legislation. This period may be extended but not more than 5 (five) business days in cases where the operator sends the user a motivated notification with reasons for extending the deadline for providing the requested information.

5.6. In case the user withdraws their consent for personal data processing, the operator may continue processing personal data without the user's consent only if there are grounds specified in regulatory and non-regulatory legal acts regulating personal data processing.

5.7. The user has the right to choose which specific personal data to provide. However, in case of incomplete provision of necessary data, the operator does not guarantee the ability to use the website's services for transmitting all the required information to the operator.

5.8. The User acknowledges, confirms, and agrees that the technical processing and transmission of information on the Operator's website may involve the transfer of data through various networks, including unencrypted communication channels of the Internet, which is never entirely confidential and secure.

5.9. The User understands that any messages and/or information sent through the Operator's server may be read and/or intercepted by third parties without authorization and/or unlawfully.

5.10. The Operator shall not be liable for the actions of third parties who have gained unauthorized and/or unlawful access to the User's personal data, including due to the User's fault.

5.11. The User has the right to receive information from the Operator regarding the processing of their personal data, including confirmation of the fact of processing personal data by the Operator, the legal grounds and purposes of processing personal data, the purposes and methods of personal data processing applied by the Operator, the name and location of the Operator, information about individuals (excluding Operator's employees) who have access to personal data or to whom personal data may be disclosed based on a contract with the Operator or pursuant to federal law, the processed personal data related to the respective User, and other information provided by Federal Law dated July 27, 2006, No. 152-FZ "On Personal Data" or other federal laws. The specified information is provided to the User or their representative by the Operator within 10 (ten) business days from the date of the request or receipt of the User's request by the Operator. This period may be extended, but not more than 5 (five) business days, in case the Operator sends the User a motivated notification with reasons for extending the deadline for providing the requested information. The User's request must contain the number of the primary identity document of the User or their representative, information about the date of issuance of the specified document and the issuing authority, information confirming the User's participation in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation, and/or other information), or information otherwise confirming the fact of personal data processing by the Operator, the User's or their representative's signature.

6. Terms of Processing Personal Data of Users and Its Transfer to Third Parties.

6.1. Personal information of the User is kept confidential, except in cases of the User voluntarily providing information about themselves for general access to an unlimited number of individuals. In this case, the User agrees that a certain part of their personal information becomes publicly accessible.

6.2. Personal data of the User is stored exclusively on electronic media and processed using automated systems unless non-automated processing of personal data is necessary due to legal requirements.

6.3. The Operator, when processing the personal data of the User, ensures the use of databases located on the territory of the Russian Federation.

6.4. The Operator processes personal data by performing any action (operation) or a combination of actions (operations) performed using automation tools or without using such tools, including the following: collection; recording; systematization; accumulation; storage; clarification (updating, changing); retrieval; use; transmission (distribution, provision, access); depersonalization; blocking; deletion; destruction.

6.5. Processing and storage of personal data of Users is carried out for the period necessary for the purposes for which such data were provided, or for the period provided by law, or until the User revokes their consent to the processing of personal data.

6.6. The Operator guarantees organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, alteration, blocking, copying, dissemination, as well as other unlawful actions by third parties.

6.7. The Operator destroys the User's personal data in the following cases: - in the presence of threats to the security of the website, including signs of unauthorized and/or illegal administration of the website by third parties; - upon the User's request.

6.8. The Operator has the right to transfer the User's personal information to third parties in the following cases: - the User has expressed consent to such actions, including when filling out the consent form for the processing of personal data; - the transfer is necessary for the User to use a specific service or to fulfill a specific agreement or contract with the User; - the transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.

7. Special Conditions

7.1. In case of any disputes or disagreements related to the implementation of this Policy, the User and the Operator will make every effort to resolve them through negotiations between them. If disputes are not resolved through negotiations, they shall be resolved in accordance with the current legislation of the Russian Federation.

7.2. The provisions of this Policy come into effect for the User from the moment they start using (including viewing) the Operator's website and remain in effect indefinitely.

7.3. The provisions of this Policy may be changed and/or supplemented by the Operator at any time during its validity at their discretion without the need to obtain the User's consent. All changes and/or additions are posted by the Operator in the corresponding section of the website and take effect on the day of such posting. The User undertakes to promptly and independently familiarize themselves with all changes and/or additions. In case of disagreement with the introduced changes, the User is obliged to discontinue access to the website and cease using the materials and services of the website.

8. Feedback, Questions, and Suggestions

8.1. All suggestions, questions, and notifications regarding this Policy should be sent to broud.llc@gmail.com or to the address: Office 2001-72 The Prime tower Business Bay Dubai.

8.2. The communication should contain the following information: - the number of the main identity document of the User; - information about the date of issuance of the specified document and the issuing authority; - information confirming the User's involvement in relations with the Operator; - the User's signature. The Operator undertakes to consider and send a response to the received request within 30 (thirty) days from the date of receipt of the inquiry.

8.3. All correspondence received by the Operator from the User in written or electronic form is considered as restricted access information and is not disclosed without the User's written consent.