politics

BMT LLC regarding the processing of personal data

Policy of the BMT Limited Liability Company (OGRN 1127747270375, TIN 7728828988, legal address: 117342, Moscow, Butlerova str., 17b, room. 4 on the 5th floor), (hereinafter referred to as the "Company", "Personal Data Operator", "Operator") in relation to the processing of personal data (hereinafter referred to as the "Policy") processes and protects personal data, including personal data of Users of the Company's Services — subjects of personal data (hereinafter referred to as to the text - "User", "Users", "Subject", "Subjects").

The Operator may also receive Personal Information from its partners (hereinafter referred to as "Partners"), websites, programs, products or services that the Subject uses, from other sources with publicly available personal data. In appropriate cases, the transfer of Personal Information is possible only in cases established by applicable law, and is carried out on the basis of special agreements between the Operator and each of the Partners.

The Policy is intended to inform an unlimited number of people about the Company's actions to process and protect Users' personal data in order to achieve the stated goals of personal data processing, as well as to contact Personal data Subjects by their phone numbers and email addresses.

The relations related to the processing of personal data by the Company are regulated by the legislation of the Russian Federation.

By providing personal data to the Operator, the Personal Data Subject agrees to their processing in accordance with this Policy.

This Policy is strictly enforced by the Operator and its employees. The Policy applies to all personal data of Subjects processed by the Operator using automation tools and without the use of such tools. Any Personal Data Subject has access to this Policy.

The use of the Company's services means the unconditional consent of the Personal Data Subject to this Policy and the conditions for processing his personal information specified therein. In case of disagreement with these terms, the Subject must refrain from using the Service and/or the Website.

• This Policy applies to any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data. As part of the implementation of this Policy, the Operator has developed other internal documents regulating individual processes of processing and protecting personal data.This Policy has been developed taking into account the requirements of the following documents:Federal Law of the Russian Federation of 27.07.2006 No. 152-FZ "On Personal Data"; Federal Law of the Russian Federation of 27.07.2006 No. 149-FZ "On Information, Information Technologies and Information Protection"; Federal Law of the Russian Federation dated 11/21/2011 No. 323-FZ "On OSN

- The Labor Code of the Russian Federation dated 12/30/2001 N 197-FZ;

1.5. The Policy applies to the relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.

1.7. Since the Operator does not have the right to process Personal Information without sufficient legal grounds, it processes Personal Information only if:

- such processing is necessary to fulfill contracts between the Personal Data Subject and the Operator, which also includes ensuring the operation of Sites and Services (for example, providing the User with search results on the site when searching for modern high-tech equipment, etc.);

- such processing is necessary to comply with obligations established by law, including: to carry out activities provided for in the Company's charter documents; to create new products and offers; to collect, process and submit statistical data and other research based on anonymized personal data; to recruit (recruit staff) with personal data subjects; for the purposes of concluding, executing, and terminating contracts; for making settlements with Personal Data Subjects.

When processing personal information on these grounds, the Operator will always strive to maintain a balance between its legitimate interests and the protection of the confidentiality of Subjects.

1.8. For specific purposes or in accordance with the requirements of applicable legislation, the Operator may request separate consent to the processing of Personal Information from the Subject.

1.9. The personal data subject is aware that without providing Personal Information, the Operator will not be able to provide him with the opportunity to use the Service and/or the Website.

1.10. The Operator processes Personal Information for specific purposes and only that Personal Information that is relevant to achieving such goals. In particular, the Operator processes Personal Information for the following purposes::

- providing access to the User's account, including information about the electronic mailbox;

- communicating with the Personal Data Subject to send him notifications, requests and information related to the operation of the Site and Service, fulfill agreements with him and process his requests and requests;

- improving the usability of Websites and Services;

 BASIC CONCEPTS

2.1. The Policy uses the following basic concepts:

PERSONAL DATA is any information related directly or indirectly to a specific or identifiable natural person (personal data subject).

PERSONAL INFORMATION/PERSONAL DATA OF THE USER (VISITOR) OF THE WEBSITE (MOBILE APPLICATION, SERVICE, SERVICES OF THE OPERATOR AND ITS AFFILIATES, PARTNERS, ETC.) – personal information that the User provides about himself when registering (creating an account) or during the use of the services, including the User's personal data. The information required for the provision of services is marked in a special way.

Data that is automatically transmitted to the Operator's website services during their use using software installed on the User's device, including IP address, cookie data, information about the User's browser (or other program that accesses the services), technical characteristics of the equipment and software used by the User, the date and time of access to the services, the addresses of the requested pages, and other similar information.

SPECIFIC INFORMATION (SENSITIVE INFORMATION) is any information that requires special attention and protection due to its confidentiality or potential vulnerability; it is any information that describes the User as an individual and describes his specific condition. Such information may include the following (the list provided is not exhaustive):

- information about medical status and health;

- bad habits;

- and others .

The Operator does not purposefully collect sensitive personal information (such as racial origin, political views, health information, and biometric data), except in cases where the User independently decides whether to provide this information to the Operator.

If the User independently provides the specified information to the Operator, then the Operator will process the specified information as part of providing the User with its services. At the same time, the User should take into account that the Operator cannot request the User's consent to such processing, since he is not aware in advance of the potentially sensitive nature of the personal information that the User may provide to the Operator.

The Operator does not collect data for the purpose of creating a "portrait" of the User to the extent that this may significantly affect his rights and freedoms in accordance with applicable law.

PERSONAL DATA OPERATOR (OPERATOR, OPERATORS) – a state body, municipal body, legal entity or individual who independently or jointly with other persons organize and (or) process personal data, as well as determine the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data.

Applicable to this Policy, the operator of personal data in accordance with Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" is the Limited Liability Company BMT (OGRN 1127747270375, TIN 7728828988, legal address: 117342, Moscow, Butlerova str., 17b, room. 4 on the 5th floor), as well as, in the applicable part, another person/persons to whom the rights of BMT LLC have been transferred for other reasons (hereinafter referred to as the "Company", "Operator", "Operator of Personal Data").

PERSONAL DATA PROCESSING is any action (operation) or set of actions (operations) with personal data performed using automation tools or without the use of such tools (performed in whole or in part in information systems). The processing of personal data includes, among other things: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, depersonalization.

AUTOMATED PERSONAL DATA PROCESSING is the processing of personal data using computer technology.

DISSEMINATION OF PERSONAL DATA is an action aimed at disclosing personal data to an unspecified group of people.

PROVIDING PERSONAL DATA is an action aimed at disclosing personal data to a specific person or a specific group of people.

BLOCKING OF PERSONAL DATA is the temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data).

DESTRUCTION OF PERSONAL DATA – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

DEPERSONALIZATION OF PERSONAL DATA is an action that makes it impossible to determine whether personal data belongs to a specific personal data subject without using additional information.

CONSENT TO THE PROCESSING OF PERSONAL DATA (CONSENT) is any voluntary expression of a person's will to grant permission for the processing of personal data in accordance with the stated purpose of processing;

The PERSONAL DATA INFORMATION SYSTEM is a set of personal data contained in databases and information technologies and technical means that ensure their processing.

CROSS–BORDER TRANSFER OF PERSONAL DATA is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

COOKIES are small text files containing some information that are downloaded to a user's device (PC, smartphone, etc.) while browsing a web page.

A WEBSITE is an array of interconnected data belonging to a Company, which is a set of electronic documents (web pages, information, code) combined under a unique domain name and hosted on the Internet information and telecommunications network at: https://lamsys.art/

The SERVICE (hereinafter referred to as the "Service") is a software package that includes a WEB interface hosted on the Internet information and communication network at https://lamsys.art/ , and any mobile applications that the Company may have for the interaction of the Personal Data Operator with the Company.

These applications, which form one platform - Service with the Site, are (will be) a multifunctional online information technology platform presented in the form of versions and modifications of the Service for mobile devices, including those that may contain fragments of the Service included as an integral part of other resources (sites) of the Company's partners on which the text is posted. this Agreement or a link to it.

The MOBILE APPLICATION (hereinafter referred to as the "Application") is the Company's software designed for installation and use on the User's Mobile Device, providing the opportunity to use the Service.

By filling in the fields of the Service or Application containing personal data, the User agrees to the provisions of the Company's Personal Data Processing Policy.

PURPOSES AND CONDITIONS OF PERSONAL DATA PROCESSING

3.1. The Operator carries out the processing in accordance with the following principles:

3.1.1. Personal data is processed in accordance with the current legislation of the Russian Federation.

3.1.2. Personal data is processed to achieve specific, predetermined goals; personal data is not processed that is not justified by achieving such goals.

3.1.3. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other.

3.1.4. Only personal data that meets the purposes of their processing is subject to processing.

3.1.5. The content and volume of personal data processed correspond to the stated purposes of processing.

3.1.6. When processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, their relevance to the purposes of personal data processing are ensured.

3.1.7. Personal data is stored in a form that makes it possible to identify the Subject of personal data for no longer than the purposes of personal data processing require.

The Operator will store Personal Data for as long as it is necessary to achieve the purpose for which it was collected, or to comply with the requirements of legislation and regulations.

Unless otherwise required by law or agreement with the User, Personal Data will be stored as long as the User has an account in the Service / on the Site, but such information can be deleted by the User at any time independently.

The User's personal information will be stored in the Russian Federation.

For Russian users: The Operator records, systematizes, accumulates, stores, clarifies (updates, changes), extracts personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.

For users from the EEA, Switzerland, or Israel: The Russian Federation is a jurisdiction outside the European Economic Area that has not been recognized by the European Commission as providing an adequate level of personal data protection, so the Operator has taken appropriate measures to ensure that such transfers are carried out in accordance with current EU data protection regulations.

If the Subject is located in a territory where his consent is required to transfer his personal information to another jurisdiction, then using the Operator's Websites or Services, the User gives the Operator his explicit and unambiguous consent to such transfer or storage and/or processing of information (cross-border transfer of personal data) in other specified jurisdictions, including the Russian Federation.

3.1.8. The personal data being processed will be destroyed or depersonalized upon achievement of the processing objectives or in case of loss of the need to achieve these objectives.

3.2. In order to ensure the fulfillment of obligations stipulated by the Law on Personal Data and the regulatory legal acts adopted in accordance with it, the Operator:

3.2.1. Appoints a person responsible for the organization of personal data processing.

3.2.2. Approves internal documents on personal data processing that establish procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations.

3.2.3. Applies legal, organizational and technical measures to ensure the security of personal data.

3.2.4. Performs internal control over the compliance of personal data processing with the requirements of the Law on Personal Data and regulatory legal acts adopted in accordance with it, requirements for personal data protection, Operator's policy regarding personal data processing, Operator's local acts regulating the processing of personal data.

3.2.5. Carries out an assessment of the harm in accordance with the requirements established by the authorized body for the protection of the rights of personal data subjects, which may be caused to personal data subjects in the event of a violation by the Operator of the requirements of legislation in the field of personal data, the ratio of said harm and the measures taken by the Operator to ensure the fulfillment of their duties provided for by legislation in the field of personal data.

3.2.6. Carries out timely communication to its employees directly involved in the processing of personal data of the provisions of the legislation of the Russian Federation in the field of personal data, including requirements for the protection of personal data, internal regulatory and administrative documents of the Operator governing the processing of personal data.

3.2.7. Publishes this Policy, ensuring unhindered access to it by an unlimited number of persons.

3.3. The purposes of processing the Operator's personal data include:

3.3.1. Ensuring the operation of the Company's services and websites.

3.3.2. Providing user access to the services, information and materials contained therein.

3.3.3. Verification (confirmation) of the user's identity.

3.3.4. Maintaining analytics and statistics.

3.3.6. Compliance and fulfillment of the requirements of the current labor legislation of the Russian Federation.

3.3.7. Conclusion, execution and termination of civil law contracts with third parties.

3.3.8. Support of contracts with clients and counterparties.

3.3.9. Prevention and suppression of violations of the law, the Terms of Use of the Services and other rules and conditions of the company, including the protection of users from fraudulent and other unfair actions.

3.3.10. Providing the User with effective customer and technical support in case of problems related to the use of the Operator's services.

3.4. The Operator processes the following categories of personal data subjects:

3.4.1. Employees/their relatives.

3.4.2. Former employees.

3.4.3. Counterparties.

3.4.4. Clients.

3.4.5. Site visitors.

3.4.6. Partners.

3.5. The Operator does not verify the personal information provided by the User, except in cases stipulated by separate Agreements, the user agreement, etc., and cannot judge its reliability, as well as whether the User has sufficient legal capacity to provide the Operator with his personal information. Nevertheless, the Operator assumes that the User provides reliable and sufficient personal information, as well as updates it in a timely manner.

The accuracy of Personal Information, its sufficiency and relevance in relation to the purposes of processing, are ensured if necessary to protect the legitimate interests of the Operator. In this case, if inaccurate or incomplete Personal Information is found, it can be clarified and updated.

3.6. Obtaining the consent of the Subject to the processing of Personal Information.

3.6.1. Consent may be expressed by the Subject in the form of specific actions, for example:

- marking, filling in the appropriate fields in forms, forms both when using the Service or / and the Website, and when filling in the appropriate fields in forms, forms on paper;

- maintaining electronic correspondence, which refers to the processing of personal data;

- access to the Company's office area after familiarization with the warning signs and signs;

- other actions performed by the Subject, which can be used to judge his will.

PROCEDURE FOR RECEIVING AND PROCESSING PERSONAL DATA

4.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.

4.2. The processing of personal data is carried out with the consent of the subjects of personal data to the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation.

4.3. The Operator receives all processed personal data, in any form that allows to confirm the fact of its receipt, directly from the personal data subject and only with his consent and for the period for which consent to the processing of personal data was given.

If the User's activity in the Service (through the User's account) has been terminated, the processing period for personal data is 3 (three) years from the date of the user's last activity in the Service, unless a longer period is stipulated by law or contract.

The processing of the User's personal data is terminated in the following cases::

- the achievement of processing goals or the loss of the need to achieve them.

- upon expiration of the consent period or upon withdrawal of consent (if there are no other grounds for processing provided for by law).

-if unlawful processing is detected, if it is impossible to ensure legality;

- during the liquidation of the Company.

After the deadline expires, the Operator deletes the data from the information systems. If the data is processed without using automatic processing tools (for example, paper applications), the Operator destroys such material media.

4.4. The Operator provides its employees with access to the minimum amount of personal data necessary for them to perform their official duties.

4.5. The Operator's employees are allowed to process personal data only after familiarizing themselves with the requirements of current legislation and the Operator's internal regulatory and administrative documents governing the processing and protection of personal data, and signing a non-disclosure agreement.

4.6. When determining the volume and content of personal data being processed, the Operator is guided by the Constitution of the Russian Federation, the Law on Personal Data and other federal laws in the field of personal data protection, as well as the principle of compliance of the volume and content of personal data being processed with the stated purposes of their processing.

4.7. The personal data operator has the right to entrust the processing of personal data to another person on the basis of contracts concluded with them. This means that the Operator delegates part of his functions to a person designated by him, who at the same time acts on behalf of or in the interests of the Operator.

4.8. The person who processes personal data on behalf of the Operator is not obliged to obtain the consent of the personal data subject to process his personal data. If the consent of the personal data subject is required for the processing of personal data on behalf of the Company, such consent is obtained directly by the Company.

4.9. Phone calls and alternative communication methods.

4.9.1. The information described above and further in the text can also be collected during a phone call/conversation with one of the Operator's representatives.

4.9.2. If the User does not agree with any condition of this Policy, or with all the terms of this Policy, the User must refuse to provide the Operator with personal data or specific information through a phone call and/ or an alternative method of communication (for example, through authorized messengers, e-mail, etc.).

4.9.3. In order to comply with the current legislation, the Operator is obliged to keep records of phone calls between the Operator and the Subjects of personal data (including Users), who are solely responsible for what information they disclose and provide during such a conversation with a representative of the Operator.

4.9.4. The Operator, as well as its employees, management, partners, agents, are not responsible directly or indirectly for any information provided by the Personal Data Subject through any communication outside the Site, the Operator's Service, etc. and/or for any material damage in the event of such communication (for example, if The personal data subject independently, bypassing the established methods of communication, sent his personal data to the Operator through messengers, communication through which is prohibited).

4.9.5. The provision of any information outside the Company and its representatives implies that the Personal Data Subject is fully responsible for such action.

PERSONAL DATA PROTECTION

5.1. When processing personal data of citizens, the operator is obliged to take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions with respect to personal data. Ensuring the security of personal data is achieved, in particular:

5.1.1. Identification of threats to the security of personal data during their processing in personal data information systems.

5.1.2. The application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for personal data protection, the implementation of which ensures the levels of personal data security established by the Government of the Russian Federation.

5.1.3. Using information security tools that have passed the compliance assessment procedure in accordance with the established procedure.

5.1.4. Assessment of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data information system.

5.1.5. Taking into account the machine storage of personal data.

5.1.6. By detecting the facts of unauthorized access to personal data and taking measures, including measures to detect, prevent and eliminate the consequences of computer attacks on personal data information systems and to respond to computer incidents in them.

5.1.7. Recovery of personal data modified or destroyed due to unauthorized access to them.

5.1.9. Control of the measures taken to ensure the security of personal data and the level of security of personal data information systems.

5.2. Disclosure and dissemination of personal data to third parties is prohibited without the consent of the personal data subject, unless otherwise provided by federal law. Consent to the processing of personal data authorized by the personal data subject for dissemination is issued separately from other consents of the personal data subject to the processing of his personal data.

The requirements for the content of consent to the processing of personal data authorized by the personal data subject for distribution were approved by Roskomnadzor Order No. 18 dated 02/24/2021.

5.3. The transfer of personal data to the bodies of inquiry and investigation, to the Federal Tax Service and other authorized executive authorities, organizations and judicial authorities is carried out in accordance with the requirements of the legislation of the Russian Federation.

STORAGE AND USE OF PERSONAL DATA

Personal data is processed in compliance with the requirements of the current legislation on personal data protection.

The processing of personal data in BMT LLC is carried out in a mixed way:

An automated way of processing personal data;

An automated way of processing personal data.

Personal data is stored on paper and in electronic form.

Documents containing personal data on paper are employment contracts, contracts with clients and counterparties, and other civil law contracts.

Documents containing personal data are stored in lockable cabinets (safes) that provide protection against unauthorized access.

It is possible to transfer personal data on the Operator's internal network and over the Internet, using organizational measures, as well as software and hardware information protection tools, with access by operator employees authorized to work with personal data and only to the extent necessary to perform their official duties.

Personal data is stored for no longer than the purposes of their processing require, and they are subject to destruction upon achievement of the purposes of processing or in case of loss of the need to achieve them.

The Operator's employees who are authorized to work with personal data have access to personal data. The employees' employment contract includes a clause on the obligation to preserve confidential information, as well as a non-disclosure obligation.

6.9. The Operator stops processing personal data in the following cases::

6.9.1. the fact of their illegal processing has been revealed. The deadline is within three working days from the date of detection.;

6.9.2. the purpose of their processing has been achieved;

6.9.3. the consent of the Personal Data Subject to the processing of the specified data has expired or been revoked when, according to the Law on Personal Data, the processing of this data is allowed only with consent.

6.10. Upon achievement of the purposes of personal data processing, as well as in the case of revocation by the Personal data Subject of consent to their processing, the Operator stops processing this data if:

6.10.1. nothing else is provided for in the contract to which the personal data subject is a party, beneficiary or guarantor.;

6.10.2. the Operator is not entitled to process personal data without the Consent of the Subject on the grounds provided for by the Law on Personal Data or other federal laws.;

6.10.3. no other agreement is provided for between the Operator and the personal data subject.

6.11. When a personal data subject requests the Operator to terminate the processing of personal data within a period not exceeding 10 working days from the date of receipt by the Operator of the relevant request, the processing of personal data is terminated, except in cases provided for by the Law on Personal Data. The specified period may be extended, but not more than five working days. To do this, the Operator must send a reasoned notification to the Subject of Personal data indicating the reasons for the extension of the period.

6.12. When collecting personal data, including through the Internet information and telecommunications network, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for the cases specified in the Law. about personal data.

TRANSFER OF PERSONAL DATA

 The Operator transfers the personal data at his disposal to third parties in the following cases::

If the personal data subject agrees to transfer his/her personal data to a third party, including the name or surname, first name, patronymic and address of the third party, the purposes, timing and methods of processing personal data by the third party.

If the transfer of personal data to a third party is necessary to fulfill the Operator's obligations to the Personal Data Subject.

If the obligation to transfer personal data to a third party is imposed on the Operator by the current legislation.

The User confirms the accuracy of his personal data, as well as the personal data of third parties provided to the Company, and assumes full responsibility for their accuracy, completeness and reliability.

The User assumes all possible risks associated with errors and inaccuracies made by the User in the personal data provided.

The User confirms his consent that the personal information that the User provides to the Operator when using the Service may be used by the Operator, and may also be transferred, including cross-border transfer, by the Company to the partner(s) and (or) other performers for the same purposes and for the purposes of fulfilling an Agreement with the User, or an Agreement in for the benefit of the User, and (or) for the benefit of the third parties specified by the User.

The specified consent of the User and (or) the consent of third parties to the transfer of Personal Data is carried out to the extent necessary for transactions.

In cases of processing of Personal Information received not from the Subject directly, but from other persons on the basis of a contract or a processing order, the obligation to obtain the consent of the Subject is assigned to the person from whom the Personal Information was received.

The Operator ensures the safety and security of the User's personal data and of third parties for whom/on whose behalf the User makes transactions (enters into contracts) when processing them in accordance with applicable law.

 THE RIGHTS AND OBLIGATIONS OF THE SUBJECT IN THE FIELD OF PERSONAL DATA PROTECTION

The personal data subject has the right to receive information regarding the processing of his personal data, including information containing:

confirmation of the fact of personal data processing by the operator;

legal grounds and purposes of personal data processing;

purposes and methods of personal data processing used by the operator;

the name and location of the operator, information about persons (with the exception of the operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the operator or on the basis of federal law;

processed personal data related to the relevant personal data subject, the source of their receipt, unless another procedure for submitting such data is provided for by federal law.;

terms of personal data processing, including the terms of their storage;the procedure for exercising the rights provided for by federal law by the subject of personal data;information about a cross-border data transfer that has been carried out or is expected to be carried out;the name or surname, first name, patronymic and address of the person who processes personal data on behalf of the operator, if the processing is or will be entrusted to such a person;other information provided by the Law on Personal Data or other federal laws.

The personal data subject has the right to require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take legally prescribed measures to protect their rights.The information specified in clause 8.1. must be provided to the personal data subject by the Operator in an accessible form, and it must not contain personal data related to other personal data subjects, except in cases where there are legitimate grounds for the disclosure of such personal data.

The information specified in clause 8.1 is provided to the Personal Data Subject or his representative by the operator within ten working days from the moment the operator requests or receives a request from the Personal Data Subject or his representative. The specified period may be extended, but not for more than five working days if the operator sends a reasoned notification to the personal data subject indicating the reasons for extending the deadline for providing the requested information. The request must contain the number of the main identity document of the personal data subject or his representative, information about the date of issue of the specified document and the issuing authority, information confirming the participation of the personal data subject in relations with the operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information, otherwise confirming the fact of personal data processing by the operator, the signature of the personal data subject
or his representative. The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation. The operator provides information to the personal data subject or his representative in the form in which the Relevant request or request is sent, unless otherwise specified in the request or request.

 case of detection of unlawful processing of personal data when contacting the personal data subject or his representative, or at the request of the personal data subject or his representative or the authorized body for the protection of the rights of personal data subjects, the Operator is obliged to block the unlawfully processed personal data related to this personal data subject, or to ensure their blocking (if the processing of personal data is carried out by another by a person acting on behalf of the operator) from the moment of such request or receipt of the specified request for the verification period. In case of detection of inaccurate personal data when contacting the personal data subject or his representative, or at their request or at the request of the authorized body for the protection of the rights of personal data subjects, the Operator is obliged to block personal data related to this personal data subject, or to ensure their blocking (if the processing of personal data is carried out by another person acting on behalf of the operator) from the moment of such request or receipt of the specified request for the verification period, if the blocking of personal data does not violate the rights and legitimate interests of the personal data subject or third parties.

In case of confirmation of the inaccuracy of personal data, the Operator, based on information provided by the Personal Data Subject or his representative or the authorized body for the protection of the rights of personal data subjects, or other necessary documents, is obliged to clarify the personal data or ensure their clarification (if personal data is processed by another person acting on behalf of the operator) within seven working days from the date of submission of such information and to remove the blocking of personal data.

In case of detection of unlawful processing of personal data carried out by the Operator or a person acting on behalf of the operator, the operator, within a period not exceeding three working days from the date of this detection, is obliged to stop the unlawful processing of personal data or ensure the termination of the unlawful processing of personal data by a person acting on behalf of the operator. If it is impossible to ensure the legality of the processing of personal data, the operator is obliged to destroy such personal data or ensure their destruction within a period not exceeding ten working days from the date of detection of the unlawful processing of personal data. The Operator is obliged to notify the personal data subject or his representative about the elimination of violations or the destruction of personal data, and if the request of the personal data subject or his representative or the request of the authorized body for the protection of the rights of personal data subjects was sent by the authorized body for the protection of the rights of personal data subjects, also the specified body.

If the fact of unlawful or accidental transfer (provision, dissemination, access) of personal data is established, which has resulted in a violation of the rights of personal data subjects, the Operator is obliged to notify the authorized body for the protection of the rights of personal data subjects from the moment such incident is identified by the operator, the authorized body for the protection of the rights of personal data subjects or another interested person.:Within twenty-four hours, about the incident that occurred, about the alleged causes that led to the violation of the rights of personal data subjects, and the alleged harm caused to the rights of personal data subjects, about the measures taken to eliminate the consequences of the incident, as well as provide information about the person authorized by the operator to interact with the authorized body for the protection of the rights of personal data subjects, for questions related to the identified incident.Within seventy-two hours about the results of the internal investigation of the identified incident, as well as provide information about the persons whose actions caused the identified incident (if any).If the purpose of personal data processing is achieved, the operator is obliged to stop processing personal data or ensure its termination (if the processing of personal data is carried out by another person acting on behalf of the operator) and destroy personal data or ensure their destruction (if the processing of personal data is carried out by another person acting on behalf of the operator) within a period not exceeding thirty days from the date of achievement of the purpose of personal data processing, unless otherwise provided by the contract to which the party, the beneficiary or guarantor of which is the personal data subject, by another agreement between the operator and the personal data subject, or if the operator is not entitled to process personal data without the consent of the personal data subject on the grounds provided for by the Law on Personal Data or other Federal Laws.If the Personal data Subject withdraws Consent to the processing of his personal data, the Operator is obliged to stop processing them or ensure the termination of such processing (if the processing of personal data is carried out by another person acting on behalf of the operator) and if the storage of personal data is no longer required for the purposes of personal data processing, destroy the personal data or ensure their destruction (if the processing of personal data is carried out by another person acting on behalf of the operator) on time, not exceeding thirty days from the date of receipt of the said withdrawal, unless otherwise provided by an agreement to which the personal data subject is a party, beneficiary or guarantor, or by another agreement between the Operator and the Personal Data Subject, or if the operator is not entitled to process personal data without the consent of the personal data subject on the grounds provided for by the Personal Data Law or other Federal laws.

If a Personal Data Subject requests the operator to terminate the processing of personal data, the operator must, within a period not exceeding ten working days from the date of receipt by the operator of the relevant request, terminate their processing or ensure the termination of such processing (if such processing is carried out by the person processing personal data), except for the cases provided for in paragraphs 2 - 11 of part 1 of Article 6, part 2 of Article 10 and part 2 of Article 11 of the Law on Personal Data. The specified period may be extended, but not for more than five working days if the operator sends a reasoned notification to the Personal Data Subject indicating the reasons for extending the deadline for providing the requested information.

If it is not possible to destroy personal data within the period specified in clauses 8.7 - 8.10.1 of this Policy, the Operator shall block such personal data or ensure their blocking (if personal data is processed by another person acting on behalf of the Operator) and ensure the destruction of personal data within no more than six months, unless otherwise specified It is not established by federal laws.

ANDTHE USE OF COOKIES AND OTHER SIMILAR TECHNOLOGIES ON THE WEBSITE OR WHEN USING THE SERVICEIn some cases, the Operator receives and processes personal data automatically using metric programs used on the Operator's websites and online services.Cookies are one of the technologies that the Operator uses to automatically collect information and improve the quality of content.Cookies are a small piece of data that is received and processed by the device that is used to access the Website and Application. Cookies store and send information back to the Site that helps the Operator to work with the Site and allows the Operator to remember User preferences after time has elapsed, for example, browser settings or to recognize the User's account.The website uses the following types of cookies:- strictly necessary cookies / technical cookies: these cookies are necessary for the operation of Websites, they allow the Operator to identify the User's hardware and software, including the browser type;- statistical/analytical cookies: These cookies allow you to recognize users, count their number, and collect information such as actions performed by the User on Websites and Services, including information about web pages visited by Users and the content that the User has received;- Technical cookies: These cookies collect information about how users interact with the Site and/or Service, which allows them to identify errors and test new features to improve the performance of the Site and Service.;- Functional cookies: These cookies allow you to provide certain functions to facilitate the User's use of the Site, for example, by storing the User's preferences (for example, the language or location of the User);- (third-party) tracking/advertising cookies: These cookies collect information about users, traffic sources, pages visited, and advertisements displayed to the User, as well as the one that led them to the advertised page.The retention period of cookies that are stored on the User's device.

The Operator uses the information contained in the cookies only for the above purposes, after which the collected data will be stored on the User's device for a period that may depend on the type of cookie, but not exceeding the time required to achieve their purpose, after which they will be automatically deleted from the User's system.Access to information contained in cookies.Personal information collected through cookies placed on the User's device may be transferred and made available to the Operator and/or third parties in accordance with this Policy.When visiting the Website or Application for the first time, the User/other personal data subject may be asked to consent to the use of cookies. If, after the User/other personal data subject approves the use of cookies, he/she wants to change his/her mind, he/she can do so by deleting the cookies stored in his/her browser.After that, a pop-up window may be displayed again, requesting the consent of the User / other personal data subject, and he will be able to make a different choice.If the User/other Personal Data Subject refuses to use cookies, this may lead to the fact that some functions of the Service will be unavailable, and this will affect the ability to use the Site and the Service.Personal data subjects can also change their browser settings to accept or reject by default all cookies or cookies from certain sites, including the Operator's Sites. If such a subject has approved the use of cookies on one of the Operator's Websites, the Operator will assume that the use of cookies on all Operator's websites has been approved by the User/other personal data subject.

POLICY CHANGE

This Policy may be amended at any time.  The Operator has the right to make changes at its discretion, including, but not limited to, in cases where the relevant changes are related to changes in applicable law, as well as when the relevant changes are related to changes in the operation of the Operator's Website and Service.

The e-mail address specified in section 12 of this Policy may also be used by a personal data subject to send requests for the exercise of his rights or complaints regarding the incorrectness of the Subject's Personal Information or the illegality of its processing.

OTHER PROVISIONS

This Policy comes into force from the date of its approval.

The personal data that the Operator collects and stores is considered confidential information. They are protected from loss, alteration or unauthorized access according to the legislation of the Russian Federation in the field of personal data.

To do this, the Operator applies technical means and organizational measures. Organizational measures include limiting the number of people among the Company's employees who have access to personal data. Technical information protection measures include a system for excluding unauthorized, including accidental access to personal data, and mandatory identification and authentication procedures for accessing personal data.

The Operator keeps this Policy up to date and has the right to unilaterally change its terms.

This Policy is binding on all employees of BMT LLC who have access to personal data.

The current Policy is posted on all the Company's services.

This Policy is an integral part of the Agreement (offer), published in the information and telecommunication network "Internet" on the Company's website at: https://lamsys.art/ .Russian Federation/ as well as other agreements and documents of the Company.

12. CONTACTS

12.1. If the personal data subject has any questions, comments or suggestions related to the processing and protection of personal data and regarding this Policy, he/she can contact the Operator using the email address: info@bmtltd.ru .

Push notifications: with the consent of the Personal Data Subject, the Operator can send a Push Notification if such a Subject is on the Site, and the Operator can also send it to the email address or mobile phone number specified by the Subject. These notifications may be sent to provide information related to the Website, service updates, promotional messages, etc.

Date of publication: 06/09/2025

The current version is available at: https://lamsys.art/