Operator’s Personal Data Processing Policy#

Edition No. 2 of 01.08.2024

This Policy (Policy) defines the general principles, the procedure for the Processing of Personal Data, and measures to ensure its security by LLC "Web-Server", Primary State Registration Number (OGRN) 1227700436578 (Operator).

The purpose of this Policy on Personal Data Processing is to ensure the lawful rights of personal data subjects in accordance with current legislation. The Policy is developed in accordance with the Constitution of the Russian Federation, Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and on Information Protection", Federal Law No. 152-FZ of July 27, 2006 "On Personal Data", and other regulatory legal acts of the Russian Federation.

  1. Key Terms

1.1. Data Center — a specialized organization providing services for the placement of server and network equipment, renting out servers (including virtual ones), which the Operator uses for storing and processing Personal Data.

1.2. Confidentiality of Personal Data — the obligation of persons who have gained access to data not to disclose it to third parties and not to distribute it without the consent of the Personal Data Subject, unless otherwise provided by law.

1.3. Client — a legal entity that receives the right to use the Angie PRO, ANIC software, and other software products of the Operator, for which the Operator is the Rightholder, on the basis of appropriate agreements that grant the right to use the above software, and also has the right to receive Services based on the respective agreement.

1.4. Login — the email address of the Personal Data Subject, provided by him/her during Registration on the Site.

1.5. Processing of Personal Data — any action or set of actions performed using automation tools or without using such tools with Personal Data, including collection, recording, systematization, accumulation, storage, refinement (updating, modification), retrieval, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.

1.6. Password — a combination of characters chosen by the Personal Data Subject and, together with the email address, ensuring account authentication when using the Site.

1.7. Personal Data (Data) — any information that relates directly or indirectly to a specific or identifiable individual (Personal Data Subject).

1.8. Personal Information — any information posted on the Site by the Personal Data Subject about himself/herself, including personal data such as first name, last name, patronymic, phone number, email address, as well as information that is automatically transmitted to the Operator in the process of using the Site, including IP address, cookies.

1.9. Profile — sections of the Site that contain the Personal Information of the Personal Data Subject, accessible using the Login and Password.

1.10. Registration — the registration of the Personal Data Subject on the Site by filling out the registration form.

1.11. Site — the website located on the Internet at support.angie.software (the support website and its pages where Personal Data is collected).

1.12. Personal Data Subject — an individual to whom the Personal Data processed by the Operator pertains.

1.13. Services — a set of services for technical support, maintenance, and ensuring the operability of software, the exclusive right to which belongs to the Operator, provided to the employees (representatives) of the Clients.

  1. Purposes of Personal Data Processing

2.1. The Operator carries out the Processing of Personal Data to achieve specific, predetermined, lawful purposes.

2.2. The Operator processes the Personal Data of Personal Data Subjects for the following purposes:

  • providing the ability to use the Site;

  • identifying Personal Data Subjects;

  • establishing feedback with Personal Data Subjects, including sending notifications, providing Services, processing requests and applications from them;

  • improving the quality of the Services provided, optimizing the use of the Site.

2.3. The Operator takes measures to comply with legal requirements in the field of personal data, does not process data in cases where it is not permitted by law and is not required to achieve the purposes specified by the Operator.

  1. Legal Grounds for Personal Data Processing

3.1. The legal grounds for the Operator’s Processing of Personal Data are:

    1. the consent of the Personal Data Subject to the Processing of his/her data;

    1. an agreement in the performance of which the Personal Data Subject, authorized by a party, is involved.

3.2. Consent to the collection and processing of Personal Data on the Site is expressed by entering Personal Data in the appropriate interface forms for completion and confirming their accuracy by clicking the interface buttons located on the Site, labeled as "sign in," "open a new ticket," or "Check Ticket Status."

  1. Categories of Processed Data and Scope of Processing

4.1. The Operator processes Personal Data in relation to the following Personal Data:

  • first name;

  • last name;

  • patronymic;

  • phone number;

  • email address.

4.2. The Operator ensures that the scope of the processed Personal Data complies with the stated purposes of Processing. The Operator does not allow the Processing of Personal Data that is incompatible with the purposes of its collection, nor does it process data that is excessive relative to the stated purposes.

4.3. The Operator does not process data related to special categories as defined by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data."

  1. Rights of the Personal Data Subject

5.1. The Personal Data Subject has the right to:

  • receive information related to the Processing of his/her Personal Data;

  • access his/her Personal Data and familiarize himself/herself with it, including the right to receive a free copy of the record containing his/her Personal Data;

  • request the exclusion or correction of incorrect or incomplete Personal Data;

  • receive information about the person authorized to process the data;

  • receive information about persons (other than the Operator’s employees) who have access to Personal Data or to whom Personal Data may be disclosed under an agreement with the Operator or under the provisions of the law;

  • receive other information provided by law.

5.2. Information on the availability of Personal Data is provided by the Operator to the Personal Data Subject without information about data relating to other personal data subjects.

5.3. The Personal Data Subject has the right to withdraw his/her consent to the Processing of Personal Data by the Operator by submitting an application in any form. In the event of the Personal Data Subject’s withdrawal of consent to the Processing of Personal Data, the Operator may continue to process Personal Data without the Personal Data Subject’s consent if there are grounds provided by the legislation of the Russian Federation.

5.4. If the Personal Data Subject withdraws consent to Processing, and there are no legal grounds to continue the Processing, the Operator ceases the Processing (ensures the cessation of Processing by persons authorized by the Operator) and destroys or depersonalizes the data (ensures their destruction or depersonalization).

  1. Procedure for Responding to Requests from Personal Data Subjects

6.1. A request from the Personal Data Subject regarding the Processing of his/her Personal Data by the Operator may be sent electronically to the Operator’s address: .

6.2. The request must contain:

  • the last name, first name, patronymic of the Personal Data Subject or his/her representative;

  • the number of the identity document of the Personal Data Subject, as well as that of his/her representative (if the request is sent by a representative), details of the date of issue of the document and the issuing authority;

  • information confirming the Personal Data Subject’s relationship with the Operator, or information otherwise confirming the fact of the Operator’s Processing of Personal Data;

  • the signature of the Personal Data Subject or his/her representative;

  • documents confirming the authority of the representative. The Operator has the right to request additional information to confirm the identity of the person who made the request.

6.3. The Operator does not process requests related to the Processing of Personal Data received by phone or by any means other than those explicitly stated in this section.

6.4. A written response to the Personal Data Subject (or representative) is sent by the Operator regardless of the results of the consideration of the request. The response period to the Subject (or representative) does not exceed 10 (ten) business days from the date of receipt of the request.

6.5. Within 7 (seven) business days from the date the Personal Data Subject or his/her representative provides information confirming that the Personal Data is incomplete, inaccurate, or out of date, the Operator makes the necessary changes.

6.6. In the event of unlawful Processing of Personal Data, the Operator blocks the unlawfully processed data or ensures their blocking (if the Processing of Personal Data is performed by another person acting on behalf of the Operator) for the period necessary to verify the lawfulness of the Processing. If the fact of unlawful Processing of data by the Operator or a person acting on its behalf is confirmed, the Operator, within 3 (three) business days from the date of such confirmation, discontinues the unlawful Processing of the data or ensures the discontinuation of the unlawful Processing of Personal Data by the person acting on behalf of the Operator.

  1. Procedure and Conditions for Personal Data Processing

7.1. Personal Data Subjects give their consent to the Processing of their data in the manner described in paragraph 3.2. of this Policy.

7.2. Methods of Personal Data Processing: The Operator processes Personal Data by performing the following actions: collection, systematization, accumulation, storage, refinement (updating, modification), depersonalization, blocking, destruction.

7.3. The Operator carries out the Processing of Personal Data using automation tools, as well as without using such tools.

7.4. The Operator may place its personal data information systems in a Data Center or cloud computing infrastructure. If, under the terms of the agreement with the Data Center, the Data Center staff is prohibited from accessing the Operator’s processed data, the Operator does not consider the placement as commissioning the Data Center to process Personal Data and does not require the consent of Personal Data Subjects. The agreement with the Data Center (provider) in all cases reflects the requirements for confidentiality and the security of the processed Personal Data.

7.5. Consent of the Subjects to provide their Personal Data is not required upon receiving motivated requests from the prosecutor’s office, law enforcement agencies, investigative and inquiry bodies, security agencies, from state labor inspectors in the exercise of state supervision and control over compliance with the law, and other bodies authorized to request such information under the current legislation of the Russian Federation.

  1. Limitation of Personal Data Storage Period

8.1. The Processing of the Personal Data of Personal Data Subjects is carried out until at least one of the following conditions is met:

  • deletion of the Personal Data Subjects’ Profiles on the Site;

  • withdrawal by the Personal Data Subject of consent to the Processing of his/her Personal Data.

8.2. When the conditions or any of the conditions specified in paragraph 8.1. of this Policy occur, the Operator:

  • deletes the Personal Data; or

  • depersonalizes them so that they are no longer linked to a specific Personal Data Subject.

8.3. Procedure for data deletion:

  • paper-based media — destruction of the media in the presence of the person responsible for the processing of personal data, as well as in the presence of third parties who are employees of the Operator and have permission to work with personal data;

  • electronic media — deletion of data from media, while retaining information about the deletion (deletion data logs).

  1. Ensuring the Security of Personal Data

9.1. When processing data, the Operator takes legal, organizational, and technical measures to protect them from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, provision, and other illegal actions. Measures to ensure the security of Personal Data are an integral part of the Operator’s activities. Data security is achieved by preventing unauthorized or accidental access to the data.

9.2. An organization that has been duly licensed to provide technical protection of confidential information and other licenses, if their possession is required by the legislation of the Russian Federation and is necessary to perform specific work, may be engaged to select and implement methods and means of protecting Personal Data.

9.3. The legal measures taken by the Operator include:

  • the development of the Operator’s local regulations implementing the requirements of Russian legislation, including this Policy;

  • the refusal of any methods of Personal Data Processing that do not comply with the purposes defined in this Policy and with legislative requirements.

9.4. The organizational measures taken by the Operator include:

  • the appointment by the Operator of a person responsible for organizing Data Processing;

  • limiting the number of the Operator’s employees who have access to Personal Data, organizing a system to control access to such data;

  • familiarizing the Operator’s employees who directly process Personal Data with the provisions of the legislation of the Russian Federation on Personal Data, including the requirements for the protection of Personal Data;

  • limiting the admission of unauthorized persons to the Operator’s premises, preventing their stay in premises where work with Personal Data is carried out and where technical means for their Processing are located.

9.5. The technical measures taken by the Operator include:

  • detecting malicious software (using antivirus programs);

  • detecting intrusions into the Operator’s personal data information system that violate or create prerequisites for violating the requirements for ensuring the security of Personal Data;

  • ensuring authorized access of the Operator’s employees to personal data information systems;

  • assessing the effectiveness of measures taken to ensure data security;

  • using secure network interactions.

  1. Location of Databases

10.1. When collecting Personal Data, the Operator ensures the recording, systematization, accumulation, storage, refinement (updating, modification), retrieval of the Personal Data of citizens of the Russian Federation using databases located in the territory of the Russian Federation. If the Operator does not have information about the citizenship of the Personal Data Subject, the Operator presumes that data obtained within the territory of the Russian Federation is obtained from citizens of the Russian Federation.

  1. Technical Information and Cookies

11.1. Cookies are files or fragments of information that can be stored on the computer or other device of a person visiting the Site. Such files may contain various information, such as browser type, operating system, language settings, and other personal page settings, as well as data about the use of the Site.

11.2. Cookies are used to tailor the content of the Site’s pages to the user’s preferences, optimize the Site’s operation, enable recognition of the device, and customize the viewing of the Site to individual needs. Cookies are used for processing activity statistics on the Site, help maintain a session after logging in to the Site, eliminating the need to re-enter login and password on each page of the Site.

Cookies are used to identify Site users. Based on them, the Operator analyzes how Site visitors use it for the further improvement of the Site’s functionality.

11.3. The Operator collects the following types of cookies:

  • Required cookies are necessary for the Site to function. Some parts of the Site would not work without these files.

  • Functional cookies are used to determine visitors’ preferences and configure the Site accordingly. Functional cookies allow the Site to remember personal settings and save information provided by visitors and Personal Data Subjects (e.g., login, username, language, and other preferences). These functions help make the Site more convenient.

  • Analytical and performance cookies contain information on how the user uses the Site, enabling the Operator to identify recurring usage scenarios. With their help, errors occurring in the course of the user’s use of the Site are analyzed. These cookies do not identify individuals, and all information is anonymous.

11.4. A Site visitor may change the settings for the list of cookies collected by the Site at any time in the future.

11.5. Most internet browsers are initially set to automatically accept cookies. Site visitors can change the settings to block cookies or warn them when such files are sent to their device. There are several ways to manage cookies.

If the Site visitor uses different devices to view and access the Site (e.g., a computer, smartphone, tablet, etc.), he/she should ensure that each browser on each device is set according to his/her preferences for working with cookies. To learn how to manage cookies using your browser or device, the Site visitor can refer to the instructions provided by the browser developer or the device manufacturer.

  1. Final Provisions

12.1. The Operator provides unlimited access to this Policy by placing it on the Internet on the Site.

12.2. Other rights and obligations of the Operator are determined by the legislation of the Russian Federation in the field of Personal Data.

12.3. This Policy is reviewed as necessary. A mandatory review is conducted in the event of changes to the norms of international law binding on the Russian Federation or the legislation of the Russian Federation in the field of Personal Data. When making changes to the Policy, changes in the Operator’s information infrastructure, and the practice of law enforcement in the field of data protection in the Russian Federation are taken into account.

12.4. Yandex.Metrica is placed on the Site, collecting data in accordance with its privacy policy, the text of which is posted on the Internet at: https://yandex.ru/legal/confidential/.

The Operator does not conduct independent collection and processing of data processed by Yandex.Metrica.

LLC "Web-Server". OGRN: 1227700436578. Address: 127015, Russia, Moscow, Vyatskaya St., 27, Bldg. 7. Phone: +7 (495) 120 50 33. Email: .