PERSONAL DATA PROCESSING POLICY (hereinafter referred to as the "Policy")
This document describes how Pragma Solutions Ltd. (hereinafter referred to as the "Company") processes personal data when Users utilize the service available on the Internet at: https://pragma.me/en
TERMS AND DEFINITIONS
Company – Pragma Solutions Ltd., a legal entity incorporated under the laws of the Hong Kong Special Administrative Region (address: 7/F MW TOWER 111 BONHAM STRAND, SHEUNG WAN, HONG KONG, email: hi@pragma.me).
User – an individual using the functionality of the Service.
Service – an integrated intellectual property object, including software, databases, graphic content, and other materials combined to operate the website at https://pragma.me/en and its subdomains (the "Site"), as well as the PRAGMA Telegram bot (the Service's Telegram account enabling Users to access its functionality).
Personal Data Law – Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data".
Personal Data – the term is used in accordance with the Personal Data Law, taking into account international best practices in personal data protection in countries with adequate levels of protection. It includes any information relating to an individual or identifying them directly or indirectly, in particular through an identifier such as name, surname, ID number, location data, online identifier, or one or more characteristics specific to the physical, genetic, mental, economic, or cultural identity of that person.
Personal Data Processing – any action (operation) or set of actions (operations) performed with or without the use of automation tools involving personal data, including collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (provision, access), anonymization, blocking, deletion, and destruction of personal data.
Other terms used in this Policy are interpreted according to the Personal Data Law and other regulatory acts of the Russian Federation regarding personal data.
User – an individual using the functionality of the Service.
Service – an integrated intellectual property object, including software, databases, graphic content, and other materials combined to operate the website at https://pragma.me/en and its subdomains (the "Site"), as well as the PRAGMA Telegram bot (the Service's Telegram account enabling Users to access its functionality).
Personal Data Law – Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data".
Personal Data – the term is used in accordance with the Personal Data Law, taking into account international best practices in personal data protection in countries with adequate levels of protection. It includes any information relating to an individual or identifying them directly or indirectly, in particular through an identifier such as name, surname, ID number, location data, online identifier, or one or more characteristics specific to the physical, genetic, mental, economic, or cultural identity of that person.
Personal Data Processing – any action (operation) or set of actions (operations) performed with or without the use of automation tools involving personal data, including collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (provision, access), anonymization, blocking, deletion, and destruction of personal data.
Other terms used in this Policy are interpreted according to the Personal Data Law and other regulatory acts of the Russian Federation regarding personal data.
GENERAL INFORMATION
This Policy defines the key principles, purposes, conditions, and methods for processing personal data, the rights of Users, and the measures taken by the Company to ensure the security of personal data.
By using the Service, the User unconditionally and explicitly agrees to this Policy and the terms of personal data processing outlined herein. If the User does not agree, they must immediately stop using the Service.
The Company may amend this Policy if the personal data processing conditions change. The current version is always available at the bottom of the Site's pages and in the PRAGMA Telegram bot description.
By using the Service, the User unconditionally and explicitly agrees to this Policy and the terms of personal data processing outlined herein. If the User does not agree, they must immediately stop using the Service.
The Company may amend this Policy if the personal data processing conditions change. The current version is always available at the bottom of the Site's pages and in the PRAGMA Telegram bot description.
PURPOSES OF PERSONAL DATA PROCESSING
1. User Registration in the Service
2. User Verification in the Service
3. Optional User Profile Information
4. Participation in the Referral Program
5. Analytics and Service Improvement
6. Service Operation Support
7. Sending Promotional Materials
The following actions may be performed by the Company with personal data: collection, recording, systematization, accumulation, storage, updating, retrieval, use, transfer, blocking, deletion, and destruction.
Some personal data may be stored longer if required by the Personal Data Law, even after a deletion request.
The processed personal data do not fall under special or biometric categories as per Articles 10–11 of the Personal Data Law.
Some personal data may be stored longer if required by the Personal Data Law, even after a deletion request.
The processed personal data do not fall under special or biometric categories as per Articles 10–11 of the Personal Data Law.
STORAGE AND SECURITY OF PERSONAL DATA
The Company processes User data using databases and servers located in the Russian Federation.
If personal data of a particular User is processed outside Russian jurisdiction, the User consents to its processing on Russian servers.
The Company adheres to technical and organizational requirements under the Personal Data Law and continuously improves its security systems as needed.
All employees follow internal rules and procedures regarding data processing and comply with the technical and organizational measures required for data protection.
If personal data of a particular User is processed outside Russian jurisdiction, the User consents to its processing on Russian servers.
The Company adheres to technical and organizational requirements under the Personal Data Law and continuously improves its security systems as needed.
All employees follow internal rules and procedures regarding data processing and comply with the technical and organizational measures required for data protection.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
As a general rule, the Company does not share data with third parties, except for:
Data is shared in minimal volume and only to fulfill the purposes of this Policy or comply with applicable laws.
Cross-border transfer of personal data may be conducted to fulfill the purposes outlined in this Policy.
- Third parties involved in the Company’s service delivery (e.g., hosting providers, payment processors);
- Third parties to whom the Company assigns its rights/obligations under agreements;
- Third parties with the User’s explicit consent;
- Russian or foreign authorities if required by law.
Data is shared in minimal volume and only to fulfill the purposes of this Policy or comply with applicable laws.
Cross-border transfer of personal data may be conducted to fulfill the purposes outlined in this Policy.
USER RIGHTS REGARDING PERSONAL DATA
Right of Access
Users may request confirmation of data processing and receive an electronic copy of their personal data.
Right to Rectification
Users may request correction, blocking, or deletion of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or no longer needed.
Right to Object to Automated Decisions
Users may request clarification of decisions made solely based on automated processing and their legal effects. Disagreements may be challenged.
Right to Withdraw Consent
Users may withdraw their consent to data processing at any time.
Right to File a Complaint
Users may file a complaint with the Russian data protection authority (Roskomnadzor) if they disagree with how their data is processed.
To exercise these rights, the User must submit a request including:
If the request lacks required information or access rights, the Company may reject it with justification.
The Company must respond within 10 business days (extendable by 5 days in exceptional cases), unless otherwise stated by law.
User access may be limited by law, especially if it infringes the rights of third parties.
Users may request confirmation of data processing and receive an electronic copy of their personal data.
Right to Rectification
Users may request correction, blocking, or deletion of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or no longer needed.
Right to Object to Automated Decisions
Users may request clarification of decisions made solely based on automated processing and their legal effects. Disagreements may be challenged.
Right to Withdraw Consent
Users may withdraw their consent to data processing at any time.
Right to File a Complaint
Users may file a complaint with the Russian data protection authority (Roskomnadzor) if they disagree with how their data is processed.
To exercise these rights, the User must submit a request including:
- Identity document details (for the User or their representative);
- Evidence of data processing by the Company;
- Signature of the User or representative.
If the request lacks required information or access rights, the Company may reject it with justification.
The Company must respond within 10 business days (extendable by 5 days in exceptional cases), unless otherwise stated by law.
User access may be limited by law, especially if it infringes the rights of third parties.
UPDATING, DELETION, AND TERMINATION OF PROCESSING
If inaccurate data is identified, the Company blocks it until verification. If inaccuracy is confirmed, data is updated within 7 business days and unblocked.
If illegal processing is identified, the Company blocks the relevant data immediately.
Personal data is destroyed if:
Destruction on electronic media is done via irreversible erasure from the Company’s systems.
Documentation of destruction may include a log file from the Company’s data system in addition to a formal destruction act.
If illegal processing is identified, the Company blocks the relevant data immediately.
Personal data is destroyed if:
- The purpose of processing has been achieved;
- The User withdraws consent;
- Unlawful processing is identified.
Destruction on electronic media is done via irreversible erasure from the Company’s systems.
Documentation of destruction may include a log file from the Company’s data system in addition to a formal destruction act.