Privacy Policy
The Privacy Policy (hereinafter referred to as the Policy) has been drawn up in accordance with the requirements of the Personal Data Law as a document defining the Operator's policy regarding the processing of Users' personal data when they use the Operator's Service, as well as the measures taken by the Operator to ensure the security of personal data.
Use of the Service (including any access to the Service, registration, order placement, initiation of communication) means the User's consent to the Policy and the conditions for the processing of their personal data specified therein. If the User does not agree with these conditions, they must stop using the Service.
1. TERMS
1.1. Personal Data Law - Federal Law No. 152-FZ of July 27, 2006, “On Personal Data.”
1.2. Personal Data (PD) - any information relating directly or indirectly to a specific or identifiable natural person (User).
1.3. User (Personal Data Subject) - an individual (including one acting on behalf of a legal entity) who uses the Service and accepts the Offer or enters into another Agreement with the Operator.
1.4. The Operator is Individual Entrepreneur AZAROV FEDOR YURIEVICH (TIN: 771410507174, PSRNIE: 320774600189096, address: 125171, Moscow, Radiatorskaya 3rd Street, 5k3, apartment/office 25), independently or jointly with other persons, organises and/or carries out the processing of personal data, as well as determines the purposes of processing, the composition, actions (operations) performed with personal data.
1.5. Service - the Operator's resource, available on the Internet at: rare-at.ru, the corresponding mobile application “RARE by Azarov&Tsep” based on any operating system, other software/computer programs, websites and other resources provided by the Operator to the User, as well as the set of services provided by the Operator to the User in accordance with the Agreement.
1.6. Agreement - an agreement between the Operator and the User, concluded by the User's acceptance of the Offer, as well as any other agreements between the User and the Operator, concluded for the purpose of providing the Service.
1.7. Offer - the Operator's proposal to conclude the Agreement on the terms set forth therein, available at: https://rare-at.com/public_offerts.
1.8. Third parties - partners, suppliers, contractors, principals, agents, and other persons engaged by the Operator for the purpose of performing the Agreement and providing the Service to the User.
1.9. Cookies - pieces of data placed by websites on the User's device (or transmitted by the User's device to websites) to improve the user experience.
2. GENERAL PROVISIONS
2.1. The Policy is an integral part of the Offer and the Agreement between the User and the Operator.
2.2. The Policy applies to all personal data that the Operator may obtain about the User, including when processing personal data on behalf of another person (operator) on the basis of a contract concluded with them in accordance with Part 3 of Article 6 of the Personal Data Law.
2.3. The Policy, including the interpretation of its provisions and the procedure for its adoption, implementation, amendment, and termination, is subject to the laws of the Russian Federation.
3. PURPOSES, METHODS AND CONDITIONS OF PROCESSING
3.1. For each purpose of personal data processing, the Operator determines the following categories and the list of personal data to be processed and the categories of subjects whose data are being processed:
3.1.1. Purpose of personal data processing:
Provision of the Service, including:
Category of personal data: other than biometric data or special categories of personal data.
The list of personal data processed for the specified purposes:
is to improve the user experience, including:
Category of personal data: other than biometric data or special categories of personal data.
The list of personal data processed for the specified purposes:
3.3. For the purposes specified in clauses 3.1.1 and 3.1.2 of the Policy, the operator has the right to perform the following actions (operations) with PD: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion and destruction. The specified processing is mixed and is carried out both in automated and non-automated ways, with transmission over the Operator's internal network, with transmission over the Internet.
3.4. The period of processing and storage of personal data specified in clauses 3.1.1 and 3.1.2 of the Policy: until the purpose of processing is achieved, until the consent expires, or until consent is revoked (if consent was the basis for processing and/or there are no other grounds for processing such personal data and/or storing such data is not required for the purpose of processing), as well as before the detection of unlawful processing of personal data (depending on which event occurred earlier), except in cases where the law establishes a different period of storage of personal data.
4. LEGAL GROUNDS FOR PROCESSING
4.1. The legal grounds for the Operator's processing of personal data specified in clauses 3.1.1, 3.1.2 of the Policy are:
4.1.1. conclusion and execution of an Agreement with the User, the party or beneficiary or the guarantor for which he is;
4.1.2. processing in order to achieve the goals stipulated by an international agreement or law, as well as the exercise and fulfillment of the functions, powers and duties assigned by law to the Operator;
4.1.3. exercising the rights and legitimate interests of the Operator or Third Parties, or to achieve socially significant goals, provided that the rights and freedoms of the User are not violated.;
4.1.4. processing for statistical or other research purposes, subject to depersonalization of personal data;
4.1.5. the User's consent to the processing of his personal data.
5.TRANSFER OF PERSONAL DATA
5.1. The User is aware of and agrees that for the purpose specified in clause 3.1.1 of the Policy, the Operator, if there is a legal basis, may transfer (provide, access) personal data corresponding to the specified purpose to Third Parties (in particular, order processing, delivery and support services, catering companies, IT contractors) for their subsequent processing, as well as to entrust the processing of personal data to the specified persons.
5.2. The User is aware of and agrees that for the purpose specified in clause 3.1.2 of the Policy, the Operator, if there is a legal basis, may transfer (provide, access) personal data (including impersonal data) corresponding to the specified purpose to Third Parties (in particular, operators of metric programs, IT contractors, support service) for their subsequent processing, as well as to entrust the specified persons with the processing of personal data.
5.3. The Operator warns Third Parties that the transferred personal data may be processed only for the purposes for which they were transferred. The Operator and Third Parties who have received personal data do not disclose or distribute personal data to other persons without a legal basis.
5.4. The Operator does not transfer personal data across borders.
6. MEASURES TO ENSURE THE PROTECTION OF PERSONAL DATA
6.1. The Operator ensures the safety and confidentiality of personal data and takes all possible measures to exclude access to personal data of unauthorized persons.
6.2. The Operator ensures the security of Users' personal data through the implementation of legal, organizational and technical measures.
6.3. Legal measures implemented by the Operator:
6.3.1. publication of documents defining the policy on personal data processing, local acts on personal data processing, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations, including the publication of the Policy,
6.3.2. posting the Policy in the Service, including on the Service pages where personal data is collected.
6.4. Organizational measures implemented by the Operator:
6.4.1. appointment of a person responsible for organizing the processing of personal data,
6.4.2. ensuring unrestricted access of Service Users to the Policy,
6.4.3. implementation of internal control and (or) audit of compliance of personal data processing with the Law on Personal Data and regulatory legal acts adopted in accordance with it, requirements for personal data protection, Policy, local acts of the Operator,
6.4.4. assessment of harm in accordance with the requirements established by the authorized body for the protection of the rights of personal data subjects, which may be caused to Users in case of violation of the Law on Personal Data, the ratio of the specified harm and the measures taken by the Operator,
6.4.5. familiarization of the Operator's employees directly engaged in processing with the provisions of the legislation on personal data, including requirements for their protection, local acts on personal data processing,
6.4.6. identification of threats to the security of personal data during their processing,
6.4.7. assessment of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the information system,
6.4.8. accounting of personal data storage media,
6.4.9. monitoring of measures taken to ensure the security of personal data and the level of security,
6.4.10. organization of a security regime for premises that prevents the possibility of uncontrolled entry or stay in these premises of persons who do not have the right of access to these premises,
6.4.11. approval of the document defining the list of persons whose access to personal data is necessary for the performance of their official (labor) duties,
6.5. Technical measures implemented by the Operator:
6.5.1. the use of information protection tools that have passed the compliance assessment procedure in accordance with the established procedure, including the requirements of the legislation of the Russian Federation in the field of information security (if applicable), in the case when the use of such tools is necessary to neutralize current threats.,
6.5.2. the use of information protection tools for the destruction of personal data that have passed the compliance assessment procedure in accordance with the established procedure, which include the information destruction function.,
6.5.3. detection of unauthorized access to personal data and taking measures, including measures to detect, prevent and eliminate the consequences of computer attacks on information systems and to respond to computer incidents in them,
6.5.4. recovery of personal data modified or destroyed due to unauthorized access to them,
6.5.5. establishing rules for access to personal data processed in the information system, as well as ensuring registration and accounting of actions performed with the data,
6.5.6. ensuring the safety of personal data carriers,
6.5.7. establishing individual passwords for employees' access to the information system in accordance with their official duties,
6.5.8. certified antivirus software with regularly updated databases.
7. THE ORDER AND TIMING OF DESTRUCTION
7.1. Personal data is subject to destruction by the Operator in the following cases::
7.1.1. the purpose of personal data processing has been achieved,
7.1.2. The User has revoked consent to processing (if consent was the basis for processing and/or there are no other legal grounds for processing and/or storing such data is not required for the purpose of processing),
7.1.3. or the fact of their illegal processing has been revealed.
7.2. In the cases specified in clause 7.1 of the Policy, the Operator stops processing and destroys personal data within the time limits stipulated by the Law on Personal Data. If it is not possible to destroy personal data within a period specified by law, the Operator ensures the blocking and destruction of personal data within a period of no more than six months, unless another period is established by law.
7.3. The destruction of personal data is carried out in the following order::
7.3.1. the destruction of personal data contained on paper is carried out by crushing into small parts, excluding the possibility of subsequent recovery (including using a shredder installed in the premises of the Operator or the person to whom the Operator has entrusted the processing of personal data).,
7.3.2. the destruction of personal data contained on machine-readable media is carried out by causing permanent physical damage to them, excluding the possibility of their use, as well as data recovery by deforming, violating the unified integrity of the medium.,
7.3.3. Files with Users' personal data located on the hard disk to be destroyed are deleted using the computer's operating system and then the trash is cleared.,
7.3.4. personal data is deleted from the information system programmatically by making a corresponding request through the database or using the system's functionality.
7.4. The destruction of personal data is carried out by a commission established by the Operator. The fact of the destruction of personal data is confirmed by an act on the destruction of personal data, which is signed by the responsible persons and approved by the head of the Operator. This document is a confidential document and is subject to storage for three years from the date of destruction of personal data, unless otherwise specified by law.
8. COOKIE PROCESSING PROCEDURE
8.1. Cookies transmitted by the Service to the User's equipment and the User's equipment to the Service may be processed for the performance of the Contract for the purposes specified in clause 3.1.2 of the Policy, in particular, to improve the quality and usability of the Service, create and develop existing and new products of the Operator and its partners, personalize content and other offers, conduct statistical and other studies on the use of the Service, etc.
8.2. The structure of the cookie file, its content and technical parameters are determined by the Service. The User can find more detailed information about cookie management in the browser's help file or on specialized websites, in particular, www.aboutcookies.org .
8.3. Cookies may be processed, among other things, using metric programs, in particular, the Yandex.Metrica service, for the purposes specified in clause 3.1.2 of the Policy.
8.4. By continuing to use the Service, the User agrees to the use of cookies by the Operator and the operators of metric programs, unless a corresponding prohibition is set in the User's browser settings.
8.5. The User may prohibit the use of cookies by setting an appropriate prohibition in his browser settings. At the same time, the User is aware that in this case, individual sections and/or functions of the Service may be displayed and/or may not work correctly.
9. OTHER RIGHTS AND OBLIGATIONS OF THE OPERATOR AND THE USER
9.1. The Operator has the right to:
9.1.1. receive reliable information and personal data from the User,
9.1.2. if the User withdraws consent to the processing of personal data, continue processing personal data without the User's consent if there are grounds specified in the Law on Personal Data.,
9.1.3. if the User withdraws consent to the processing of personal data and there are no other grounds for processing personal data, unilaterally cancel the Contract and refuse to provide the Service to the User, if the obligation to provide such data is provided for by the legislation of the Russian Federation or is directly related to the execution of the Contract with the User.,
9.1.4. independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other laws.
9.2. The Operator is obliged to:
9.2.1. ensure the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data using databases located on the territory of the Russian Federation,
9.2.2. if a request for clarification (updating, modification) of personal data is received from the User or an authorized body, block such data, and if the inaccuracy of the data is confirmed, clarify (update, modify) the specified data based on information provided by the User or the authorized body.,
9.2.3. observe the User's rights and perform other duties stipulated by the Policy and current legislation.
9.3. The User has the right:
9.3.1. receive information regarding the processing of his personal data,
9.3.2. require the Operator to clarify personal data, block it, or destroy it if such data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated purpose of processing.,
9.3.3. revoke consent to the processing of personal data in accordance with the Policy (if such consent is the basis for processing),
9.3.4. exercise other rights stipulated by law.
9.4. The User is obliged to:
9.4.1. provide the Operator with reliable personal information,
9.4.2. inform the Operator about the clarification (updating, modification) of their personal data,
9.4.3. ensure that there is a legal basis for the transfer to the Operator and subsequent processing of personal data of other persons, whose data the User independently transmits to the Operator.
9.5. A User who has provided the Operator with false information about himself or herself, or information about another personal data subject without the latter's consent or other legal basis, is liable in accordance with applicable law.
9.6. The Operator does not control and is not responsible for the processing of personal data on the resources of other persons to which the User can click on the links available in the Service. All information collected by third-party services, including payment systems, communication facilities, and other service providers, is stored and processed by these persons (independent personal data operators) in accordance with their user agreement and privacy policy. The user is obliged to familiarize himself with the specified documents on his own and in a timely manner. The Operator is not responsible for the actions of such third parties.
9.7. The Operator does not verify the accuracy of the personal data provided by the User and is unable to assess his legal capacity and legal capacity.
10. COMMUNICATION WITH THE OPERATOR
10.1. If consent was the basis for the processing of personal data, the User may revoke his consent to the processing of personal data at any time by sending an e-mail notification to the Operator's e-mail address. info@rare-at.com marked "Withdrawal of consent to the processing of personal data".
10.2. In case of detection of inaccurate personal data, the User may send a request to the Operator's e-mail address. info@rare-at.com marked "Updating personal data" with a request to clarify (update, change) personal data.
10.3. The User has the right to refuse to receive information or other messages at any time by sending a written request to the Operator marked "Refusal of notifications" to the email address: info@rare-at.com
10.4. The User has the right to send all other suggestions, questions, requests and other requests regarding the processing of personal data to the Operator at the following email address: info@rare-at.copm .
10.5. The Operator sends the User a response to the request in accordance with the procedure and time limits established by the Law on Personal Data.
11. FINAL PROVISIONS
11.1. The current version of the Policy is freely available on the Internet at https://rare-at.com/privacy .
11.2. The Policy comes into force from the moment of approval and is valid indefinitely until the adoption of a new Policy.
11.3. The Policy may be changed by the Operator at any time. The new version of the Policy comes into force from the moment of its publication in the Service, unless otherwise provided by the relevant version of the Policy. By using the Service after changing the Policy, the User agrees to the changed terms of personal data processing.
Date of publication: 05/10/2025
Use of the Service (including any access to the Service, registration, order placement, initiation of communication) means the User's consent to the Policy and the conditions for the processing of their personal data specified therein. If the User does not agree with these conditions, they must stop using the Service.
1. TERMS
1.1. Personal Data Law - Federal Law No. 152-FZ of July 27, 2006, “On Personal Data.”
1.2. Personal Data (PD) - any information relating directly or indirectly to a specific or identifiable natural person (User).
1.3. User (Personal Data Subject) - an individual (including one acting on behalf of a legal entity) who uses the Service and accepts the Offer or enters into another Agreement with the Operator.
1.4. The Operator is Individual Entrepreneur AZAROV FEDOR YURIEVICH (TIN: 771410507174, PSRNIE: 320774600189096, address: 125171, Moscow, Radiatorskaya 3rd Street, 5k3, apartment/office 25), independently or jointly with other persons, organises and/or carries out the processing of personal data, as well as determines the purposes of processing, the composition, actions (operations) performed with personal data.
1.5. Service - the Operator's resource, available on the Internet at: rare-at.ru, the corresponding mobile application “RARE by Azarov&Tsep” based on any operating system, other software/computer programs, websites and other resources provided by the Operator to the User, as well as the set of services provided by the Operator to the User in accordance with the Agreement.
1.6. Agreement - an agreement between the Operator and the User, concluded by the User's acceptance of the Offer, as well as any other agreements between the User and the Operator, concluded for the purpose of providing the Service.
1.7. Offer - the Operator's proposal to conclude the Agreement on the terms set forth therein, available at: https://rare-at.com/public_offerts.
1.8. Third parties - partners, suppliers, contractors, principals, agents, and other persons engaged by the Operator for the purpose of performing the Agreement and providing the Service to the User.
1.9. Cookies - pieces of data placed by websites on the User's device (or transmitted by the User's device to websites) to improve the user experience.
2. GENERAL PROVISIONS
2.1. The Policy is an integral part of the Offer and the Agreement between the User and the Operator.
2.2. The Policy applies to all personal data that the Operator may obtain about the User, including when processing personal data on behalf of another person (operator) on the basis of a contract concluded with them in accordance with Part 3 of Article 6 of the Personal Data Law.
2.3. The Policy, including the interpretation of its provisions and the procedure for its adoption, implementation, amendment, and termination, is subject to the laws of the Russian Federation.
3. PURPOSES, METHODS AND CONDITIONS OF PROCESSING
3.1. For each purpose of personal data processing, the Operator determines the following categories and the list of personal data to be processed and the categories of subjects whose data are being processed:
3.1.1. Purpose of personal data processing:
Provision of the Service, including:
- registration of the User in the Service and use of the functionality of the Service and the corresponding User account,
- identification of the User as a party to the Contract,
- formation of an order by the User,
- receipt of an order by the Operator from the User and clarification of the order details,
- provision of services by the Operator on the User's order, including providing the opportunity to purchase dishes by the User and deliver the order to the User,
- issuing checks to the User,
- providing discounts to the User, participating in the bonus program,
- communicating with the User, including receiving requests, claims, sending informational messages to the User,
- executing, changing, concluding and terminating the Contract with the User in order to providing the Service.
Category of personal data: other than biometric data or special categories of personal data.
The list of personal data processed for the specified purposes:
- Last name, first name, patronymic,
- Email address,
- Phone number,
- Delivery Address,
- Order details,
- The User's ID.
is to improve the user experience, including:
- improving the quality and usability of the Service,
- creation and development of existing and new products of the Operator and its partners,
- personalization of content and other offers,
- informing about the Service and the Operator,
- conducting statistical and other research on the use of the Service.
Category of personal data: other than biometric data or special categories of personal data.
The list of personal data processed for the specified purposes:
- User ID,
- Information collected through metric programs: information about user activity, date, time and number of visits, link clicks, depth of views, etc.,
- Information about the user's IP address and device: location, device ID, browser data,
- Cookies.
3.3. For the purposes specified in clauses 3.1.1 and 3.1.2 of the Policy, the operator has the right to perform the following actions (operations) with PD: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion and destruction. The specified processing is mixed and is carried out both in automated and non-automated ways, with transmission over the Operator's internal network, with transmission over the Internet.
3.4. The period of processing and storage of personal data specified in clauses 3.1.1 and 3.1.2 of the Policy: until the purpose of processing is achieved, until the consent expires, or until consent is revoked (if consent was the basis for processing and/or there are no other grounds for processing such personal data and/or storing such data is not required for the purpose of processing), as well as before the detection of unlawful processing of personal data (depending on which event occurred earlier), except in cases where the law establishes a different period of storage of personal data.
4. LEGAL GROUNDS FOR PROCESSING
4.1. The legal grounds for the Operator's processing of personal data specified in clauses 3.1.1, 3.1.2 of the Policy are:
4.1.1. conclusion and execution of an Agreement with the User, the party or beneficiary or the guarantor for which he is;
4.1.2. processing in order to achieve the goals stipulated by an international agreement or law, as well as the exercise and fulfillment of the functions, powers and duties assigned by law to the Operator;
4.1.3. exercising the rights and legitimate interests of the Operator or Third Parties, or to achieve socially significant goals, provided that the rights and freedoms of the User are not violated.;
4.1.4. processing for statistical or other research purposes, subject to depersonalization of personal data;
4.1.5. the User's consent to the processing of his personal data.
5.TRANSFER OF PERSONAL DATA
5.1. The User is aware of and agrees that for the purpose specified in clause 3.1.1 of the Policy, the Operator, if there is a legal basis, may transfer (provide, access) personal data corresponding to the specified purpose to Third Parties (in particular, order processing, delivery and support services, catering companies, IT contractors) for their subsequent processing, as well as to entrust the processing of personal data to the specified persons.
5.2. The User is aware of and agrees that for the purpose specified in clause 3.1.2 of the Policy, the Operator, if there is a legal basis, may transfer (provide, access) personal data (including impersonal data) corresponding to the specified purpose to Third Parties (in particular, operators of metric programs, IT contractors, support service) for their subsequent processing, as well as to entrust the specified persons with the processing of personal data.
5.3. The Operator warns Third Parties that the transferred personal data may be processed only for the purposes for which they were transferred. The Operator and Third Parties who have received personal data do not disclose or distribute personal data to other persons without a legal basis.
5.4. The Operator does not transfer personal data across borders.
6. MEASURES TO ENSURE THE PROTECTION OF PERSONAL DATA
6.1. The Operator ensures the safety and confidentiality of personal data and takes all possible measures to exclude access to personal data of unauthorized persons.
6.2. The Operator ensures the security of Users' personal data through the implementation of legal, organizational and technical measures.
6.3. Legal measures implemented by the Operator:
6.3.1. publication of documents defining the policy on personal data processing, local acts on personal data processing, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations, including the publication of the Policy,
6.3.2. posting the Policy in the Service, including on the Service pages where personal data is collected.
6.4. Organizational measures implemented by the Operator:
6.4.1. appointment of a person responsible for organizing the processing of personal data,
6.4.2. ensuring unrestricted access of Service Users to the Policy,
6.4.3. implementation of internal control and (or) audit of compliance of personal data processing with the Law on Personal Data and regulatory legal acts adopted in accordance with it, requirements for personal data protection, Policy, local acts of the Operator,
6.4.4. assessment of harm in accordance with the requirements established by the authorized body for the protection of the rights of personal data subjects, which may be caused to Users in case of violation of the Law on Personal Data, the ratio of the specified harm and the measures taken by the Operator,
6.4.5. familiarization of the Operator's employees directly engaged in processing with the provisions of the legislation on personal data, including requirements for their protection, local acts on personal data processing,
6.4.6. identification of threats to the security of personal data during their processing,
6.4.7. assessment of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the information system,
6.4.8. accounting of personal data storage media,
6.4.9. monitoring of measures taken to ensure the security of personal data and the level of security,
6.4.10. organization of a security regime for premises that prevents the possibility of uncontrolled entry or stay in these premises of persons who do not have the right of access to these premises,
6.4.11. approval of the document defining the list of persons whose access to personal data is necessary for the performance of their official (labor) duties,
6.5. Technical measures implemented by the Operator:
6.5.1. the use of information protection tools that have passed the compliance assessment procedure in accordance with the established procedure, including the requirements of the legislation of the Russian Federation in the field of information security (if applicable), in the case when the use of such tools is necessary to neutralize current threats.,
6.5.2. the use of information protection tools for the destruction of personal data that have passed the compliance assessment procedure in accordance with the established procedure, which include the information destruction function.,
6.5.3. detection of unauthorized access to personal data and taking measures, including measures to detect, prevent and eliminate the consequences of computer attacks on information systems and to respond to computer incidents in them,
6.5.4. recovery of personal data modified or destroyed due to unauthorized access to them,
6.5.5. establishing rules for access to personal data processed in the information system, as well as ensuring registration and accounting of actions performed with the data,
6.5.6. ensuring the safety of personal data carriers,
6.5.7. establishing individual passwords for employees' access to the information system in accordance with their official duties,
6.5.8. certified antivirus software with regularly updated databases.
7. THE ORDER AND TIMING OF DESTRUCTION
7.1. Personal data is subject to destruction by the Operator in the following cases::
7.1.1. the purpose of personal data processing has been achieved,
7.1.2. The User has revoked consent to processing (if consent was the basis for processing and/or there are no other legal grounds for processing and/or storing such data is not required for the purpose of processing),
7.1.3. or the fact of their illegal processing has been revealed.
7.2. In the cases specified in clause 7.1 of the Policy, the Operator stops processing and destroys personal data within the time limits stipulated by the Law on Personal Data. If it is not possible to destroy personal data within a period specified by law, the Operator ensures the blocking and destruction of personal data within a period of no more than six months, unless another period is established by law.
7.3. The destruction of personal data is carried out in the following order::
7.3.1. the destruction of personal data contained on paper is carried out by crushing into small parts, excluding the possibility of subsequent recovery (including using a shredder installed in the premises of the Operator or the person to whom the Operator has entrusted the processing of personal data).,
7.3.2. the destruction of personal data contained on machine-readable media is carried out by causing permanent physical damage to them, excluding the possibility of their use, as well as data recovery by deforming, violating the unified integrity of the medium.,
7.3.3. Files with Users' personal data located on the hard disk to be destroyed are deleted using the computer's operating system and then the trash is cleared.,
7.3.4. personal data is deleted from the information system programmatically by making a corresponding request through the database or using the system's functionality.
7.4. The destruction of personal data is carried out by a commission established by the Operator. The fact of the destruction of personal data is confirmed by an act on the destruction of personal data, which is signed by the responsible persons and approved by the head of the Operator. This document is a confidential document and is subject to storage for three years from the date of destruction of personal data, unless otherwise specified by law.
8. COOKIE PROCESSING PROCEDURE
8.1. Cookies transmitted by the Service to the User's equipment and the User's equipment to the Service may be processed for the performance of the Contract for the purposes specified in clause 3.1.2 of the Policy, in particular, to improve the quality and usability of the Service, create and develop existing and new products of the Operator and its partners, personalize content and other offers, conduct statistical and other studies on the use of the Service, etc.
8.2. The structure of the cookie file, its content and technical parameters are determined by the Service. The User can find more detailed information about cookie management in the browser's help file or on specialized websites, in particular, www.aboutcookies.org .
8.3. Cookies may be processed, among other things, using metric programs, in particular, the Yandex.Metrica service, for the purposes specified in clause 3.1.2 of the Policy.
8.4. By continuing to use the Service, the User agrees to the use of cookies by the Operator and the operators of metric programs, unless a corresponding prohibition is set in the User's browser settings.
8.5. The User may prohibit the use of cookies by setting an appropriate prohibition in his browser settings. At the same time, the User is aware that in this case, individual sections and/or functions of the Service may be displayed and/or may not work correctly.
9. OTHER RIGHTS AND OBLIGATIONS OF THE OPERATOR AND THE USER
9.1. The Operator has the right to:
9.1.1. receive reliable information and personal data from the User,
9.1.2. if the User withdraws consent to the processing of personal data, continue processing personal data without the User's consent if there are grounds specified in the Law on Personal Data.,
9.1.3. if the User withdraws consent to the processing of personal data and there are no other grounds for processing personal data, unilaterally cancel the Contract and refuse to provide the Service to the User, if the obligation to provide such data is provided for by the legislation of the Russian Federation or is directly related to the execution of the Contract with the User.,
9.1.4. independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other laws.
9.2. The Operator is obliged to:
9.2.1. ensure the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data using databases located on the territory of the Russian Federation,
9.2.2. if a request for clarification (updating, modification) of personal data is received from the User or an authorized body, block such data, and if the inaccuracy of the data is confirmed, clarify (update, modify) the specified data based on information provided by the User or the authorized body.,
9.2.3. observe the User's rights and perform other duties stipulated by the Policy and current legislation.
9.3. The User has the right:
9.3.1. receive information regarding the processing of his personal data,
9.3.2. require the Operator to clarify personal data, block it, or destroy it if such data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated purpose of processing.,
9.3.3. revoke consent to the processing of personal data in accordance with the Policy (if such consent is the basis for processing),
9.3.4. exercise other rights stipulated by law.
9.4. The User is obliged to:
9.4.1. provide the Operator with reliable personal information,
9.4.2. inform the Operator about the clarification (updating, modification) of their personal data,
9.4.3. ensure that there is a legal basis for the transfer to the Operator and subsequent processing of personal data of other persons, whose data the User independently transmits to the Operator.
9.5. A User who has provided the Operator with false information about himself or herself, or information about another personal data subject without the latter's consent or other legal basis, is liable in accordance with applicable law.
9.6. The Operator does not control and is not responsible for the processing of personal data on the resources of other persons to which the User can click on the links available in the Service. All information collected by third-party services, including payment systems, communication facilities, and other service providers, is stored and processed by these persons (independent personal data operators) in accordance with their user agreement and privacy policy. The user is obliged to familiarize himself with the specified documents on his own and in a timely manner. The Operator is not responsible for the actions of such third parties.
9.7. The Operator does not verify the accuracy of the personal data provided by the User and is unable to assess his legal capacity and legal capacity.
10. COMMUNICATION WITH THE OPERATOR
10.1. If consent was the basis for the processing of personal data, the User may revoke his consent to the processing of personal data at any time by sending an e-mail notification to the Operator's e-mail address. info@rare-at.com marked "Withdrawal of consent to the processing of personal data".
10.2. In case of detection of inaccurate personal data, the User may send a request to the Operator's e-mail address. info@rare-at.com marked "Updating personal data" with a request to clarify (update, change) personal data.
10.3. The User has the right to refuse to receive information or other messages at any time by sending a written request to the Operator marked "Refusal of notifications" to the email address: info@rare-at.com
10.4. The User has the right to send all other suggestions, questions, requests and other requests regarding the processing of personal data to the Operator at the following email address: info@rare-at.copm .
10.5. The Operator sends the User a response to the request in accordance with the procedure and time limits established by the Law on Personal Data.
11. FINAL PROVISIONS
11.1. The current version of the Policy is freely available on the Internet at https://rare-at.com/privacy .
11.2. The Policy comes into force from the moment of approval and is valid indefinitely until the adoption of a new Policy.
11.3. The Policy may be changed by the Operator at any time. The new version of the Policy comes into force from the moment of its publication in the Service, unless otherwise provided by the relevant version of the Policy. By using the Service after changing the Policy, the User agrees to the changed terms of personal data processing.
Date of publication: 05/10/2025