1. General Provisions
This Personal Data Processing Policy has been drafted in accordance with the requirements of the Federal Law of July 27, 2006, No. 152-FZ "On Personal Data" (hereinafter referred to as the "Personal Data Law") and defines the procedure for processing personal data and measures to ensure the security of personal data taken by GRATIO LLC (hereinafter referred to as the "Operator").
1.1. The Operator's most important goal and condition for the implementation of its activities is the observance of human and civil rights and freedoms during the processing of personal data, including the protection of the rights to privacy, personal, and family secrets.
1.2. This Policy applies to all information that the Operator may obtain about visitors to the website https://gratio.tech/.
2. Basic Concepts Used in the Policy

• 2.1. Automated processing of personal data – processing of personal data using computer technology.
• 2.2. Blocking of personal data – temporary termination of the processing of personal data (unless processing is necessary to clarify personal data).
• 2.3. Website – a collection of graphic and information materials, as well as computer programs and databases, ensuring their availability on the Internet at the network address https://gratio.tech/.
• 2.4. Personal data information system – a set of personal data contained in databases and information technologies and technical means ensuring their processing.
• 2.5. Anonymization of personal data – actions as a result of which it is impossible to determine, without the use of additional information, the ownership of personal data by a specific User or other subject of personal data.
• 2.6. Processing of personal data – any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
• 2.7. Operator – a state body, municipal body, legal entity, or individual, independently or jointly with others organizing and/or carrying out the processing of personal data, as well as determining the purposes of processing, the composition of data to be processed, and actions (operations) performed with personal data.
• 2.8. Personal data – any information relating directly or indirectly to a specific or identifiable User of the website https://gratio.tech/.
• 2.9. Personal data authorized by the data subject for distribution – personal data to which an unlimited circle of persons is granted access by the data subject by giving consent to the processing of personal data in the manner prescribed by the Personal Data Law.
• 2.10. User – any visitor to the website https://gratio.tech/.
• 2.11. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific circle of persons.
• 2.12. Distribution of personal data – any actions aimed at disclosing personal data to an indefinite circle of persons or making it available to an unlimited circle of persons, including publication in the media or placement in networks.
• 2.13. Cross-border transfer of personal data – the transfer of personal data to the territory of a foreign state to a foreign authority, individual, or legal entity.
• 2.14. Destruction of personal data – any actions as a result of which personal data are destroyed irrevocably without the possibility of further restoration.

3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:

• Receive reliable information and/or documents containing personal data from the data subject.
• Continue processing personal data without the consent of the data subject if there are grounds specified in the Personal Data Law.
• Independently determine the scope of measures necessary and sufficient to ensure the fulfillment of legal obligations.

3.2. The Operator is obliged to:

• Provide the data subject, at their request, with information regarding the processing of their data.
• Organize the processing of personal data in accordance with the current legislation of the Russian Federation.
• Take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access.

4. Basic Rights and Obligations of Data Subjects
4.1. Data subjects have the right to:

• Receive information concerning the processing of their personal data.
• Demand clarification, blocking, or destruction of their data if it is incomplete, outdated, or inaccurate.
• Withdraw consent to the processing of personal data at any time.

4.2. Data subjects are obliged to:

• Provide the Operator with reliable data about themselves.
• Inform the Operator about any updates or changes to their personal data.

5. Principles of Personal Data Processing

• Processing is carried out on a lawful and fair basis.
• Processing is limited to achieving specific, predetermined, and legitimate goals.
• Only personal data that meets the purposes of their processing shall be processed.
• Storage is carried out in a form that allows identifying the subject for no longer than required by the purposes of processing.

6. Purposes of Personal Data Processing
6.1. Preparation, conclusion, and execution of civil law contracts

• Personal Data Processed: Full name, birth details, address, email, phone number, ID/Passport data, bank details, profession, income, and data collected via metrics programs.
• Legal Grounds: Consent of the subject, fulfillment of a contract, fulfillment of legal obligations, and protection of vital interests.
• Types of Processing: Collection, recording, storage, use, transfer, anonymization, and destruction.

6.2. Compliance with labor legislation of the Russian Federation

• Personal Data Processed: Full name, birth details, family and social status, income, SNILS, INN, education, employment history, and military service records.
• Legal Grounds: Consent of the subject, fulfillment of legal functions and duties, and statistical or research purposes.
• Types of Processing: Collection, systematization, accumulation, storage, use, and destruction.

7. Conditions of Personal Data Processing
Processing is carried out when:

• The subject has given consent.
• It is necessary to achieve goals provided for by international treaties or laws.
• It is necessary for the execution of a contract where the data subject is a party.
• It is necessary to protect the rights and legitimate interests of the Operator or third parties.

8. Procedure for Collection, Storage, and Transfer
8.1. The Operator ensures the safety of personal data and takes all possible measures to exclude unauthorized access.
8.2. Personal data will never be transferred to third parties, except for cases related to the implementation of current legislation.
8.3. Users can update their data by emailing ev@gratio.team with the subject "Personal Data Update."
8.4. The User may withdraw consent by emailing ev@gratio.team with the subject "Withdrawal of consent."
8.5. The Operator is not responsible for the actions of third-party services (payment systems, etc.) used by the User.
9. Final Provisions
9.1. The User can receive clarifications by contacting the Operator via email: ev@gratio.team. 9.2. This document reflects any changes to the Policy and is valid indefinitely.
9.3. The current version of the Policy is available at: https://gratio.tech/policy