This Privacy Policy ("Policy") defines the position and intentions of Komanda F5 LLC ("Operator") in the field of processing and protection of the Personal Data, observance of rights and freedoms of each person and, in particular, the right to privacy, personal and family secrets, protection of honor and good name.
The Policy is mandatory for all employees of the Operator and Program Partners.

2.1 Personal Data means any information relating to a directly or indirectly identified or identifiable individual (Subject of Personal Data) ("Subject"). Such information may include, but is not limited to:

• last name, first name, patronymic (if any);
• sex;
• date of birth;

Contact details of the Subject, including but not limited to: email address, contact phone number, etc;

• details of the main identity document (series, number, issuing authority, date of issue, subdivision code);
• information about the position held;
• information and technical data of the Subject, including, but not limited to: IP address, browser cookies, browser and device technical data, geolocation;
• in addition, the Operator receives data from Kommo, namely: ID, domain, user language, time zone, apihash, email address of the account; as well as other data of the Subject.

2.2. Under the processing of Personal Data means any action (operation) or set of actions (operations) performed with or without the use of automation with Personal Data, including the collection, recording, systematization, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of Personal Data.

3.1 Processing of Personal Data on Subjects of Personal Data shall be carried out by the Operator for the purposes of:

• Execution of civil law contracts;
• Promotion of products and services;
• Conclusion and/or execution of the Contract, including (but not limited to) for the purposes of third party service;
• Performing the Agreement by a third party, including in case of assignment of rights and obligations under the Agreement by the Licensor to a third party;
• Performing the actions necessary to collect debts from the Licensee for the received services, presentation of other claims to the Licensee, in case of non-performance (improper performance by the Licensee of the obligations under the Contract), including in case of assignment of the rights (claims) arising from the Contract to third parties;
• For the purposes of information and reference services, including the preparation and dissemination of information by various means.

4.1 Understanding the importance and value of human information, as well as taking care of observance of constitutional human and citizen's rights, the Operator ensures reliable protection of Personal Data of Personal Data Subjects.

4.2 The Operator understands the security of Personal Data as the protection of Personal Data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of Personal Data, as well as from other unlawful actions in relation to Personal Data.

4.3 The operator shall take necessary legal, organizational and technical measures for protection of Personal Data.

4.4. The operator processes and secures Personal Data in accordance with the requirements of the Constitution of the Russian Federation, Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" ("The Federal Law on Personal Data"), other federal laws and regulations, guiding and methodological documents of the Federal Service for Technical and Export Control and the Federal Security Service of the Russian Federation defining cases and specifics of Personal Data processing.

4.5. When processing Personal Data, the Operator adheres to the following principles:

• The operator shall process Personal Data only on a lawful and fair basis;
• The operator shall not disclose to third parties and shall not distribute Personal Data without the consent of the Personal Data Subject (unless otherwise provided for by the applicable laws of the Russian Federation);
• The operator determines the specific legitimate purposes before processing (including collection/receipt) of Personal Data;
• The operator shall only collect Personal Data that is necessary and sufficient for the stated purpose of processing;
• Processing of Personal Data shall be limited to achieving specific, predetermined and legitimate purposes;
• The Operator shall destroy or depersonalize Personal Data upon attainment of processing objectives or if the objectives are no longer needed.

4.6. With the consent of the Subject of Personal Data, the Operator shall have the right to assign the processing of Personal Data of the Subjects of Personal Data to another person, on the basis of a contract concluded with such persons.

4.7. In cases stipulated by Russian law, the Operator shall be entitled to transfer Personal Data without the consent of the Subject of Personal Data.

4.8 Persons processing Personal Data on behalf of the Operator shall be obliged to comply with the principles and rules of Personal Data processing and protection stipulated by the Federal Law on Personal Data. The list of actions (operations) with Personal Data to be performed by the person processing Personal Data, processing objectives shall be determined for each person processing Personal Data on behalf of the Operator, the obligation of such person to maintain confidentiality and ensure security of Personal Data during its processing shall be established, and requirements to protection of processed Personal Data shall be specified.

4.9 The term of your Personal Data retention depends on the type of data and the purpose for which the Operator processes the data, which is explained in clause 3. The Operator will retain Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. If you wish to request that we no longer use your data, please contact us at global@cmdf5.com.

4.10 When the purposes of processing Personal Data are achieved, as well as in case of withdrawal of consent to their processing by the Subject of Personal Data, Personal Data shall be destroyed if:

• otherwise not provided by the agreement, of which the Subject of Personal Data is a party;
• the operator is not entitled to process without the consent of the Subject of Personal Data on the grounds provided by the Personal Data Law or other federal laws;
• otherwise not provided by another agreement between the Operator and the Subject of Personal Data.

4.11 App’s use and transfer to any other app of information received from Google Accounts will comply with Google API Services User Data Policy, including the Limited Use requirements.

4.12 We explicitly affirm that Google Workspace APIs are not used to develop, improve, or train generalized/non-personalized AI and/or ML models.

5.1 The Subject of Personal Data, whose Personal Data is processed by the Operator, has the right to:

5.1.1. Receive from the Operator:

• Confirmation of the processing of Personal Data by the Operator;
• Information about the legal basis and purpose of Personal Data processing;
• Information about the purpose and methods of Personal Data processing used by the Operator;
• Information about the name and location of the Operator;
• Information about persons who have access to Personal Data or to whom Personal Data may be disclosed on the basis of a contract with the Operator or on the basis of Federal Law;
• List of processed Personal Data pertaining to the Subject of Personal Data, from whom the request was received, and information about the source of its receipt, unless other procedure of provision of such data is provided by the Federal Law;
• Information about the timing of processing of Personal Data, including the period of the storage of such data;
• Information about how the Subject of Personal Data exercise their rights under the Federal Law on Personal Data;
• Information about performed or expected cross-border transfer of Personal Data;
• Name or last name, first name, patronymic and address of the person processing Personal Data on behalf of the Operator, if processing is or will be assigned to such person;
• Other information required by the Federal Law on Personal Data or other Federal Laws;

5.1.2 Demand clarification of Personal Data, its blocking or destruction if Personal Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;

5.1.3 Withdraw its consent to the processing of Personal Data;

5.1.4 Demand the elimination of unlawful actions of the Operator in relation to his Personal Data;

5.1.5 To appeal against the Operator's actions or omissions to the Federal Service for Supervision in the Sphere of Communications, Information Technology and Mass Communications (Roskomnadzor) or in court, in case the Personal Data subject believes that the Operator is processing his Personal Data in violation of the requirements of the Federal Law on Personal Data or otherwise violates his rights and freedoms;

5.1.6. To protect their rights and legitimate interests, including compensation for losses and/or compensation for moral damage in court.

6.1 When processing the Personal Data, the Operator shall take necessary legal, organizational and technical measures to protect Personal Data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of Personal Data, as well as from other unlawful actions in relation to Personal Data.

6.1.1 Such measures in accordance with the Federal Law on Personal Data, in particular, include:

• Determination of threats to security of Personal Data during its processing in Personal Data information systems;
• Application of organizational and technical measures to ensure security of Personal Data during their processing in Personal Data information systems, necessary to meet the requirements for the protection of Personal Data, implementation of which ensures the levels of protection of Personal Data established by the Government of the Russian Federation;
• Application of duly approved conformity assessment procedure for information protection tools;
• Evaluation of efficiency of measures taken to ensure security of Personal Data prior to commissioning of the information system;
• Accounting of Personal Data storage media;
• Detection of facts of unauthorized access to Personal Data and taking measures to prevent similar incidents in the future;
• Restoration of Personal Data modified or destroyed as a result of unauthorized access to it;
• Establishment of rules of access to Personal Data processed in Personal Data information system, as well as ensuring registration and accounting of all actions performed with Personal Data in Personal Data information system;
• Control over measures taken to ensure security of Personal Data and level of protection of Personal Data information systems.

7.1. This Policy is a publicly available document.

7.2. This Policy shall be revised in case of changes in the legislation of the Russian Federation in the field of processing and protection of Personal Data, in cases of orders to eliminate inconsistencies affecting the scope of the Policy, by decision of the Operator management, in case of changes in the purposes of Personal Data processing, changes in the organizational structure, structure of information and/or telecommunications systems (or introduction of new ones), in application of new technologies of Personal Data processing (including transfer, storage), in case of emergence of the necessities of Personal Data processing.

In the event of failure to comply with the provisions of this Policy, the Operator shall be liable in accordance with the applicable laws of the Russian Federation.

Subjects whose Personal Data is processed by the Operator may obtain explanations of the processing of their Personal Data by contacting the Operator in person or by sending an official request by email to: global@cmdf5.com.
In case of sending an official request to the Operator, the text of the request must specify:

• Last and first name, patronymic of the Subject of Personal Data or his representative;
• Information confirming the Subject of Personal Data relationship with the Operator, or information otherwise confirming the fact that the Subject of Personal Data is processed by the Operator;
• The signature of the Subject of Personal Data (or his representative). If the request is sent electronically, it must be in the form of an electronic document and signed by electronic signature in accordance with the legislation of the Russian Federation.