Policy of AVATAR LLC (OGRN 5147746441046, address: 109029, Moscow, 32 Nizhegorodskaya Str., building 5, floor 5, office 2, room 1, 2, 3) (hereinafter referred to as the “Company”), the official distributor of Black Sun Game Publishing in processing and securing personal user data.
1. General Provisions
1.1. This personal data protection Policy (hereinafter referred to as the “Policy”) is designed to ensure that the Company maintains the privacy of personal data provided by users (hereinafter referred to as “User(s)”) that use the services of the website managed by the Company and/or the Company’s partners at the following Internet address: sota-game.com (hereinafter referred to as the “Website”), and required to gain access to the software product (hereinafter referred to as the “Game” or “Games”).
1.2. Personal data are to be gathered and processed based on the current legislation of the Russian Federation, including:
• Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006
• Decree of the President of the Russian Federation No. 188 “On Approving the List of Confidential Data” dated March 6, 1997
• Resolution of the Government of the Russian Federation No. 687 “On Approving the Provision Regarding the Properties of Personal Data Processing Without Software” dated September 15, 2008
• Resolution of the Government of the Russian Federation No. 1119 “On Approving the Requirements to Personal Data Protection While Processing in Personal Data Information Systems” dated November 1, 2012
• Order of the Federal Service for Technical and Export Control No. 21 “On Approving the List and Scope of Planning and Technical Activities for the Protection of Personal Data While Processing via Personal Data Information Systems” dated February 18, 2013
• Roskomnadzor Order No. 996 “On Approving the Requirements and Methods for Depersonalizing Personal Data” dated September 5, 2013
• other statutory acts of the Russian Federation and authorized government bodies related to personal data processing and protection
1.3. This Policy determines the list of personal User data to be processed, the basic principles, objectives, methods of personal data processing, the obligations of the Company, and its employees as related to personal User data processing.
1.4. Personal User data are to be automatically processed by the Company on its own.
1.5. The Company may process such personal User data as personal email addresses.
2. Terms and Definitions
2.1. All terms and definitions found in this Policy are subject to interpretation in accordance with Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006, including the following:
2.1.1. Personal data refers to any information relating to a directly or indirectly identified or identifiable natural person (data subject).
2.1.2. Operator refers to a company that independently organizes and performs personal data processing, and also defines the purposes of personal data processing, the composition of personal data to be processed, and actions (operations) performed with personal data (hereinafter referred to as “Operator” and/or “Company”).
2.1.3. Personal data processing refers to any action (operation) or set of actions (operations) performed with personal data, including collection, recording, systematization, accumulation, storage, amendment (update, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction.
3. Purposes of Processing Personal User Data
3.1. User registration on the Website
3.2. Providing Users with access to the Game
3.3. Management of User accounts
3.4. Interaction between Users
3.5. Providing Users with information on the Game
3.6. Providing Users with customer support services
4. Principles of Processing Personal User Data
4.1. The Company processes personal data based on the following principles:
4.1.1. Personal data must be processed in a fair and legal manner.
4.1.2. Personal data processing must be limited by the achievement of specific, predetermined, and legitimate goals. It is not allowed to process personal data incompatible with the purposes of personal data collection.
4.1.3. It is not allowed to merge databases containing personal data being processed for purposes incompatible with each other.
4.1.4. Only personal data meeting the purposes of processing will be subject to processing.
4.1.5. The content and volume of processed personal data must comply with the stated processing purposes. Processed personal data should not exceed the stated purposes of processing.
4.1.6. When processing personal data, their accuracy must be ensured, as well as their sufficiency and, if necessary, their relevance to the purposes of personal data processing. The Operator must take necessary measures, or ensure that they are taken, to remove or amend incomplete or inaccurate data.
4.1.7. Personal data must be stored in a form that allows the determination of the personal data subject for no longer than the purpose of personal data processing requires, unless the period for storing personal data is established by a federal law or an agreement where the personal data subject is a party, a beneficiary, or а guarantor. Personal data are subject to be destroyed or depersonalized after the processing purposes are achieved, or if the need to achieve those purposes becomes unnecessary, unless otherwise provided by a federal law.
5. Personal Data Verification
5.1. The Company does not verify the accuracy of the data provided by the User. Such information is provided by the User at their discretion, and the User is responsible for the accuracy of the information.
6. The Company’s Functions in Processing Personal User Data
6.1. When processing personal data, the Company:
6.1.1. takes measures necessary and sufficient to ensure compliance with the requirements of the legislation of the Russian Federation and local regulations applicable to personal data;
6.1.2. undertakes to store personal data in strict accordance with all legal regulations, and takes necessary technical measures to protect personal data and prevent unauthorized access, copying, deletion, and other unlawful actions related to personal data;
6.1.3. takes organizational measures within the Company that result in providing access to personal user data only to the Company’s employees whose position implies such access and who have signed corresponding agreements on rules and procedures regulating work with personal user data;
6.1.4. performs other actions stipulated by the legislation of the Russian Federation applicable to personal data.
7. Terms of Processing Personal User Data
7.1. Personal data are processed by the Company with the User’s consent from the moment that the User is registered on the Website and thus expresses their consent to such processing.
7.2. The User’s consent to the processing of their personal data is a prerequisite for the User’s registration on the Website and gaining access to the Game.
7.3. The User is registered and performs other actions on the Website solely for the purposes stipulated in paragraph 2 of Art. 22 of Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006, namely for obtaining personal data “by the operator in connection with the conclusion of an agreement to which the subject of the personal data is party, if the personal data are not disseminated, are not supplied to third parties without the consent of the subject of the personal data, and are used by the operator solely for the purpose of the performance of that agreement and the conclusion of agreements with the subject of the personal data”.
8. List of Actions with Personal User Data and Methods of Their Processing
8.1. The Company collects, records, systematizes, accumulates, stores, amends (updates and modifies), retrieves, uses, blocks, deletes, and destroys personal data.
9. Rights of Users (Personal Data Subjects)
9.1. According to the provisions of the personal data legislation, personal data subjects are entitled to receive information on the processing of their personal data, including the following:
• confirmation that their personal data are processed by the operator;
• legal grounds and purposes for the processing of personal data;
• purposes and methods applied by the operator for personal data processing;
• the name and location of the operator, information on persons (except for the operator’s employees) who have access to personal data or to whom personal data may be disclosed on the basis of the agreement with the operator or a federal law;
• processed personal data related to the corresponding personal data subject, and the source that they were received from, unless a different procedure for submitting such data is stipulated by a federal law;
• the terms of personal data processing, including the terms of their storage;
• the procedure for implementing the personal data subject’s rights stipulated by this Federal Law;
• information on completed or intended cross-border data transfer;
• the name (full name) of a person that processes personal data on behalf of the operator, if processing has been or will be entrusted to such a person;
• other information provided by this Federal Law or other federal laws.
9.2. The information specified in clause 9.1 is provided to the personal data subject (User) on their demand. The request should be sent by email to [email protected] The personal data subject is obliged to provide the Operator with a proof that the requested personal data will be sent to that particular subject.
9.3. According to paragraph 2 of Art. 9 of the law “On Personal Data”, the personal data subject has the right to withdraw their consent for personal data processing or deletion. In order to exercise the aforementioned rights, the personal data subject must send a corresponding request by email to [email protected] The Company considers the received request and ensures the termination of the subject’s personal data processing and deletes them within five (5) business days from the moment that the personal data subject sends their request.
10. Monitoring Compliance with the Legislation of the Russian Federation and Local Regulations Applicable to Personal Data, Including Requirements to Personal Data Protection
10.1. Compliance with the legislation of the Russian Federation and local regulations applicable to personal data by Operators is monitored in order to take measures aimed at preventing and detecting violations of the legislation of the Russian Federation applicable to personal data, identifying possible leakage channels and unauthorized access to personal data, and eliminating the consequences of such violations.
10.2. Internal control over compliance with the legislation of the Russian Federation and local regulations applicable to personal data by Operators’ structural subdivisions is performed by the person responsible for organizing personal data processing and ensuring their safety.