Privacy Policy

Personal Data Processing Policy

1. General

This Personal Data Processing Policy is written in accordance with the requirements of the Federal Law No. 152-FZ On Personal Data dated 27 July 2006 (the “Personal Data Law”) and defines the personal data processing procedure and measures to ensure personal data security taken by LLC Horizon Corporate Finance (the “Data Controller”).

1.1. The Data Controller’s core priority and commitment when carrying out its activities is to respect human and civil rights and freedoms regarding the processing of personal data, including protecting the rights to privacy, personal, and family secrets.

1.2. The Data Controller’s Personal Data Processing Policy (the “Policy”) applies to all information that the Data Controller may receive regarding visitors to the website.

 

2. Terms used in the Policy

2.1. The automated processing of personal data – the processing of personal data using computing tools.

2.2. The blocking of personal data – the temporary suspension of the processing of personal data (unless processing is necessary to update said data).

2.3. The website – the totality of graphics and information materials, as well as computer programmes and databases available on the internet at https://horizon.ru.

2.4. The personal data system – the totality of personal data contained in databases of personal data, as well as the information technology and technical means used to process them.

2.5. The anonymisation of personal data – actions that make it impossible, without the use of additional information, to determine to which specific User or other data subject personal data belong.

2.6. The processing of personal data – any action (operation) or the totality of actions (operations), automated or otherwise, including collection, recording, classification, collation, storage, editing (updating, changing), extraction, use, transfer (distribution, provision, access), anonymisation, blocking, deletion, and destruction.

2.7. The Data Controller – a government body, municipal authority, legal entity, or individual, either alone or in conjunction with others, that arranges for, and/or carries out, the processing of personal data, as well as determines the purpose of personal data processing, the composition of personal data to be processed, and the actions (operations) performed on personal data.

2.8. Personal data – any information relating, either directly or indirectly, to an identified or identifiable User of the website at https://horizon.ru.

2.9. Personal data permitted by the data subject for dissemination – personal data to which the data subject grants access to an unlimited range of persons by giving consent to the processing of their personal data for dissemination in the manner prescribed by the Personal Data Law (“personal data permitted for dissemination”).

2.10. The User – any visitor to the website at https://horizon.ru.

2.11. The provision of personal data – the act of disclosing personal data to a certain person or a group of persons.

2.12. The dissemination of personal data – any actions aimed at disclosing (transferring) personal data to an indefinite range of persons or to make personal data available to an unlimited range of persons, including by disclosing personal data in the media, placing them in information and telecommunications networks, or providing access to personal data in any other way.

2.13. The cross-border transfer of personal data – the transfer of personal data to the territory of a foreign country, a foreign authority, a foreign individual, or a foreign legal entity.

2.14. The destruction of personal data – any action that irretrievably destroys personal data, making it impossible to restore the content of said personal data in the personal data system, and/or destroying the physical media on which personal data are stored.

3. Rights and obligations of the Data Controller

3.1. The Data Controller may:

– receive accurate information and/or documents containing personal data from the data subject;

– continue to process the personal data of data subjects who have withdrawn their consent to the processing of personal data without their consent, under the grounds set out in the Personal Data Law; and

– independently define the scope and the list of measures necessary and sufficient to ensure the fulfilment of its obligations under the Personal Data Law and the regulations adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.

3.2. The Data Controller is obliged to:

– supply the data subject, upon their request, with information concerning the processing of their personal data;

– process personal data in line with the procedure set out in applicable laws of the Russian Federation;

– respond to requests and enquiries submitted by data subjects and/or their legal representatives in line with the requirements of the Personal Data Law;

– communicate the necessary information, upon request, to the competent authority within 30 days of the date of receiving said request;

– publish or otherwise provide unrestricted access to this Policy;

– take legal, organisational, and technical measures to protect personal data against unlawful or accidental access, destruction, changing, blocking, copying, sharing, dissemination, and any other unlawful act;

– halt the transfer (dissemination, provision, access) and processing of personal data in cases stipulated in the Personal Data Law, and destroy personal data in the manner stipulated in the Personal Data Law; and

– fulfil any other obligations set out in the Personal Data Law.

4. Rights and obligations of the data subject

4.1. Data subjects are entitled to:

– receive information concerning the processing of their personal data, except in cases stipulated by federal laws. The Data Controller shall provide said information to the data subject in an accessible format, and it must not contain personal data relating to other data subjects, unless there are legitimate grounds for disclosing such personal data. The list of information available and the procedure for requesting it are prescribed in the Personal Data Law;

– demand that the Data Controller clarify, block, or destroy personal data should they be incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing, and take statutory measures to protect their rights;

– put forward the condition of prior consent before the processing of personal data for the purpose of marketing goods, work, or services;

– withdraw their consent to the processing of personal data;

– appeal to the competent authority for the protection of their rights as a data subject or take legal action against the unlawful acts or negligence of the Data Controller when processing their personal data; and

– exercise other rights provided for by Russian laws.

4.2. Data subjects are obliged to:

– provide the Data Controller with accurate information about themselves; and

– inform the Data Controller of any changes to their personal data.

4.3. Persons who provide the Data Controller with false information about themselves, or with the personal data of another data subject without their consent, shall be liable under Russian laws.

5. The Data Controller may process the following personal data of the User.

5.1. Surname, name, middle name(s).

5.2. E-mail address.

5.3. Telephone number(s).

5.4. The website also collects and processes anonymised visitor data (including cookies) via web analytics services (e.g. Yandex.Metrika and Google Analytics).

5.5. The above-mentioned data are referred to in the Policy under the generic term of Personal Data.

5.6. The Data Controller does not process special categories of personal data relating to race, ethnicity, political views, religious or philosophical beliefs, or private life.

5.7. The processing of personal data permitted for dissemination from among the special categories of personal data specified in Clause 1 of Article 10 of the Personal Data Law shall be permitted if the prohibitions and conditions stipulated in Article 10.1 of the Personal Data Law are complied with.

5.8. The User’s consent to the processing of personal data permitted for dissemination shall be given separately from other consents to the processing of their personal data. The conditions stipulated by Article 10.1 of the Personal Data Law, inter alia, shall be observed in this case. The requirements for the specifics of said consent shall be established by the competent authority protecting the rights of data subjects.

5.8.1 The User provides their consent directly to the Data Controller for the processing of personal data permitted for dissemination.

5.8.2 The Data Controller shall, within three working days of receipt of the above User consent, publish information about data processing conditions, as well as prohibitions and conditions regarding the processing by an unlimited range of persons of personal data permitted for dissemination.

5.8.3 The transfer (dissemination, provision, access) of personal data permitted for dissemination must be halted at any time upon the request of the data subject. This requirement shall include the data subject’s surname, first name, middle name(s) (if any), contact information (telephone number, e-mail address, or postal address), as well as the list of personal data the processing of which is to be terminated. The personal data specified in this request may only be processed by the Data Controller to whom they are sent.

5.8.4 Consent to the processing of personal data permitted for dissemination shall terminate upon the Data Controller’s receipt of the request referred to in clause 5.8.3 of the Policy.

6. Personal data processing principles

6.1. The processing of personal data shall be lawful and fair.

6.2. The processing of personal data shall only take place to accomplish specific, predetermined, and legitimate purposes. The processing of personal data in a way incompatible with the purposes for which they were collected is not permitted.

6.3. Databases containing personal data collected for differing processing purposes may not be merged.

6.4. Only personal data that meet the stated processing purposes may be processed.

6.5. The content and volume of the processed personal data shall correspond to the stated processing purposes. Excessive personal data vis-a-vis the stated processing purposes shall not be collected.

6.6. The processing of personal data ensures that personal data are accurate, complete, and, if necessary, relevant vis-a-vis the stated processing purposes. The Data Controller takes the necessary steps and/or ensures that said steps are taken to ensure incomplete or inaccurate data are deleted or updated.

6.7. Personal data shall be stored in a format that allows the data subject to be identified for no longer than required for the processing purposes, unless the storage period is prescribed by a federal law or agreement to which the data subject is a party, beneficiary, or guarantor. Personal data subject to processing are destroyed or anonymised once the stated processing purposes are achieved or no longer necessary, unless otherwise provided by federal law.

7. Personal data processing purposes

7.1. The User’s personal data are processed in order to:

– keep the User informed by e-mail; and

– provide the User with access to the services, information, and/or materials available on the website.

7.2. The Data Controller also may send the User messages about new products and services, special offers, and various events. The User may always opt out of receiving messages by sending an e-mail to the Data Controller at info@horizon.ru with the subject “Opt out of hearing about new products and services and special offers”.

7.3. Anonymised User data collected via web analytics services are used to collect information about User actions on the site, and to improve the quality of the site and its content.

8. Legal basis for processing personal data

8.1. The legal basis for processing personal data includes:

– charter or constitutional documents of the Data Controller;

– federal laws, or other laws and regulations regarding the protection of personal data; and

– the User’s consent to the processing of their personal data, or the processing of personal data permitted for dissemination.

8.2. The Data Controller only processes the User’s personal data if filled in and/or submitted by the User independently through special forms located on the website at https://horizon.ru or sent to the Data Controller via e-mail. By filling in said forms and/or sending their personal data to the Data Controller, the User agrees to this Policy.

8.3. The Data Controller processes anonymised User data if permitted by the User’s browser settings (i.e. cookies and JavaScript are enabled).

8.4. The data subject independently decides to provide their personal data and gives consent freely, of their own free will and in their own interest.

9. Personal data processing conditions

9.1. Personal data processing is carried out with the consent of the data subject to said processing.

9.2. The processing of personal data may be necessary to achieve the purposes envisaged by a law or international agreement to which the Russian Federation is a party, or to carry out the functions, powers, and duties assigned to the Data Controller by Russian laws.

9.3. The processing of personal data may be necessary to administer justice or execute a judicial ruling or an act of a government body or officer in accordance with the Russian laws on the enforcement of judgements.

9.4. The processing of personal data may be necessary for the fulfilment of an agreement to which the data subject is a party, beneficiary, or guarantor, as well as for the execution of an agreement proposed by the data subject or an agreement under which the data subject will be a beneficiary or guarantor.

9.5. The processing of personal data may be necessary to exercise the rights and legitimate interests of the Data Controller or third parties, or to achieve aims in the public interest, provided that the rights and freedoms of the data subject are not violated.

9.6. The Data Controller processes personal data to which the data subject grants access to an unlimited range of persons or at their request (“publicly available personal data”).

9.7. The Data Controller processes personal data subject to publication or mandatory disclosure under federal law.

10. The procedure for collecting, storing, transferring, and other types of personal data processing

The Data Controller ensures the personal data it processes remain protected by implementing the legal, organisational, and technical measures necessary to fully comply with the requirements of applicable personal data protection laws.

10.1. The Data Controller shall ensure personal data are protected and shall take all possible measures to prevent unauthorised persons from accessing personal data.

10.2. The User’s personal data shall never, under any circumstances, be disclosed to third parties, except in cases prescribed by applicable laws or if the data subject has given their consent to the Data Controller for the transfer of data to a third party to fulfil obligations under an independent contractor agreement.

10.3. If the User notices that their personal data are incorrect, he/she may update said data independently by sending a relevant notification to the Data Controller’s e-mail address at info@horizon.ru with the subject “Update of personal data”.

10.4. The duration of personal data processing lasts until the personal data’s collection purposes have been achieved, unless a different period is stipulated by an agreement or applicable laws. The User may withdraw their consent to the processing of personal data at any time by sending an e-mail to the Data Controller’s e-mail address at info@horizon.ru with the subject “Withdrawal of consent to the processing of personal data”.

10.5. All information collected by third party services, including payment systems, communication services, and other service providers, is stored and processed by these parties (Data Controllers) in accordance with their respective User Agreements and Privacy Policies. The data subject and/or User is obliged to review these documents at their earliest convenience. The Data Controller shall not be held liable for the actions of third parties, including the service providers referred to in this clause.

10.6. The limits selected by the data subject regarding the transfer (except for granting access), or regarding the processing or conditions for processing (except for receiving access) of personal data permitted for dissemination, do not apply in cases where personal data are processed in the interest of the state, societal interests or other public interests that are defined by Russian laws.

10.7. The Data Controller ensures the confidentiality of personal data in the course of processing.

10.8. The Data Controller stores personal data in a format that allows the data subject to be identified for no longer than required for the processing purposes, unless the storage period is prescribed by a federal law or agreement to which the data subject is a party, beneficiary, or guarantor.

10.9. The processing of personal data may be terminated once processing purposes are achieved, the data subject’s consent expires or is withdrawn, or should the unlawful processing of personal data be identified.

11. List of actions performed by the Data Controller on received personal data

11.1. The Data Controller collects, records, classifies, collates, stores, edits (updates, changes), extracts, uses, transfers (distributes, provides, accesses), anonymises, blocks, deletes, and destroys personal data.

11.2. The Data Controller performs automated processing of personal data with or without the receipt and/or transmission of received information across information and telecommunications networks.

12. The cross-border transfer of personal data

12.1. Prior to the cross-border transfer of personal data, the Data Controller shall ensure that the foreign country to whose territory the personal data are to be transferred offers adequate protections for the rights of data subjects.

12.2. The cross-border transfer of personal data to foreign countries that do not meet the above requirements may only take place with the written consent of the data subject and/or in order to fulfil an agreement to which the data subject is a party.

13. Personal data privacy

The Data Controller and other persons with access to personal data are obliged not to disclose them to third parties nor to distribute them without the consent of the data subject, unless otherwise provided by the federal law.

14. Final provisions

14.1. The User can send any question regarding the processing of their personal data to the Data Controller via e-mail at info@horizon.ru.

14.2. This document will reflect any changes to the Data Controller’s Personal Data Processing Policy. The Policy is valid indefinitely until replaced by a new version.

14.3. The current version of the Policy is freely available online at 

1. General

This Personal Data Processing Policy is written in accordance with the requirements of the Federal Law No. 152-FZ On Personal Data dated 27 July 2006 (the “Personal Data Law”) and defines the personal data processing procedure and measures to ensure personal data security taken by LLC Horizon Corporate Finance (the “Data Controller”).

1.1. The Data Controller’s core priority and commitment when carrying out its activities is to respect human and civil rights and freedoms regarding the processing of personal data, including protecting the rights to privacy, personal, and family secrets.

1.2. The Data Controller’s Personal Data Processing Policy (the “Policy”) applies to all information that the Data Controller may receive regarding visitors to the website.

 

2. Terms used in the Policy

2.1. The automated processing of personal data – the processing of personal data using computing tools.

2.2. The blocking of personal data – the temporary suspension of the processing of personal data (unless processing is necessary to update said data).

2.3. The website – the totality of graphics and information materials, as well as computer programmes and databases available on the internet at https://horizon.ru.

2.4. The personal data system – the totality of personal data contained in databases of personal data, as well as the information technology and technical means used to process them.

2.5. The anonymisation of personal data – actions that make it impossible, without the use of additional information, to determine to which specific User or other data subject personal data belong.

2.6. The processing of personal data – any action (operation) or the totality of actions (operations), automated or otherwise, including collection, recording, classification, collation, storage, editing (updating, changing), extraction, use, transfer (distribution, provision, access), anonymisation, blocking, deletion, and destruction.

2.7. The Data Controller – a government body, municipal authority, legal entity, or individual, either alone or in conjunction with others, that arranges for, and/or carries out, the processing of personal data, as well as determines the purpose of personal data processing, the composition of personal data to be processed, and the actions (operations) performed on personal data.

2.8. Personal data – any information relating, either directly or indirectly, to an identified or identifiable User of the website at https://horizon.ru.

2.9. Personal data permitted by the data subject for dissemination – personal data to which the data subject grants access to an unlimited range of persons by giving consent to the processing of their personal data for dissemination in the manner prescribed by the Personal Data Law (“personal data permitted for dissemination”).

2.10. The User – any visitor to the website at https://horizon.ru.

2.11. The provision of personal data – the act of disclosing personal data to a certain person or a group of persons.

2.12. The dissemination of personal data – any actions aimed at disclosing (transferring) personal data to an indefinite range of persons or to make personal data available to an unlimited range of persons, including by disclosing personal data in the media, placing them in information and telecommunications networks, or providing access to personal data in any other way.

2.13. The cross-border transfer of personal data – the transfer of personal data to the territory of a foreign country, a foreign authority, a foreign individual, or a foreign legal entity.

2.14. The destruction of personal data – any action that irretrievably destroys personal data, making it impossible to restore the content of said personal data in the personal data system, and/or destroying the physical media on which personal data are stored.

3. Rights and obligations of the Data Controller

3.1. The Data Controller may:

– receive accurate information and/or documents containing personal data from the data subject;

– continue to process the personal data of data subjects who have withdrawn their consent to the processing of personal data without their consent, under the grounds set out in the Personal Data Law; and

– independently define the scope and the list of measures necessary and sufficient to ensure the fulfilment of its obligations under the Personal Data Law and the regulations adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.

3.2. The Data Controller is obliged to:

– supply the data subject, upon their request, with information concerning the processing of their personal data;

– process personal data in line with the procedure set out in applicable laws of the Russian Federation;

– respond to requests and enquiries submitted by data subjects and/or their legal representatives in line with the requirements of the Personal Data Law;

– communicate the necessary information, upon request, to the competent authority within 30 days of the date of receiving said request;

– publish or otherwise provide unrestricted access to this Policy;

– take legal, organisational, and technical measures to protect personal data against unlawful or accidental access, destruction, changing, blocking, copying, sharing, dissemination, and any other unlawful act;

– halt the transfer (dissemination, provision, access) and processing of personal data in cases stipulated in the Personal Data Law, and destroy personal data in the manner stipulated in the Personal Data Law; and

– fulfil any other obligations set out in the Personal Data Law.

4. Rights and obligations of the data subject

4.1. Data subjects are entitled to:

– receive information concerning the processing of their personal data, except in cases stipulated by federal laws. The Data Controller shall provide said information to the data subject in an accessible format, and it must not contain personal data relating to other data subjects, unless there are legitimate grounds for disclosing such personal data. The list of information available and the procedure for requesting it are prescribed in the Personal Data Law;

– demand that the Data Controller clarify, block, or destroy personal data should they be incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing, and take statutory measures to protect their rights;

– put forward the condition of prior consent before the processing of personal data for the purpose of marketing goods, work, or services;

– withdraw their consent to the processing of personal data;

– appeal to the competent authority for the protection of their rights as a data subject or take legal action against the unlawful acts or negligence of the Data Controller when processing their personal data; and

– exercise other rights provided for by Russian laws.

4.2. Data subjects are obliged to:

– provide the Data Controller with accurate information about themselves; and

– inform the Data Controller of any changes to their personal data.

4.3. Persons who provide the Data Controller with false information about themselves, or with the personal data of another data subject without their consent, shall be liable under Russian laws.

5. The Data Controller may process the following personal data of the User.

5.1. Surname, name, middle name(s).

5.2. E-mail address.

5.3. Telephone number(s).

5.4. The website also collects and processes anonymised visitor data (including cookies) via web analytics services (e.g. Yandex.Metrika and Google Analytics).

5.5. The above-mentioned data are referred to in the Policy under the generic term of Personal Data.

5.6. The Data Controller does not process special categories of personal data relating to race, ethnicity, political views, religious or philosophical beliefs, or private life.

5.7. The processing of personal data permitted for dissemination from among the special categories of personal data specified in Clause 1 of Article 10 of the Personal Data Law shall be permitted if the prohibitions and conditions stipulated in Article 10.1 of the Personal Data Law are complied with.

5.8. The User’s consent to the processing of personal data permitted for dissemination shall be given separately from other consents to the processing of their personal data. The conditions stipulated by Article 10.1 of the Personal Data Law, inter alia, shall be observed in this case. The requirements for the specifics of said consent shall be established by the competent authority protecting the rights of data subjects.

5.8.1 The User provides their consent directly to the Data Controller for the processing of personal data permitted for dissemination.

5.8.2 The Data Controller shall, within three working days of receipt of the above User consent, publish information about data processing conditions, as well as prohibitions and conditions regarding the processing by an unlimited range of persons of personal data permitted for dissemination.

5.8.3 The transfer (dissemination, provision, access) of personal data permitted for dissemination must be halted at any time upon the request of the data subject. This requirement shall include the data subject’s surname, first name, middle name(s) (if any), contact information (telephone number, e-mail address, or postal address), as well as the list of personal data the processing of which is to be terminated. The personal data specified in this request may only be processed by the Data Controller to whom they are sent.

5.8.4 Consent to the processing of personal data permitted for dissemination shall terminate upon the Data Controller’s receipt of the request referred to in clause 5.8.3 of the Policy.

6. Personal data processing principles

6.1. The processing of personal data shall be lawful and fair.

6.2. The processing of personal data shall only take place to accomplish specific, predetermined, and legitimate purposes. The processing of personal data in a way incompatible with the purposes for which they were collected is not permitted.

6.3. Databases containing personal data collected for differing processing purposes may not be merged.

6.4. Only personal data that meet the stated processing purposes may be processed.

6.5. The content and volume of the processed personal data shall correspond to the stated processing purposes. Excessive personal data vis-a-vis the stated processing purposes shall not be collected.

6.6. The processing of personal data ensures that personal data are accurate, complete, and, if necessary, relevant vis-a-vis the stated processing purposes. The Data Controller takes the necessary steps and/or ensures that said steps are taken to ensure incomplete or inaccurate data are deleted or updated.

6.7. Personal data shall be stored in a format that allows the data subject to be identified for no longer than required for the processing purposes, unless the storage period is prescribed by a federal law or agreement to which the data subject is a party, beneficiary, or guarantor. Personal data subject to processing are destroyed or anonymised once the stated processing purposes are achieved or no longer necessary, unless otherwise provided by federal law.

7. Personal data processing purposes

7.1. The User’s personal data are processed in order to:

– keep the User informed by e-mail; and

– provide the User with access to the services, information, and/or materials available on the website.

7.2. The Data Controller also may send the User messages about new products and services, special offers, and various events. The User may always opt out of receiving messages by sending an e-mail to the Data Controller at info@horizon.ru with the subject “Opt out of hearing about new products and services and special offers”.

7.3. Anonymised User data collected via web analytics services are used to collect information about User actions on the site, and to improve the quality of the site and its content.

8. Legal basis for processing personal data

8.1. The legal basis for processing personal data includes:

– charter or constitutional documents of the Data Controller;

– federal laws, or other laws and regulations regarding the protection of personal data; and

– the User’s consent to the processing of their personal data, or the processing of personal data permitted for dissemination.

8.2. The Data Controller only processes the User’s personal data if filled in and/or submitted by the User independently through special forms located on the website at https://horizon.ru or sent to the Data Controller via e-mail. By filling in said forms and/or sending their personal data to the Data Controller, the User agrees to this Policy.

8.3. The Data Controller processes anonymised User data if permitted by the User’s browser settings (i.e. cookies and JavaScript are enabled).

8.4. The data subject independently decides to provide their personal data and gives consent freely, of their own free will and in their own interest.

9. Personal data processing conditions

9.1. Personal data processing is carried out with the consent of the data subject to said processing.

9.2. The processing of personal data may be necessary to achieve the purposes envisaged by a law or international agreement to which the Russian Federation is a party, or to carry out the functions, powers, and duties assigned to the Data Controller by Russian laws.

9.3. The processing of personal data may be necessary to administer justice or execute a judicial ruling or an act of a government body or officer in accordance with the Russian laws on the enforcement of judgements.

9.4. The processing of personal data may be necessary for the fulfilment of an agreement to which the data subject is a party, beneficiary, or guarantor, as well as for the execution of an agreement proposed by the data subject or an agreement under which the data subject will be a beneficiary or guarantor.

9.5. The processing of personal data may be necessary to exercise the rights and legitimate interests of the Data Controller or third parties, or to achieve aims in the public interest, provided that the rights and freedoms of the data subject are not violated.

9.6. The Data Controller processes personal data to which the data subject grants access to an unlimited range of persons or at their request (“publicly available personal data”).

9.7. The Data Controller processes personal data subject to publication or mandatory disclosure under federal law.

10. The procedure for collecting, storing, transferring, and other types of personal data processing

The Data Controller ensures the personal data it processes remain protected by implementing the legal, organisational, and technical measures necessary to fully comply with the requirements of applicable personal data protection laws.

10.1. The Data Controller shall ensure personal data are protected and shall take all possible measures to prevent unauthorised persons from accessing personal data.

10.2. The User’s personal data shall never, under any circumstances, be disclosed to third parties, except in cases prescribed by applicable laws or if the data subject has given their consent to the Data Controller for the transfer of data to a third party to fulfil obligations under an independent contractor agreement.

10.3. If the User notices that their personal data are incorrect, he/she may update said data independently by sending a relevant notification to the Data Controller’s e-mail address at info@horizon.ru with the subject “Update of personal data”.

10.4. The duration of personal data processing lasts until the personal data’s collection purposes have been achieved, unless a different period is stipulated by an agreement or applicable laws. The User may withdraw their consent to the processing of personal data at any time by sending an e-mail to the Data Controller’s e-mail address at info@horizon.ru with the subject “Withdrawal of consent to the processing of personal data”.

10.5. All information collected by third party services, including payment systems, communication services, and other service providers, is stored and processed by these parties (Data Controllers) in accordance with their respective User Agreements and Privacy Policies. The data subject and/or User is obliged to review these documents at their earliest convenience. The Data Controller shall not be held liable for the actions of third parties, including the service providers referred to in this clause.

10.6. The limits selected by the data subject regarding the transfer (except for granting access), or regarding the processing or conditions for processing (except for receiving access) of personal data permitted for dissemination, do not apply in cases where personal data are processed in the interest of the state, societal interests or other public interests that are defined by Russian laws.

10.7. The Data Controller ensures the confidentiality of personal data in the course of processing.

10.8. The Data Controller stores personal data in a format that allows the data subject to be identified for no longer than required for the processing purposes, unless the storage period is prescribed by a federal law or agreement to which the data subject is a party, beneficiary, or guarantor.

10.9. The processing of personal data may be terminated once processing purposes are achieved, the data subject’s consent expires or is withdrawn, or should the unlawful processing of personal data be identified.

11. List of actions performed by the Data Controller on received personal data

11.1. The Data Controller collects, records, classifies, collates, stores, edits (updates, changes), extracts, uses, transfers (distributes, provides, accesses), anonymises, blocks, deletes, and destroys personal data.

11.2. The Data Controller performs automated processing of personal data with or without the receipt and/or transmission of received information across information and telecommunications networks.

12. The cross-border transfer of personal data

12.1. Prior to the cross-border transfer of personal data, the Data Controller shall ensure that the foreign country to whose territory the personal data are to be transferred offers adequate protections for the rights of data subjects.

12.2. The cross-border transfer of personal data to foreign countries that do not meet the above requirements may only take place with the written consent of the data subject and/or in order to fulfil an agreement to which the data subject is a party.

13. Personal data privacy

The Data Controller and other persons with access to personal data are obliged not to disclose them to third parties nor to distribute them without the consent of the data subject, unless otherwise provided by the federal law.

14. Final provisions

14.1. The User can send any question regarding the processing of their personal data to the Data Controller via e-mail at info@horizon.ru.

14.2. This document will reflect any changes to the Data Controller’s Personal Data Processing Policy. The Policy is valid indefinitely until replaced by a new version.

14.3. The current version of the Policy is freely available online at https://www.horizon.ru/eng/