Privacy Policy for Personal Data

(as amended on 13.09.2025) This Privacy Policy for Personal Data (hereinafter referred to as the “Policy”) defines the procedure and conditions for processing personal data of users of the website troykamultispace.ru (hereinafter referred to as the “Website”), measures for their protection, as well as the rights and obligations of personal data subjects and the personal data operator in accordance with Federal Law No. 152-FZ dated 27.07.2006 “On Personal Data” and other regulatory legal acts of the Russian Federation.

1. General Provisions and Terms 1.1. The personal data operator is Limited Liability Company “Yauza” (LLC “Yauza”), INN 7709019854, registered address: 109028, Moscow, Yauzskaya St., 1/15, building 2, email address for personal data subject inquiries: general@troykamultispace.com (hereinafter referred to as the “Operator”). 1.2. This Policy applies to all personal data received by the Operator from Website users when using the Website’s functionality, including but not limited to, submitting inquiries through web forms, submitting rental applications, and registering to access digital event materials. 1.3. Using the Website implies the user’s unconditional consent to this Policy and the conditions for processing personal data stated herein; if the user does not agree with the terms of the Policy, they must refrain from using the Website. 1.4. For the purposes of this Policy, the following terms are used: 1.4.1. “Personal data” means any information relating directly or indirectly to an identified or identifiable individual (personal data subject). 1.4.2. “Personal data processing” means any action (operation) or a set of actions (operations) performed with personal data, with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, updating (modification), retrieval, usage, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data. 1.4.3. “Automated processing of personal data” means processing of personal data using computer technology. 1.4.4. “Provision of personal data” means actions aimed at disclosing personal data to a specific person or an indefinite number of persons. 1.4.5. “Blocking of personal data” means temporary suspension of personal data processing (except in cases where processing is necessary for data clarification). 1.4.6. “Destruction of personal data” means actions making it impossible to restore the contents of personal data in personal data information systems and/or resulting in the destruction of tangible media containing personal data. 1.4.7. “Depersonalization of personal data” means actions making it impossible to determine the personal data’s affiliation with a specific subject without additional information. 1.4.8. “Website” means a collection of web pages hosted on the Internet under the domain name troykamultispace.ru, as well as the software and technical tools ensuring their accessibility. 1.4.9. “User” means an individual using the Website. 1.5. This Policy is a publicly available document of the Operator. The Operator has the right to make changes to the Policy. The new version of the Policy takes effect from the moment it is published on the Website, unless otherwise provided by the new version. 1.6. The Website and Operator’s events are intended for adult users. The Operator does not intentionally collect personal data from individuals under the age of 18. If it is found that personal data was provided by a minor without the consent of a legal representative, such data will be deleted upon request of the legal representative. 1.7. When processing personal data, the Operator is guided by principles and requirements established by the legislation of the Russian Federation, including the principles of lawfulness, fairness, minimization and proportionality to the purpose, limiting processing to specific, lawful purposes, avoiding combining databases with incompatible processing goals, and ensuring the accuracy, sufficiency, and relevance of personal data. 1.8. Personal data processing is carried out by the Operator with confidentiality and using legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, and other illegal actions. 1.9. Matters not regulated by this Policy are governed by the legislation of the Russian Federation on personal data, consumer protection, and other special regulations.
2. Scope and Categories of Processed Personal Data 2.1. The Operator processes users’ personal data voluntarily provided when using the Website functionality. Personal data are collected through the user completing forms on the Website and include the following categories: – last name and first name; – email address; – phone number; – city of residence; – unique participant identifier (ID) assigned upon registration for events. 2.2. In certain forms, the user may provide additional information at their discretion in the message or comment text. The Operator does not require the provision of such data and processes it solely within the user’s request. 2.3. When using the Website, technical data transmitted by the user’s browser may be automatically collected: IP address, browser, device and operating system data, time of access and pages visited, and cookie files. These data are not used to identify the user and are applied exclusively to ensure proper Website operation and performance analysis. 2.4. The Operator does not process special categories of personal data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, or biometric personal data. 2.5. The Operator does not collect, store, or process personal data of individuals under the age of 18. If such data are received without the legal representative’s consent, the Operator deletes them upon the representative’s request. 2.6. The scope and content of processed personal data are limited to the minimum necessary for the purposes of processing. Data not aligned with these purposes shall not be processed.
3. Purposes and Legal Grounds for Processing Personal Data 3.1. Personal data processing is carried out by the Operator exclusively to achieve specific, pre-defined, and lawful purposes. 3.2. The Operator processes personal data for the following purposes: 3.2.1. Ensuring the operation of the Website, its proper technical performance, visit statistics analysis, and improving the user experience. 3.2.2. Providing users with access to music and digital materials of the Operator’s events, identifying registered participants using a unique ID. 3.2.3. Reviewing user inquiries submitted through feedback and rental forms, establishing and maintaining feedback, including responding to inquiries, clarifying details, and coordinating interaction terms. 3.2.4. Verifying the accuracy of the information provided by the user. 3.2.5. Complying with legal requirements of the Russian Federation concerning the processing and storage of personal data. 3.3. The legal grounds for processing personal data are: – Article 6 of Federal Law No. 152-FZ “On Personal Data”; – the personal data subject’s consent expressed by filling in the relevant Website forms; – necessity for performance of a contract to which the personal data subject is a party or beneficiary, or to take steps at the subject’s request before entering into a contract; – fulfillment of the Operator’s obligations stipulated by the legislation of the Russian Federation. 3.4. Personal data are not used for decision-making solely on the basis of automated processing, including profiling, that results in legal effects or significantly affects the user’s rights and legitimate interests. 3.5. The Operator does not send advertising, informational, or other messages to users unless the user has separately and voluntarily consented to receive such messages.
4. Procedure and Conditions for Processing Personal Data 4.1. Personal data are processed by the Operator in accordance with the principles of lawfulness, fairness, purpose limitation, database separation for incompatible purposes, and ensuring accuracy, sufficiency, and relevance of data. 4.2. Personal data processing is carried out using automated tools and manually. 4.3. The Operator processes personal data through: – collection, recording, and systematization of information provided through Website forms; – storage of personal data in the Operator’s information systems; – use of personal data within the purposes set forth in this Policy; – updating (modification) upon user request; – deletion and destruction upon achieving the purpose or expiration of the retention period. 4.4. Access to personal data is granted only to authorized employees of the Operator who need it to fulfill their duties. These individuals must maintain confidentiality and are prohibited from disclosing data without legal grounds. 4.5. Personal data are not shared with third parties unless required by Russian law or with the written consent of the personal data subject. 4.6. Personal data are stored for the period necessary to achieve the processing goals, but not more than three years from the user’s last interaction with the Website, unless otherwise required by law. 4.7. Upon reaching the goals of processing or upon withdrawal of consent, the Operator ceases processing and ensures destruction of personal data in accordance with internal procedures and the law. 4.8. The Operator does not carry out cross-border data transfers. 4.9. The Operator implements all necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, and other illegal actions.
5. Rights of Personal Data Subjects 5.1. The user as the personal data subject has the rights provided by Federal Law No. 152-FZ dated 27.07.2006 “On Personal Data” and other regulations of the Russian Federation. 5.2. The user has the right to: 5.2.1. Receive information related to the processing of their personal data, including confirmation of processing, its purpose and legal grounds, categories of processed data, sources, terms of processing and retention, and information about parties who may receive the data. 5.2.2. Request the Operator to clarify, block, or delete their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purposes. 5.2.3. Withdraw consent to the processing by sending a notification to general@troykamultispace.com. 5.2.4. Demand cessation of processing in cases provided by law. 5.2.5. Appeal actions or inactions of the Operator violating their rights to the authorized supervisory body or in court. 5.2.6. Seek protection of rights and legitimate interests, including compensation for damages and moral harm. 5.3. The request must include: – information confirming the person’s relationship with the Operator (e.g., used form or email address); – signature of the data subject or their representative. 5.4. The Operator reviews requests and sends a response within 30 calendar days from the date of receipt. 5.5. Upon withdrawal of consent, the Operator ceases processing, unless otherwise provided by law, and ensures destruction of data within 30 calendar days from the date of receipt.
6. Ensuring Personal Data Protection 6.1. The Operator takes necessary and sufficient legal, organizational, and technical measures to ensure personal data security and protection from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, and other illegal actions. 6.2. Measures include: – identifying threats to personal data security in information systems; – applying organizational and technical security measures; – restricting access to authorized personnel only; – accounting for and storing physical media containing personal data; – using antivirus and information protection tools; – monitoring compliance with legal and internal data protection requirements. 6.3. All employees with access to personal data must comply with confidentiality and internal data handling rules. 6.4. In case of unlawful processing or a data breach leading to disclosure, loss, or unauthorized access, the Operator takes corrective action and notifies the supervisory authority and affected subjects as required by law. 6.5. Personal data confidentiality is preserved except when the user provides information for public access or when disclosure is required by law.
7. Use of Cookies and Analytics Systems 7.1. The Website uses cookies, which are small text files stored on the user’s device to ensure proper Website operation, simplify interaction, and analyze visit statistics. 7.2. Cookies are used by the Operator to: – enable functioning of specific Website sections and services; – analyze Website traffic and obtain statistical data on user behavior; – improve quality and usability of the Website. 7.3. The Website uses Yandex Metrica analytics system, which may collect anonymized data on user actions, including viewed pages, session duration, clicks, and interactions with interface elements. 7.4. Yandex Metrica settings include: – anonymization of IP addresses; – data transmission only to servers located in the Russian Federation; – no use of webvisor, screen recording, or behavioral profiling tools. 7.5. Data collected through cookies and Yandex Metrica are processed anonymously and do not allow user identification. 7.6. The user may restrict or disable cookies via browser settings. However, this may affect Website functionality. 7.7. By continuing to use the Website after the cookie banner appears, the user consents to the use of cookies as described in this Policy.
8. Retention Period of Personal Data 8.1. Personal data are stored by the Operator for the period necessary to achieve the purposes set out in this Policy. 8.2. Data submitted through Website forms are retained no longer than three years from the user’s last interaction, unless otherwise required by law. 8.3. Upon expiration of the retention period, the Operator ceases using the data and ensures its deletion from information systems, except where longer retention is required by law. 8.4. If longer retention is necessary to fulfill legal or contractual obligations, the data is retained until full fulfillment of such obligations.
9. Procedure for Amending the Policy and Contact Information 9.1. This Policy is an open and publicly available document. The current version is published online at: https://troykamultispace.ru/privacy 9.2. The Operator may amend this Policy at any time without prior notice. Changes take effect from the moment the new version is posted on the Website unless otherwise specified in the new version. 9.3. The user is obliged to review the current version of the Policy at each Website visit. Continued use of the Website after changes indicates acceptance of such changes. 9.4. All suggestions, questions, and inquiries regarding personal data processing may be addressed to the Operator: Personal Data Operator: Limited Liability Company “Yauza” INN 7709019854 Address: 109028, Moscow, Yauzskaya St., 1/15, building 2 Email: general@troykamultispace.com 9.5. This Policy is approved by the Operator and takes effect upon publication on the Website.