Personal Data Processing Policy (Privacy Policy)

APPROVED
Head of the Operator — LLC “VODACO”
Moscow, September 1, 2022

1. General Provisions

1.1. The Personal Data Processing Policy (hereinafter — the “Policy”) is issued and applied by LLC “VODACO” (hereinafter — the “Operator”) in accordance with clause 2, part 1, article 18.1 of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data.”

1.1.1. The basis for developing this Policy is the Constitution of the Russian Federation, the Labor Code of the Russian Federation, Federal Law No. 152-FZ of July 27, 2006 “On Personal Data,” and other applicable regulatory legal acts of the Russian Federation.

1.1.2. This Policy defines the Operator’s policy, procedures, and conditions for processing personal data of the Operator’s employees and third parties, and establishes procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations related to personal data processing.

1.1.3. All issues related to personal data processing that are not regulated by this Policy shall be resolved in accordance with the applicable legislation of the Russian Federation in the field of personal data.

1.1.4. The purpose of this Policy is to protect the personal data of the Operator’s employees and third parties from unauthorized access and disclosure. Personal data is always confidential, strictly protected information.

1.2. The purposes of personal data processing are:

Purpose 1. Promotion of the Operator’s goods, works, and services in the market through direct contacts with a potential consumer/representative of the buyer using communication means.
Purpose 2. Personnel, accounting, and tax records.
Purpose 3. Calculation and payment of wages.
Purpose 4. Recording employees’ working time.
Purpose 5. Military registration.
Purpose 6. Submission of reports and requested information to state authorities.
Purpose 7. Conclusion and performance of contracts with individuals or contracts for which individuals are engaged for their conclusion and/or performance.
Purpose 8. Recruitment for vacant positions.

1.3. This Policy does not apply to relationships arising from:

1. organizing the storage, collection, accounting, and use of documents containing personal data within the Archive Fund of the Russian Federation and other archive funds in accordance with the legislation on archival matters in the Russian Federation;

2. processing personal data classified as state secrets in the prescribed manner.

1.4. Processing is organized by the Operator on the principles of:

— lawfulness of purposes and methods of personal data processing, good faith and fairness in the Operator’s activities;
— limiting personal data processing to achieving specific, predetermined, and lawful purposes;
— accuracy and sufficiency of personal data for processing purposes; inadmissibility of processing personal data that is excessive relative to the purposes declared at collection;
— processing only personal data that meets the purposes of processing. Processing incompatible with the purposes of collection is not permitted;
— compliance of the content and scope of processed personal data with the stated purposes of processing; processed data must not be excessive;
— inadmissibility of combining databases containing personal data processed for incompatible purposes;
— ensuring the accuracy, sufficiency, and, when necessary, relevance of personal data relative to processing purposes. The Operator shall take necessary measures or ensure measures are taken to delete or clarify incomplete or inaccurate data;
— storing personal data in a form allowing identification of the personal data subject no longer than required by the purposes of processing, unless a federal law or a contract to which the personal data subject is a party, beneficiary, or guarantor sets a retention period. Processed personal data shall be destroyed or anonymized upon achieving the purposes of processing or when these purposes are no longer necessary, unless otherwise provided by federal law.

1.5. Personal data processing is carried out in compliance with the principles and rules established by Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” and by this Policy.

1.6. Methods of personal data processing:

— using automation tools;
— without using automation tools.

1.7. List and categories of personal data processed.

The following categories of personal data are processed in the Operator’s information systems:

1.8. Categories of subjects whose personal data is processed.

Category 1 — the Operator’s employees;
Category 2 — the Operator’s participants (members);
Category 3 — applicants for the Operator’s open vacancies;
Category 4 — potential counterparties of the Operator;
Category 5 — counterparties of the Operator who are individuals;
Category 6 — individuals engaged by the Operator’s counterparty to conclude/perform a contract.

1.9. For each purpose of personal data processing, the category (list) of personal data processed, the categories of data subjects, the methods and terms of processing and storage, and the procedure for destruction upon achieving the purposes of processing or upon other lawful grounds are defined in Table 1.9.

Table 1.9

2. Conditions for Processing Personal Data by the Operator

2.1. The Operator processes personal data subject to the following conditions:

1. processing is carried out with the personal data subject’s consent to the processing of their personal data;

2. processing is necessary to achieve the goals provided by an international treaty of the Russian Federation or by law, to exercise and perform functions, powers, and duties imposed on the Operator by the legislation of the Russian Federation;

3. processing is carried out in connection with a person’s participation in constitutional, civil, administrative, criminal proceedings, or proceedings in arbitration courts;

4. processing is necessary to enforce a court decision or an act of another authority or official to be enforced in accordance with the legislation of the Russian Federation on enforcement proceedings;

5. processing is necessary for the performance of powers of federal executive authorities, state extra-budgetary funds, executive authorities of the subjects of the Russian Federation, local self-government bodies and functions of organizations participating in the provision of state and municipal services as provided by Federal Law No. 210-FZ of July 27, 2010 “On the Organization of the Provision of State and Municipal Services,” including registration of the personal data subject on the unified or regional portals of state and municipal services;

6. processing is necessary for the performance of a contract to which the personal data subject is a party, beneficiary or guarantor, as well as for the conclusion of a contract at the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor. A contract concluded with a personal data subject may not restrict the rights and freedoms of the personal data subject, establish cases for processing minors’ personal data unless otherwise provided by the legislation of the Russian Federation, nor may it stipulate the subject’s inaction as a condition of contract conclusion;

7. processing is necessary to protect the life, health or other vital interests of the personal data subject, if obtaining the subject’s consent is impossible. Processing of personal data concerning health obtained as a result of depersonalization is allowed for improving state or municipal governance, as well as for other purposes provided by Federal Law No. 123-FZ of April 24, 2020 and Federal Law No. 258-FZ of July 31, 2020, under the procedures and conditions they set;

8. processing is necessary to exercise the rights and lawful interests of the Operator or third parties, including in cases provided by Federal Law No. 230-FZ of July 3, 2016, or to achieve socially significant purposes, provided that the rights and freedoms of the personal data subject are not violated;

9. processing is necessary for the professional activity of a journalist and/or the lawful activities of a mass media outlet or for scientific, literary or other creative activities, provided that the rights and lawful interests of the personal data subject are not violated;

10. processing is carried out for statistical or other research purposes, except for the purposes specified in Article 15 of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data,” subject to mandatory depersonalization of personal data;

11. processing of personal data obtained as a result of depersonalization is carried out to improve state or municipal governance, and for other purposes provided by Federal Law No. 123-FZ of April 24, 2020 and Federal Law No. 258-FZ of July 31, 2020, under the procedures and conditions provided therein and in Federal Law No. 152-FZ;

12. processing is carried out for personal data subject to publication or mandatory disclosure in accordance with federal law.

2.2. Under a contract, the Operator may entrust personal data processing to a third party. A material term of such a contract is that the party has the right to process personal data and is obliged to ensure confidentiality and security of personal data during processing.

2.3. Personal data must be stored in a form allowing identification of the personal data subject no longer than required by the purposes of processing and shall be destroyed upon achieving the purposes of processing or when they are no longer necessary, in accordance with the Operator’s Personal Data Storage Policy.

2.4. Interaction with federal executive authorities on issues of processing and protecting personal data of subjects whose data is processed by the Operator shall be carried out within the framework of the legislation of the Russian Federation.

3. Special Categories of Personal Data. Other Conditions.

3.1. The Company may process special categories of personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, or sex life, in cases where:

• processing such categories of personal data is necessary to achieve specific, predetermined, lawful purposes;
• the personal data subject has given written consent to the processing of their personal data;
• personal data has been made public by the personal data subject;
• processing is necessary to protect the life, health or other vital interests of the personal data subject or other persons and obtaining consent is impossible.

3.2. Information characterizing physiological and biological features of a person on the basis of which their identity can be established (biometric personal data) and used to establish identity is not processed by the Company.

3.3. Cross-border transfer of personal data is not carried out by the Company.

3.4. Decision-making based solely on automated processing.

3.5. Decisions that produce legal consequences for a personal data subject or otherwise affect their rights and legitimate interests are not made based solely on automated processing of personal data. Such decisions may be made only with the personal data subject’s written consent or in cases provided by federal laws, which also establish measures to ensure the rights and legitimate interests of the personal data subject.

4. Rights of the Personal Data Subject

4.1. In accordance with Chapter 3 of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data,” a personal data subject has the right to obtain information concerning the processing of their personal data by the Company, namely:

• confirmation of the fact of processing by the Company;
• legal grounds and purposes of processing;
• purposes and methods of processing used by the Company;
• name and location of the Company; information about persons (other than Company employees) who have access to personal data or to whom data may be disclosed under a contract with the Company or under federal law;
• processed personal data relating to the respective subject and the source of its receipt, unless otherwise provided by federal law;
• time limits for processing personal data, including retention periods;
• the procedure for exercising the rights of the personal data subject as provided by Federal Law No. 152-FZ;
• information about completed or intended cross-border data transfers;
• the name or full name and address of the person processing personal data on behalf of the Company, if processing is or will be entrusted to such person;
• information on how the Operator fulfills the obligations established by Article 18.1 of the Federal Law “On Personal Data”;
• other information provided by Federal Law No. 152-FZ or other federal laws.

4.2. A personal data subject has the right to request that the Company clarify, block, or destroy their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, and to take measures provided by law to protect their rights.

4.3. A personal data subject has the right to object to decisions producing legal consequences in relation to them based solely on automated processing of personal data.

4.4. A personal data subject has the right to withdraw consent to the processing of their personal data. In the event of withdrawal, the Company may continue processing without consent where grounds specified in Federal Law No. 152-FZ of July 27, 2006 apply.

4.5. The personal data subject’s right of access to their personal data may be restricted in accordance with federal laws.

4.6. In consent for processing personal data permitted by the subject for dissemination, the personal data subject may establish prohibitions on transfer (other than granting access) of such personal data by the operator to an unlimited number of persons, as well as prohibitions or conditions for processing (other than access) by an unlimited number of persons. The operator may not refuse establishment of such prohibitions and conditions.

4.7. The Operator ensures the rights of personal data subjects as established by Chapters 3 and 4 of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data.”

4.8. The authority of a representative to act on behalf of a personal data subject shall be confirmed by a power of attorney executed in accordance with Articles 185 and 185.1 of the Civil Code of the Russian Federation, part 2 of Article 53 of the Civil Procedure Code of the Russian Federation, or notarized under Article 59 of the Fundamentals of Notary Legislation of the Russian Federation (approved by the Supreme Council of the Russian Federation on 11.02.1993 No. 4462-1). A copy of the representative’s power of attorney, made by the Operator from the original, is kept by the Operator for at least three years, or for no less than the retention period of the personal data if longer than three years.

4.9. The information specified in part 7 of Article 22 of Federal Law No. 152-FZ is provided to the personal data subject by the Operator in an accessible form without personal data relating to other subjects, unless there are legal grounds for disclosure of such personal data, in electronic form. At the request of the personal data subject, it may be duplicated on paper. The accessible form is certified by the PD Processing Curator or another employee authorized by an order of the Operator’s head.

4.10. The information specified in part 7 of Article 14 of Federal Law No. 152-FZ is provided to the personal data subject or their representative by the operator within 10 (ten) business days from the date of the request or receipt of the subject’s (or representative’s) request. This period may be extended by no more than 5 (five) business days if the operator sends a reasoned notice to the subject stating the reasons for extension. The request must contain the number of the main identity document of the subject or representative, its date of issue and issuing authority, information confirming the subject’s participation in relations with the operator (contract number, date, conventional verbal designation and/or other information), or information otherwise confirming the fact of processing by the operator, and the signature of the subject or representative. The request may be sent as an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation. The operator provides the information specified in part 7 of Article 14 to the subject or representative in the same form as the request unless otherwise indicated.

4.11. A personal data subject has the right to obtain information concerning the processing of their personal data in the manner prescribed by the legislation of the Russian Federation. The subject may demand that their personal data be clarified, blocked, or destroyed if the data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the declared purpose of processing, and may take measures provided by law to protect their rights.

4.12. A personal data subject who is a website user consents to receiving notifications about new products and services, special offers, and various events. The user may unsubscribe at any time by sending an e-mail to info@vodaco.ru with the note “Unsubscribe.”

4.13. A personal data subject who is a website user may withdraw their consent to processing at any time and may obtain explanations on matters concerning the processing of their personal data by sending a request to: info@vodaco.ru. Other rights and obligations of the website user and LLC “VODACO” are determined by the legislation of the Russian Federation on personal data.

4.14. The personal data subject’s right of access to their personal data may be restricted in accordance with federal laws.

5. Consent of the Personal Data Subject to the Processing of Their Personal Data

5.1. A personal data subject decides to provide their personal data and consents to its processing freely, of their own will, and in their own interest. Consent to processing is specific, informed, deliberate, and unambiguous.

5.2. If consent is obtained from a representative, the Company shall verify the representative’s authority to give consent on behalf of the subject.

5.3. In cases provided by federal law, personal data processing is carried out only with the personal data subject’s written consent.

5.4. If the personal data subject is legally incapable, consent to processing is given by the subject’s legal representative.

5.5. The Operator keeps records of consents received in the Consent Register(s).

5.6. A simple written form is sufficient for written consent.

5.7. Consent to processing of personal data provided via the feedback form on the Operator’s website https://vodaco.ru is given by checking V (a checkbox) next to: “I have read the Personal Data Processing Policy and the consent to processing, and I agree to the processing and storage of my personal data.”

5.8. The Operator shall immediately cease, upon the personal data subject’s demand, the processing of their personal data referred to in part 1 of Article 15 of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data.”

6. Obligations of the Operator

6.1. In accordance with Chapter 4 of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data,” the Operator shall:

• provide, upon request, information concerning the processing of a personal data subject’s personal data;
• explain to the subject the legal consequences of refusing to provide their personal data and/or to consent to its processing;
• ensure recording, systematization, accumulation, storage, clarification (updating, alteration), and retrieval of personal data of citizens of the Russian Federation using databases located in the territory of the Russian Federation, except as provided by Federal Law No. 152-FZ;
• before processing personal data obtained not from the subject, provide the subject (unless exceptions under Federal Law No. 152-FZ apply) with the following information: the Operator’s name or full name and address (or its representative’s), the purpose and legal basis for processing, the list of personal data, the intended users of personal data, the source of personal data, and the personal data subject’s rights.

6.2. Upon request by a personal data subject, the Company shall inform the subject or representative of the availability of personal data relating to the subject and provide access to such data upon request or within ten business days of receiving the request. This period may be extended by no more than five business days by sending a reasoned notice stating the reasons for extension.

6.3. In case of refusal to provide information, the Company shall provide a written, reasoned response, containing a reference to part 8 of Article 14 of Federal Law No. 152-FZ or another federal law constituting the basis for refusal, within no more than ten days from receipt of the request. This period may be extended by up to five business days with a reasoned notice.

6.4. Upon request by a personal data subject, within no more than seven business days from submission of evidence that the personal data is incomplete, inaccurate or outdated, the Company shall make necessary changes. This period may be extended by up to five business days with a reasoned notice.

6.5. Upon request by a personal data subject, within no more than seven business days from submission of evidence that personal data was unlawfully obtained or is not necessary for the stated purpose, the operator shall destroy such data.

6.6. The Company shall notify the subject or representative about changes and measures taken and make reasonable efforts to notify third parties to whom the subject’s personal data was transferred.

6.7. The Company shall provide the authorized body for the protection of personal data subjects’ rights with necessary information within ten business days of receiving a request. This period may be extended by no more than five business days with a reasoned notice stating the reasons for extension.

6.8. The Operator fulfills duties related to processing, ensuring security and confidentiality of employees’ and third parties’ personal data as provided by the laws of the Russian Federation, this Policy, and the Operator’s local acts.

7. Implemented Personal Data Protection Requirements (Security Measures)

7.1. The Company takes necessary and sufficient measures to ensure fulfillment of obligations established by Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” and by the regulations adopted pursuant to it.

7.2. Security is ensured by measures necessary and sufficient to fulfill the obligations established by Federal Law No. 152-FZ, namely:

7.2.1. Threats to personal data security when processed in information systems are identified. Considering relevant type-3 threats, a decision has been made to ensure the 4th level of personal data protection.

7.2.2. Legal, organizational, and technical measures are applied to protect personal data against unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as other unlawful actions. Among them:

a) a security regime is organized for premises hosting the information system to prevent uncontrolled access or presence of unauthorized persons;
b) preservation and accounting of personal data media are ensured;
c) a document is approved defining the list of persons whose access to personal data processed in the information system is necessary to perform their official (labor) duties;
d) information security tools that have undergone conformity assessment to the requirements of the legislation of the Russian Federation in the field of information security are used where necessary to neutralize relevant threats;
e) employees responsible for PD processing and for ensuring PD security in the information system are appointed;
f) measures are implemented to protect technical means excluding unauthorized access to stationary technical means processing PD, to means ensuring system operation, and to premises where they are permanently located. When accessing electronic PD media or storage locations of physical PD media, identification and authentication of access subjects and objects are performed, assigning unique identifiers and verifying them. Access management ensures assignment of rights/privileges, segregation of access based on established rules, and control of compliance with these rules;
g) measures to restrict the software environment are implemented, ensuring installation and/or launch only of software permitted for use in the information system or excluding installation and/or launch of prohibited software; authorized user access to PD in normal operation is provided (measures to ensure PD availability);
h) measures to protect machine-readable PD media (processing/storage media, removable media) are implemented, excluding unauthorized access and use;
i) measures to detect and respond to incidents are implemented, ensuring detection, identification, and analysis of incidents in the information system; security events are logged. Upon breach of system integrity and presence of a security threat, measures are taken to eliminate and prevent incidents;
j) anti-virus protection and intrusion detection (prevention) measures, as well as measures to ensure integrity of the information system and PD, are implemented;
k) internal control is organized to ensure that PD processing complies with Federal Law No. 152-FZ, subordinate regulations, PD protection requirements, the Company’s PD policy, and local acts (control of PD protection and security measures);
l) measures to protect the information system, its means, communication and data transmission systems are implemented to protect PD during interaction with other information systems and networks by applying architectural and design decisions aimed at ensuring PD security;
m) measures for configuration management of the information system and PD protection system are implemented;
n) in case of modification or destruction of PD due to unauthorized access, restoration of PD is carried out;
o) documents are issued defining the PD processing policy, local acts on PD processing specifying for each processing purpose the categories and list of PD processed, categories of subjects, methods, terms of processing and storage, and the procedure for destruction, as well as local acts establishing procedures to prevent and detect violations of the legislation of the Russian Federation and to eliminate their consequences;
p) assessment of harm that may be caused to PD subjects in case of non-compliance with Federal Law No. 152-FZ is carried out, and the correlation between harm and measures to ensure compliance is determined;
q) employees directly processing PD are familiarized with the legislation of the Russian Federation on PD, including PD protection requirements, documents defining the Company’s PD policy, and local acts on PD processing;
r) the Company has published and ensures unrestricted access to the document defining the PD processing policy and to information on implemented PD protection requirements, including on the Operator’s website on the Internet https://vodaco.ru/private-policy/ (hereinafter — the “Website”), through which personal data is collected;
s) the effectiveness of PD security measures implemented within the PD protection system is evaluated by the operator independently or with licensed contractors. Such evaluation is carried out at least once every 3 years.

8. Procedure for Processing Personal Data

8.1. In accordance with the established goals and objectives, before starting PD processing the Operator appoints a Personal Data Processing Coordinator and a Personal Data Security Coordinator.

8.2. Coordinators receive instructions directly from, and report to, the Operator’s executive body.

8.3. The PD Processing Coordinator may prepare and sign the notification provided for by parts 1 and 3 of Article 22 of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data.”

8.4. The Operator’s employees directly processing PD must, before starting work, be familiarized against signature with the legislation of the Russian Federation on PD (including PD protection requirements), the documents defining the Operator’s PD policy, local acts on PD processing, this Policy and its amendments. The list of employees directly processing PD is approved.

8.5. The PD Security Coordinator shall:

8.5.1. organize technical measures to protect PD processed by the Operator in the information system against unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as other unlawful actions;
8.5.2. exercise internal control to ensure that employees admitted to PD processing comply with the legislation of the Russian Federation governing access to the information system and electronic PD media and comply with security rules for automated PD processing.

8.6. The PD Processing Coordinator shall:

8.6.1. organize legal and organizational measures to protect PD processed by the Operator against unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as other unlawful actions;
8.6.2. exercise internal control to ensure employees’ compliance with the legislation of the Russian Federation on PD, including PD protection requirements;
8.6.3. inform employees about the legislation of the Russian Federation on PD, local acts on PD processing, and PD protection requirements;
8.6.4. organize the reception and handling of appeals and requests from PD subjects or their representatives and control such processing;
8.6.5. in case of breach of PD protection requirements, take necessary measures to restore violated rights of PD subjects.

8.7. The PD Processing Coordinator and the PD Security Coordinator have the right to:

• access information concerning the PD processing entrusted to them, including:
• purposes of PD processing;
• categories of PD processed;
• categories of subjects whose PD is processed;
• legal grounds for PD processing;
• a list of actions with PD and a general description of the methods used by the Operator;
• a description of the measures provided by Articles 18.1 and 19 of Federal Law No. 152-FZ, including information about the existence and names of cryptographic means;
• the date of commencement of PD processing;
• the term or conditions for termination of PD processing;
• information on the presence or absence of cross-border PD transfers during processing;
• information on ensuring PD security in accordance with PD protection requirements established by the Government of the Russian Federation;
• engage other Operator employees to implement PD security measures, assigning them appropriate duties and responsibilities.

8.8. Depending on established goals and objectives, PD processing, retrieval, use, and transfer (distribution, provision, access) are carried out only by employees authorized to process PD.

8.9. Anonymization, blocking, deletion, and destruction of personal data are carried out by a commission consisting of the PD Processing Coordinator, the PD Security Coordinator, and an employee authorized to process PD, under the following procedure:

8.9.1. An annual appraisal of the value of files (documents) containing PD with permanent and temporary retention periods is carried out. Based on the appraisal, file registers are compiled for permanent, long-term (over 10 years), and personnel files (including registers of permanently retained electronic documents) (hereinafter — “file registers”).
8.9.2. Documents (files) not subject to retention and included in the relevant acts are destroyed in the presence of a special commission created specifically for destruction of documents.
8.9.3. Upon completion of destruction, an act of destruction is drawn up; records (file plans, journals) are marked “Destroyed. Act (date, No.)” and certified by signatures of the commission members or the employee maintaining records of documents containing PD.
8.9.4. Paper documents selected for destruction are destroyed using a shredding machine by cutting into pieces, guaranteeing impossibility of restoring the text.
8.9.5. Upon expiration of processing periods, PD on electronic media are destroyed by mechanical damage to the media preventing reading or recovery, or by deletion using guaranteed residual information removal methods and tools.

9. Use of Technical Data

9.1. To improve Website performance and facilitate its use, cookies are employed.

Cookies are small data fragments enabling the Website to distinguish new and returning Users and determine how the Website is used; cookies are also necessary to ensure the Website’s operation.

Under applicable Russian law, we may store cookies on a User’s computer if they are necessary for the Website to operate. Storing other types of cookies requires the User’s permission.

If Adobe Flash is installed on the User’s computer (it is present on most computers) and the User uses media players, we store Flash cookies on the User’s computer. These files are used to store data necessary for playback of video or audio content and to store the User’s preferences.

LLC “VODACO” uses web analytics services to learn how Users use the Website. Such services count Users and provide general information about User behavior (e.g., keywords used in search engines to reach the Website, average session duration, or average number of pages viewed). For this purpose, basic cookies are placed on the User’s computer.

If the User wishes to disable cookies, they need to configure their computer settings to disable all types of cookies or enable a warning when cookies are saved.

For registered Users, information about the use of ports on Users’ devices may be collected to detect suspicious activity and protect Users’ personal data. Data may be obtained using various methods such as cookies, web beacons, etc.

9.2. The Website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies (text files placed on the User’s computer) to analyze how Users use the Website. Information about the use of this Website (including an anonymous IP address) collected by the cookie is transmitted to and stored by Google on servers in the USA. Google uses this information to evaluate Website use, compile reports for Website staff, and provide other services related to Website activity and Internet usage. Google may transfer such information to third parties where required by law or where third parties process the information on Google’s behalf. The transmitted IP address is not combined with other Google data. The User can refuse the use of cookies in their browser settings; however, in this case, some Website functions may be unavailable.

If the User does not agree with the use of this type of files on the Website, they must adjust their browser settings accordingly or stop using the Website.

Information on changing cookie settings for the User’s browser can be found at:

— Microsoft Edge: https://support.microsoft.com/ru-ru/help/4555686/temporarily-allow-cookies-and-site-data-in-microsof…
— Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
— Google Chrome: https://support.google.com/chrome/answer/95647?hl=ru
— Firefox: https://support.mozilla.org/ru/kb/vklyuchenie-i-otklyuchenie-kukov-ispolzuemyh-veb-s
— Safari: http://help.apple.com/safari/mac/8.0/#/sfri11471
— Opera: https://help.opera.com/ru/latest/web-preferences/#cookies
— Yandex: https://yandex.ru/support/browser/personal-data-protection/cookies.html
— Orbitum: https://orbitum.com/ru/faq/

10. Final Provisions

10.1. Amendments to this Policy are made by issuing a corresponding order signed by the head of the Operator.

10.2. When amendments are made, the header shall indicate the date of the latest update. The new version comes into force upon its publication.

10.3. The current version of this Policy is available at any time at: https://vodaco.ru/private-policy/. LLC “VODACO” reserves the right to unilaterally amend the Policy provided that the amendments do not contradict the legislation of the Russian Federation. Changes to these terms take effect upon their publication on the Website.