1. General Provisions
This Personal Data Processing Policy has been drawn up in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” (hereinafter referred to as the “Personal Data Law”) and defines the procedure for processing personal data and measures to ensure the security of personal data undertaken by STATUS Real Estate L.L.C (hereinafter referred to as the “Operator”).

1.1. The Operator considers compliance with human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family confidentiality, as its most important goal and condition for carrying out its activities.

1.2. This Personal Data Processing Policy of the Operator (hereinafter referred to as the “Policy”) applies to all information that the Operator may obtain about visitors to the website https://status.ae.

2. Key Terms Used in the Policy
2.1. Automated processing of personal data — processing of personal data using computer technology.
2.2. Blocking of personal data — temporary suspension of personal data processing (except where processing is required to clarify personal data).
2.3. Website — a collection of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at https://status.ae.
2.4. Personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2.5. Depersonalization of personal data — actions as a result of which it is impossible to determine the ownership of personal data by a specific User or another data subject without the use of additional information.
2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator — a state authority, municipal authority, legal entity, or individual who independently or jointly with others organizes and/or carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, and actions (operations) performed with personal data.
2.8. Personal data — any information relating directly or indirectly to a specific or identifiable User of the website https://status.ae.
2.9. Personal data authorized by the data subject for distribution — personal data to which access is granted to an unlimited number of persons by the data subject by giving consent to the processing of personal data authorized for distribution in accordance with the procedure provided for by the Personal Data Law.
2.10. User — any visitor to the website https://status.ae.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Distribution of personal data — any actions aimed at disclosing personal data to an indefinite group of persons or familiarizing an unlimited group of persons with personal data, including publication in mass media, placement in information and telecommunication networks, or providing access in any other way.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign public authority, foreign individual, or foreign legal entity.
2.14. Destruction of personal data — actions as a result of which personal data are irreversibly destroyed, making it impossible to restore their content in the personal data information system and/or physical media containing personal data are destroyed.

3. Rights and Obligations of the Operator
3.1. The Operator has the right to:

• obtain reliable information and/or documents containing personal data from the data subject;
• continue processing personal data without the consent of the data subject in the event of withdrawal of consent or submission of a request to terminate processing, if grounds specified in the Personal Data Law exist;
• independently determine the composition and list of measures necessary and sufficient to ensure compliance with obligations under the Personal Data Law, unless otherwise provided by federal law.

3.2. The Operator is obliged to:

• provide the data subject, upon request, with information relating to the processing of their personal data;
• organize personal data processing in accordance with the legislation of the Russian Federation;
• respond to requests and inquiries from data subjects and their legal representatives in accordance with the Personal Data Law;
• provide the authorized body for the protection of data subject rights with the requested information within 10 days of receipt of the request;
• publish or otherwise ensure unrestricted access to this Policy;
• take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, and other unlawful actions;
• cease transfer, processing, and destroy personal data in cases provided by the Personal Data Law;
• fulfill other obligations stipulated by the Personal Data Law.

4. Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right to:

• receive information concerning the processing of their personal data, except as provided by federal law;
• require clarification, blocking, or destruction of personal data if such data are incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose;
• require prior consent for processing personal data for marketing purposes;
• withdraw consent to personal data processing;
• appeal unlawful actions or inaction of the Operator to the authorized body or in court;
• exercise other rights provided by Russian law.

4.2. Personal data subjects are obliged to:

• provide accurate personal data;
• notify the Operator of any changes to their personal data.

4.3. Persons who provide false information or personal data of another person without consent shall bear liability under Russian law.

5. Principles of Personal Data Processing
5.1. Personal data are processed lawfully and fairly.
5.2. Processing is limited to specific, predetermined, and lawful purposes.
5.3. Combining databases with incompatible processing purposes is not permitted.
5.4. Only personal data relevant to processing purposes are processed.
5.5. The scope and content of personal data correspond to the stated purposes.
5.6. Accuracy, sufficiency, and relevance of personal data are ensured.
5.7. Personal data are stored no longer than required to achieve processing purposes and are destroyed or depersonalized upon achievement of such purposes unless otherwise required by law.

6. Purposes of Personal Data Processing
Purpose of processing:
Communication with the user based on inquiries or requests; provision of information about services; conclusion of transactions; communication via user-selected messengers.
Personal data processed:

• full name
• email address
• phone numbers

Legal basis:
Voluntary consent of the user.
Types of processing:
Collection, recording, systematization, accumulation, storage, destruction, and depersonalization of personal data.

7. Conditions for Personal Data Processing
7.1. Processing is carried out with the consent of the data subject.
7.2.–7.7. Processing is permitted in cases provided by law, including contract execution, legal obligations, public interests, publicly available data, and mandatory disclosure.

8. Procedure for Collection, Storage, Transfer, and Other Processing
8.1. The Operator ensures data security and prevents unauthorized access.
8.2. Personal data are not transferred to third parties except as required by law or with consent.
8.3. Users may update personal data by emailing office@status.ae with the subject “Personal Data Update.”
8.4. Users may withdraw consent by emailing office@status.ae with the subject “Withdrawal of Consent.”
8.5. The Operator is not responsible for actions of third-party service providers.
8.6.–8.9. Confidentiality, storage periods, and termination conditions are ensured in accordance with law.

9. List of Actions with Personal Data
9.1. Collection, storage, use, transfer, depersonalization, blocking, deletion, and destruction.
9.2. Automated processing with or without data transmission via networks.

10. Cross-Border Transfer of Personal Data
10.1. The Operator notifies the authorized body before cross-border transfers.
10.2. Necessary information is obtained from foreign recipients prior to transfer.

11. Confidentiality of Personal Data
Persons with access to personal data must not disclose or distribute them without consent unless otherwise provided by law.

12. Final Provisions
12.1. Users may contact the Operator at office@status.ae for clarification.
12.2. The Policy is valid indefinitely until replaced.
12.3. The current version is available at https://status.ae/privacy-ru.