# Privacy Policy and Data Processing
This Policy on the processing of personal data (hereinafter referred to as the "Policy") is developed in accordance with paragraph 2 of part 1 of Article 18.1 of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ dated July 27, 2006 (hereinafter referred to as the "Law") and defines the position of the Website Administration (hereinafter referred to as the "Website Administration") regarding the processing and protection of personal data (hereinafter referred to as "Data"), respect for human rights and freedoms, and in particular the right to privacy, personal and family secrets. Translated from DeepL.com (free version).
This Policy applies to Data collected both before and after the Policy comes into force.
Recognizing the importance and value of Data, as well as caring for compliance with the constitutional rights of citizens of the Russian Federation and other states, the Website Administration ensures reliable Data protection.
Data — any information relating directly or indirectly to a directly or indirectly identified or identifiable natural person, including: surname, name, patronymic, email address, location, link to a personal website or social networks, IP address.
Data Processing — any action (operation) or set of actions (operations) performed with Data, using automation or not. These actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, destruction of Data.
Data Security — protection of Data against illegal and/or unauthorized access, destruction, modification, blocking, copying, provision, dissemination of Data, as well as other illegal actions regarding Data.
Data processing and protection by the Website Administration is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, subordinate acts, other federal laws of the Russian Federation regulating cases and peculiarities of Data processing, regulatory and methodological documents of the FSTEC of Russia and the Federal Security Service of Russia.
Subjects of Data processed by the Website Administration:
Users and visitors of the website https://duckhack.shop/, owned by the Website Administration, including placing an order on the website https://duckhacks.shop.
The Website Administration processes Data of subjects for the following purposes:
Implementation of functions, powers and obligations assigned to the Website Administration by the legislation of the Russian Federation in accordance with federal laws.
Processing of Users' Data for the following purposes:
Providing information about goods/services, ongoing promotions and special offers.
Analyzing the quality of services provided and improving customer service quality.
Informing about the status of your order.
Execution of the contract, including a sales contract concluded remotely on the website, provision of paid services; provision of services, as well as accounting for services rendered to the consumer for mutual settlements.
Delivery of ordered goods to the user who placed the order on the website, return of goods.
When processing Data, the Website Administration follows the principles: Data processing is carried out on a lawful and fair basis; Data are not disclosed to third parties and not disseminated without the consent of the Data subject, except for cases requiring disclosure of Data upon request of authorized government agencies, court proceedings; specific legitimate purposes are determined before the start of Data processing (including collection); only Data necessary and sufficient for the stated purpose of processing are collected; Data are combined with the personal data of the subject.
The Website Administration may include the Data of subjects in publicly available Data sources, in which case the Website Administration obtains written consent from the subject for processing their Data or consent is expressed through a website form (checkbox), by clicking on which the Data subject expresses their consent.
The Website Administration does not process Data about race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.
Biometric Data (information characterizing physiological and biological characteristics of a person, based on which his identity can be established and which is used by the operator to establish the identity of the Data subject) are not processed by the Website Administration.
The Website Administration carries out cross-border transfer of Data. The Website Administration confirms that the foreign state to which personal data are transferred ensures adequate protection of the rights of Data subjects in accordance with the security level determined by the Convention of the Council of Europe on the protection of individuals with regard to automatic processing of personal data.
In cases provided by the legislation of the Russian Federation, the Website Administration has the right to transfer Data to third parties (Federal Tax Service, Pension Fund and other government agencies) in cases provided by the legislation of the Russian Federation.
The Website Administration has the right to entrust the processing of Data of subjects to third parties with the consent of the Data subject, based on a contract concluded with these parties, including consent to the user agreement and personal data processing policy posted on the website.
Persons processing Data based on a contract (order of the operator) concluded with the Website Administration, are obliged to comply with the principles and rules of Data processing and protection provided for by the Law. For each third party, the contract determines the list of actions (operations) with Data performed by the third party, the purposes of processing, establishes the obligation of the third party to maintain confidentiality and ensure Data security during their processing, as well as specifies the requirements for the protection of processed Data in accordance with the Law.
To fulfill the requirements of its contractual obligations, Data processing in the Website Administration is carried out both using automation and without it. The set of processing operations includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Data.
The Website Administration is prohibited from making decisions based exclusively on automated processing of Data that produce legal consequences regarding the Data subject or otherwise affect his rights and legitimate interests.
The subject whose Data are processed by the Website Administration has the right:
To receive from the Website Administration:
Confirmation of the fact of Data processing and information about the presence of Data related to this subject.
Information about the legal grounds and purposes of Data processing.
Information about the methods of Data processing used by the Website Administration.
List of processed Data related to the subject and information about the source of their receipt.
Information about the duration of Data processing, including the period of their storage.
Information about how the Data subject can exercise their rights.
Other information provided for by the Law or other regulatory legal acts of the Russian Federation.
To require from the Website Administration:
Clarification of their Data, blocking or destruction, if the Data are incomplete, outdated, inaccurate, obtained illegally or unnecessary for the stated purpose of processing.
To withdraw their consent to Data processing at any time; to require termination of illegal actions of the Website Administration regarding their Data.
To protect their rights and legitimate interests, including compensation for damages and/or moral harm in court.
The Website Administration is obliged:
To provide the Data subject, upon their request, with information regarding the processing of their personal data, or to inform them of a refusal on legal grounds within thirty days from the date of receipt of the request from the Data subject or their representative.
To explain to the Data subject the legal consequences of refusing to provide Data, if the provision of Data is mandatory in accordance with federal law.
To take necessary legal, organizational and technical measures or ensure their adoption to protect Data from illegal and/or unauthorized access to them, destruction, modification, blocking, copying, provision, dissemination of Data, as well as other illegal actions regarding Data.
To publish on the internet and provide unlimited access via the internet to the document defining its policy regarding Data processing, information about requirements for Data protection implemented.
To provide Data subjects and/or their representatives with the opportunity to freely familiarize themselves with the Data upon request within 30 days from the date of receipt of such request.
To block illegally processed Data related to the Data subject, or ensure their blocking (if Data are processed by another person acting on behalf of the Website Administration) from the moment of request or receipt of request for the period of verification, in case of detection of illegal Data processing upon request of the Data subject or their representative or upon request of an authorized body for the protection of Data subjects' rights.
To clarify the Data or ensure their clarification within 7 working days from the date of submission of data and remove the Data blocking, in case of confirmation of Data inaccuracy based on information provided by the Data subject or their representative.
To terminate unauthorized Data processing or ensure its termination.
To terminate Data processing or ensure its termination and destroy Data or ensure their destruction after achieving the purpose of Data processing, if otherwise not provided by the contract, party, beneficiary or guarantor of which is the Data subject.
To terminate Data processing or ensure its termination and destroy Data or ensure their destruction in case the Data subject withdraws their consent for Data processing, if the Website Administration has no right to process Data without the consent of the Data subject.
When processing Data, the Website Administration takes necessary legal, organizational and technical measures to protect Data from illegal and/or unauthorized access to them, destruction, modification, blocking, copying, provision, dissemination of Data, as well as other illegal actions regarding Data.
Such measures include, in particular:
Appointment of a person responsible for organizing Data processing and a person responsible for ensuring Data security.
Development and approval of local acts on Data processing and protection.
Application of legal, organizational and technical measures to ensure Data security.
Identification of threats to Data security during their processing in personal data information systems.
Application of organizational and technical measures to ensure Data security during their processing in personal data information systems necessary for fulfilling the requirements for Data protection.
Application of information security tools that have passed the conformity assessment procedure established by regulations.
Assessment of the effectiveness of adopted measures to ensure Data security before commissioning a personal data information system.
Accounting of machine-readable Data media, if Data are stored on machine-readable media.
Detection of unauthorized access to Data and taking measures to prevent such incidents in the future.
Recovery of Data modified or destroyed as a result of unauthorized access to them.
Establishment of access rules to Data processed in a personal data information system, as well as ensuring registration and recording of all actions performed with Data in a personal data information system.
Control over measures taken to ensure Data security and the level of protection of personal data information systems.
Assessment of damage that may be caused to Data subjects in case of violation of the requirements of the Law, comparison of the specified damage with measures taken by the Website Administration to fulfill obligations provided for by the Law.
Compliance with conditions excluding unauthorized access to physical Data media and ensuring Data security.
The duration of Data processing (storage) is determined based on the purposes of Data processing, in accordance with the duration of the contract with the Data subject, requirements of federal laws, requirements of Data operators on whose behalf the Website Administration processes Data, main archival rules of organizations, limitation periods.
Data whose processing (storage) period has expired are subject to destruction. Storage of Data after completion of their processing is allowed only after their depersonalization.
Persons whose Data are processed by the Website Administration may obtain clarifications on Data processing issues by contacting the Website Administration through the feedback form.
The Website Administration processes Data received from website users from the resource: https://duckhacks.shop/ (hereinafter collectively referred to as the "Website") and when directly proceeding to order placement.
Data Collection. The Website Administration receives Data through the internet in two main ways:
Providing Data (self-entering):
Surname
Name
Patronymic
Link to personal website or social networks
Automatically collected information. The Website Administration may collect and process information not constituting personal data:
Location determination
IP address
Information about users' interests on the website based on search queries entered by website users regarding sold and offered goods, for the purpose of providing relevant information to users when using the website, as well as generalization and analysis of information about which sections of the website and goods are most in demand among website clients;
Processing and storage of website users' search queries for the purpose of generalization and creation of statistics on the use of website sections. The Website Administration automatically receives certain types of information obtained when users interact with the website, electronic correspondence, etc. This relates to technologies and services such as web protocols, cookies, web beacons, as well as third-party applications and tools. At the same time, web beacons, cookies and other tracking technologies do not allow automatic data collection. If a website user voluntarily provides their Data, for example, by filling out a feedback form or sending an email, only then are processes of automatic collection of detailed information launched for the convenience of using the website and/or improving interaction with users.
Use of Data
The Website Administration has the right to use the provided Data in accordance with the stated purposes of their collection, provided that the Data subject's consent is obtained, if such consent is required. Data obtained in a generalized and anonymized form may be used to better understand the needs of clients for goods and services sold by the Website Administration, and to improve the quality of service.
Data Transfer
The Website Administration may entrust Data processing to third parties exclusively with the consent of the Data subject. Also, Data may be transferred to third parties in the following cases: a) In response to lawful requests from authorized government agencies, in accordance with laws, court decisions, etc. b) Data cannot be transferred to third parties for marketing, commercial and similar purposes, except for cases when prior consent of the Data subject is obtained.
The website contains links to other web resources where users of the website can find useful and interesting information. This Policy does not apply to such websites. Users who follow links to other websites are advised to familiarize themselves with the data processing policies posted on those websites.
Final Provisions
This Policy is a local regulatory act of the Website Administration. This Policy is publicly accessible. Public accessibility of this Policy is ensured by its publication on the website. This Policy may be revised in the following cases:
When changes occur in the legislation of the Russian Federation in the field of personal data processing and protection;
Upon receipt of instructions from competent government agencies to eliminate discrepancies affecting the scope of the Policy;
By decision of the Website Administration;
When changing the purposes and duration of Data processing;
When changing the organizational structure, structure of information and/or telecommunications systems (or implementing new ones);
When applying new Data processing and protection technologies (including transfer, storage);
When applying new Data processing and protection technologies (including transfer, storage);
When applying new Data processing and protection technologies (including transfer, storage);
© 2025 DuckHacks. All rights reserved