Personal Data Processing Policy

1. General Provisions
This Personal Data Processing Policy (hereinafter — the Policy) has been developed in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (hereinafter — the Personal Data Law) and defines the procedure for processing personal data and measures taken by ООО "АрДжиЭс" (hereinafter — the Operator) to ensure the security of personal data.
1.1. The Operator considers the observance of human and civil rights and freedoms in the processing of personal data, including the right to privacy, personal and family secrecy, as one of its most important goals and conditions for conducting its activities.
1.2. This Policy applies to all personal data that the Operator may obtain about visitors to the website http://rgsco.ru.

2. Basic Terms
2.1. Automated processing — processing of personal data using computing technology.
2.2. Blocking — temporary suspension of data processing (except where processing is required for verification).
2.3. Website — the set of graphic and informational content, software, and databases available online at http://rgsco.ru.
2.4. Personal data information system — a set of databases and technologies used to process personal data.
2.5. Anonymization — actions that render personal data unidentifiable without additional information.
2.6. Processing — any action (operation) performed with or without automation: collection, recording, systematization, accumulation, storage, update, retrieval, use, transfer, anonymization, blocking, deletion, or destruction.
2.7. Operator — a legal entity, authority, or individual organizing and/or processing personal data.
2.8. Personal data — any information relating to an identified or identifiable user of http://rgsco.ru.
2.9. Publicly disclosed data — personal data made publicly accessible by the subject with consent.
2.10. User — any visitor to http://rgsco.ru.
2.11. Provision — the act of disclosing personal data to a specific person or group.
2.12. Distribution — the act of disclosing data to an unspecified number of people.
2.13. Cross-border transfer — transfer of data to a foreign state, foreign legal or natural person.
2.14. Destruction — irreversible actions making data unrecoverable.

3. Rights and Duties of the Operator
3.1. Operator has the right to:
- Request accurate information/documents from the data subject;
- Continue processing without consent under legal grounds provided by the Law;
- Independently determine necessary security measures.
3.2. Operator must:
- Provide data processing information to the data subject;
- Organize processing in accordance with Russian law;
- Respond to requests and inquiries from data subjects;
- Provide required information to the authorized data protection authority;
- Ensure public access to this Policy;
- Take legal, organizational, and technical measures to protect data;
- Stop processing and destroy data when required by law.


4. Rights and Duties of Data Subjects
4.1. Rights include:
- Access to their data processing information;
- Request correction, blocking, or deletion of incomplete or unlawfully obtained data;
- Require prior consent for marketing processing;
- Withdraw consent and demand cessation of processing;
- File complaints with authorities or courts.
4.2. Obligations:
- Provide accurate data;
- Inform the Operator of data changes.
4.3. Liability:
Persons providing false or unauthorized third-party data bear legal responsibility.


5. Data Processing Principles
5.1. Legality and fairness.
5.2. Specific and lawful purposes.
5.3. Incompatibility of combined data purposes is not allowed.
5.4. Data must be relevant to the purpose.
5.5. Data volume must correspond to declared purposes.
5.6. Accuracy and timeliness must be maintained.
5.7. Data should not be stored longer than necessary.


6. Purpose of Processing
Purpose: Informing the User via email.
Data involved: Full name, email address, phone numbers.
Legal basis: Federal Law “On Information, Information Technologies and Information Protection” No. 149-FZ dated 27.07.2006.
Types of processing: Collection, recording, systematization, storage, destruction, anonymization, email communication.


7. Conditions for Processing
7.1. With consent.
7.2. To fulfill legal obligations.
7.3. For court or enforcement procedures.
7.4. For contract performance.
7.5. For legitimate interests, without infringing rights.
7.6. Publicly accessible data.
7.7. Data required by law to be published.


8. Data Handling Procedures
The Operator ensures data security via legal, organizational, and technical measures.
8.1. Data is securely stored, and unauthorized access is prevented.
8.2. Data will not be transferred to third parties without consent, except where legally required.
8.3. Users may update data by emailing sale@rgs-co.ru with the subject “Data Update”.
8.4. Data is processed as long as necessary for the stated purpose.
8.5. Third-party service data handling is governed by their policies.
8.6. Restrictions on dissemination do not apply in public interest cases.
8.7. Confidentiality is ensured.
8.8. Data storage duration is limited to the processing purpose.
8.9. Processing may end upon achieving the purpose, consent expiration, or unlawful processing discovery.


9. List of Processing Actions
9.1. Collection, recording, organization, storage, update, use, transfer, anonymization, blocking, deletion, destruction.
9.2. Automated and non-automated processing including network transmission.


10. Cross-Border Transfer
10.1. The Operator must notify authorities prior to cross-border data transfer.
10.2. Relevant information must be obtained from foreign recipients before transfer.


11. Confidentiality
The Operator and any third parties with access to personal data must not disclose or distribute it without subject’s consent unless required by law.


12. Final Provisions
12.1. Users may request clarification by emailing: sale@rgs-co.ru.
12.2. Changes to this Policy will be reflected in this document.
12.3. The current version of the Policy is available online at: https://rgs-co.ru/privacy/en.