Privacy policy

1. General Provisions

1.1 This Personal Data Processing Policy (hereinafter referred to as the “Policy”) defines the procedure and conditions for the processing of personal data by VPESPORTS Individual Entrepreneur (address: Moscow, Russia) in relation to users of the website minecraft.vpesports.com/.

1.2 Terms used in this Policy shall have the meanings established by the legislation of the Russian Federation on personal data.

1.3 The Operator processes personal data based on the principles of legality, fairness, data minimization, and limitation of processing to specific, predetermined, and legitimate purposes.

1.4 The Operator ensures the confidentiality of personal data (Article 7 of the Personal Data Law) and takes the necessary measures to fulfill obligations established by Part 2 of Article 18.1 and Part 1 of Article 19 of the said law (organizational and technical security measures).

1.5 Contact information for personal data subjects: email: [[email protected]](mailto:[email protected]); postal address: Moscow, Russia. This Policy is effective from 2026-05-21 and is publicly available on the website.

2. Basic Terms Used in the Policy

2.1 Automated processing of personal data — processing of personal data using computer technology.

2.2 Blocking of personal data — temporary suspension of personal data processing (except where processing is required for clarification of personal data).

2.3 Website — a collection of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at the network address minecraft.vpesports.com/.

2.4 Personal data information system — a set of personal data contained in databases and the information technologies and technical means ensuring their processing.

2.5 Depersonalization of personal data — actions resulting in the impossibility of determining, without additional information, whether personal data belongs to a specific User or other personal data subject.

2.6 Processing of personal data — any action (operation) or set of actions (operations) performed with personal data using automation tools or without such tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

2.7 Operator — a state authority, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or performs personal data processing, and determines the purposes, scope, and actions performed with personal data.

2.8 Personal data — any information directly or indirectly relating to an identified or identifiable User of the website minecraft.vpesports.com/

2.9 Personal data permitted for distribution by the personal data subject — personal data made available to an unlimited number of persons by the subject through consent provided in accordance with personal data legislation.

2.10 User — any visitor of the website minecraft.vpesports.com/.

2.11 Provision of personal data — actions aimed at disclosing personal data to a specific person or group of persons.

2.12 Distribution of personal data — any actions aimed at disclosing personal data to an indefinite group of persons, including publication in media, placement in information and telecommunication networks, or otherwise providing access.

2.13 Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign authority, individual, or legal entity.

2.14 Destruction of personal data — any actions resulting in irreversible destruction of personal data with no possibility of restoring its content in personal data information systems and/or destruction of physical carriers containing personal data.

3. Basic Rights and Obligations of the Operator

3.1 The Operator has the right to:

— receive reliable information and/or documents containing personal data from the personal data subject;

— continue processing personal data without consent after consent withdrawal or a request to stop processing if there are legal grounds under personal data legislation;

— independently determine the composition and list of measures necessary and sufficient to ensure compliance with personal data legislation unless otherwise provided by law.

3.2 The Operator is obliged to:

— provide information regarding processing of personal data upon request by the subject;

— organize personal data processing in accordance with Russian Federation legislation;

— respond to requests and inquiries from personal data subjects and their representatives in accordance with personal data legislation;

— provide required information to the authorized personal data protection authority within 10 days upon request;

— publish or otherwise provide unrestricted access to this Policy;

— take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, and other unlawful actions;

— cease transfer, processing, and destroy personal data in cases provided by law;

— fulfill other obligations established by personal data legislation.

4. Basic Rights and Obligations of Personal Data Subjects

4.1 Personal data subjects have the right to:

— receive information regarding processing of their personal data, except in cases established by federal law;

— require clarification, blocking, or destruction of their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing;

— require prior consent for processing personal data for marketing purposes;

— withdraw consent for processing personal data and request termination of processing;

— appeal unlawful actions or inaction of the Operator before the authorized authority or in court;

— exercise other rights established by Russian Federation legislation.

4.2 Personal data subjects are obliged to:

— provide accurate personal data to the Operator;

— notify the Operator regarding updates or changes to their personal data.

4.3 Persons who provide inaccurate information about themselves or another subject without consent bear responsibility under Russian Federation legislation.

5. Purposes of Collection and Processing of Personal Data

5.1 Ensuring operation and security of the website/application.

5.2 Journalism / media activities.

5.3 Conducting research activities.

5.4 Statistical analysis and accounting.

6. Legal Grounds for Processing Personal Data

6.1 For ensuring operation and security of the website/application, legal grounds include: legitimate interests of the Operator, Federal Law No. 149-FZ, local regulations, and consent (where required for cookies/analytics).

6.2 For journalism/media activities: Law No. 2124-1 “On Mass Media” and consent where required.

6.3 For research activities: research agreements/tasks, consent where required, and depersonalization.

6.4 For statistical analysis: Federal Law No. 282-FZ and depersonalization.

6.5 Additional legal grounds may include the Operator’s charter documents, local regulations, agreements with subjects, and/or consent provided by them where required by law.

Note: Federal Law No. 152-FZ “On Personal Data” establishes general requirements for personal data processing and is not itself an independent legal basis for processing.

7. Scope and Categories of Processed Personal Data; Categories of Subjects

7.1 For ensuring operation and security of the website/application, the following categories may be processed: IP addresses, date/time, URLs, headers and technical identifiers, cookies/SDKs, device data, error and access logs.

7.2 For journalism/media activities: full names, biographical and interview data, images (photos/videos), publicly available information.

7.3 For research activities: survey/questionnaire data, names (if not anonymized), contact details, survey/test results, technical identifiers.

7.4 For statistical analysis: anonymized and aggregated data; where necessary, minimally required personal data followed by anonymization.

7.5 Depending on processing purposes, subjects may include website visitors/users, clients, contractors (individuals), representatives of legal entities, employees, job candidates, and other persons.

8. Procedure and Conditions for Processing Personal Data

8.1 Personal data is processed based on User consent unless otherwise provided by Russian Federation legislation.

8.2 Consent is expressed through actions clearly aimed at providing personal data: filling out website forms, sending requests/messages, and confirming agreement with the Policy by checking the corresponding checkbox (where applicable).

8.3 Users may withdraw consent at any time by contacting [[email protected]](mailto:[email protected]). After withdrawal, the Operator ceases processing except where processing is permitted without consent under applicable law.

8.4–8.7 For all stated purposes, the following operations may be performed: collection, recording, systematization, accumulation, storage, updating, retrieval, use, transfer, depersonalization, blocking, deletion, and destruction.

8.8 Processing may be carried out using automation tools and/or without them.

8.9 Retention periods: logs — 2 months.

8.10 The website may use cookies to ensure proper operation of services and improve user experience.

8.11 Website analytics may be conducted (including counters/pixels/SDKs), while only minimally necessary data is processed. Marketing identifiers require consent where required by law.

8.12 In certain cases, cross-border transfer of personal data may occur in compliance with applicable legislation, including where the recipient country provides adequate protection or where consent has been obtained.

8.13 The Operator may transfer personal data to authorized authorities on grounds established by Russian Federation legislation.

9. Measures to Ensure Protection of Personal Data

9.1 The Operator takes necessary legal, organizational, and technical measures to protect Users’ personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, and other unlawful actions.

9.2 Such measures include, in particular: appointment of responsible persons; adoption of internal regulations; restriction of employee access; use of antivirus software, firewalls, and other security tools; secure storage conditions; internal audits and compliance monitoring; and familiarization of employees with applicable legislation and internal policies.

10. Updating, Correction, Deletion, and Destruction of Personal Data; Responses to Requests

10.1 Upon confirmation of inaccuracies or unlawful processing, the Operator updates the data and/or ceases processing.

10.2 Personal data shall be destroyed upon achievement of processing purposes, withdrawal of consent (where consent was the basis), expiration of retention periods, or identification of unlawful processing unless otherwise required by law or contract.

10.3 Personal data subjects may submit requests regarding processing of their personal data and/or requests for clarification, blocking, or deletion via [[email protected]](mailto:[email protected]) or by postal mail to Moscow, Russia.

10.4 The Operator’s response period shall not exceed 30 calendar days from receipt of the request.

10.5 Grounds for termination of processing include achievement of purposes, withdrawal of consent, unlawful processing, and other grounds established by law.

11. Policy Updates

11.1 This Policy may be reviewed and updated in the event of changes to Russian Federation legislation, applicable regulations, or by decision of the Operator.

11.2 The current version of the Policy is always available on the Operator’s website: minecraft.vpesports.com/.

11.3 The updated version becomes effective upon publication on the website unless otherwise specified in the updated version itself.