This policy, in accordance with part 2 of article 18.1 of Federal Law No. 152-FZ dd. 27.07.2006 "On Personal Data," determine policy of the Website https://exlog.group/, the Operator of which is ExLog Limited Liability Company, TPIN 6164145528, PSRN 1246100025225, address: 28/41 Maksim Gorky St., Rostov-on-Don, Rostov region, 344082 (hereinafter referred to as the "Operator") regarding the processing of personal data and contains information on the Operator's requirements for the protection of personal data. This Policy applies to all personal data processed through the Website that the Operator receives or may receive from the User. This Policy is an integral part of the Operator's internal document, which sets forth the Operator's general policy regarding the processing of personal data and provides general information about the Operator's data protection requirements.

1. GENERAL PROVISIONS

1.1. For the purposes of this Policy, the terms listed below shall have the following meanings:

"Automated personal data processing": processing of personal data using computer technology.

"Blocking of personal data": the temporary suspension of the processing of personal data (except in cases where processing is necessary to verify the accuracy of the personal data).

"Web beacons": digital images (single-pixel (1x1) or blank GIF images). Web beacons can help the Operator identify certain types of information on the User's device, such as cookies, the time and date the page was viewed, and a description of the page where the web beacon is placed.

"Use of personal data": actions (operations) involving personal data that are carried out for the purpose of making decisions, entering into transactions, or taking other actions that give rise to legal consequences for data subjects or otherwise affect their rights and freedoms or the rights and freedoms of others.

"Confidentiality of personal data": a requirement that any person who has access to personal data must not disclose such data without the data subject's consent or another legal basis.

"Non-automated processing of personal data," "Processing of personal data without the use of automation tools": processing of personal data contained in a personal data information system or extracted from such a system in cases where actions involving personal data, such as the use, correction, dissemination, or destruction of personal data with respect to each data subject, are carried out with the direct involvement of a person.

"Anonymization of personal data": actions that make it impossible to identify a specific data subject without the use of additional information.

"Processing of personal data": actions (operations) involving personal data, including collection, recording, organization, storage, clarification (updating, modification), retrieval, use, transfer (distribution, disclosure, access), anonymization, blocking, deletion, and destruction.

"Publicly available personal data": personal data to which an unlimited number of persons have been granted access with the data subject's consent, or to which the requirement of confidentiality does not apply in accordance with the federal law.

"Operator": ExLog Limited Liability Company, TPIN 6164145528, PSRN 1246100025225, address: 28/41 Maksim Gorky St., Rostov-on-Don, Rostov region, 344082, which is the owner of the Website, processes personal data, and determines the purposes of personal data processing, the scope of personal data to be processed, and the actions (operations) performed on personal data.

"Personal data": any information relating directly or indirectly to an identified or identifiable physical person (data subject); an identifiable physical person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, surname, email address, telephone number, and other data transmitted to the Operator during the use of the Website via software installed on the User's Device (including location data, HTTP headers, IP address, cookie data, information about the User's browser, technical specifications of the hardware and software used by the User, the date and time of access to the Website, the addresses of the requested pages of the Website, and other similar information), one or more physical, physiological, genetic, mental, economic, or cultural factors specific to the individual, or factors related to social identity. In addition, for the purposes of this Policy, personal data also includes information about the User whose processing is provided for in the Contract or agreement governing the use of the Website. In accordance with Decree of the President of the Russian Federation No. 188 of March 6, 1997, personal data is classified as confidential information. The Operator collects only such personal data as is necessary for the performance of the Agreement.

"Website," "Information System": a collection of computer programs (software) and other information contained in the information system, accessible via the Internet using the domain name https://exlog.group/.

User: a physical person (data subject), including one acting on behalf of and in the interests of another physical person or legal entity, who visits or uses the Operator's Website and may, in the course of such use, provide the Company with their personal data or the personal data of other persons on whose behalf they are acting.

"Transfer of personal data": actions aimed at transferring personal data to a specific person or a specific group of persons.

"Distribution of personal data": actions aimed at disclosing personal data to an unspecified group of individuals.

"Contract": any legal agreement entered into between the Operator and the User, or the person on whose behalf the User is acting, whether concluded by the signing of a bilateral document or by the User's acceptance of the terms of an offer in the manner specified in such offer.

"Statistics": information regarding the use of the Website, as well as Users' viewing of specific elements of the Website (web pages, frames, content, etc.), collected using counters, cookies, web beacons, and other similar technologies.

"Counter," "Tracker": a computer program that uses a piece of code responsible for collecting statistical and personal data regarding the use of the Website. The operator may use tracking tools developed in-house or provided by third parties under a limited license (license agreement), such as Yandex.Metrica, Yandex.AppMetrica, and other similar tracking tools. These tracking tools collect personal data in an anonymized form.

"Token": a unique set of characters that identifies the User in third-party web service accounts. A token enables an authorized connection to the Website using third-party web service authentication (e.g., social networks, Google Play, Apple App Store, and others).

"Destruction of personal data": actions that render it impossible to recover the content of personal data from a personal data information system and/or result in the destruction of physical media containing personal data.

"Device": a computer, mobile device, or virtual machine running an operating system with a web browser installed that is compatible with the Website.

"Cookies": small pieces of data sent by a web server and stored on the User's device. Cookies contain small pieces of text and are used to store information about browser activity. They allow to store and retrieve identification information and other data on computers, smartphones, phones, and other devices. Cookies specifications are described in RFC 2109 and RFC 2965. Other technologies are used for the same purposes, including data stored by browsers or devices, device-related identifiers, and other software. In this Policy, all of these technologies are referred to as "cookies."

"HTTP header": a string in an HTTP message containing a colon-separated name-value pair. The format of HTTP headers corresponds the ARPA Common Format for Text Network Message Headers, as described in RFC 822.

"IP address": a number from the numbering resource of a data transmission network based on the IP protocol (RFC 791), which uniquely identifies, when providing telematic communication services, including Internet access, a subscriber terminal (computer, smartphone, tablet, or other device) or communication means that are part of the information system and belong to the User.

"Applicable law": the laws of the country in which the Operator is registered or of which it is a resident (the laws of the Russian Federation). In certain cases, "Applicable law" may refer to the laws of the country in which the User resides or of which the User is a resident, if such laws give precedence to their provisions over the terms of this Policy.

1.2. All other terms and definitions appearing in this Policy shall be interpreted by the Parties in accordance with the laws of the Russian Federation, the current recommendations (RFCs) of international Internet standards bodies, and the customary rules of interpretation of such terms established on the Internet.

1.3. The terms and definitions used in this Policy may appear in either the singular or plural form, depending on the context, and may be capitalized or not.

1.4. This Policy has been developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149-FZ dd. 27.07.2006, "On Information, Information Technologies, and the Protection of Information," Federal Law No. 152-FZ of July 27, 2006 "On Personal Data," and other federal laws and legal acts.

1.5. This Policy sets forth the procedures and conditions for the processing of personal data by the Operator, including the procedures for transferring personal data to third parties, the specifics of non-automated processing of personal data, the procedures for accessing personal data, the personal data protection system, the procedures for organizing internal controls, and liability for violations in the processing of personal data, as well as other matters.

1.6. This Policy takes effect upon approval by the Operator and remains in effect indefinitely until replaced by a new policy.

1.7. The Operator reserves the right to amend this Policy without the User's consent. All amendments to this Policy shall be made by an administrative act of the Operator.

1.8. This Policy applies to all personal data processing activities carried out through the Website without the use of automated means. The Operator does not control and is not responsible for third-party websites that the User may access via links posted on the Website or other information resources of the Website.

2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

2.1. The Operator processes the User's personal data in accordance with international data protection standards, applicable laws, and, with respect to Users located within the Russian Federation, in accordance with Federal Law No. 152-FZ.

2.2. The Operator processes the User's personal data only if the User has reached the age of 14. If the User is under 14, the consent of the User's legal representatives is required. Otherwise, if the Operator detects an age discrepancy, the User's data will be deleted from the Website. If the requirements of applicable law establish a lower or higher age, the provisions of applicable law shall apply.

2.3. The User's personal data is processed based on the User's separate consent to such processing, which may be provided, among other ways, directly while using the Website by clicking the corresponding button or by checking the relevant checkbox. The term of validity of such consent is specified in the text of the consent.

3. PURPOSES OF COLLECTING PERSONAL DATA

3.1. The Operator processes only those personal data that are necessary for the use of the Website or the fulfillment of agreements and contracts with the User, except in cases where the legislation of the Russian Federation provides for the mandatory storage of personal information for a period specified by law, in particular in accordance with accounting legislation and the rules for the organization of state archival affairs.

3.2. When processing personal data, the Operator does not combine databases containing personal data, the processing of which is carried out for incompatible purposes.

3.3. The Operator processes the User's personal data for the following purposes:

3.3.1. use of Users' personal data for the purposes of concluding and executing a contract with the Operator;

3.3.2. use of Users' personal data for the purposes of concluding and executing a contract between the Operator and the person on whose behalf the User acts;

3.3.3. use of Users' personal data for the purposes of concluding and executing a contract between the Operator and the person on whose behalf the User acts;

3.3.4. conducting statistical and other research on the use of the Website based on anonymised data;

3.3.5. conducting marketing programs, various offers, promotions and advertising activities related to the Website.

4. VOLUME AND CATEGORIES OF PERSONAL DATA PROCESSED, CATEGORIES OF DATA SUBJECTS

4.1. The Operator may obtain the User's personal data from various sources, including:

4.1.1. from the Website's server during the User's use of the Website;

4.1.2. when a User registers on the Website;

4.1.3. when the User contacts the Website's technical support team;

4.1.4. when the User participates in the Operator's marketing programs, various offers, promotions, and advertising campaigns related to the Website.

4.2. Personal data authorized for processing in accordance with this Policy and provided by Users who are physical persons using the Website either on their own behalf or on behalf of an individual entrepreneur or legal entity they represent, by filling out the relevant input fields when using the Website, may include the following information:

4.2.1. surname, name, patronymic;

4.2.2. e-mail;

4.2.3. mobile phone number;

4.2.4. place of employment, job title;

4.2.5. surname, name, patronymic of the individual entrepreneur on whose behalf the User is acting;

4.2.6. geolocation (city or region);

4.2.7. token;

4.3. Personal data processed in accordance with this Policy and automatically transmitted to the Operator during the use of the Website via software installed on the User's device may include the following information:

4.3.1. HTTP headers;

4.3.2. User's device IP address;

4.3.3. cookies data;

4.3.4. information about the User's browser;

4.3.5. device capability and software specification;

4.3.6. technical data regarding the operation of the Website, including the dates and times of use and access to the Website;

4.3.7. URL address of requested web pages of the Website.

4.4. In accordance with this Policy, the Operator processes the personal data of individuals falling into the following categories of data subjects:

4.4.1. physical persons using the Website on their own behalf;

4.4.2. physical persons using the Website on behalf of an individual entrepreneur or legal entity they represent.

4.5. The processing of certain categories of personal data of Users who use the Website both on their own behalf and on behalf of a physical or legal person they represent is carried out with the following specific features:

4.5.1. User Contact Information. Certain data is used to identify the Users and authenticate them on the Website and on the Operator's website. Email addresses and phone numbers may be used to send messages to Users (in connection with the performance of the Contract with the Operator, when contacting technical support services, etc.).

4.5.2. Information about the use of the Website. This information is processed to analyze the Website activity and its interaction with the User, specifically how long it took to perform a particular operation at the User's request, and which features Users utilize more frequently than others. This information helps the Operator improve the Website, increase its performance, and make it more user-friendly.

4.5.3. Technical specifications of the User's device, including its IP address and software. Information such as device type, operating system, IP address, network connection method, etc., may be necessary to enable the Operator to account for the Website's operation aspects on various devices and networks and to ensure its compatibility with third-party software.

4.6. The Operator does not process biometric personal data (information that characterizes a person's physiological and biological characteristics and can be used to identify them).

4.7. The Operator does not process special categories of personal data relating to race, nationality, political opinions, religious or philosophical beliefs, or intimate life.

4.8. The processing of personal data that the data subject has authorized for disclosure is carried out based on the data subject's consent to such disclosure, in compliance with the restrictions and conditions for the processing of personal data established by the data subject.

4.9. If, during the registration process or while using the Website, the data subject voluntarily provides personal data in excess of what is required by the Website's functionality, the Operator reserves the right not to process such personal data. When the Operator processes such personal data, the processing is carried out in accordance with the rules set forth in this Policy. The Operator is deemed to have obtained the data subject's consent to the processing of such data at the time such data is provided.

4.10. The operator does not engage in the cross-border transfer of personal data.

5. TERMS AND CONDITIONS FOR THE PROCESSING OF PERSONAL DATA

5.1. The Operator processes the User's personal data using a personal data information system without the use of automated means, in accordance with federal laws or other regulatory legal acts of the Russian Federation that establish requirements for ensuring the security of personal data during its processing and for respecting the rights of data subjects. The use, correction, disclosure, and destruction of personal data pertaining to the User are carried out with the direct involvement of the Operator's employees in accordance with the provisions set forth in Resolution No. 687 of the Government of the Russian Federation dd. 15.09.2008.

5.2. The operator processes and stores the User's personal data for the period specified by law, contract, or as indicated in the User's consent.

5.3. The User's personal data shall remain confidential, except in cases where the User voluntarily provides information about themselves for public access to an unlimited range of persons.

5.4. The Operator may transmit the User's personal data to third parties using modern encryption methods via a secure HTTPS connection in the following cases:

5.4.1. the User has consented to such actions;

5.4.2. the transfer is necessary for the User to use certain features of the Website (for example, to log in via social media accounts) or to fulfill a specific agreement, contract, or transaction with the User;

5.4.3. the transfer is necessary to fulfill the obligations under the Contract;

5.4.4. the transfer is provided for by the laws of the Russian Federation or other applicable laws in accordance with the procedure established by law;

5.4.5. in the event of a transfer of rights to the Website, personal data must be transferred to the transferee concurrently with the transfer of all obligations to comply with the terms of this policy as they apply to the personal data received by the transferee;

5.4.6. if necessary to protect the rights and legitimate interests of the Operator or third parties in the event that the User violates the Policy;

5.4.7. in other cases provided for by law.

5.5. If a personal data breach is likely to result in a high risk to the rights and freedoms of physical persons, the Operator shall notify the User of the personal data breach without undue delay. Notification to the data subject is not required if any of the following conditions are met: (a) the Operator has implemented appropriate technical and organizational security measures, and such measures were applied to the personal data affected by the breach, including measures that render the personal data unintelligible to any person who is not authorized to access it, such as cryptographic protection; (b) the Operator has taken subsequent measures that ensure the high risk to the rights and freedoms of data subjects is no longer likely to materialize; (c) the effort required would be disproportionate. In this case, a public notice shall be issued instead, or a similar measure shall be taken through which data subjects are informed in an equivalent manner

5.6. The Operator takes the necessary organizational and technical measures to protect the User's personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, as well as from other unlawful actions by third parties. In particular, all processed data is transmitted using modern connection encryption methods via the secure HTTPS protocol.

5.7. The Operator, in cooperation with the User, shall take all necessary measures to prevent losses or other adverse consequences resulting from the loss or unauthorized disclosure of the User's personal data.

5.8. The Operator has the right to disclose personal data to investigative authorities and other authorized bodies on the grounds provided for by the current legislation of the Russian Federation

5.9. When collecting personal data, the Operator records, systematizes, accumulates, stores, and updates (revises, modifies) the personal data of Users who are citizens of the Russian Federation, using databases located within the territory of the Russian Federation.

5.10. The Operator shall cease processing the User's personal data, the processing of which is based on the User's consent, upon the expiration of the User's consent to such processing, upon the User's withdrawal of consent to the processing of their personal data, or in the event of unlawful processing of personal data or the Operator's dissolution.

6. PROCEDURE FOR COLLECTING PERSONAL DATA USING COOKIES, WEB BEACONS, AND COUNTERS

6.1. Cookies sent from the Operator to the User's device and from the User to the Operator may be used by the Operator to achieve the purposes of personal data processing in accordance with the privacy and personal data processing policy.

6.2. The Operator uses various types of cookies on the Website, which serve different purposes and, depending on those purposes, may fall into one of the following categories:

- "Essential," i.e., cookies that are strictly necessary for the functioning of critical components of the Website, for identifying the technical specifications of the User's device and the software being used, as well as for the User's authentication and payment processing;

- "Technical" cookies, i.e., cookies that allow us to collect information about how Users interact with the Website in order to identify errors and test new features to improve the Website's performance;

- "Functional" cookies, i.e., cookies that enable the User to access certain features of the Website, interact with the Website's interface and use its features, record information about actions performed on the Website, and customize the Website according to the User's needs in order to remember information entered by the User, save their preferred language, location, etc.

6.3. The Operator does not explicitly request consent when using essential cookies. If the User does not wish for their personal data to be collected via essential cookies, they may disable them in the software (browser) on their device. In this case, the User will no longer have access to the Website's features that rely on essential cookies, which may result in the Website becoming completely inoperable or functioning incorrectly.

6.4. The Operator may use functional and analytical cookies only with the User's consent, which is generally expressed by checking the appropriate box or by clicking the "Accept," "Agree," or similar button and beginning to use the Website. Otherwise, the User has the right to refuse the use of such cookies by disabling them in the Website settings without affecting its functionality.

6.5. The User agrees that the devices and software used to access the Website, depending on their version and configuration, may or may not have the ability to block cookies for all or specific websites and applications, as well as the ability to delete previously received cookies (e.g., browser incognito mode)

6.6. The Operator reserves the right to require the User's device to enable the acceptance and receipt of cookies in accordance with security requirements.

6.7. The structure, content, and technical parameters of cookies are determined by the Operator and may be changed without prior notice to the User. The User has the right to obtain all necessary information about cookies by submitting a request to the Operator in accordance with the procedures set forth in the Privacy Policy and the Consent to the Processing of Personal Data.

6.8. The counters placed on the Website by the Operator may be used by the Operator to analyze cookies and collect personal data regarding the use of the Website in order to improve the Website's performance, enhance its user-friendliness, and optimize the Website. The technical parameters of the tracking tools are determined by the Operator and may be changed without prior notice to the User.

6.9. The Operator may use web beacons either on their own or in conjunction with cookies to collect information about the use of the Website. Users have the right to block web beacons when using the Website by disabling image loading in their software (browser) settings.

7. ACCESS TO PERSONAL DATA

7.1. Only those employees of the Operator who, by virtue of their job duties, are authorized to handle the User's personal data in accordance with the list of persons authorized to handle personal data, which is approved by the Operator, have the right to access the User's personal data.

7.2. The Operator maintains an up-to-date list of employees who have access to personal data.

7.3. Access to the User's personal data by third parties who are not employees of the Operator is prohibited without the User's consent, except as provided by the laws of the Russian Federation.

7.4. An Operator employee's access to the User's personal data shall be terminated as of the date of termination of the employment relationship or as of the date on which the employee loses the right to access the User's personal data due to a change in job responsibilities, position, or other circumstances, in accordance with the Operator's established procedures. In the event of termination of employment, all media containing the User's personal data that were in the possession of the terminated Operator employee shall be transferred to a superior in accordance with the procedure established by the Operator.

8. UPDATE, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA

8.1. The User may at any time change, update, supplement or delete the personal data they have provided, or part of it, using the Website interface, or by sending a request to the Operator by email: info@exlog.group with the subject line "Updating personal data" or "Withdrawal of consent to the processing of personal data".

8.2. In the event that the Operator independently discovers that the User's personal data is incomplete or inaccurate, the Operator shall take all possible measures to update the personal data and make appropriate corrections.

8.3. If it is impossible to update incomplete or inaccurate personal data of the User, the Operator takes measures to delete it.

8.4. If the illegality of the processing of the User's personal data is detected, the Operator will cease processing them and the personal data will be subject to deletion.

8.5. In the event of the Website interface being inoperative or the lack of functionality on the Website for the User to change, update, supplement or delete personal data, as well as in any other cases, the User has the right to request in writing from the Operator clarification of his/her personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing.

8.6. The Operator shall make the necessary changes to personal data that is incomplete, inaccurate or outdated within a period not exceeding seven working days from the date the User provides information confirming that the personal data is incomplete, inaccurate or outdated.

8.7. The Operator shall destroy the User's personal data that was illegally obtained or is not necessary for the stated purpose of processing within a period not exceeding seven working days from the date the User provides information confirming that such personal data was illegally obtained or is not necessary for the stated purpose of processing.

8.8. The Operator notifies the User of the changes made and the measures taken and takes reasonable measures to notify third parties to whom the personal data of this User has been transferred.

8.9. The User's rights to modify, update, supplement, or delete personal data may be limited in accordance with legal requirements. Such restrictions may, in particular, include the Operator's obligation to retain personal data modified, updated, supplemented, or deleted by the User for a period specified by law and to transfer such personal data to government agencies in accordance with the established procedure.

9. RESPONSES TO USER REQUESTS FOR ACCESS TO PERSONAL DATA

9.1. The User has the right to receive from the Operator information regarding the processing of his/her personal data, including information containing:

9.1.1. confirmation of the fact of processing of personal data by the Operator;

9.1.2. legal grounds and purposes of personal data processing;

9.1.3. purposes and methods of processing personal data used by the Operator;

9.1.4. the name and location of the Operator, information about persons (except for the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or in accordance with federal law;

9.1.5. processed personal data related to the relevant User, the source of their receipt, unless another procedure for submitting such data is provided for by federal law;

9.1.6. terms of processing personal data, including the terms of their storage;

9.1.7. the procedure for the User to exercise the rights provided for by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";

9.1.8. information on completed or intended cross-border data transfer;

9.1.9. the name or surname, first name, patronymic and address of the person processing personal data on behalf of the operator, if the processing is or will be entrusted to such person;

9.1.10. information on the methods of fulfilling the operator's obligations established by article 18.1 n of Federal Law of July 27, 2006 No. 152-FZ "On Personal Data";

9.1.11. other information required by law.

9.2. The Operator provides free access to personal data processed and stored in the Operator's information system upon the User's request within ten working days from the date of receipt of the User's written request.

9.3. If the Operator refuses to provide information about the availability of personal data about the User or personal data to the User upon his/her request or upon receipt of the User's request, the Operator shall provide a reasoned response in writing, which is the basis for such refusal, within a period not exceeding thirty days from the date of the User's request or from the date of receipt of the User's request. The specified period may be extended, but not more than by five working days, if the Operator sends a reasoned notice to the personal data subject indicating the reasons for extending the period for providing the requested information.

10. INFORMATION ON IMPLEMENTED PERSONAL DATA PROTECTION REQUIREMENTS

10.1. The security of personal data during its processing in the information system is ensured by a personal data protection system that neutralizes current threats identified in accordance with part 5 of article 19 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data".

10.2. The personal data protection system applied by the Operator includes legal, organizational, technical and other measures to ensure the security of personal data, determined taking into account current threats to the security of personal data and information technologies used in information systems.

10.3. In relation to personal data for which the User has given consent for their processing by third parties, the Operator has the right to engage, on the basis of a contract, another person to ensure the security of personal data when processing them in the information system.

10.4. When processing personal data in the Operator's information system, the latter ensures:

10.4.1. that measures are taken to prevent unauthorized access to the User's personal data and/or their transfer to persons who do not have the right to access such information.

10.4.2. timely detection of unauthorized access to personal data;

10.4.3. that there is no impact on the technical means involved in the processing of personal data, which could result in disruption of their functioning;

10.4.4. the ability to immediately restore personal data modified or destroyed due to unauthorized access to them;

10.4.5. constant control over the level of security of personal data.

10.5. In order to comply with the requirements for ensuring security and implementing a personal data security system, the Operator has developed and implemented a private model of security threats to the personal data information system.

10.6. In accordance with the Resolution No. 1119 of the Government of the Russian Federation dd. 01.11.2012 "On approval of requirements for the protection of personal data when processing them in personal data information systems", the Operator has determined the level of protection of personal data when processing them in the personal data information system owned by the Operator.

10.7. The operator developed and implemented a set of measures to protect and ensure the security of personal data based on the results of determining the level of protection of personal data when processing them in the personal data information system without the use of automation tools.

10.8. The operator uses technical means and software to process and protect personal data and maintains a log of personal data protection measures.

10.9. The operator maintains a log of the recording and storage of removable storage media containing personal data.

10.10. The technical means ensuring the functioning of the personal data information system are located in premises owned by the Operator or otherwise held in a property right (lease, gratuitous use, etc.). The technical means ensuring the functioning of the personal data information system of Users, citizens of the Russian Federation, are located on the territory of the Russian Federation.

10.11. All employees of the Operator authorized to work with personal data, as well as those involved in the operation and maintenance of the personal data information system, are familiar with the requirements of the Policy, as well as with the internal documents of the Operator regulating the procedure for working with personal data.

10.12. The Operator has organized a process for training employees on the use of personal data protection tools used by the Operator. This training is provided to employees with ongoing access to personal data and to employees involved in the operation and maintenance of the personal data information system and personal data protection tools.

10.13. The Operator's internal documents stipulate that employees are required to immediately notify the appropriate Operator official of any loss, damage, or shortage of information carriers containing personal data, as well as any attempts at unauthorized disclosure of personal data, the reasons for it, and the conditions under which it occurs.

11. FINAL PROVISIONS

11.1. By using the Website, the User agrees to the terms of this Policy. If the User does not agree with the terms of this Policy, he/she must immediately stop accessing and using the Website.

11.2. The law of the Russian Federation shall apply to the Policy and to the relations between the User and the Operator arising in connection with the application of the Policy.

11.3. The Privacy Policy is permanently publicly available on the Operator's Website at the following link: https://exlog.group/en/privacy-policy.

11.4. The User has the right to send any suggestions or questions regarding the Policy to the Operator's User Support Service by sending an email to: info@exlog.group.