PRIVACY POLICY

1.1. This Personal Data Processing Policy (hereinafter referred to as the "Policy") of Electric Creative LLC (hereinafter referred to as the "Company") is developed to ensure the protection of the rights and freedoms of personal data subjects during the processing of their personal data.

1.2. Personal data refers to any information relating directly or indirectly to an identified or identifiable individual (personal data subject), as specified in clause 4.1 of this Policy.

1.3. The processing of personal data is carried out by the Company to ensure the protection of the rights and freedoms of individuals and citizens during the processing of their personal data, including the protection of the right to privacy, personal and family secrets.

2.1. The Company processes personal data in the following cases:

2.1.1. To perform and fulfill the functions, powers, and duties assigned to the Company by the legislation of the country, including:

– Compliance with labor and tax legislation requirements;

– Maintaining current accounting and tax records, preparation, production, and timely submission of accounting, tax, and statistical reports;

– Compliance with legislation on the procedure for processing and protecting personal data of citizens who are employees, members, clients, attorneys, or counterparties of the Company (hereinafter referred to as "personal data subjects");

2.1.2. To carry out the activities provided for in the Company's Charter and other local regulatory acts of the Company.

3.1. The processing of personal data is carried out based on:

– The Constitution;

– The Labor Code;

– The Civil Code;

– Federal Law No. 149-FZ of July 27, 2006, "On Information, Information Technologies, and Information Protection";

– The Decree of the Government No. 687 of September 15, 2008, "On the Features of Personal Data Processing without the Use of Automation Tools";

– The Decree of the Government No. 1119 of November 1, 2012, "On the Approval of Requirements for the Protection of Personal Data during Their Processing in Personal Data Information Systems";

– The Order of the Federal Service for Technical and Export Control No. 21 of February 18, 2013, "On the Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data during Their Processing in Personal Data Information Systems";

– Other regulatory legal acts and regulatory documents of authorized state authorities;

– The Company's Charter;

– The Company's Regulation on Personal Data Processing.

4.1. The Company processes personal data related to the following personal data subjects:

– Members of the Company;

– Employees of the Company;

– Counterparties of the Company, as well as individuals providing certain services (works) to the Company under civil law contracts, whose personal data is processed by the Company without dissemination and solely for the execution of such contracts;

– Individuals who provide personal data by filling out a registration form.

4.2. The personal data subject makes a decision to provide their personal data to the Company and consents to its processing freely, by their own will, and in their own interest.

4.3. The Company ensures that the content and scope of the processed personal data correspond to the declared purposes of processing and, if necessary, takes measures to eliminate their redundancy.

5.1. The processing of personal data by the Company is carried out using a mixed method of personal data processing.

5.2. The processing of personal data is any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data (mixed processing), including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

6.1. The Company takes the necessary and sufficient measures to ensure compliance with the obligations provided by Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" (hereinafter referred to as the "Personal Data Law") and regulatory legal acts adopted in accordance with it. The Company independently determines the composition and list of measures necessary and sufficient to ensure compliance with the obligations provided by regulatory legal acts, the list of which is presented in Section 3 of this Policy. Such measures include:

– Appointing a person responsible for organizing the processing of personal data by the Company;

– Issuing documents by the Company that define the Company's policy on personal data processing, local acts on personal data processing;

– Applying legal, organizational, and technical measures to ensure the security of personal data;

– Conducting internal control and/or auditing of personal data processing for compliance with the Personal Data Law and other regulatory legal acts adopted in accordance with it, requirements for personal data protection, the Company's policy on personal data processing, local acts of the Company;

– Determining the assessment of harm that may be caused to personal data subjects in the event of a violation of the Personal Data Law, the ratio of this harm, and the measures taken by the Company aimed at ensuring compliance with the obligations provided by the Personal Data Law;

– Familiarizing the Company's employees who directly process personal data with the provisions of the legislation on personal data, including requirements for personal data protection, documents defining the Company's policy on personal data processing, local acts on personal data processing, and/or training these employees.

6.2. The Company, when processing personal data, takes the necessary legal, organizational, and technical measures or ensures their implementation to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions regarding personal data.

7.1. The personal data subject has the right to demand the Company to clarify their personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, obtained illegally, or are not necessary for the declared purpose of processing, as well as to take measures provided by law to protect their rights.

7.2. Information is provided to the personal data subject or their representative by the Company upon request or upon receipt of a request from the personal data subject or their representative. The request must contain the number of the main document certifying the identity of the personal data subject or their representative, information about the date of issue of the specified document and the issuing authority, information confirming the participation of the personal data subject in relations with the Company (contract number, date of the contract, conditional verbal designation, and/or other information), or information otherwise confirming the fact of personal data processing by the Company, the signature of the personal data subject or their representative. The request may be sent in electronic form and signed with an electronic signature in accordance with the legislation of the country.

7.3. The Company has the right to refuse the personal data subject to fulfill a repeated request. Such a refusal must be justified. The Company bears the burden of proving the reasonableness of the refusal to fulfill a repeated request.

7.4. The personal data subject has the right to receive information related to the processing of their personal data, including:

– Confirmation of the fact of personal data processing by the Company;

– Legal grounds and purposes for personal data processing;

– Purposes and methods of personal data processing used by the Company;

– Processed personal data related to the respective personal data subject, the source of their receipt, if another procedure for providing such data is not provided by the Personal Data Law;

– The period of personal data processing, including the period of their storage, as provided by the Personal Data Law;

– The procedure for exercising the rights of the personal data subject provided by the Personal Data Law;

– Information on the completed or anticipated cross-border data transfer;

The name or surname, first name, patronymic, and address of the person processing personal data on behalf of the Company if the processing is or will be entrusted to such a person.

7.5. If the personal data subject believes that the Company processes their personal data in violation of the requirements of the Personal Data Law or otherwise violates their rights and freedoms, the personal data subject has the right to request the Company to stop using and processing the personal data of the respective person. Upon receipt of such a request, the Company ceases to use and process the personal data of the respective person, and the personal data held by the Company is destroyed within 30 (Thirty) calendar days from the date of receipt of the request by the Company from the personal data subject.

7.6. The personal data subject may revoke their consent to the processing of personal data by the Company at any time, as well as change (update, supplement) the personal information or part of it provided by them by sending an email to the Company at: [email protected]