PRIVACY POLICY

1.1. This Personal Data Processing Policy (hereinafter — the "Policy") has been prepared in accordance with clause 2, part 1, article 18.1 of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of 27 July 2006 (hereinafter — the "Law") and defines the position of LLC "Fintech Standard", TIN: 2309184540, KPP: 230901001, 350065, Krasnodar Krai, Krasnodar, Im. Valery Gassia Street, 4/7 building 1, and/or its affiliates (hereinafter — the "Company") regarding the processing and protection of personal data (hereinafter — the "Data"), and the observance of every individual's rights and freedoms, in particular the right to privacy, personal and family secrets.

2.1. This Policy applies to Data obtained both before and after this Policy enters into force.

2.2. Aware of the importance and value of Data, and committed to the constitutional rights of citizens of the Russian Federation and other countries, the Company ensures reliable protection of Data.

3.1. "Data" means any information related directly or indirectly to an identified or identifiable individual (citizen), including but not limited to: first name, last name, email, phone number, date or place of birth, location, photograph.

3.2. "Processing of Data" means any action or set of actions performed with Data using automated tools or without them. Such actions include: collection, recording, systematization, accumulation, storage, refinement (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of Data.

3.3. "Data security" means the protection of Data against unlawful and/or unauthorized access, destruction, modification, blocking, copying, provision, distribution, and against any other unlawful actions in relation to the Data.

4.1. Processing and protection of Data within the Company is carried out in accordance with the Constitution of the Russian Federation, the Law, the Labour Code of the Russian Federation, subordinate regulations, other federal laws governing Data processing, and the guidance and methodological documents of the FSTEC and the FSB of Russia.

4.2. The subjects of Data processed by the Company are:

• customers — consumers, including visitors of https://wallex.guru/ owned by the Company, including placing orders on the Site with subsequent delivery, recipients of services;
• participants of bonus loyalty programs;
• representatives of legal entities — counterparties of the Company;

4.3. The Company processes the Data of subjects for the following purposes:

• performing the functions, powers and obligations imposed on the Company by Russian Federation legislation under federal laws (Civil Code, Tax Code, Labour Code, Family Code, Federal Law No. 27-FZ of 01.04.1996, Federal Law No. 152-FZ of 27.07.2006, etc.);
• for representatives of legal entities — counterparties: negotiation, conclusion and performance of contracts;
• for participants of loyalty programs: providing information about goods, promotions, account status; participant identification; bonus accounting;
• for customers — consumers: providing information about goods/services, promotions and special offers; service quality analysis; order status notifications; performance of the contract (including distance sales); delivery of goods.

• Data is processed lawfully and fairly; Data is not disclosed to third parties without the subject's consent, except as provided by law.
• Specific lawful purposes are defined before processing begins; only Data necessary to achieve those purposes is collected.
• Merging databases processed for incompatible purposes is not allowed.
• Processed Data is destroyed or depersonalized once the processing purposes are achieved or no longer needed.
• The Company may include Data in publicly available sources only with the subject's written consent (including via a website checkbox).
• The Company does not process special categories of Data (race, ethnicity, political views, intimate life, etc.).
• Biometric Data is not processed.
• Cross-border transfer of Data is not performed.
• Transfer of Data to third parties is possible only with the subject's consent or at the request of government authorities as provided by law.
• Data processing may be entrusted to third parties under contract with confidentiality and security principles in place.
• Decisions based solely on automated processing of Data that produce legal consequences for the subject are prohibited.

• Appointment of persons responsible for organizing processing and ensuring Data security.
• Development and approval of internal regulations on Data processing and protection.
• Identification of security threats during processing in information systems.
• Application of organizational and technical measures, including information security tools.
• Evaluation of protection measures before systems go live.
• Accounting of machine media containing Data.
• Detection of unauthorized access and Data recovery.
• Establishing access rules and logging actions on Data.
• Control of the measures taken and the level of protection.
• Assessment of harm to Data subjects and proportionality of measures taken.
• Familiarization of employees with legislation and Data protection requirements.

8.1. Data processing periods are determined based on the processing purposes, the term of the contract with the subject, the requirements of federal laws, statutes of limitations, and the basic rules of archive operation.

8.2. Once storage periods expire, Data must be destroyed unless otherwise provided by federal law. Storage after processing ends is allowed only after depersonalization.

9.1. Requests should be sent to: support@wallex.guru. The request must include: the subject's last name, first name, patronymic, ID document number, issue date and issuing authority, evidence of relationship with the Company, contact information, and a signature (or electronic signature).

10.1. The Company processes Data received from users of https://wallex.guru/ at support@wallex.guru.

10.2. Methods of obtaining Data:

• User-provided Data: last name, first name, email, phone number, date or place of birth, photograph — entered by the user themselves.
• Automatically collected information: location, interests based on search queries, statistics on use of website sections, cookies, web beacons. These technologies cannot obtain personal data automatically without the user's voluntary input.

10.3. Use of Data. The Company uses Data for the stated purposes with the subject's consent. In aggregated and depersonalized form — for analysis of needs and service improvement.

10.4. Transfer of Data. Transfer to third parties is possible with the subject's consent, at the request of authorized government bodies, or in accordance with legislation. Data is not transferred to third parties for marketing purposes without consent.

10.5. The Site may contain links to other resources. This Privacy Policy does not apply to those — please review their own policies.

10.6. A user may withdraw consent to Data processing at any time by emailing support@wallex.guru. Upon receiving such notice, Data processing will stop and Data will be deleted unless otherwise permitted by law.

• This Policy is an internal regulatory act of the Company and is publicly available — published on the Site.
• The Policy may be revised upon changes in legislation, instructions from government bodies, management decisions, changes in processing purposes or periods, introduction of new technologies, etc.
• For failure to comply with the Policy, the Company and its employees bear responsibility in accordance with the legislation of the Russian Federation.
• Compliance is monitored by persons responsible for organizing processing and ensuring personal data security.