Privacy Policy

1. General Provisions.

1.1. In accordance with Article 23 of the Constitution of the Russian Federation, every individual has the right to privacy of personal life, to personal and family confidentiality, and to the protection of their honor and reputation. The implementation of this right is ensured by Article 24 of the Constitution of the Russian Federation, which establishes that the collection, storage, use, and dissemination of information about a person's private life without their consent is prohibited. Relations involving the processing of personal data carried out by legal entities, with or without the use of automation tools — provided that processing without automation corresponds in nature to operations that could be performed using automation — are regulated by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data". This Policy has been developed to ensure compliance with the constitutional provisions cited above and with the requirements of the legislation of the Russian Federation and other regulatory acts in the field of personal data processing.

1.2. This Policy defines the procedures by which employees of AMIST Tour-Business Club LLC (hereinafter referred to as the "Operator") handle (collect, process, use, transfer, store, etc.) the personal data of users of the website www.amist.ru (hereinafter referred to as "Clients"). It also establishes guarantees of confidentiality for information provided by Clients to the organization, the rights of Clients with regard to the processing of their personal data, and the liability of individuals for failure to comply with the rules governing the processing of Client personal data.

1.3. The Operator may exercise the authority to process personal data of Clients of other organizations under an outsourcing agreement, in which case such organization is also referred to hereinafter as the "Operator". In this case, the Operator and the organization with which such an agreement has been concluded shall bear joint and several liability before the Client whose rights have been violated for any material damage and moral harm caused by such violation. The Client has the right, at their own discretion, to bring corresponding claims against either of the said organizations. The principles for distributing the consequences of such compensation to the Client between the organizations shall be established in the relevant outsourcing agreement.

2. Definition and Scope of Client Personal Data

2.1. Client personal data means any information relating directly or indirectly to a Client (the subject of personal data).

2.2. Client personal data includes the following information:

• last name, first name, patronymic;

• gender;

• date of birth;

• place of birth;

• citizenship;

• education and professional qualifications;

• place of employment;

• marital status;

• family composition;

• place of registration;

• residential address and home telephone number;

• types and scope of services provided to the Client;

• other information about the Client that is necessary for the performance of the contract and that allows for the identification of the Client's personality.

3. Collection, Purposes of Processing, and Protection of Client Personal Data

3.1. The processing of Client personal data is carried out:

3.1.1. Following the conclusion of a service agreement with the Client that defines the trust placed in the Operator and the obligation to process personal data. In accordance with paragraph 2, part 2 of Article 6 of the Federal Law "On Personal Data", processing for the purpose of performing a contract to which the Client is a party does not require the Client's separate consent.

3.1.2. Following the submission of a notification of personal data processing to the state supervisory authority in the field of communications, information technology, and mass media, except in cases provided for in part 2 of Article 22 of the Federal Law "On Personal Data".

3.1.3. After the Operator has taken all necessary measures to protect the personal data.

3.2. All Client personal data shall be obtained directly from the Client or from their legal representative. If Client personal data can only be obtained from a third party, the Client must be notified in advance, and written consent must be obtained from the Client.

3.3. The Operator shall inform the Client or their legal representative of the purposes of processing the personal data, the intended sources, and the methods by which the personal data will be obtained.

3.4. When applying for services, the Client (or their legal representative) shall provide the Operator with personal data in documented form, namely:

• a passport or other identity document;

• other documents, depending on the specific service the Client is requesting.

In the absence of documents, the Client (or their legal representative) shall provide the Operator with the necessary personal data orally.

3.5. With the Client's consent, the Operator may request and receive Client personal data using personal data information systems with automation tools.

3.6. The Operator shall process Client personal data exclusively for the purpose of providing the Client with the high-quality services contemplated by the contract, in the necessary volume, and in compliance with the requirements of applicable legislation and other regulatory acts.

3.7. When determining the volume and content of Client personal data to be processed, the Operator shall be guided by the Constitution of the Russian Federation and other regulatory acts in the field of personal data processing and information protection.

3.8. Protection of Client personal data against unlawful use or loss shall be ensured by the Operator at its own expense, in the manner prescribed by law and by local regulatory acts adopted by the Operator in accordance with the law.

4. Procedure for Use, Storage, and Transfer of Client Personal Data

4.1. Client personal data is held by the Operator in personal data information systems, which constitute a combination of personal data contained in databases together with the information technology and technical resources that enable the processing of such personal data with or without the use of automation tools. Personal data may also be held within these systems on physical media, including paper.

4.2. Access to the processing of Client personal data (whether or not automation tools are used) is granted in accordance with the procedure established by the Operator.

4.3. Specific responsibilities for working with personal data information systems and physical media — including documents containing Client personal data — are assigned to Operator employees and set out in their job descriptions.

4.4. Work with personal data information systems and physical media, including documents containing Client personal data, is performed in specially designated premises.

4.5. Requirements for the location where personal data is processed, including server rooms, that ensure data security shall be established by the Operator.

4.6. The list of persons authorized to access and process Client personal data is determined by an order of the Operator's CEO.

4.7. Persons authorized to process Client personal data shall sign a Non-Disclosure Agreement, or corresponding amendments shall be made to their employment contract.

4.8. Persons duly authorized to process personal data may only process such Client personal data as is necessary for the performance of the contract.

4.9. When establishing and operating personal data information systems for Clients with the use of automation tools, the Operator ensures the classification of these information systems in accordance with the established procedure.

4.10. When establishing and operating personal data information systems for Clients, both with and without the use of automation tools, the Operator takes all necessary organizational and technical measures to ensure compliance with the personal data processing requirements established by applicable legislation.

4.11. Upon achieving the purposes of processing the Client's personal data, the Operator shall cease processing such personal data and ensure its destruction in accordance with the established procedure.

5. Rights of Clients with Regard to the Processing of Their Personal Data by the Operator

5.1. In order to protect their interests and exercise their rights and freedoms in the area of personal data as regulated by applicable legislation, Clients, their legal representatives, and authorized representatives have the right to:

• receive complete information from the Operator about their personal data and the processing of such data;

• free, unrestricted access to their personal data, including the right to obtain copies of any record containing the Client's personal data, except in cases provided for by federal law;

• designate their representatives for the protection of their personal data;

• demand the clarification, blocking, or destruction of their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated purpose of processing, and to take measures provided for by law to protect their rights;

• demand that the Operator notify all persons to whom the Client's incorrect or incomplete personal data was previously disclosed of all exclusions, corrections, or additions made to such data;

• appeal the actions or inaction of the Operator to the authorized body for the protection of the rights of personal data subjects, or through judicial proceedings.

6. Liability for Violation of the Rules Governing the Processing and Protection of Client Personal Data

6.1. Persons found guilty of violating the requirements of the Federal Law "On Personal Data" shall bear the liability provided for by the legislation of the Russian Federation.

6.2. Moral harm caused to a personal data subject as a result of violation of their rights, violation of the rules of personal data processing established by law, or violation of personal data protection requirements is subject to compensation in accordance with the legislation of the Russian Federation. Compensation for moral harm is provided independently of compensation for property damage and any losses incurred by the personal data subject.

6.3. Operator employees who have been duly granted access to Client personal data and who are found guilty of violating the rules governing the receipt, processing, and protection of Client personal data shall bear the liability provided for by applicable legislation.

7. Final Provisions

This version of the Policy entered into force on March 25, 2026 and shall remain in force until a new policy is adopted.

Consent to Personal Data Processing via Yandex.Metrica

1. I (hereinafter the "User" or "Personal Data Subject"), by completing and submitting an inquiry form on the website https://amist.ru (hereinafter the "Website"), confirming my full legal capacity and, where applicable, the lawfulness of my representation of a person with limited legal capacity or a person without legal capacity, hereby give my consent to the processing of personal data — both with and without the use of automation tools — by AMIST Tour-Business Club LLC, located at: 693020, Yuzhno-Sakhalinsk, 113 Mira Avenue, Office 30A, under the following conditions.

2. Categories of data being processed: cookie files. A "cookie" is a fragment of data sent by the Operator's server and stored on the device of the Personal Data Subject. The contents of such a file may or may not constitute personal data, depending on whether the file contains personal data or contains anonymized technical data.

3. Purpose of personal data processing: analysis of user activity using the Yandex.Metrica service.

4. Categories of personal data subjects: all Users of the Website who have given consent to the processing of cookie files.

5. Methods of processing: collection, recording, systematization, accumulation, storage, refinement (updating, modification), retrieval, use, anonymization, transfer (access, provision), blocking, deletion, and destruction of personal data.

6. Period of processing and storage: until receipt from the Personal Data Subject of a request to cease processing or to withdraw consent.

7. Method of withdrawal: a written withdrawal request submitted via email to info@amist.ru or via written application sent to the address indicated at the beginning of this Consent.

8. The Personal Data Subject has the right to disable or restrict the receipt of such data on their device. If the Personal Data Subject opts out of receiving such data or restricts its receipt, certain functions of the Website may not work correctly. The Personal Data Subject undertakes to configure their own equipment in such a way that it provides the working mode and level of cookie data protection appropriate to their wishes; the Operator does not provide technological or legal consultation on such matters.

9. Procedure for the destruction of personal data upon achievement of the purposes of processing or upon the occurrence of other legal grounds: the person responsible for personal data processing performs data erasure by means of overwriting (replacing all storage units with "0") with the preparation of an act of destruction of personal data.

10. I agree to qualify, as my simple electronic signature beneath this Consent and beneath the Personal Data Processing Policy, my performance of the following action on the website https://amist.ru: clicking on the interface element labeled "I agree" within the notice reading "To improve the convenience of the website, we use cookies. Learn more. The website uses the Yandex.Metrica service, which also uses cookie files."