1. General Provisions

This Personal Data Processing Policy is drafted in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006, “On Personal Data” (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and the measures taken by LLC “Devices” (OGRN 1137847373619, INN 7813572293) (hereinafter referred to as the Operator) to ensure the security of personal data.

1.1. The Operator considers the observance of human and civil rights and freedoms during the processing of personal data, including the right to privacy, personal and family secrets, as one of its most important goals and conditions for its activities.

1.2. This Policy of the Operator regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may receive about visitors to the website ubear-world.com (hereinafter referred to as the Website).

2. Basic Terms Used in This Policy:

2.1. Automated processing of personal data – processing using computer technology.

2.2. Blocking of personal data – temporary suspension of processing (except in cases where processing is necessary for data clarification).

2.3. Website – a set of graphical and informational materials, software, and databases available on the internet at the Website’s domain.

2.4. Personal data information system – a set of personal data contained in databases, and technologies and tools enabling their processing.

2.5. Depersonalization of personal data – actions making it impossible to identify a specific User or subject of personal data without additional information.

2.6. Processing of personal data – any action or set of actions with personal data using automated tools or without them, including collection, recording, systematization, accumulation, storage, clarification, retrieval, usage, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.

2.7. Personal Data Operator (Operator) – a legal entity independently or jointly organizing and/or processing personal data, and determining the purposes, scope, and actions performed with the personal data.

2.8. Personal data – name, phone number, email, and/or other data recognized as personal data provided by the User on the Website.

2.9. Personal data allowed by the subject for dissemination – personal data provided by the subject with consent for public access in accordance with the Personal Data Law.

2.10. User – any visitor of the Website.

2.11. Provision of personal data – actions aimed at disclosing personal data to a specific person or group of persons.

2.12. Dissemination of personal data – any actions aimed at disclosing personal data to an undefined circle of persons, including publication in media or online.

2.13. Cross-border transfer of personal data – transfer of personal data to a foreign country, authority, individual, or legal entity.

2.14. Destruction of personal data – actions resulting in the irreversible loss of data content in the system and/or destruction of physical data carriers.

3. Key Rights and Obligations of the Operator

3.1. The Operator has the right to:

• Request accurate data and/or documents from the data subject;
• Continue processing without consent if permitted under the Personal Data Law;
• Independently define necessary measures to fulfill legal obligations unless otherwise specified.

3.2. The Operator must:

• Provide the subject with information about the data processing;
• Organize processing in accordance with Russian law;
• Respond to requests and inquiries from data subjects and their representatives;
• Report requested information to the authorized data protection body within 30 days;
• Publish or otherwise ensure access to this Policy;
• Take legal, organizational, and technical measures to protect data from unauthorized access or actions;
• Cease data transfer and processing and destroy data when required by law;
• Fulfill other legal obligations.

4. Rights and Obligations of Personal Data Subjects

4.1. Data subjects have the right to:

• Receive information on the processing of their personal data (unless restricted by law);
• Demand clarification, blocking, or deletion of inaccurate or unlawfully processed data;
• Set conditions for marketing consent;
• Withdraw consent to processing;
• Appeal unlawful actions or inaction in court or to the authorized body;
• Exercise other rights as per Russian law.

4.2. Data subjects must:

• Provide accurate information about themselves or the person they represent;
• Notify the Operator of any updates or changes to their data.

4.3. Persons who provide false data or data of third parties without consent bear responsibility under Russian law.

5. Personal Data That May Be Processed by the Operator

5.1. Last name, first name
5.2. Email address
5.3. Phone number(s)
5.4. Anonymized data (including cookies) collected via internet statistics services (Yandex.Metrica, Google Analytics, etc.)

5.5. These are collectively referred to as “Personal Data” in this Policy.

5.6. The Operator does not process special categories of personal data (race, ethnicity, political views, religious beliefs, etc.).

5.7. Processing of special categories of data permitted for dissemination is allowed only in compliance with Article 10.1 of the Personal Data Law.

5.8. Consent to process personal data for dissemination must be obtained separately and meet the specific legal requirements.

5.8.1. Such consent is provided by the User directly to the Operator.

5.8.2. The Operator must publish processing conditions and any applicable restrictions within three business days of receiving the User’s consent.

5.8.3. Dissemination of such data must stop upon the User’s request. The request must include the full name, contact details, and list of data to be excluded from dissemination. After submission, only the Operator may continue processing the specified data.

5.8.4. This consent ceases upon the Operator’s receipt of the request mentioned in clause 5.8.3 of this Policy.