Personal Data Processing Policy

1. General Provisions
This Personal Data Processing Policy is drawn up in accordance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter — the Personal Data Law) and defines the procedure for processing personal data and the measures taken by Sky İsland finansal danışmanlık ve ticaret limited şirketi (hereinafter — the Operator) to ensure the security of personal data.
1.1. The Operator’s foremost goal and requisite condition for its activities is to respect the rights and freedoms of individuals when processing their personal data, including the right to privacy and the confidentiality of personal and family life.
1.2. This Policy of the Operator regarding the processing of personal data (hereinafter — the Policy) applies to all information that the Operator may obtain about visitors to the website https://www.skyisland.tech.
2. Key Terms Used in the Policy
2.1. Automated processing of personal data — processing of personal data by means of computing equipment.
2.2. Blocking of personal data — temporary suspension of personal data processing (except where processing is required to clarify the personal data).
2.3. Website — a collection of graphical and informational materials, as well as software and databases that ensure their availability on the Internet at https://www.skyisland.tech.
2.4. Personal Data Information System — a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
2.5. Anonymization of personal data — actions by which it is impossible to determine, without additional information, the personal data’s association with a specific User or other data subject.
2.6. Processing of personal data — any action (operation) or set of actions performed with or without automation tools on personal data, including collection, recording, classification, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, or destruction of personal data.
2.7. Operator — a state body, municipal body, legal or physical person, acting alone or jointly with others, who organize and/or perform the processing of personal data, and who determine the purposes of the processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal data — any information relating directly or indirectly to a specific or identifiable User of the website https://www.skyisland.tech.
2.9. Personal data authorized by the data subject for dissemination — personal data to which the data subject has granted unlimited access by consenting to the processing of such data in accordance with the Personal Data Law (hereinafter — personal data authorized for dissemination).
2.10. User — any visitor to the website https://www.skyisland.tech.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an unspecified circle of persons (transfer of personal data) or at familiarizing an unlimited circle of persons with personal data, including making personal data public in mass media, placing it in information and telecommunication networks, or providing access by any other means.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign governmental body, foreign individual, or foreign legal entity.
2.14. Destruction of personal data — any actions resulting in irreversible destruction of personal data such that it cannot be restored in the personal data information system and/or destruction of the material carrier of personal data.
3. Main Rights and Obligations of the Operator
3.1. The Operator has the right to:
  • request from the data subject accurate information and/or documents containing personal data;
  • continue processing personal data without the subject’s consent if the subject withdraws consent or demands cessation, provided there are grounds specified by the Personal Data Law;
  • independently determine the necessary and sufficient measures to ensure compliance with obligations under the Personal Data Law and its implementing regulations, unless otherwise provided by federal law.
3.2. The Operator is obliged to:
  • provide the data subject, upon request, information concerning the processing of their personal data;
  • organize personal data processing in accordance with applicable Russian legislation;
  • respond to requests from data subjects and their lawful representatives in compliance with the Personal Data Law;
  • supply necessary information to the authorized data protection authority within 10 days of a request;
  • publish or otherwise ensure unrestricted access to this Policy;
  • take legal, organizational, and technical measures to protect personal data against unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, as well as other unlawful actions;
  • cease transfer, processing, and destroy personal data in cases prescribed by the Personal Data Law;
  • fulfill other obligations stipulated by the Personal Data Law.
4. Main Rights and Obligations of Data Subjects
4.1. Data subjects have the right to:
  • receive information regarding the processing of their personal data, except as provided by federal law, in an accessible form without including third-party data;
  • require clarification, blocking, or destruction of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the declared processing purpose, and to take legal measures to protect their rights;
  • give prior consent for processing personal data for marketing purposes;
  • withdraw consent to processing and demand cessation of processing;
  • appeal unlawful actions or inaction of the Operator to the authorized data protection authority or in court;
  • exercise other rights provided by Russian law.
4.2. Data subjects are obliged to:
  • provide the Operator with accurate personal data;
  • inform the Operator of any updates or changes to their personal data.
4.3. Persons who provide the Operator with false information about themselves or about another data subject without that subject’s consent bear responsibility under Russian law.
5. Principles of Personal Data Processing
5.1. Processing is carried out on a lawful and fair basis.
5.2. Processing is limited to specific, explicit, and legitimate purposes; incompatible processing is prohibited.
5.3. Databases processed for different purposes must not be merged.
5.4. Only personal data relevant to the processing purposes are subject to processing.
5.5. The content and volume of personal data correspond to stated purposes; redundancy is not permitted.
5.6. Accuracy, sufficiency, and, where necessary, currency of personal data are ensured; incomplete or inaccurate data are updated or deleted.
5.7. Personal data are stored in a form permitting identification of the data subject no longer than required by processing purposes; thereafter they are destroyed or anonymized, unless otherwise provided by federal law.
6. Purposes of Personal Data Processing

Purpose of processing

receiving an application and providing a calculation of the transaction, terms, cost and work plan, as well as advice on possible cooperation

Personal data

1. Name

2. email

3. phone number

Legal grounds

- the statutory (constituent) documents of the Operator

- contracts concluded between the operator and the subject of personal data

Types of personal data processing

1. Collection, recording, systematization, accumulation, storage, destruction and depersonalization of personal data

2. Sending information letters to an email address


7. Conditions for Personal Data Processing
7.1. Personal data shall be processed with the consent of the data subject.
7.2. Processing of personal data is necessary to achieve the purposes provided for by an international treaty of the Russian Federation or by law, or to exercise the functions, powers and duties vested in the Operator by the legislation of the Russian Federation.
7.3. Processing of personal data is necessary for the administration of justice, to comply with a court decision or an act of another authority or official subject to enforcement under the legislation of the Russian Federation on enforcement proceedings.
7.4. Processing of personal data is necessary for the performance of a contract to which the data subject is a party, beneficiary or guarantor, as well as for the conclusion of a contract at the initiative of the data subject or of a contract under which the data subject will become a beneficiary or guarantor.
7.5. Processing of personal data is necessary to protect the rights and legitimate interests of the Operator or of third parties, or to achieve socially significant purposes, provided that the rights and freedoms of the data subject are not thereby infringed.
7.6. Personal data openly accessible to an unlimited circle of persons by the data subject’s own accord (public personal data) may be processed.
7.7. Personal data subject to publication or mandatory disclosure under federal law may be processed.
8. Procedure for Collection, Storage, Transfer and Other Forms of Personal Data Processing
The security of personal data processed by the Operator is ensured through implementation of legal, organizational and technical measures necessary to fully meet the requirements of the current legislation on personal data protection.
8.1. The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized access.
8.2. The User’s personal data will never, under any circumstances, be transferred to third parties, except where required by law or with the User’s consent to transfer data to a third party for performance of obligations under a civil contract.
8.3. If any inaccuracies are found in the personal data, the User may update them independently by sending a notice to the Operator’s e-mail at skyislandia@protonmail.com with the subject line “Personal Data Update.”
8.4. The period of personal data processing is determined by the purposes for which the data were collected, unless otherwise provided by contract or law. The User may withdraw consent at any time by sending the Operator an e-mail to skyislandia@protonmail.com with the subject line “Withdrawal of Personal Data Consent.”
8.5. All information collected by third-party services (including payment systems, communication providers and other service providers) is stored and processed by those parties in accordance with their User Agreements and Privacy Policies. The Operator is not responsible for the actions of third parties.
8.6. The restrictions imposed by the data subject on transfer (other than granting access) or on processing conditions (other than access) for personal data authorized for dissemination do not apply when personal data are processed in the public interests defined by Russian law.
8.7. The Operator ensures confidentiality of personal data during processing.
8.8. The Operator stores personal data in a form permitting identification of the data subject no longer than required by the processing purposes, unless a longer retention period is stipulated by federal law or contract.
8.9. Processing may be terminated upon achievement of processing purposes, expiration of the consent term, withdrawal of consent by the data subject, receipt of a demand to cease processing, or detection of unlawful processing.
9. Actions Carried Out by the Operator with the Received Personal Data
9.1. The Operator performs collection, recording, classification, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion and destruction of personal data.
9.2. The Operator carries out automated processing of personal data with or without information transfer over information-telecommunication networks.
10. Cross-Border Transfer of Personal Data
10.1. Before commencing cross-border transfer of personal data, the Operator must notify the authorized data protection authority of its intention to transfer personal data abroad (this notice is separate from the notice of intent to process personal data).
10.2. Prior to sending the above notice, the Operator must obtain from the foreign authorities, foreign individuals or foreign legal entities to whom the data will be transferred the relevant information required for such transfer.
11. Confidentiality of Personal Data
The Operator and other persons with access to personal data must not disclose or disseminate such data to third parties without the data subject’s consent, unless otherwise provided by federal law.
12. Final Provisions
12.1. The User may obtain any clarifications regarding the processing of their personal data by contacting the Operator at skyislandia@protonmail.com.
12.2. Any changes to the Operator’s personal data processing policy will be reflected in this document. The Policy remains in effect indefinitely until replaced by a new version.
12.3. The current version of the Policy is freely available online at https://www.skyisland.tech/policy.