Privacy Policy
1. General Provisions
1.1. This Privacy Policy (hereinafter — the "Policy") has been developed in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" (hereinafter — FL-152), Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection", and other regulatory legal acts of the Russian Federation in the field of personal data.
1.2. Personal Data Operator:
Name: Individual Entrepreneur Gurnitsky Alexey EvgenyevichOGRNIP 319246800032475INN 246310471139
1.3. This Policy applies to all information that the Operator may receive about visitors and users of:
the Fantasos.tech website (hereinafter — the "Website"); the Telegram bot @fantasos_bot (hereinafter — the "Bot"). Hereinafter the Website and the Bot are collectively referred to as the "Service".
1.4. The Operator's most important goal and condition for carrying out its activities is the observance of the rights and freedoms of individuals in the processing of their personal data, including the protection of the right to privacy, personal and family secrecy.
1.5. Use of the Service constitutes the User's unconditional agreement to this Policy and the personal data processing conditions set forth herein. If the User does not agree with the Policy, the User must refrain from using the Service.
1.6. This Policy is a publicly available document and is published at: https://fantasos.tech/privacy
2. Key Definitions
2.1. Personal Data — any information relating directly or indirectly to a specific or identifiable natural person (data subject).
2.2. Processing of Personal Data — any action (operation) or set of actions (operations) performed using automation tools or without such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
2.3. Automated Processing of Personal Data — processing of personal data using computer technology.
2.4. Operator — Individual Entrepreneur Gurnitsky Alexey Evgenyevich, independently or jointly with other persons organizing and/or carrying out the processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, and actions (operations) performed with personal data.
2.5. User — any visitor to the Website and/or user of the Bot.
2.6. Data Subject — a natural person to whom personal data directly or indirectly relates.
2.7. Provision of Personal Data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.8. Dissemination of Personal Data — any actions aimed at disclosing personal data to an indefinite group of persons.
2.9. Blocking of Personal Data — temporary suspension of personal data processing (except where processing is necessary to clarify personal data).
2.10. Destruction of Personal Data — actions as a result of which it is impossible to restore the content of personal data in a personal data information system and/or physical personal data carriers are destroyed.
2.11. Anonymization of Personal Data — actions as a result of which it is impossible to determine, without the use of additional information, the association of personal data with a specific data subject.
2.12. Personal Data Information System — a set of personal data contained in databases and information technologies and technical means that ensure their processing.
2.13. Cross-Border Transfer of Personal Data — transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign natural person, or a foreign legal entity.
2.14. Cookie — a fragment of data created via a browser and sent by the Service, which is stored on the User's device.
3. Principles of Personal Data Processing
The Operator processes personal data based on the following principles:
3.1. Lawfulness and fairness of personal data processing.
3.2. Restriction of personal data processing to the achievement of specific, predetermined, and lawful purposes. Processing of personal data incompatible with the purposes of collection is not permitted.
3.3. Prohibition on merging databases containing personal data processed for incompatible purposes.
3.4. Processing only those personal data that meet the purposes of their processing.
3.5. Compliance of the content and volume of processed personal data with the stated processing purposes. Prohibition on excessive processing of personal data relative to the stated purposes.
3.6. Ensuring the accuracy, sufficiency, and relevance of personal data in relation to the purposes of personal data processing.
3.7. Destruction of personal data upon achievement of the purposes of their processing or in the event the need to achieve these purposes is lost, where the Operator cannot remedy personal data violations, unless otherwise provided by federal law.
4. Conditions for Processing Personal Data
4.1. The Operator processes personal data when at least one of the following conditions is present:
personal data processing is carried out with the consent of the data subject; personal data processing is necessary for achieving the purposes provided for by an international treaty of the Russian Federation or by law; personal data processing is necessary for the administration of justice, execution of a judicial act, or act of another authority or official; personal data processing is necessary for the performance of a contract to which the data subject is a party, or for the conclusion of a contract at the initiative of the data subject; personal data processing is necessary for the exercise of the rights and legitimate interests of the Operator or third parties, provided the rights and freedoms of the data subject are not violated.
4.2. The Operator processes the User's personal data only when they are filled in and/or submitted by the User independently through special forms on the Website, in the Bot, or via email.
4.3. By filling in the relevant forms and/or submitting their personal data to the Operator, the User expresses their consent to this Policy.
4.4. The data subject independently decides whether to provide their personal data and gives consent freely, by their own will and in their own interest.
4.5. The Operator and other persons who have gained access to personal data shall not disclose or distribute personal data to third parties without the consent of the data subject, unless otherwise provided by federal law.
5. Purposes and Scope of Personal Data Processing
5.1. Personal data is processed for the following purposes:
Purpose of Processing — Data ProcessedUser registration and identification in the Service — Name (nickname), email address, phone numberProcessing of User requests and inquiries — Name, email address, phone number, content of inquiryConclusion and fulfillment of contracts with Users — Last name, first name, patronymic, email address, phone numberSending notifications and information about Service operation — Email address, phone numberInforming about new products, services, promotions — Email address, phone number (with consent)Statistical analysis and improvement of Service operation — Anonymized technical data
5.2. Technical data collected automatically:
IP address; operating system and browser type and version; device type and screen resolution; geolocation (country/city); traffic source; operating system and browser language; actions on the Website (clicks, scrolls, link navigation).
5.3. The Operator does not process special categories of personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, health, or intimate life.
5.4. Personal data processed by the Operator belongs to the category of general personal data and is processed by automated means.
6. Use of Cookies
6.1. The Operator uses automated data collection technologies (including cookies, log files, web beacons) for the following purposes:
Service functionality — ensuring proper operation of the Website, page navigation, access to secure sections; Statistical analysis — analysis of anonymized traffic parameters (frequency, session duration, geographic distribution); Service optimization — identification of technical failures, adaptation of the interface to behavioral patterns; Audience research — compilation of aggregated reports on user behavioral characteristics.
6.2. The Website and Bot collect and process anonymized visitor data using internet statistics services (Yandex Metrica and others).
6.3. This data is not used for personal identification and is anonymized.
6.4. Cookies do not fall under special categories or biometric personal data in accordance with Articles 10–11 of FL-152.
6.5. The User may opt out of cookie processing by adjusting browser settings or clicking the "Reject" button on the cookie banner (where available).
6.6. The Operator processes anonymized User data where this is permitted by the User's browser settings (cookie storage and JavaScript technology are enabled).
7. Rights of Data Subjects
7.1. The data subject has the right to:
receive information regarding the processing of their personal data, in the manner, form and timeframe established by personal data legislation; request the correction, blocking or destruction of their personal data if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or is not necessary for the stated processing purpose; set a precondition for prior consent when processing personal data for the purpose of promoting goods, works, and services; withdraw consent to the processing of personal data; appeal to the authorized body for the protection of data subjects' rights (Roskomnadzor) or to a court against unlawful actions or inaction of the Operator in processing their personal data; exercise other rights provided by the legislation of the Russian Federation.
7.2. Data subjects are obliged to:
provide the Operator with accurate information about themselves; inform the Operator of any clarification (updating, modification) of their personal data.
7.3. Persons who have provided the Operator with false information about themselves or information about another data subject without the latter's consent shall be liable under the legislation of the Russian Federation.
8. Operator Obligations
8.1. The Operator is obliged to:
provide the data subject, upon their request, with information regarding the processing of their personal data; organize the processing of personal data in accordance with the procedure established by applicable law of the Russian Federation; respond to requests from data subjects and their legal representatives in accordance with the requirements of FL-152; report to the authorized body for the protection of data subjects' rights, upon its request, the necessary information within 30 days from the date of receipt of such request; ensure unrestricted access to this Policy; take legal, organizational and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination, and other unlawful actions with respect to personal data; cease transfer (distribution, provision, access) of personal data, cease processing and destroy personal data in the manner and cases provided for by FL-152; fulfill other obligations provided for by FL-152.
8.2. The Operator has the right to:
receive accurate information and/or documents containing personal data from the data subject; in the event of withdrawal of consent by the data subject, continue processing personal data without consent if grounds exist under FL-152; independently determine the composition and list of measures necessary and sufficient to fulfill the obligations provided by FL-152.
9. Personal Data Security Measures
9.1. The Operator ensures the collection, recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of Russian Federation citizens using databases located on the territory of the Russian Federation.
9.2. Security of personal data is ensured through the implementation of legal, organizational and technical measures necessary to meet the requirements of federal legislation in the field of personal data protection.
9.3. To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
appointment of a person responsible for organizing personal data processing; ensuring the security of personal data during storage and preventing unauthorized access; restricting the number of persons authorized to process personal data; identifying personal data security threats during processing and developing threat models; developing a personal data protection system based on the threat model; restricting user access to information resources and hardware/software processing tools; registering and recording actions of users of personal data information systems; using antivirus tools and personal data protection restoration tools; using firewall, intrusion detection, security analysis, and cryptographic information protection tools; using secure communication channels for transmitting personal data.
9.4. The Operator has implemented the measures provided for in Part 2 of Article 18.1 and Part 1 of Article 19 of FL-152.
10. Transfer of Personal Data to Third Parties
10.1. The User's personal data is not transferred to third parties, except in the following cases:
the data subject has given consent to the transfer of data to a third party for the fulfillment of contractual obligations; the transfer is necessary for the User's use of the Service's functionality; the transfer is required by Russian or other applicable legislation within established procedures; the transfer occurs in connection with the sale or other transfer of a business (in whole or in part), in which case all obligations under this Policy pass to the acquirer.
10.2. The Operator may entrust the processing of personal data to another party with the consent of the data subject, on the basis of a concluded agreement. The party processing personal data on behalf of the Operator is obligated to comply with the principles and rules of personal data processing provided for by FL-152 and this Policy.
10.3. The Operator may transfer technical data (log files and cookies) to third parties — analytics service providers — for statistical tracking, Service optimization, and target audience research.
10.4. All information collected by third-party services, including payment systems, communication tools and other service providers, is stored and processed by those parties in accordance with their User Agreement and Privacy Policy. The Operator is not responsible for the actions of third parties.
11. Cross-Border Transfer of Personal Data
11.1. Before initiating a cross-border transfer of personal data, the Operator must ensure that the foreign state to which the personal data is to be transferred provides adequate protection of data subjects' rights.
11.2. Cross-border transfer of personal data to foreign states that do not ensure adequate protection of data subjects' rights may only be carried out if:
the data subject has provided written consent to the cross-border transfer of their personal data; the transfer is necessary for the performance of a contract to which the data subject is a party.
11.3. Before commencing cross-border personal data transfer activities, the Operator must notify the authorized body for the protection of data subjects' rights of its intention to carry out cross-border transfer of personal data.
12. Updating, Correction, and Deletion of Personal Data
12.1. If the User identifies inaccuracies in their personal data, they may update it independently by sending a notification to the Operator at support@fantasos.tech with the subject "Personal Data Update".
12.2. If the inaccuracy of personal data or the unlawfulness of its processing is confirmed, the personal data shall be updated by the Operator and processing must be ceased in accordance with Article 21 of FL-152.
12.3. The User may withdraw their consent to the processing of personal data at any time by sending a notification to the Operator at support@fantasos.tech with the subject "Withdrawal of Consent to Personal Data Processing".
12.4. Upon achievement of the personal data processing purposes, as well as in the event of withdrawal of consent by the data subject, personal data shall be destroyed, unless:
otherwise provided by a contract to which the data subject is a party; the Operator is not entitled to process personal data without the data subject's consent on the grounds provided for by FL-152 or other federal laws.
12.5. The period of personal data processing is determined by the achievement of the purposes for which the personal data was collected, unless another period is provided for by a contract or applicable legislation.
12.6. Personal data is stored in a form that allows identification of the data subject for no longer than required by the purposes of personal data processing.
12.7. Personal data is destroyed by erasing it from the Operator's servers.
13. Final Provisions
13.1. The User may receive any clarifications on matters of interest regarding the processing of their personal data by contacting the Operator:
by email: support@fantasos.tech