Personal Data Processing Policy

1. General Provisions
This Personal Data Processing Policy (the "Policy") is formulated in compliance with the requirements of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006 (the "Personal Data Law") and defines the procedure for processing personal data and the security measures implemented by LLC "GRC" (the "Operator").

1.1. The Operator’s paramount goal and condition for conducting its activities is the observance of human and civil rights and freedoms during the processing of personal data, including the protection of rights to privacy, personal, and family secrets.
1.2. This Policy applies to all information that the Operator may obtain about visitors to the website https://www.1grc.world.

2. Key Terms Used in the Policy
2.1. Automated Processing of Personal Data — processing using computer technology.
2.2. Blocking of Personal Data — temporary cessation of processing (except where necessary to clarify data).
2.3. Website — a collection of graphical, informational materials, and computer programs/databases accessible online at https://www.1grc.world.
2.4. Personal Data Information System — a set of personal data stored in databases and processed via information technologies and hardware.
2.5. Depersonalization of Personal Data — actions rendering data impossible to attribute to a specific User without additional information.
2.6. Processing of Personal Data — any action (automated or not) involving data, including collection, recording, systematization, storage, updating, retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction.
2.7. Operator — a state body, legal entity, or individual organizing and/or processing personal data, determining purposes and content.
2.8. Personal Data — any information directly or indirectly related to a User of https://www.1grc.world.
2.9. Data Permitted for Dissemination — data authorized by the subject for unlimited access under the Personal Data Law.
2.10. User — any visitor to https://www.1grc.world.
2.11. Provision of Personal Data — disclosure to a specific person or circle.
2.12. Dissemination of Personal Data — disclosure to an unlimited audience (e.g., media, online publication).
2.13. Cross-Border Transfer of Personal Data — transfer to foreign authorities or entities.
2.14. Destruction of Personal Data — irreversible deletion making recovery impossible.

3. Operator’s Rights and Obligations
3.1. Rights:
— Obtain reliable data from the subject.
— Continue processing without consent if grounds exist under the Personal Data Law.
— Determine measures to fulfill legal obligations.
3.2. Obligations:
— Provide processing-related information upon request.
— Organize processing per Russian law.
— Respond to inquiries within legal deadlines.
— Notify the authorized body within 10 days if required.
— Ensure unrestricted access to this Policy.
— Implement security measures against unauthorized access.
— Terminate processing/destroy data as stipulated by law.

4. Data Subjects’ Rights and Obligations
4.1. Rights:
— Obtain processing information (excluding cases restricted by law).
— Demand correction, blocking, or destruction of inaccurate data.
— Withdraw consent or demand cessation of processing.
— Appeal unlawful actions to authorities or courts.
4.2. Obligations:
— Provide accurate data.
— Notify the Operator of updates.
4.3. Liability for providing false data or unauthorized third-party data lies with the provider.

5. Processing Principles
5.1. Lawful and fair basis.
5.2. Limited to specific, predefined, lawful purposes.
5.3. Prohibition on merging databases with incompatible purposes.
5.4. Only relevant data is processed.
5.5. Data adequacy and accuracy ensured.
5.6. Storage only as long as necessary; destruction/depersonalization afterward.

6. Processing Purposes
Establishing User communication, sending notifications, processing requests, and providing services.
Data Processed: Name, email, phone numbers, photos.
Legal Basis: Operator’s statutory documents.
Processing Types: Collection, recording, storage, destruction, depersonalization.

7. Processing Conditions
7.1. Requires subject’s consent.
7.2. Necessary for legal obligations, treaties, justice, contract execution, or public interests.
7.3. Publicly available data may be processed.

8. Processing Procedures
8.1. Security measures ensure data protection.
8.2. Data not shared with third parties unless legally required or consented.
8.3. Users may update data via email: askripov@1grc.world (subject: "Updating Personal Data").
8.4. Processing ceases upon achieving purposes or subject’s withdrawal (email: askripov@1grc.world, subject: "Withdrawal of Consent").
8.5. Third-party services (e.g., payment systems) handle data per their policies; Operator is not liable.

9. Actions Performed by the Operator
9.1. Collection, recording, storage, use, transfer, depersonalization, blocking, deletion.
9.2. Automated processing with/without information networks.

10. Cross-Border Transfer
10.1. Operator must notify the authorized body beforehand.
10.2. Obtain information from foreign recipients prior to transfer.

11. Confidentiality
Operator and authorized persons must not disclose data without consent, unless legally required.

12. Final Provisions
12.1. Questions? Contact askripov@1grc.world.
12.2. Policy updates will be posted here.
12.3. Current version available at https://1grc.world/privacy-policy.