Processing Policy
Privacy and Personal Data Processing Policy
1. General Provisions, Parties, Purpose of the Document
1.1. This Privacy and Personal Data Processing Policy (hereinafter referred to as the "Policy") defines the procedure and conditions for the processing by Individual Entrepreneur Anton Borisovich Basin, operating under the laws of Russia (hereinafter referred to as the "Operator" or "We"), of information about an individual, which may be received by the Operator from this individual or their legal representative (hereinafter referred to as the "User", "Data Subject" or "You"), in the following cases:
a) when using the functions of the website https://basinn.ru, including all its domains, subdomains and pages, their content, as well as internet services and software offered by the Operator for use on this website (hereinafter collectively referred to as the "Website");
b) when the Operator performs rights and obligations established by agreements/contracts concluded between the Operator and the User;
c) when processing appeals, complaints, inquiries, and messages sent between the Operator and the User.
1.2. The purpose of this Policy is to ensure the proper legal regime of personal data. The Policy may not contain provisions that limit the rights and freedoms of the data subject, establish conditions for processing the personal data of minors unless otherwise provided by the laws of the Russian Federation, or allow for the conclusion of a contract/consent through the inaction of the data subject.
2. Legal Basis for Personal Data Processing
2.1. The legal bases for personal data processing are:
a) consent to the processing of personal data, expressed in a manner prescribed by law and this Policy;
b) agreements concluded between the Operator and the User;
c) local regulatory acts of the Operator in the field of personal data.
2.2. The data subject voluntarily decides to provide their personal data and consents to its processing. Inaction by the data subject cannot be construed as consent. Consent to the processing of personal data must be specific, informed, conscious, and unequivocal. Consent to the terms of this Policy may be expressed by the data subject through the following actions:
a) conclusion of an agreement with the Operator, such as a public offer contract for the provision of paid information and consulting services, provided that the User is given the opportunity to review the full text of this Policy at each point of data collection;
or
b) ticking a checkbox on the Website next to a statement such as: "I have read and agree to the privacy and personal data processing policy" and "I consent to the processing of personal data", provided that the User is given the opportunity to review the full text of this Policy at each point of data collection.
3. Rules for Processing Personal Data
3.1. The purpose of processing, categories, and list of processed personal data, categories of data subjects, processing and storage methods, and procedures for data destruction upon achieving processing objectives or the emergence of other legal grounds:
3.1.1. Purpose: authentication of the data subject for the conclusion of a contract for paid information and consulting services.
Categories and list of data: surname, first name, phone number, email address.
Categories of subjects: Website Users.
Processing methods: collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, anonymization, transfer (access, provision), blocking, deletion, destruction.
Processing and storage period: until a request for termination or consent withdrawal is received from the data subject or for ten (10) years.
Destruction procedure: data is erased by overwriting (replacing all storage units with "0") with a destruction act.
3.1.2. Purpose: communication with the User, sending messages, notifications, inquiries, responses, documents, and promotional or informational content.
Data: first name, surname, phone number, email address.
Subjects: Website Users.
Processing methods: collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, anonymization, blocking, deletion, destruction.
Processing and storage period: until consent withdrawal or a request for termination from the data subject, or for ten (10) years. Destruction procedure: data is erased by overwriting (replacing all storage units with "0") with a destruction act.
3.1.3. Purpose: processing of inquiries, complaints, requests, and messages exchanged between the Operator and the User.
Data: surname, first name, phone number, email address, message text (if it contains personal data).
Subjects: Website Users.
Processing methods: collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, anonymization, transfer (access, provision), blocking, deletion, destruction.
Processing and storage period: until consent withdrawal or a request for termination from the data subject, or for ten (10) years.
Destruction procedure: data is erased by overwriting (replacing all storage units with "0") with a destruction act.
3.1.4. Purpose: provision of information and consulting services.
Data: surname, first name, patronymic, phone number, email address.
Subjects: Website Users.
Processing methods: collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, anonymization, transfer (access, provision), blocking, deletion, destruction.
Processing and storage period: until a request for termination or consent withdrawal is received from the data subject.
Destruction procedure: data is erased by overwriting (replacing all storage units with "0") with a destruction act.
3.1.5. Purpose: allowing the User to leave reviews about the Operator's services.
Data: surname, first name, message text (if it contains personal data), User's social media account data, image data: photos, videos, or other forms of visual representation.
Subjects: Website Users.
Processing methods: collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, anonymization, transfer (access, provision), blocking, deletion, destruction.
Processing and storage period: until a request for termination or consent withdrawal is received from the data subject or for ten (10) years.
Destruction procedure: data is erased by overwriting (replacing all storage units with "0") with a destruction act.
3.1.6. Personal data processing shall be limited to achieving specific, pre-determined, and legitimate goals. Processing incompatible with these purposes is not allowed.
3.1.7. On cookies:
3.1.7.1. Cookies are data fragments sent by the Operator's server and stored on the Data Subject's device. These may contain personal or anonymized technical data.
3.1.7.2. "IP address" refers to a unique network address in an IP-based computer network.
3.1.7.3. The Website protects data automatically transmitted during the display of advertising blocks or when visiting pages with tracking scripts ("pixel"):
- IP address;
- Cookie data;
- Browser information (or software accessing ads);
- Access time;
- Page URL with advertising;
- Referrer (previous page address).
3.1.7.4. The Data Subject may disable or restrict cookie use. Some site functions may not work properly if cookie usage is disabled. The Data Subject is responsible for adjusting device settings. The Operator does not provide technical or legal advice on such matters.
3.1.7.5. The Website collects visitor IP statistics to identify and resolve technical issues.
3.2. Procedure and Conditions of Personal Data Processing
3.2.1. Personal data processing means any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (provision, access), anonymization, blocking, deletion, destruction. This Policy sets out the purposes, categories, and list of processed data, subject categories, processing methods and periods, and destruction procedures.
3.2.2. The Operator may process data using both automated and non-automated systems.
3.2.3. The Operator will process personal data as long as necessary to achieve the specified purpose.
3.2.4. In case of consent withdrawal, expiration, or a termination request by the data subject, the Operator stops processing and destroys data, unless processing is required by law (e.g., to fulfill contractual obligations or retain accounting records).
Blocking and further storage are allowed only when legally required.
3.3. Measures to Protect Personal Data
3.3.1. The Operator takes all necessary measures to protect personal data from unauthorized, accidental, or unlawful destruction, loss, alteration, misuse, disclosure, or access.
3.3.2. By default, personal data is processed automatically. If manual access is needed, it is granted only to those who require it to fulfill the processing purpose and are bound by internal legal, technical, and organizational security measures.
3.3.3. Security of the location where personal data is processed is ensured, regardless of automation.
3.3.4. Disclosure is allowed only in accordance with Russian law, including court orders and law enforcement requests.
3.3.5. The Operator does not verify the accuracy of the data provided by the Data Subject and assumes it is accurate and current as per Article 19 of the Russian Civil Code.
3.4. Data Sharing and Dissemination
3.4.1. The Operator may share personal data with the following third parties:
a) in case of assignment (transfer) of rights or obligations under a contract (e.g., business succession or sale);
b) regulatory authorities, law enforcement, government bodies, courts, as required by applicable law;
c) legal representatives of the Operator or third parties to defend their rights;
d) if the Data Subject consents or if required to fulfill a contract, including cookie-related data if it contains personal data.
3.4.2. The Operator may distribute personal data publicly only if the User has granted permission.
3.5. Rights and Obligations Regarding Personal Data
3.5.1. The Data Subject must provide accurate and updated information. Otherwise, the Operator is not liable for failure to fulfill obligations or any resulting losses.
3.5.2. To exercise the right to amend, correct, block, or delete personal data, the Data Subject may contact the Operator via email specified in this Policy.
3.5.3. Key rights include:
- Requesting information about data processing;
- Withdrawing consent to processing;
- Requesting processing restrictions;
- Demanding termination of processing under applicable law and this Policy.
Other rights may apply as per applicable law.
3.5.4. The Data Subject should use the contact details in this Policy to submit data access or complaint requests. Requests are processed within ten (10) business days.
3.5.5. The Data Subject may withdraw consent at any time by sending written notice to the Operator’s email.
3.6. Storage and Processing of Personal Data of Russian Citizens
3.6.1. The Operator processes personal data of Russian citizens using databases located in the territory of the Russian Federation.
4. Policy Updates, Applicable Law, Interpretation
4.1. The Operator may amend this Policy. Updates indicate the date of the last revision. A new version becomes effective upon publication unless stated otherwise. Previous versions are archived.
4.2. The Operator notifies users who previously agreed to the Policy in a way ensuring their informed and explicit consent.
4.3. The place of consent and enforcement of this Policy is the Operator’s location. Russian law governs all relationships, regardless of the data subject’s location. Disputes are resolved at the Operator’s location unless otherwise required by law.
4.4. The Policy applies indefinitely after the Data Subject expresses consent. This does not imply unlimited data processing. The Policy cannot be terminated unilaterally.
4.5. Interpretation rules:
4.5.1. Terms "agreement" and "contract" are equivalent.
4.5.2. Words such as "including", "for example", "such as" imply "but not limited to".
4.5.3. "Or" should be interpreted as inclusive unless the context indicates exclusivity.
4.5.4. Capitalized words have the same meaning as lowercase equivalents.
5. Operator's Details
Individual Entrepreneur Anton Borisovich Basin
INN 772800468606, OGRNIP 319774600202482
Email: sales@basinn.ru
5.1. To exercise data subject rights, contact the Operator at the email listed in this Policy.
6. Document Information
6.1. This version was published on: May 17, 2025.
Consent
INFORMED AND VOLUNTARY CONSENT TO PERSONAL DATA PROCESSING
By filling in my data in the registration form, feedback form, or similar forms, ticking the checkbox next to statements like: "I have read and agree to the privacy and personal data processing policy" and "I consent to personal data processing" on the Website, and clicking the submit button, I freely, willingly, and in my own interest give consent to Individual Entrepreneur Anton Borisovich Basin
(INN 772800468606 OGRNIP 319774600202482) (hereinafter – the Operator)
to process my personal data automatically and non-automatically (including collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (provision, access), anonymization, blocking, deletion, destruction) as per the following list:
Category of Personal Data:
General category of personal data provided:
- surname, first name, patronymic;
- phone number;
- email address.
for the purpose of concluding and executing a contract.
I confirm that I am informed of the option to disable cookie processing and data collection by configuring my browser.
I am informed and understand that if I refuse to provide personal data or consent to its processing, IE Anton Basin will not be able to properly provide services, including platform access or certificate issuance, as this data is necessary for contract execution.
I confirm that I am aware of the right to withdraw my consent by sending written notice to the Operator’s email address: sales@basinn.ru
I confirm that I am aware that the Operator may continue processing personal data as required by Russian law. This consent is valid from the moment it is given until processing goals are achieved, consent is withdrawn, or the Operator is removed from the state register of legal entities.
