Privacy Policy

1. General Provisions

This Privacy Policy for the processing of personal data defines the procedures for processing personal data and the measures taken to ensure the security of personal data by KHAOS (hereinafter referred to as the "Operator"). The Operator is the legal owner of websites, services, programs, and other products, including but not limited to those of informational, communicational, advertising, educational, and entertainment nature (collectively referred to as the "Services" and individually as the "Service") accessible online at https://khaos.cx/ (hereinafter referred to as the "Website") and individual Internet users (hereinafter referred to as the "User") regarding the processing of information about the User, including personal data, during their use of the Services.

This Policy applies to all information that the Operator may obtain about visitors to the website https://khaos.cx/.

Relations related to the processing of information, including but not limited to the collection, use, storage, dissemination, and protection of information about Website users, are governed by this Policy and applicable laws. Before beginning to use the Services, the User is required to familiarize themselves with this Policy.

By registering, accessing, and/or actually using any of the Services, the User agrees to the terms of this Policy, the privacy policies of the individual Services, as well as the terms, conditions, and rules of the Services they use, which are posted on the pages (in sections) of the respective Services in the versions that were in effect at the time of actual use of such Services.

2. Key Definitions

• Automated processing of personal data: Processing of personal data employing computer technology.
• Blocking of personal data: Temporary suspension of the processing of personal data (except where processing is necessary to clarify personal data).
• Website: A collection of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at the network address https://khaos.cx/.
• Information system of personal data: A collection of personal data contained in databases and the information technologies and technical means ensuring their processing.
• Anonymization of personal data: Actions resulting in the impossibility of identifying, without additional information, the specific User or other Subject to whom the personal data pertains.
• Processing of personal data: Any action (operation) or a set of actions (operations) performed with or without the use of automation tools concerning personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, usage, transfer (dissemination, provision, access), anonymization, blocking, deletion, and destruction of personal data.
• Operator: A legal entity or individual who independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of the processing of personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data.
• Personal data: Any information relating directly or indirectly to a specific or identifiable User of the website https://khaos.cx/.
• User (aka Data Subject): Any visitor of the website https://khaos.cx/.
• Provision of personal data: Actions aimed at disclosing personal data to a specific person or a specific group of persons.
• Dissemination of personal data: Any actions aimed at disclosing personal data to an undefined group of persons (transfer of personal data) or at making personal data known to an unlimited number of persons.
• Cross-border transfer of personal data: Transfer of personal data to the territory of a foreign state, to a foreign state authority, a foreign individual, or a foreign legal entity.
• Destruction of personal data: Any actions resulting in the irreversible destruction of personal data with no possibility of further restoration.

3. Processed Data

The information processed by the Operator includes:

• Username;
• Email address;
• IP address;
• Browser language;
• Operating system;
• Unique PC identifiers.

The Website also collects and processes anonymized data about visitors (including "Cookies") using internet statistics services.

Cookies are small pieces of data that websites request from a browser on a computer or mobile device. These cookies are stored locally on the User's computer or mobile device. The Operator collects and processes cookies for Users who visit the Website.

4. Purposes of Personal Data Processing

The purposes of processing the User's personal data include:

• Conclusion, execution, and termination of civil law contracts;
• Formation of a customer base consisting of individuals for the subsequent conclusion and execution of civil law contracts (concerning all collected personal data);
• Sending notifications to the User (concerning all collected personal data);
• Preparation of individualized offers by the Operator (concerning all collected personal data).

The Operator may use personal information for internal purposes, such as auditing, data analysis, and various research activities aimed at improving the Operator's products and services and interacting with Users.

Anonymized data collected from Users via internet statistics services is used to gather information about Users' actions on the Website, improve the Website's quality, and enhance its content.

5. Legal Grounds for Processing Personal Data

The Operator processes the User's personal data only if the User fills them in and/or sends them independently through specific forms on the Website https://khaos.cx/. By filling in the relevant forms and/or sending their personal data to the Operator, the User consents to this Policy.

The Operator processes anonymized data about the User if permitted by the User's browser settings (i.e. if cookies are enabled and JavaScript technology is used).

User accounts and other data are not disclosed to any third parties except as expressly provided by this Policy, other applicable rules, or applicable legislation. The Operator may transfer User accounts and other data to third parties adhering to the purposes and grounds specified in this Policy. Such third parties may include:

• Individuals involved in providing services related to the placement and display of information to Users regarding the Operator's services;
• Individuals who have legal grounds to process the account and other data, for example, if the transfer is carried out with the consent of the User;
• Third parties in respect of whom the assignment of rights or obligations has been made under the relevant agreement;
• Any government or local authority to which the Operator is required to provide information under applicable law upon a corresponding request.

6. Procedure for Collection, Storage, Transfer, and Other Types of Personal Data Processing

The Operator processes personal data, meaning operations performed with or without the use of automation tools, including the collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), anonymization, blocking, deletion, and destruction of personal data.

The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary to fully comply with the requirements of the applicable legislation in the field of personal data protection.

The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized access to it.

The term of personal data processing is valid during the term of validity of the account on the Website. It is terminated in case of withdrawal of consent or deletion of the account.

The personal data being processed are subject to destruction or anonymization upon the achievement of the processing purposes, upon revocation of the Personal Data Subject's consent to the processing of personal data, or in case of loss of necessity and achievement of these purposes, unless otherwise provided for by applicable law.

7. Cross-border Transfer of Personal Data

The Operator is required to ensure that the foreign state, to the territory of which the transfer of personal data is supposed to be carried out, provides reliable protection of the rights of personal data subjects before the start of the cross-border transfer of personal data.

The cross-border transfer of personal data to the territories of foreign states that do not meet the above requirements may be carried out only if the personal data subject consents in writing to the cross-border transfer of their personal data and/or if an agreement to which the personal data subject is a party is executed.

8. Data Security

In processing personal data, the Operator takes necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, and dissemination, as well as from other unlawful actions concerning personal data. The Operator shall take the following measures:

• Ensures the confidentiality of personal data and takes all possible measures to prevent unauthorized access;
• Identifies potential threats to the security of personal data during its processing in Information Systems of personal data;
• Assesses the effectiveness of the measures taken to ensure the security of personal data before the Information System of personal data is put into operation;
• Keeps a record of the media containing personal data;
• Detects instances of unauthorized access to personal data and takes appropriate measures.

The Operator shall not be liable for the disclosure and dissemination of information about the User by other Users or other Internet users if such persons have gained access to the said information in accordance with the privacy level settings selected by the User, or in the event of a breach by the User of the security of their login and/or password or other data necessary for authorization.

9. Final Provisions

This Policy, and any amendments thereto, may be made by the Operator with notice to the User, including by posting a new version of the amended Policy on the Website. Any changes made by the Operator to the Policy will come into effect the day after the new version of the Policy is posted on the Website. The User is obligated to independently review this Policy for any changes.

The processing of personal data may be terminated upon the achievement of the purposes for which it is processed, the expiration of the consent's validity period, or the withdrawal of consent by the personal data subject, as well as upon the identification of unlawful processing of personal data.

This Policy remains in force indefinitely until replaced by a new version.