Policy regarding the processing of personal data

(Privacy policy)

1. General Provisions

1.1. This Personal Data Processing Policy (hereinafter referred to as the Policy) DOMA LLC legal address: 121205, Moscow, territory of the Skolkovo Innovation Center, st. Nobelya, d. 7, e / p / work.m. 1/145/5 (hereinafter referred to as the Operator) is an official document that defines the general principles, purposes and procedure for processing personal data of users of the website (https://doma.ai/eng, https://v1.doma.ai, https ://cc.doma.ai) (hereinafter referred to as the Site), as well as information on the implemented measures to protect personal data.

1.2. The policy has been developed in accordance with the legislation of the Russian Federation in the field of personal data.

1.3. This Policy applies solely to the Site. The Operator does not control and is not responsible for the websites of third parties, to which the User can follow the links available on the Website.

1.4. The processing by the Operator of personal data of other categories of personal data subjects is regulated by other local acts of the Operator.

1.5. This Policy comes into force from the moment of its approval and is valid indefinitely, until it is replaced by a new Policy.

2. Basic terms and definitions

2.1. The following terms are used in this Policy:

2.1.1. Personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing.

2.1.2. Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.1.3. Personal data operator (operator) - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with
personal data.

2.1.4. Personal data - any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data);

2.1.5. Site user - any person visiting the site and using the information, materials and services of the site.

2.1.6. Site - a set of interconnected web pages hosted on the Internet at a unique address (URL), as well as its subdomains.

3. Procedure and conditions for processing personal data

3.1. The basis for the processing of personal data of users of the Site is consent to the processing of personal data. Users of the Site give their consent to the processing of their personal data in the following cases:
- when registering on the Site in your personal account;
- when filling out the feedback form / ordering a callback on the Site;

3.2. If the User disagrees with the terms of this Policy, the use of the Site and / or any Services available when using the Site must be immediately terminated.

3.3. The personal data of the Site Users are processed for the following purposes:
- communication, technical support;
- fulfillment of contractual obligations;
- entering data into amoCRM, filling out applications, editing applications;
- transfer of data to the Management Company and contractors that work under an agreement with the management company;
- entering data into the system;
- receiving consultations, ordering a call;
- registration in a personal account;
- maintaining statistics and analyzing the operation of the Site.

3.4. The list of personal data of users processed on the Site using automation tools:
- Full Name;
- phone number;
- E-mail address;
- residential address;
- information about residential property (apartment, non-residential premises, footage);
- other information that the user has chosen to provide.

3.5. To maintain statistics and analyze the operation of the Site, the Operator processes, using the Google Analytics and Yandex.Metrica metric services, data such as:
- IP address;
- browser information;
- data from cookies;
- access time;
- referrer (address of the previous page).

3.6. Google Analytics, which is a web analysis tool of Google Inc., is registered at Parkway Amphitheater, Mountain View, CA 94043, USA (“Google”) for the purpose of continually optimizing the Site. Google Analytics works with cookies and creates pseudonymous usage profiles that allow an analysis of Users' use of the Site. The information stored in such cookies (eg browser type/version, operating system used, referrer URL, hostname of the accessing computer, server request time) is usually transmitted and stored on Google's servers. To block Google Analytics, you can download and install the add-on at http://tools.google.com/dlpage/gaoptout?hl=en. For more information, please see Google's privacy policy: https://www.google.com/intl/en/policies/privacy.

3.7. The Yandex.Metrika service, available at http://api.yandex.com/metrika, which allows various services and applications of the User to interact with the Yandex.Metrica service of Yandex LLC, is registered at 119021, Moscow, st. Leo Tolstoy, 16 thereinafter - Yandex). Yandex.Metrica works with cookies and creates pseudonymous usage profiles that allow you to analyze how Users use the Site. The information stored in such cookies (for example, browser type/version, operating system used, referrer URL, hostname of the computer accessing, server request time) is usually transmitted and stored on Yandex. To block
Yandex.Metrica, you can download and install the add-on at https://yandex.com/support/metrica/general/opt-out.html?lang=ru For more information, see the Yandex privacy policy: https://yandex. ru/legal/confidential/?lang=ru.

3.8. If Google Analytics and Yandex.Metrica are blocked, some functions of the Site may become unavailable.

3.9. The processing of biometric personal data and special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life is not carried out on the Site.

3.10. The Operator does not verify the accuracy of the information provided by the User, and proceeds from the fact that the User provides reliable and sufficient information, controls its relevance.

3.11. The operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction.

3.12. The storage of personal data is carried out in a form that allows you to determine the subject of personal data no longer than required by the purposes of processing personal data.

3.13. The condition for terminating the processing of personal data may be the achievement of the goals of processing personal data, the expiration of the processing of personal data, the withdrawal of the consent of the user of the Site to the processing of his personal data, as well as the identification of illegal processing of personal data.

3.14. The period of storage of personal data of users of the Site is 1 year from the date of he last data submission.

4. Measures to ensure the security of personal data

4.1. The security of personal data processed by the Operator is ensured by the implementation of legal, organizational, technical and program measures necessary and sufficient to ensure the requirements of the legislation of the Russian Federation.

4.2. The Operator takes the following measures to ensure the security of personal data:
- appointment of persons responsible for organizing the processing and ensuring the protection of personal data;
- limiting the composition of the Operator's employees with access to personal data;
- determination of the level of protection of personal data when processing personal data in information systems;
- determination of actual threats to the security of personal data during their processing in information systems of personal data;
- establishing rules for restricting access to personal data processed in personal data information systems and ensuring registration and accounting of all actions performed with personal data;
- restriction of access to the premises where the main technical means and systems of information systems of personal data are located and non-automated processing of personal data is carried out;
- keeping records of machine carriers of personal data;
- organization of backup and recovery of personal data information systems and personal data modified or destroyed due to unauthorized access to them;
- establishing requirements for the complexity of passwords for access to personal data information systems;
- application of procedures for assessing the conformity of information security tools that have passed in the prescribed manner;
- implementation of anti-virus control, prevention of the introduction of malicious programs (virus programs) and software bookmarks into the corporate network;
- organization of timely updating of software used in personal data information systems and information security tools;
- conducting a regular assessment of the effectiveness of measures taken to ensure the security of personal data;
- detection of facts of unauthorized access to personal data and taking measures to establish the causes and eliminate possible consequences;
- control over the measures taken to ensure the security of personal data and the levels of security of personal data information systems.

5. Rights of site users

5.1. The user of the Site has the right to receive information regarding the processing of his personal data, including containing:
- confirmation of the fact of processing personal data by the Operator;
- legal grounds and purposes of personal data processing;
- the purposes and methods of processing personal data used by the Operator;
- the name and location of the Operator, information about persons (excluding employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;
- processed personal data relating to the relevant subject of personal data, the source of their receipt, unless a different procedure for the submission of such data is provided by federal law;
- terms of personal data processing, including the terms of their storage;
- the procedure for the exercise by the subject of personal data of the rights provided for by the Federal Law "On Personal Data";
- information about the carried out or proposed cross-border transfer of personal data;
- the name or surname, first name, patronymic and address of the person who processes personal data on behalf of the Operator, if the processing is or will be entrusted to such a person;
- other information provided for by the Federal Law "On Personal Data" or other federal laws.

5.2. The Website user has the right to demand from the Operator the clarification of his personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided by law to protect their rights.

5.3. The Website user has the right to request in a structured, universal and machine-readable format a list of his personal data provided to the Operator for processing, and instruct the Operator to transfer his personal data to a third party if there is an appropriate technical capability. In this case, the Operator is not responsible for the actions of a third party committed in the future with personal data.

6. Responsibility

6.1. The user is fully responsible for compliance with the requirements of the current legislation of the Russian Federation, including laws on advertising, on the protection of copyright and related rights, on the protection of trademarks and service marks, but not limited to the above, including full responsibility for the content and form of materials, in case quoting and other use of information obtained in connection with the use of the Site services.

7. Final provisions

7.1. The Operator has the right to make changes to this Policy unilaterally in case of changes in the regulatory legal acts of the Russian Federation, as well as at its owndiscretion.

7.2. Control over the fulfillment of the requirements of this Policy is carried out by the person responsible for organizing the processing of personal data.

7.3. Persons guilty of violating the rules governing the processing and protection of personal information bear material, disciplinary, administrative, civil or criminal liability in the manner prescribed by the legislation of the Russian Federation.