+7 (499) 380-81-21 Multichannel
+7 (910) 422-10-22 Technical support
Moscow and Moscow Oblast Call between 10:00 AM and 7:00 PM.

Personal Data Processing and Protection Policy

LIMITED LIABILITY COMPANY "PUSKONALADKA"«
INN: 7734438457/KPP: 772601001/OGRN: 1207700426120
Russian Federation, 117105, Moscow, Varshavskoe shosse, 33, building 13, floor 4, office 28B

APPROVED
General manager
A.S. Shmakov

___________________
(signature)
Order No. 2P of June 11, 2026

Moscow, June 11, 2026.

 

1. General Provisions

1.1. This Policy has been developed in accordance with the Constitution of the Russian Federation, Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection", Federal Law No. 152-FZ of 27.07.2006 "On Personal Data", "Regulations on the Features of Personal Data Processing", "On Approval of Requirements for the Protection of Personal Data When Processing Them in Personal Data Information Systems", approved by Decree of the Government of the Russian Federation No. 1119 of 01.11.2012, and other regulatory acts in the field of personal data protection in force in the Russian Federation.

1.2. PUSKONALADKA LLC is the personal data operator.

1.3. Key concepts used in the Policy:

— OPERATOR — a legal entity, regardless of its organizational and legal form, as well as an individual entrepreneur, carrying out business activities;

— client – an individual or legal entity, regardless of its organizational and legal form, who is a counterparty of the operator;

— OPERATOR services — actions of the OPERATOR in the performance of its economic activities;

— personal data — information stored in any format relating to a specific or determinable on the basis of such information individual (subject of personal data), which, by itself or in combination with other information available to the OPERATOR, allows the identification of the Client;

— processing of personal data — actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, modification), use, distribution (including transfer), depersonalization, blocking, destruction of personal data;

— dissemination of personal data – actions aimed at transferring personal data to a certain circle of persons (transfer of personal data) or familiarizing an unlimited number of persons with personal data, including the disclosure of personal data in the media, posting in information and telecommunications networks or providing access to personal data in any other way;

— use of personal data — actions (operations) with personal data performed by the operator for the purpose of making decisions or performing other actions that give rise to legal consequences in relation to the subject of personal data or other persons or otherwise affect the rights and freedoms of the subject of personal data or other persons;

— confidentiality of personal data — a mandatory requirement for the operator or other person who has gained access to personal data to prevent their dissemination without the consent of the subject of the personal data or the presence of another legal basis.

1.4. This Policy establishes the procedure for processing the personal data of Clients for whom the OPERATOR provides a full range of services for the design, supply, installation, commissioning, and maintenance (repair) of multimedia, sound, lighting, and stage equipment, as well as under contracts for the sale and supply of the relevant equipment.

1.5. This Policy is mandatory for all employees of the OPERATOR and describes the main objectives, principles of processing, and requirements for the security of personal data of the OPERATOR.

1.6. This Policy has been developed to protect the rights and freedoms of individuals and citizens when processing their personal data.

1.7. Personal data is processed for the purpose of fulfilling the service agreement to which the Client is a party. The OPERATOR collects data only to the extent necessary to achieve the purpose specified in Section 2.2 of this Policy.

1.8. Ensuring the security and confidentiality of personal data is one of the OPERATOR's priority areas of activity.

2. Principles and purposes of processing. Composition of personal data

2.1. The OPERATOR processes personal data based on the following principles:

– the processing of personal data of Clients is carried out solely to ensure compliance with federal laws and other regulatory legal acts, and compliance with the purposes previously determined and stated during the collection of personal data;

– the volume and content of personal data processed by subjects, as well as the methods of processing personal data, comply with the requirements of federal legislation, as well as other regulations and the purposes for which personal data is processed. The processing of personal data that is excessive in relation to the purposes stated when collecting the personal data is prohibited;

– the OPERATOR receives personal data only from the Client;

– When processing personal data, the accuracy, sufficiency, and, where necessary, relevance of the personal data to the purposes of processing are ensured. The OPERATOR takes the necessary measures to destroy (delete) or clarify incomplete or inaccurate data.

2.2. The processing of personal data of personal data subjects is carried out by the OPERATOR for the purpose of fulfilling contractual and other civil-law relations in the course of the OPERATOR's business activities, and improving the efficiency and quality of service to Clients.

2.3. The OPERATOR processes the following categories of personal data:

Full name, date and place of birth, registration and/or actual residence addresses, taxpayer identification number, phone numbers, email addresses, order details, and other data, excluding special categories of personal data and biometric personal data.

3. Processing conditions

3.1. The OPERATOR's procedure for handling the personal data of Clients is governed by the current legislation of the Russian Federation and the OPERATOR's internal documents, and is carried out in compliance with strictly defined rules and conditions.

3.2. The OPERATOR processes personal data by collecting, systematizing, accumulating, storing, clarifying (updating, modifying), using, transferring (providing, accessing), depersonalizing, blocking, and destroying personal data solely to ensure compliance with federal legislation and other regulatory legal acts, compliance with the purposes previously determined and stated during the collection of the personal data, and accounting for the results of fulfilling contractual and other civil obligations with the personal data subject. A mixed (automated and non-automated) method of processing personal data is used.

3.3. Consent to the processing of personal data is not required, as the processing of personal data is carried out for the purpose of fulfilling an agreement to which the subject of the personal data—the Client—is a party. Personal data is transferred to third parties only in accordance with applicable law, including through the use of secure telecommunications channels.

3.4. The OPERATOR does not carry out cross-border transfer of personal data of Clients.

3.5. The retention periods for documents containing personal data of data subjects are determined in accordance with the term of the agreement with the data subject, Federal Law No. 125-FZ of the Russian Federation "On Archival Affairs in the Russian Federation" dated October 22, 2004, the statute of limitations, and other requirements of Russian legislation. Upon expiration of the retention periods for such documents, they are subject to destruction.

3.6. In order to protect personal data during its processing in personal data information systems from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions with them, the OPERATOR applies organizational and technical measures.

3.7. The OPERATOR's manager approves the list of OPERATOR's employees who have access to the personal data of Clients.

3.8. Personal data in hard copy format is stored in the OPERATOR's office premises under conditions that prevent access by persons not authorized to handle the Client's personal data. Removal of personal data outside the office premises, as well as its transfer to third parties, is prohibited.

3.9. Clients' personal data is stored electronically on the OPERATOR's local computer network, in electronic folders and files on the personal computers of employees authorized to process Clients' personal data and protected by an individual password. Transferring or disclosing the password to an OPERATOR employee's personal computer is prohibited.

4. Key measures to ensure the security of personal data processing

4.1. When processing the personal data of Clients, the OPERATOR is obliged to take the necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution of personal data, as well as from other illegal actions.

4.2. To effectively protect the personal data of Clients, it is necessary:

4.2.1. comply with the procedure for receiving, recording and storing personal data of Clients;

4.2.2. use technical means of security and alarm;

4.2.3. conclude a Non-Disclosure Agreement with all employees involved in the receipt, processing and protection of the Client’s personal data;

4.2.4. impose disciplinary action on employees found guilty of violating the rules governing the receipt, processing, and protection of the Client's personal data.

4.3. Access to personal data of Clients by OPERATOR employees who do not have properly authorized access is prohibited.

4.4. Documents containing personal data of Clients are stored in the OPERATOR'S premises, which ensure protection from unauthorized access.

4.5. Protection of access to electronic databases containing personal data of Clients is ensured by:

— the use of licensed software products that prevent unauthorized access by third parties to the personal data of Clients;

— a password system. Passwords are set by the system administrator and communicated individually to employees with access to Clients' personal data.

4.6. Copying and making extracts of the Client's personal data is permitted solely for official purposes with the written permission of the manager.

5. Procedure for providing information containing personal data

5.1. Upon application by the subject of personal data (the owner of this data or his legal representative) or upon receipt of a request, the OPERATOR shall, free of charge, within 30 days from the date of receipt of the request or request, provide personal data related to the subject of personal data in an accessible form that excludes the provision of personal data related to other subjects of personal data.

5.2. Third-party organizations have the right to access the personal data of personal data subjects only if they have been granted the necessary powers in accordance with the legislation of the Russian Federation, or on the basis of agreements with the OPERATOR concluded in connection with the requirements of the legislation of the Russian Federation.

The basis for the OPERATOR employee to provide information about the personal data of subjects is the resolution of the director of the organization on the relevant request or the fact of signing an agreement (contract) on information exchange.

The agreement (contract) on information exchange shall include a condition on non-disclosure of information constituting the personal data of subjects, as well as official information that became known during the performance of work, if the use of such information is envisaged for their performance.

5.3. When transferring personal data of subjects, the OPERATOR and its authorized officials comply with the following requirements:

– do not disclose personal data to a third party without the written consent of the subject, except in cases where this is necessary in order to prevent a threat to the life and health of the subject, as well as in cases established by federal legislation;

– warn persons receiving personal data that these data may be used only for the purposes for which they were communicated, and require these persons to confirm compliance with this condition, except in cases established by federal legislation;

– do not respond to questions related to the provision of personal information to any third parties without legal grounds (written request);

– maintain records of the transfer of personal data of subjects in response to requests received by the Company from subjects.

6. Duties of the OPERATOR

6.1. The OPERATOR is obliged to:

6.1.1. Process personal data of Clients solely for the purpose of providing legitimate services to Clients.

6.1.2. Obtain the Client's personal data directly from the Client. If the Client's personal data can only be obtained from a third party, the Client must be notified in advance and their written consent must be obtained. OPERATOR employees must inform Clients of the intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the Client's refusal to provide written consent.

6.1.3. Not to receive or process the Client's personal data regarding their race, nationality, political views, religious or philosophical beliefs, health status, or intimate life, except in cases provided by law.

6.1.4. Grant access to their personal data to the Client or their legal representative upon request or upon receipt of a request containing the number of the primary identity document of the Client or their legal representative, the date of issue of said document and the issuing authority, and the Client's or their legal representative's signature. The request may be sent electronically and signed with an electronic digital signature in accordance with Russian Federation law. Information regarding the availability of personal data must be provided to the Client in an accessible form and must not contain personal data related to other personal data subjects.

6.1.5. Limit the Client's right to access their personal data if the provision of personal data violates the constitutional rights and freedoms of others.

6.1.6. Ensure the storage and protection of the Client’s personal data from unauthorized use or loss.

6.1.7. In the event of detection of inaccurate personal data or illegal actions with them by the operator upon request or at the request of the personal data subject or his legal representative or the authorized body for the protection of the rights of personal data subjects, the operator is obliged to block the personal data related to the relevant personal data subject, from the moment of such request or receipt of such request for the period of verification.

6.1.8. In the event that the fact of inaccuracy of personal data is confirmed, the operator, on the basis of documents submitted by the personal data subject or his legal representative or the authorized body for the protection of the rights of personal data subjects, or other necessary documents, is obliged to clarify the personal data and unblock it.

6.1.9. If illegal actions with personal data are detected, the operator is obligated to rectify the violations within no more than three business days from the date of such detection. If it is impossible to rectify the violations, the operator is obligated to destroy the personal data within no more than three business days from the date of detection of the illegal actions with personal data. The operator is obligated to notify the personal data subject or their legal representative of the rectification of the violations or the destruction of the personal data, and if the request or appeal was sent by an authorized body for the protection of the rights of personal data subjects, also that body.

6.1.10. If the purpose of processing personal data is achieved, the operator is obliged to immediately cease processing the personal data and destroy the relevant personal data within a period not exceeding three working days from the date of achieving the purpose of processing the personal data, unless otherwise provided by federal laws, and notify the subject of the personal data or his legal representative thereof, and if the request or appeal was sent by an authorized body for the protection of the rights of personal data subjects, also the said body.

7. Client's Rights

7.1. The Client has the right to:

— access to information about oneself, including information confirming the fact of personal data processing, as well as the purpose of such processing; methods of personal data processing used by the OPERATOR; information about persons who have access to personal data or who may be granted such access; a list of personal data processed and the source of their receipt, the terms of processing of personal data, including the terms of their storage; information about what legal consequences for the Client may entail the processing of his personal data;

— determination of the forms and methods of processing his personal data;

— limitation of methods and forms of processing personal data;

— prohibition of distribution of personal data without his consent;

- changing, clarifying, destroying information about oneself;

— appealing against unlawful actions or inactions in the processing of personal data and obtaining appropriate compensation in court;

- other rights provided by law.

8. Confidentiality of Clients' personal data

8.1. Information about the personal data of Clients is confidential.

8.2. The OPERATOR ensures the confidentiality of personal data and is obliged to prevent its dissemination by third parties without the consent of the Clients or the presence of other legal grounds.

8.3. Persons with access to Clients' personal data are required to maintain confidentiality and must be notified of the need to maintain confidentiality. Due to the confidentiality of personal information, appropriate security measures must be in place to protect the data from accidental or unauthorized destruction, accidental loss, and unauthorized access, modification, or dissemination.

8.4. All confidentiality measures regarding the collection, processing, and storage of Clients' personal data apply to all information media, both paper and automated.

8.5. The confidentiality regime of personal data is lifted in the event of their depersonalization or inclusion in publicly available sources of personal data, unless otherwise specified by law.

9. Liability for violation of requirements governing the receipt, processing and storage of personal data

9.1. The OPERATOR's officials processing personal data are liable in accordance with the current legislation of the Russian Federation for violation of the protection, processing, and use procedures for this information.

9.2. Persons found guilty of violating the rules governing the receipt, processing, and protection of personal data shall bear disciplinary, civil, administrative, or criminal liability in accordance with the current legislation of the Russian Federation.

10. Final Provisions

10.1. This Policy shall enter into force upon its approval by the General Director of the OPERATOR.

10.2. This Policy is subject to amendment in the event of changes in Russian Federation legislation, regulatory authorities in the area of personal data protection, or the OPERATOR's internal documents regarding the protection of confidential information. When changes are made, the version number and the date of the last update are indicated in the Policy heading. The new version of the Policy takes effect upon its approval by the OPERATOR's manager and posting on the OPERATOR's website.

10.3. In the event of changes to the legislation of the Russian Federation in the area of personal data protection, the provisions of the Policy that contradict the legislation shall not be applied until they are brought into compliance.