Personal Data Processing Policy

This document sets forth our principles and rules regarding personal data processing on the Website.

Please review this Policy before using the Website.

If you have any questions, please contact us by email at: office.msk@neginski.com

Terms and definitions

1. General Provisions

   1. The Controller has developed this Policy to:

      1. protect the rights and freedoms of Data Subjects in the Processing of their Personal Data;
      2. ensure clear and strict compliance with the requirements of the Russian Federation legislation in the field of personal data, including the requirements of Federal Law No. 152-FZ dated July 27, 2007 "On Personal Data";
      3. prevent any unauthorized actions by third parties in relation to Processing;
      4. prevent the occurrence of potential security threats to Data Subjects.

   2. The Controller reserves the right to amend the Policy. The new version of the Policy shall enter into force upon its publication.

   3. If the Data Subject continues to use the Website after the new version of the Policy comes into effect, this shall constitute acceptance of the terms of the new version.

2. Purposes of Processing

   1. The Controller processes Personal Data for the following purposes:

      Purpose	Category of Data Subjects	Personal Data	Processing Period	Destruction Procedure
      Submission of applications on the Website	Website User	• name • email • phone number	Until withdrawal of consent or termination of Website operation	Deletion from database without possibility of recovery
      Publishing reviews	Counterparty representatives, clients	• name • photograph	Until deletion of review or termination of Website operation	Deletion from database without possibility of recovery
      Publishing personnel data	Controller's Employees	• full name • photograph • job title	Until withdrawal of consent or termination of Website operation	Deletion from database without possibility of recovery
      Sending advertising and informational mailings	Counterparty representatives, counterparties, Website User	• full name • phone number • email	Until withdrawal of consent or termination of Website operation	Deletion from database without possibility of recovery
      Analytical research of Website User behavior	Website User	• metadata (IP address, browser user agent, fingerprint) • cookies	Until termination of Website operation	Deletion from database without possibility of recovery

   2. The Website User may change their browser settings and refuse to store cookies (Google Chrome, Яндекс.Браузер, Mozilla Firefox, Safari).

   3. For the purpose of analytical research of Website User behavior, the Controller processes the specified Personal Data using the Yandex.Metrica metric services.

   4. The Yandex.Metrica service:

      1. is available at https://metrika.yandex.ru/
      2. is owned by Yandex LLC, registered at 119021, Moscow, 16, Lev Tolstoy Street (hereinafter – Yandex).

   5. Information stored in such cookies is transmitted to and stored on Yandex servers. The Website User consents to the Controller processing and transferring data to Yandex.

   6. The User may block the Yandex.Metrica service. To do so, the User may download and install the browser add-on from the link.

   7. When Yandex.Metrica is blocked, certain Website functions may become unavailable.

3. Processing Principles

   1. The Controller processes Personal Data based on the following principles:

      1. lawful and fair basis for Processing;
      2. Processing in accordance with specific, predetermined, and lawful purposes;
      3. prohibition of combining databases containing Personal Data processed for purposes incompatible with each other;
      4. correspondence of the content and scope of Personal Data to the stated Processing purposes;
      5. accuracy, adequacy, relevance, and reliability of Personal Data;
      6. lawfulness of technical measures aimed at Processing;
      7. reasonableness and expedience of Processing;
      8. storage of Personal Data for no longer than required by the Processing purposes, unless the storage period is established by law or a contract to which the Data Subject is a party;
      9. destruction of Personal Data upon achievement of Processing purposes or upon loss of necessity in achieving them, unless otherwise provided by law.

4. Processing of Personal Data

   1. Processing includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, distribution, access), blocking, deletion, and destruction.

      Collection of Personal Data

   2. The Controller collects Personal Data:

      1. through forms filled out by the Data Subject;
      2. using technologies, web protocols, cookies, and web beacons.

      Storage of Personal Data

   3. The Controller stores Personal Data:

      1. exclusively on properly protected electronic media;
      2. using databases located on the territory of the Russian Federation;
      3. on the Website using automated processing;
      4. until the end of the Processing period.

      Transfer of Personal Data to Third Parties, Entrustment of Personal Data Processing

   4. The Controller has the right to transfer Personal Data and entrust the Processing of Personal Data to third parties to achieve the stated purposes.

   5. List of third parties to whom the Controller transfers/entrusts Personal Data:

      Entity to Whom Personal Data Is Transferred/Entrusted	Purpose of Transfer/Entrustment
      Contractors performing pre-transaction verification of individuals	Sanctions risk assessment, AML screening (Anti-Money Laundering screening)
      Developers, aggregators, real estate agencies, referral partners	Execution of real estate transactions
      AmoCRM LLC Tax ID: 7709477879	Customer data management
      MTS AdTech LLC Tax ID: 7705893691	Conducting advertising mailings through MTS Marketer service
      Yandex LLC Tax ID: 7736207543	Web analytics services provider (Yandex.Metrica)

   6. The Controller shall not provide Personal Data to third parties without the consent of the Data Subject, except in the following cases:

      1. transfer to separate, independently functioning applications and databases that are part of the Website;
      2. prevention of unlawful actions by Data Subjects and protection of legitimate interests of the Controller and third parties, as well as in cases established by the legislation of the Russian Federation;
      3. submission of a reasoned request by judicial authorities, state security agencies, the prosecutor's office, the police, investigative bodies, and other bodies and organizations in cases established by regulatory legal acts binding for execution.

      Updating and Destruction of Personal Data

   7. The Controller shall update Personal Data if the inaccuracy thereof is confirmed.

   8. The Controller shall destroy Personal Data in the following cases:

      1. existence of a threat to Website security;
      2. expiration of the Personal Data Processing period;
      3. upon achievement of the Processing purposes;
      4. at the request of the Data Subject, if further Processing is not required by law.

   9. The Controller shall destroy Personal Data by erasing or formatting the storage medium without the possibility of data recovery.

5. Rights and Guarantees of the Data Subject

   1. The Data Subject shall have the following rights:

      Right of the Data Subject	Description of the Right
      Right of access to Personal Data	The Data Subject has the right to request a copy of the Personal Data held by the Controller
      Right to rectification of Personal Data	The Data Subject may request the Controller to correct inaccurate or incomplete Personal Data
      Right to withdraw consent to Processing	The Data Subject may withdraw consent to Processing at any time
      Right to erasure of Personal Data	The Data Subject may request erasure of their data held by the Controller, except where the Controller is obliged to process such data in accordance with the legislation of the Russian Federation
      Right to lodge a complaint	The Data Subject may lodge a complaint against the actions or inaction of the Controller
      Right to submit requests	The Data Subject has the right to submit a request to the Controller for information about Processing. All requests shall be submitted in accordance with the procedure provided by the Policy..

   2. The Data Subject warrants:

      1. that the Personal Data provided is accurate, current, and does not violate the legislation of the Russian Federation;
      2. if the Personal Data provided relates to a third party, that the Data Subject has obtained the consent of the third party to transfer the Personal Data for Processing.

6. Obligations of the Controller

   1. The Controller shall be obliged to:

      1. provide the Data Subject, upon request, with information about Processing or a reasoned refusal;
      2. take measures necessary and sufficient to fulfill the obligations provided by the legislation of the Russian Federation;
      3. at the request of the Data Subject, clarify, block, or delete the processed Personal Data if they are incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated Processing purpose;
      4. ensure the lawfulness of Processing. If ensuring the lawfulness of Processing is impossible, the Controller shall, within a period not exceeding 10 business days from the date of detection of unlawful Processing, destroy or ensure the destruction of Personal Data;
      5. within a period not exceeding 30 days from the date of receipt of the Data Subject's withdrawal of consent, cease Processing and destroy Personal Data if their retention is no longer required for Processing purposes.

   Exception: where Processing may be continued in accordance with the legislation of the Russian Federation.

7. Cross-Border Transfer of Personal Data

   1. The Controller has the right to carry out cross-border transfer of Personal Data.

   2. Prior to commencing cross-border transfer of Personal Data, the Controller shall ensure that the foreign state to whose territory the Personal Data is intended to be transferred provides adequate protection of the rights of Data Subjects.

   3. Cross-border transfer of Personal Data to the territories of foreign states that do not meet the aforementioned requirements may be carried out only where there is written consent of the Data Subject to the cross-border transfer of their Personal Data and/or in performance of a contract to which the Data Subject is a party.

8. Measures to Ensure Protection of Personal Data

   1. The Controller shall implement legal, organizational, and technical measures necessary and sufficient to ensure the protection of Personal Data..

   2. Legal measures include, but are not limited to:

      1. development by the Controller of internal documents implementing the requirements of Russian legislation, including this Policy and its publication on the Website;
      2. refusal to use any Processing methods that do not correspond to the purposes predetermined by the Controller.

   3. Organizational measures include:

      1. appointment of a person responsible for organizing Processing;
      2. periodic assessment of risks related to the Processing process;
      3. conducting periodic audits for internal control of Processing compliance with the requirements of the legislation of the Russian Federation.

   4. Technical measures:

      1. prevention, including through internal investigations, of unauthorized access to systems in which Personal Data is stored;
      2. backup and recovery of Personal Data, operability of technical facilities and software, information protection means in Personal Data information systems;
      3. other necessary security measures.

9. Requests of the Data Subject

   1. The Data Subject or their representative has the right to send requests to the Controller, including withdrawal of consent to Processing, in the form of an electronic document to the email address: office.msk@neginski.com

   2. The request shall contain the following information:

      1. information confirming the Data Subject's participation in relations with the Controller – phone number, email address;
      2. details of the representative and confirmation of their authority if the representative of the Data Subject is making the request;
      3. signature of the Data Subject or their representative..

   3. The Controller shall review and respond to the request within 10 business days from the date of receipt of the request.

   4. All correspondence received by the Controller (in written or electronic form) shall be treated as restricted access information and shall not be disclosed without the written consent of the Data Subject.

10. Dissemination of Personal Data

    1. With the consent of the Data Subject, the Controller shall disseminate their data in the manner and by means specified in the consent.

    2. The following rules and restrictions shall apply to Personal Data published on the Website:

       1. Processing of Personal Data by an unlimited number of persons is permitted; however, third parties shall not be entitled to process disseminated Personal Data for their own purposes;
       2. Personal Data received by the Controller may be transferred using information and telecommunication networks for publication of data on the Website;
       3. transfer of Personal Data to an unlimited number of persons is permitted; however, third parties shall not be entitled to process disseminated Personal Data for their own purposes.

11. Final Provisions

    1. The Policy shall apply exclusively to the Website and shall not apply to other internet resources.

    2. The Policy shall apply to all Personal Data received by the Controller.

    3. The Controller shall not be liable for the actions of third parties who have gained access to Personal Data through the fault of the Data Subject.

    4. The Controller shall not verify:

       1. the legal capacity of the Data Subject;
       2. the accuracy of the Personal Data provided.

Details

Sole trader Neginsky Andrey Evgenievich

OGRNIP: 317774600526990

Tax ID: 772160493104

Address: Moscow, Sushchevsky Val, 49s2, Office 616

Phone: +7 (916) 543-10-57