Private Policy

Privacy Policy on the Processing of Personal Data
1. General ProvisionsThis Personal Data Processing Policy (hereinafter — the “Policy”) has been drafted in accordance with Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” (hereinafter — the “Personal Data Law”) and defines the procedure for processing personal data and the measures taken by KAI JAM LLC (hereinafter — the “Operator”) to ensure the security of personal data.
1.1. The Operator considers the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family secrets, to be one of its most important goals and conditions for conducting its activities.
1.2. This Policy applies to all information the Operator may receive about visitors of the website https://attnge.com.
2. Key Terms Used in this Policy2.1. Automated processing of personal data — processing of personal data using computing technology.
2.2. Blocking of personal data — temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify personal data).
2.3. Website — a collection of graphic and informational materials, as well as software and databases, ensuring their availability on the Internet at the network address https://attnge.com.
2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical means used for their processing.
2.5. Depersonalization of personal data — actions as a result of which it becomes impossible to determine the identity of personal data belonging to a particular User or another personal data subject without using additional information.
2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Operator — a public authority, municipal authority, legal entity or individual who, independently or jointly with other persons, organizes and/or carries out the processing of personal data, as well as determines the purposes of processing, the scope of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal data — any information relating directly or indirectly to an identified or identifiable User of the website https://attnge.com.
2.9. Personal data permitted by the personal data subject for distribution — personal data made available to an unlimited number of persons by the subject through the provision of consent for the processing and distribution of such data in accordance with the Personal Data Law.
2.10. User — any visitor to the website https://attnge.com.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or at making the personal data accessible to an unlimited number of persons, including publication in the media, placement in information and telecommunications networks, or provision of access to personal data in any other way.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state, to a foreign state authority, foreign individual, or foreign legal entity.
2.14. Destruction of personal data — any actions as a result of which personal data is destroyed irretrievably with no possibility of further restoration in the personal data information system and/or the physical carriers of personal data are destroyed.
3. Main Rights and Obligations of the Operator3.1. The Operator has the right to:

receive from the personal data subject accurate information and/or documents containing personal data;
in case the personal data subject revokes consent to the processing of personal data, as well as submits a request to stop processing personal data, continue processing such data without the consent of the personal data subject if there are grounds specified in the Personal Data Law;
independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Personal Data Law and regulations adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.

3.2. The Operator is obligated to:

provide the personal data subject, upon request, with information concerning the processing of their personal data;
organize the processing of personal data in accordance with the current legislation of the Russian Federation;
respond to inquiries and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
report to the authorized body for the protection of the rights of personal data subjects upon request of this body the necessary information within 30 days from the date of receipt of such a request;
publish or otherwise ensure unrestricted access to this Policy regarding the processing of personal data;
take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination, and other unlawful actions with respect to personal data;
cease the transfer (distribution, provision, access) of personal data, stop processing and destroy personal data in the manner and cases provided for by the Personal Data Law;
fulfill other obligations stipulated by the Personal Data Law.

4. Main Rights and Obligations of Personal Data Subjects4.1. Personal data subjects have the right to:

receive information regarding the processing of their personal data, except in cases provided by federal laws. Information is provided to the personal data subject by the Operator in an accessible form, and it must not contain personal data related to other subjects unless there are legitimate grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Personal Data Law;
require the Operator to clarify their personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, and to take measures provided by law to protect their rights;
impose a condition of prior consent when processing personal data for the purposes of promoting goods, works, or services on the market;
revoke consent to the processing of personal data;
appeal to the authorized body for the protection of the rights of personal data subjects or in court against unlawful actions or inaction of the Operator when processing their personal data;
exercise other rights provided by the legislation of the Russian Federation.

4.2. Personal data subjects are obligated to:

provide the Operator with accurate information about themselves;
inform the Operator about the clarification (update, change) of their personal data.

4.3. Individuals who provided the Operator with false information about themselves, or information about another personal data subject without the latter’s consent, are liable in accordance with the legislation of the Russian Federation.
5. Principles of Personal Data Processing5.1. Personal data processing is carried out on a lawful and fair basis.
5.2. Personal data processing is limited to achieving specific, predetermined, and lawful purposes. Processing of personal data that is incompatible with the purposes of personal data collection is not permitted.
5.3. Databases containing personal data processed for incompatible purposes shall not be merged.
5.4. Only personal data that meets the purposes of its processing shall be subject to processing.
5.5. The content and scope of processed personal data must correspond to the stated purposes of processing. The redundancy of processed personal data in relation to the stated purposes of their processing is not permitted.
5.6. When processing personal data, the accuracy of personal data, its sufficiency, and, if necessary, relevance to the purposes of personal data processing must be ensured. The Operator must take the necessary measures and/or ensure that they are taken to remove or clarify incomplete or inaccurate data.
5.7. Personal data shall be stored in a form that allows the identification of the personal data subject no longer than required by the purposes of personal data processing, unless the storage period is established by federal law or an agreement to which the personal data subject is a party, beneficiary, or guarantor. Processed personal data shall be destroyed or depersonalized upon achieving the processing purposes or when there is no longer a need to achieve these purposes, unless otherwise provided by federal law.
6. Purposes of Personal Data Processing6.1. The Operator processes Users' personal data for the following purposes:

To identify a User registered on the website;
To provide the User with access to personalized resources of the website;
To establish feedback with the User, including sending notifications, requests related to the use of the website, provision of services, processing requests and applications from the User;
To determine the User's location to ensure security and prevent fraud;
To confirm the accuracy and completeness of the personal data provided by the User;
To create an account for using services, if the User has consented to creating an account;
To provide the User with effective customer and technical support in case of issues related to the use of the website;
To conduct advertising activities with the User’s consent;
To carry out statistical and other studies based on depersonalized data.

7. Legal Grounds for Personal Data Processing7.1. The Operator processes the User's personal data only if it is provided by the User by filling out special forms on the website https://attnge.com and sending it to the Operator. By filling out the relevant forms and/or sending their personal data to the Operator, the User expresses their consent to this Policy.
7.2. The Operator processes anonymized data about the User if this is allowed in the User's browser settings (e.g., saving cookies and using JavaScript technology enabled).
8. Procedure for the Collection, Storage, Transfer, and Other Types of Personal Data Processing8.1. The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized access to personal data.
8.2. Personal data of the User will never be transferred to third parties except when required by applicable law or when the User has given consent for the Operator to transfer data to a third party to fulfill civil law obligations.
8.3. If inaccuracies are identified in personal data, the User can update them independently by sending a notification to the Operator’s email address attntbilisi@gmail.com with the subject “Personal Data Update”.
8.4. The processing period for personal data is determined by the achievement of the purposes for which the personal data was collected, unless a different retention period is established by contract or applicable law. The User can withdraw their consent for personal data processing at any time by sending a notification to the Operator via email at attntbilisi@gmail.com with the subject “Withdrawal of Consent for Personal Data Processing”.
8.5. All information collected by third-party services, including payment systems, communication means, and other service providers, is stored and processed by these parties (Operators) in accordance with their User Agreement and Privacy Policy. The Operator is not responsible for the actions of third parties, including those service providers mentioned in this section.
8.6. Restrictions imposed by the User on the transfer (except for access provision), as well as on the processing or conditions of processing (except for access) of personal data authorized for dissemination, do not apply when personal data is processed for state, public, or other public interests, as defined by the legislation of the Russian Federation.
8.7. The Operator ensures the confidentiality of personal data during processing.
8.8. The Operator stores personal data in a form that allows the identification of the data subject for no longer than required by the purposes of personal data processing, unless the retention period is established by federal law, contract, or the contract’s beneficiary, or a guarantor in which the data subject is a party.
8.9. The conditions for discontinuing the processing of personal data may include achieving the purposes of processing, the expiration of the consent period provided by the data subject, withdrawal of consent by the data subject, or a request to discontinue processing personal data, as well as identifying unlawful processing of personal data.
9. Actions Performed by the Operator with the Collected Personal Data9.1. The Operator carries out the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
9.2. The Operator carries out automated processing of personal data, including the receipt and/or transmission of obtained information via information and telecommunication networks or without such transmission.
10. Cross-border Transfer of Personal Data10.1. Before starting cross-border transfer activities of personal data, the Operator must notify the authorized body for the protection of personal data subjects' rights about its intention to carry out the cross-border transfer of personal data (this notification is sent separately from the notification about the intention to process personal data).
10.2. Before submitting the above notification, the Operator must obtain the relevant information from the foreign state authorities, foreign individuals, and foreign legal entities to whom the cross-border transfer of personal data is planned.
11. Confidentiality of Personal DataThe Operator and other individuals who have gained access to personal data must not disclose or disseminate personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.
12. Final Provisions12.1. The User may request any clarifications on issues related to the processing of their personal data by contacting the Operator via email at attntbilisi@gmail.com.
12.2. This document will reflect any changes to the personal data processing policy by the Operator. The policy remains in effect indefinitely until replaced by a new version.
12.3. The current version of the Policy is publicly available on the internet at the following address: https://attnge.com/privacy.