1. General Provisions
This Personal Data Processing Policy (the “Policy”) defines the terms of personal data processing on the Website owned by A Torg LLC (A Torg LLC), OGRN/INN: 1247700106829 / 9726067241 (the “Company”).
This Policy has been developed in accordance with the applicable legislation of the Russian Federation on personal data processing and, in particular, Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006 (the “Personal Data Law”).
The Policy establishes the general conditions for the collection, processing, and storage by the Company of personal data of:

● Website visitors/users,
● Сurrent and prospective clients.

Personal data processing is carried out by the Company in its capacity as a personal data operator in accordance with this Policy, internal regulations, and the legislation of the Russian Federation.

2. Key Terms
2.1. Personal Data (PD) – any information relating to a directly or indirectly identified or identifiable individual (data subject).
2.2. Processing of Personal Data (Processing) – any action/operation or set of actions/operations performed on Personal Data, whether or not by automated means.
2.3. Operator – a state authority, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or carries out personal data processing and determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed on personal data.
2.4. Company – A Torg Limited Liability Company (LLC), acting as the Personal Data operator.
2.5. Website – the Company’s information resource on the Internet accessible via the domain name https://askonalife.com or through the Company’s mobile application.
2.6. Confidentiality of Personal Data – a mandatory requirement for any person who has gained access to personal data not to disclose such data to third parties or distribute personal data without the consent of the data subject, unless otherwise provided by federal law.

3. Purposes, Categories, Legal Grounds and Retention Periods of Personal Data Processing
3.1. Purpose
Monitoring the use and improving the quality of the Website, ensuring its proper and secure operation, collecting and statistically analyzing data to adjust the Website content in accordance with user preferences.
Categories of data subjects: Website visitors.
Categories of personal data: general data, including website visit information provided by statistical services, IP address, and cookie data.
Retention period: no longer than 24 months from the date of the last visit to the Website (depending on the type of analytics used).

3.2. Retention PeriodsRetention periods for personal data are determined taking into account:
3.2.1. the established purposes of processing;
3.2.2. the validity periods of contracts with data subjects and/or consents to personal data processing;
3.2.3. the periods established by regulatory legal acts of the Russian Federation.

3.3. Legal Grounds for Processing3.3.1. processing is carried out with the consent of the personal data subject;
3.3.2. processing is necessary for the exercise of the rights and legitimate interests of the Company or third parties, provided that this does not violate the rights and legitimate interests of the data subject, including the performance of functions, powers, and duties imposed on the Company by Russian legislation;
3.3.3. processing is necessary for concluding a contract at the initiative of the data subject, performing, amending, or terminating a contract to which the data subject is a party or beneficiary.

3.4. Special Categories of DataThe Company does not process biometric data or data relating to racial or ethnic origin, political views, religious or philosophical beliefs, or intimate life.
Processing by the Company of special categories of personal data (health status) is permitted only in cases provided for by the federal legislation of the Russian Federation.

3.5. Personal Data Permitted for DistributionOn the basis of separate consent of the data subject, the Company may process certain categories of personal data permitted by the subject for dissemination and granting access to an unlimited number of persons by publishing them on the Website, in online advertising, or on official social media pages or accounts.
Processing of personal data permitted by the subject for dissemination shall be carried out in compliance with the prohibitions and conditions set forth in Article 10.1 of the Personal Data Law.
With respect to personal data published on the Website and on official social media pages or accounts of the Company, the following rules and restrictions apply:

• processing of personal data (other than granting access) by an unlimited number of persons is prohibited;
• transfer of personal data (other than granting access) to an unlimited number of persons is prohibited;
• personal data obtained by the Company may not be transferred using information and telecommunication networks.

4. Use of Cookies and Other Web Analytics Tools
4.1. Cookies are small files created and stored by the browser when a user visits the Company’s Website. Cookies allow tracking of Website performance and usage characteristics, as well as optimization of marketing activities on the Internet.
Cookies are stored on the user’s device for a period that depends on the respective type of cookies.
Session cookies are stored only for the duration of the visit. Persistent cookies may remain on the user’s device after leaving the Website and may be used upon subsequent visits, but not beyond the period necessary to achieve their purpose, after which they are automatically deleted.

4.2. Visiting and using the Website by default involves the generation and storage of cookies. However, users may delete cookies at any time via their browser settings. Users may also refuse to accept cookies; however, full functionality of the Website is not guaranteed (for example, display of saved items).

4.3. Types of Web Analytics Used
Technical and functional cookies

• These cookies are generated by website engines to ensure uninterrupted Website operation and to remember user-selected settings.

Marketing and analytics cookies

• These cookies are used to collect and statistically analyze data related to Website usage. The Yandex.Metrica service is used. Information obtained through such cookies does not allow identification of users.

5. Engagement of Third Parties in Personal Data Processing
5.1. For the purposes specified above and where legal grounds exist, personal data processing may also be carried out by third parties to whom personal data processing has been entrusted or to whom personal data has been transferred (or access thereto has been provided) for the specified purposes in accordance with the legislation of the Russian Federation.
Such third parties may include, in particular, affiliates, the Company’s contractors providing services to ensure the operability of the Website and support of the information systems used, marketing and information support, credit institutions providing the possibility to arrange a loan / installment plan for the purchase of goods, companies providing call center services, collection and processing of feedback, as well as state and municipal authorities and organizations in cases established by the legislation of the Russian Federation.
The Company is also entitled to obtain personal data from such third parties.

5.2. The Company has the right to engage third parties in processing the personal data received and/or to transfer the personal data received to them for the specified purposes, provided that such third parties ensure compliance with the principles and rules of personal data processing, confidentiality and security of personal data during processing, and take the necessary measures aimed at ensuring fulfillment of obligations stipulated by the applicable legislation of the Russian Federation.

6. Basic Rules and Principles of Personal Data Processing
6.1. The Company carries out personal data processing, namely: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, provision, access), blocking, deletion, and destruction of personal data only where grounds exist and within the time limits provided for by the applicable legislation of the Russian Federation.

6.2. Personal data processing by the Company is carried out both with and without the use of automation tools (including mixed processing).

6.3. When processing personal data, the Company observes the rights of data subjects and fulfills the operator’s obligations provided for by the legislation of the Russian Federation on personal data.

6.4. When collecting personal data, the Company ensures recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of citizens of the Russian Federation using databases located within the territory of the Russian Federation.

6.5. The Company prohibits making decisions based solely on automated processing of personal data that produce legal consequences for data subjects or otherwise affect their rights and legitimate interests.

6.6.1. personal data processing is carried out on a lawful and fair basis;
6.6.2. personal data processing is limited to achieving specific, pre-determined, and lawful purposes;
6.6.3. processing of personal data that is incompatible with the purposes of collection is not permitted;
6.6.4. combining databases containing personal data processed for purposes incompatible with one another is not permitted;
6.6.5. only personal data that meets the purposes of processing is subject to processing;
6.6.6. the content and scope of personal data processed correspond to the stated purposes. Excessive processing of personal data in relation to the stated purposes is not permitted;
6.6.7. accuracy of personal data, its sufficiency, and, where necessary, relevance in relation to the purposes of processing are ensured; necessary measures are taken to delete or clarify incomplete or inaccurate personal data;
6.6.8. personal data is stored in a form that enables identification of the data subject for no longer than required by the purposes of processing, unless the storage period is established by federal law, consent, or a contract to which the data subject is a party, beneficiary, or guarantor;
6.6.9. processed personal data is destroyed upon achievement of the purposes of processing or in the event that the need to achieve such purposes is no longer present, unless otherwise provided by federal law;
6.6.10. personal data processing is not used for causing property and/or moral harm to data subjects or for hindering the exercise of their rights and freedoms.

7. Measures to Ensure the Security of Personal Data
7.1. The Company takes the necessary legal, organizational, and technical measures to protect personal data received from unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination, as well as other unlawful actions in relation to personal data, and observes the principles and rules of personal data processing provided for by the Personal Data Law and other regulatory acts, including:

7.1.1. development of internal documents on personal data processing matters, as well as local acts establishing procedures aimed at preventing and detecting violations of Russian legislation and eliminating the consequences of such violations;
7.1.2. protection of personal data from unauthorized access, unlawful processing or transfer, as well as from loss, distortion, or destruction;
7.1.3. identification and implementation, prior to introducing new personal data processing processes, of new personal data information systems and technical and organizational measures ensuring protection of personal data;
7.1.4. identification of threats to the security of personal data when processed in information systems;
7.1.5. establishment of access rules for personal data processed in information systems, and ensuring registration and accounting of actions performed with personal data in information systems;
7.1.6. monitoring and evaluation of the effectiveness of the measures applied;
7.1.7. detection of unauthorized access to personal data and other incidents, taking measures to eliminate and mitigate the consequences;
7.1.8. use of information security tools that have passed conformity assessment in accordance with the established procedure;
7.1.9. restoration of personal data modified or destroyed as a result of unauthorized access;
7.1.10. provision of access to personal data only in cases and in the manner предусмотренные by the legislation of the Russian Federation;
7.1.11. familiarization of employees directly engaged in personal data processing with the provisions of Russian legislation, including requirements for personal data protection, documents defining the personal data processing policy, local acts on personal data processing matters, requirements for non-automated processing, and/or training of such employees.

7.2. The Company has appointed persons responsible for organizing personal data processing and ensuring personal data security.

7.3. Internal documents binding on all Company employees, as well as relevant agreements with partners, contractors, and other third parties to the extent applicable, define:

7.3.1. procedures for granting access to information;
7.3.2. procedures for making changes to personal data to ensure its accuracy, reliability, and relevance, including in relation to the purposes of processing;
7.3.3. procedures for destruction or blocking of personal data where such procedures are required;
7.3.4. procedures for handling requests from data subjects (their legal representatives) in cases provided for by the Personal Data Law, including procedures for preparing information on the existence of personal data relating to a specific subject, information required to enable the subject (their legal representatives) to access their personal data, as well as procedures for handling requests for clarification, blocking, or destruction of personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the established purpose of processing;
7.3.5. procedures for handling requests from the authorized body for the protection of the rights of data subjects;
7.3.6. procedures for obtaining the data subject’s consent to personal data processing;
7.3.7. procedures for transferring personal data to third parties;
7.3.8. procedures for handling physical media containing personal data;
7.3.9. procedures necessary to notify the authorized body for the protection of the rights of data subjects within the time limits established by the Personal Data Law.

8. Rights of Data Subjects and Contact Information
8.1.1. request information relating to the processing of their personal data;
8.1.2. demand clarification, destruction, or blocking of personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing;
8.1.3. refuse personal data processing for the purpose of direct contacts (including for promotion of goods, works, and services) if personal data is processed for such purposes;
8.1.4. withdraw consents granted to the Company for personal data processing;
8.1.5. demand termination of personal data processing;
8.1.6. appeal the Company’s actions through administrative or judicial procedures.

8.2. A data subject has the right to withdraw consent to personal data processing in full or in part, or to demand termination of personal data processing, by sending a request to client@askona.ru or by sending a written request to the Company’s address of location as specified in the Unified State Register of Legal Entities.

8.3. If any questions or requests regarding personal data processing arise, data subjects may contact the Company at client@askona.ru or send a written request to the Company’s address of location as specified in the Unified State Register of Legal Entities.

9. Updating, Correction and Destruction of Personal Data
9.1. If the inaccuracy of personal data is confirmed, the personal data shall be updated by the Company.
9.2. Personal data shall be destroyed unless otherwise provided for by the legislation of the Russian Federation or by an agreement between the Company and data subjects / the Company’s contractors, in the following cases:

• unlawful processing is identified and the violations cannot be eliminated;
• at the request of the data subject or the authorized body for the protection of the rights of data subjects, if the personal data is incomplete, outdated, inaccurate, unreliable, unlawfully obtained, or not necessary for the stated purpose of processing;
• the data subject withdraws consent to the processing of their personal data;
• upon achievement of the purposes of processing or when the need to achieve them is no longer present.

9.3. The procedure for destruction of personal data on media containing personal data, including external/removable electronic media, paper media, and in personal data information systems, is determined by the Company in its internal documents and local regulations. The Company destroys personal data in a way that makes it impossible to restore the content of personal data and/or results in destruction of the physical media containing personal data.

10. Final Provisions
10.1. This Policy applies to all Personal Data received by the Company from a data subject.
10.2. The Company is not liable for actions of third parties that have gained access to the data subject’s Personal Data due to the data subject’s fault.
10.3. The Company does not verify:
10.3.1. the legal capacity of the data subject;
10.3.2. the accuracy of data provided by the data subject.

10.4. The Company may amend this Policy. The new version of the Policy becomes effective from the moment it is published at https://askonalife.com.

10.5. This Policy applies to personal data received both before and after this Policy enters into force.

10.6. If the User continues to use the Website after the new version of the Policy enters into force, this shall mean that the User has agreed to the terms of the new version.