KiteLab Security
Attack scenariosEN/RURequest a quote

Personal Data Processing Policy

This Policy defines the procedure for processing and protecting personal data of KiteLab Security website users in accordance with Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data".

1. General Provisions

1.1. This Personal Data Processing Policy (hereinafter - Policy) has been developed in accordance with Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" (hereinafter - FZ-152) and defines the procedure for processing personal data and measures to ensure the security of personal data.

1.2. The personal data operator is KiteLab Security (hereinafter - Operator, Company).

1.3. This Policy applies to all personal data that the Operator receives from personal data subjects through the website, email, and other communication channels.

1.4. Use of the website and/or submission of an inquiry through the contact form constitutes the user's consent to the terms of this Policy.

2. Categories of Personal Data Processed

The Operator may process the following categories of personal data:

  • Contact information: first name, last name, email address, phone number, messenger ID (Telegram)
  • Organization information: company name, job title
  • Request information: task description, selected services and options, testing scenarios
  • Technical data: IP address, browser User-Agent, cookie data - for security and abuse prevention

3. Purposes of Personal Data Processing

The Operator processes personal data exclusively for the following purposes:

  • User identification and processing of inquiries
  • Preparation and sending of commercial proposals
  • Conclusion and execution of service agreements
  • Communication with users regarding service delivery
  • Security and fraud prevention
  • Service quality improvement and website analytics
  • Compliance with Russian Federation legislation

4. Legal Basis for Processing

Personal data processing is carried out on the following legal grounds:

  • Consent of the personal data subject (clause 1, part 1, article 6 of FZ-152)
  • Performance of a contract to which the personal data subject is a party (clause 5, part 1, article 6 of FZ-152)
  • Legitimate interests of the Operator, provided that the rights of the personal data subject are respected (clause 7, part 1, article 6 of FZ-152)

5. Procedure and Conditions for Processing

5.1. Personal data processing is carried out using automation tools and/or without such tools.

5.2. The Operator ensures the confidentiality of personal data and takes necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, and other unlawful actions by third parties.

5.3. Personal data is not transferred to third parties, except in the following cases:

  • Explicit consent of the personal data subject
  • Requirements of Russian Federation legislation
  • Necessity for contract performance (engagement of subcontractors under NDA)

5.4. Cross-border transfer of personal data is not performed.

6. Processing and Storage Terms

6.1. Personal data is stored for the period necessary to achieve processing purposes, but no longer than:

  • For inquiries without contract conclusion - 1 year from the last contact
  • For contract-related data - 5 years from contract termination (in accordance with accounting and tax requirements)

6.2. Upon expiration of these terms or achievement of processing purposes, personal data is destroyed.

7. Rights of Personal Data Subjects

Personal data subjects have the right to:

  • Receive information regarding the processing of their personal data
  • Require clarification, blocking, or destruction of personal data
  • Withdraw consent to personal data processing
  • Appeal actions or inaction of the Operator to Roskomnadzor or in court

To exercise these rights, please send a request to: info@klsec.ru

8. Personal Data Protection Measures

The Operator takes the following measures to protect personal data:

  • Appointment of a person responsible for organizing personal data processing
  • Restricted access to personal data (principle of least privilege)
  • Use of secure communication channels (TLS/HTTPS)
  • Data encryption at rest
  • Regular backup
  • Access control and audit of personal data access
  • Employee training on personal data handling rules

9. Cookies

9.1. The website uses cookies to ensure service functionality and improve user experience.

9.2. The following types of cookies are used:

  • Technical: necessary for website operation (session, language selection, user role)
  • Analytical: for traffic analysis (anonymized data)

9.3. Users can disable cookies in browser settings, however this may affect website functionality.

10. Contact Information

Operator: KiteLab Security
OGRN: 1263600000180
INN: 3665833760
Location: Moscow, Russian Federation
Email: info@klsec.ru
Telegram: @kitelab

For questions regarding personal data processing, please contact us using the information above.

11. Final Provisions

11.1. This Policy comes into effect from the moment of its publication on the website and remains valid indefinitely until replaced by a new version.

11.2. The Operator reserves the right to make changes to this Policy. The current version of the Policy is always available on the website.

11.3. This Policy and the relationship between the user and the Operator are governed by the legislation of the Russian Federation.

Version: 1.0 • Publication date: January 12, 2026

Back to home