Privacy Policy

This Privacy Policy (hereinafter - the "Policy") has been developed in accordance with Federal Law No. 152-FZ of 27 July 2006 "On Personal Data" (hereinafter - the "Personal Data Law") and determines the procedure for processing personal data and the measures for ensuring the security of personal data carried out by spacemonkeys LLC (hereinafter - the "Operator").

The Operator establishes as the most important goal and condition of carrying out its activities the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the rights to privacy, personal and family secrets.

This Operator's Policy regarding the processing of personal data applies to all information that the Operator may obtain about visitors to this website.

1.1. Automated processing of personal data - the processing of personal data by means of computer technology.

1.2. Blocking of personal data - temporary cessation of the processing of personal data (except in cases where processing is necessary for the purpose of clarifying personal data).

1.3. Website - a collection of graphic and informational materials, as well as computer programs and databases ensuring their availability on the Internet at the network address this Website.

1.4. Personal data information system - a collection of personal data contained in databases and the information technologies and technical means ensuring their processing.

1.5. Anonymisation of personal data - actions as a result of which it becomes impossible to determine, without the use of additional information, the attribution of personal data to a specific User or other personal data subject.

1.6. Processing of personal data - any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymisation, blocking, deletion, destruction of personal data.

1.7. Operator - spacemonkeys LLC, the details of which are set out on the Contacts page (/contacts), independently or jointly with other persons organising and (or) carrying out the processing of personal data, as well as determining the purposes of personal data processing, the composition of the personal data subject to processing, the actions (operations) performed with the personal data.

1.8. Personal data - any information relating directly or indirectly to a specific or identifiable User of the Website.

1.9. Personal data permitted by the personal data subject for distribution - personal data access to which by an indeterminate group of persons is granted by the personal data subject by giving consent to the processing of personal data permitted by the personal data subject for distribution, in the manner provided for by the Personal Data Law.

1.10. User - any visitor to the Website.

1.11. Provision of personal data - actions aimed at disclosing personal data to a specific person or to a specific group of persons.

1.12. Distribution of personal data - any actions aimed at disclosing personal data to an indeterminate group of persons (transfer of personal data) or at acquainting an indeterminate group of persons with personal data, including the publication of personal data in the mass media, posting in information and telecommunications networks or providing access to personal data in any other way.

1.13. Cross-border transfer of personal data - transfer of personal data to the territory of a foreign state, to a foreign state authority, to a foreign natural or foreign legal person.

1.14. Destruction of personal data - any actions as a result of which personal data are irretrievably destroyed with the impossibility of further restoration of the content of the personal data in the personal data information system and (or) the material carriers of the personal data are destroyed.

1.15. Cookies - a small fragment of data sent by a web server and stored on the User's computer, which a web client or web browser sends to the web server each time in an HTTP request when attempting to open a page of the corresponding website.

1.16. IP address - a unique network address of a node in a computer network built on the IP protocol.

2.1. The Operator has the right to:

• receive from the personal data subject reliable information and (or) documents containing personal data;
• in the event the personal data subject withdraws consent to the processing of personal data, continue the processing of personal data without the subject's consent if there are grounds specified in the Personal Data Law;
• independently determine the composition and list of measures necessary and sufficient to ensure the fulfilment of the obligations provided for by the Personal Data Law and by regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.

2.2. The Operator is obliged to:

• provide the personal data subject, at their request, with information concerning the processing of their personal data;
• organise the processing of personal data in the manner established by the current legislation of the Russian Federation;
• respond to enquiries and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
• upon request, report to the authorised body for the protection of the rights of personal data subjects (Roskomnadzor) the necessary information within thirty days from the date of receipt of such a request;
• publish or otherwise ensure unrestricted access to this Policy on the processing of personal data;
• take legal, organisational and technical measures to protect personal data from unauthorised or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in respect of personal data;
• notify Roskomnadzor and the personal data subject in the event of an incident resulting in unlawful or accidental transfer of personal data, in the manner and within the time limits established by the Personal Data Law;
• cease the transfer (provision, distribution, provision of access) of personal data, cease processing and destroy personal data in the manner and in the cases provided for by the Personal Data Law.

3.1. Personal data subjects have the right to:

• receive information concerning the processing of their personal data, except in cases provided for by federal laws. The information shall be provided to the personal data subject by the Operator in an accessible form and shall not contain personal data of other subjects;
• demand from the Operator the clarification of their personal data, the blocking or destruction thereof if the personal data are incomplete, outdated, inaccurate, unlawfully obtained or are not necessary for the stated purpose of processing;
• put forward a condition of prior consent in the processing of personal data for the purposes of promoting goods, works and services in the market;
• withdraw consent to the processing of personal data, as well as send a demand to cease the processing of personal data;
• appeal to the authorised body for the protection of the rights of personal data subjects (Roskomnadzor) or to a court against unlawful actions or inaction of the Operator in the processing of their personal data;
• exercise other rights provided for by the legislation of the Russian Federation.

3.2. Personal data subjects are obliged to:

• provide the Operator with reliable data about themselves;
• inform the Operator of the clarification (updating, modification) of their personal data.

3.3. Persons who have provided the Operator with unreliable information about themselves, or information about another personal data subject without the latter's consent, shall bear responsibility in accordance with the legislation of the Russian Federation.

4.1. The processing of personal data by the Operator is carried out on the basis of the following principles:

• lawfulness and a fair basis;
• limitation of the processing of personal data to the achievement of specific, predetermined and lawful purposes;
• prevention of the processing of personal data incompatible with the purposes of the collection of personal data;
• prevention of the merger of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
• processing only of those personal data which correspond to the purposes of their processing;
• correspondence of the content and volume of the processed personal data to the stated purposes of processing;
• inadmissibility of the processing of personal data which are excessive in relation to the stated purposes of their processing;
• ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
• destruction or anonymisation of personal data upon achievement of the purposes of their processing or in the event of loss of the necessity to achieve those purposes, where it is impossible for the Operator to remedy the violations of personal data, unless otherwise provided by federal law.

5.1. The legal grounds for the processing of personal data by the Operator are:

• the Constitution of the Russian Federation;
• the Civil Code of the Russian Federation;
• Federal Law No. 152-FZ of 27 July 2006 "On Personal Data";
• Federal Law No. 149-FZ of 27 July 2006 "On Information, Information Technologies and on the Protection of Information";
• Law of the Russian Federation No. 2300-1 of 7 February 1992 "On Protection of Consumer Rights";
• the Operator's constitutional documents;
• agreements concluded between the Operator and the personal data subject, including the public offer (Terms of Service) posted on the Website;
• consent of the personal data subject to the processing of their personal data, executed as a separate document in the manner established by Article 9 of the Personal Data Law in the version effective as of 1 September 2025.

5.2. The processing of personal data carried out without the use of automation tools is governed by Resolution of the Government of the Russian Federation No. 687 of 15 September 2008 "On Approval of the Regulation on the Specifics of the Processing of Personal Data Carried Out Without the Use of Automation Tools".

6.1. The Operator processes the personal data of Users for the following purposes:

• identification of a User registered on the Website for the purposes of placing an order by remote means;
• conclusion, performance and termination of a remote retail sale and purchase contract, including order processing and delivery, payment processing, consideration of claims and the implementation of refunds;
• providing the User with access to personalised resources of the Website;
• establishing feedback with the User, including sending notifications and inquiries concerning the use of the Website and the provision of services, processing of the User's requests and applications;
• confirming the reliability and completeness of the personal data provided by the User;
• creating an account for making purchases, if the User has consented to the creation of an account;
• notifying the User of the status of the order and payment;
• processing and receiving payments, disputing a payment;
• providing the User with effective customer and technical support in the event of problems related to the use of the Website;
• providing the User, with their consent, with informational and advertising mailings about new products, promotions and special offers of the Operator;
• the Operator's performance of obligations provided for by the legislation of the Russian Federation, including tax legislation and accounting legislation.

7.1. Categories of personal data subjects processed by the Operator:

• Users of the Website (visitors to the Website, registered users, purchasers);
• the Operator's counterparties and their representatives (to the extent necessary for the performance of contracts).

7.2. The Operator processes the following personal data of Users provided upon registration, when placing an order and when using the Website:

• surname, given name;
• email address;
• contact telephone number;
• account identifier in a Third-Party Service (for example, the nickname or ID of a gaming account) necessary for the performance of the order;
• surname, given name and other open data obtained upon authorisation through social networks;
• payment information (the processing is carried out on the side of the payment agent; full bank card details are not transmitted to the Operator).

7.3. The Operator automatically collects the following data when the User visits the Website:

• IP address;
• information from cookies;
• information about the User's browser and operating system;
• time of access;
• the address of the requested page;
• the referrer (the address of the previous page).

7.4. The Operator does not process special categories of personal data concerning racial or national origin, political views, religious or philosophical beliefs, state of health, intimate life, nor biometric personal data.

7.5. Disabling cookies in the User's browser settings may result in the impossibility of accessing parts of the Website that require authorisation.

8.1. The security of personal data processed by the Operator shall be ensured through the implementation of legal, organisational and technical measures necessary to comply in full with the requirements of current legislation in the field of personal data protection.

8.2. In accordance with part 5 of Article 18 of the Personal Data Law, the Operator ensures the recording, systematisation, accumulation, storage, clarification (updating, modification), retrieval of the personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.

8.3. The Operator ensures the safekeeping of personal data and takes all possible measures preventing the access of unauthorised persons to personal data.

8.4. The User's personal data shall never, under any conditions, be transferred to third parties, except in cases related to the implementation of the current legislation of the Russian Federation, or in the event that the personal data subject has given consent to the Operator to transfer the data to a third party for the performance of obligations under a civil law contract.

8.5. For the purposes of performing the contract and providing the Services, the Operator has the right to transfer personal data to the following categories of recipients:

• payment agents and processing centres - to the extent necessary for the conduct and confirmation of the payment;
• operators of Third-Party Services (for example, gaming platforms) - to the extent of the User's account identifier necessary for crediting the Game Asset;
• authorised state authorities of the Russian Federation - upon request in the cases and in the manner established by the legislation of the Russian Federation.

8.6. Cross-border transfer of personal data is not carried out by the Operator. In the event that cross-border transfer of personal data becomes necessary, the Operator undertakes to notify Roskomnadzor in the manner established by Article 12 of the Personal Data Law and to ensure compliance with the personal data protection requirements established by the legislation of the Russian Federation.

8.7. In the event of inaccuracies being detected in personal data, the User may update them independently by sending the Operator a notification to the Operator's email address marked "Updating of Personal Data".

8.8. The period of personal data processing shall be determined by the achievement of the purposes for which the personal data were collected, unless a different period is provided for by the contract or current legislation. The User may at any time withdraw their consent to the processing of personal data by sending the Operator a notification by email to the Operator's email address marked "Withdrawal of Consent to the Processing of Personal Data".

9.1. Prior to commencing cross-border transfer of personal data, the Operator is obliged to satisfy itself that the foreign state, to the territory of which the transfer of personal data is intended, ensures reliable protection of the rights of personal data subjects.

9.2. Cross-border transfer of personal data to the territories of foreign states that do not meet the above requirements may be carried out only in the event of the personal data subject's consent in writing to the cross-border transfer of their personal data and/or the performance of a contract to which the personal data subject is a party.

9.3. From 1 July 2025, the Operator complies with the requirements of Federal Law No. 233-FZ of 8 August 2024 and other regulatory legal acts restricting the transfer of the personal data of Russian citizens to foreign information systems prior to their initial placement in databases on the territory of the Russian Federation.

10.1. In the event of the establishment of the fact of unlawful or accidental transfer (provision, distribution, access) of personal data resulting in a violation of the rights of personal data subjects, the Operator is obliged to notify Roskomnadzor:

• within 24 hours of the incident that has occurred, of the alleged causes that led to the violation of the rights of personal data subjects, and of the alleged harm caused to the rights of personal data subjects, of the measures taken to eliminate the consequences of the corresponding incident, and to provide information about the person authorised by the Operator to interact with Roskomnadzor on issues related to the identified incident;
• within 72 hours of the results of the internal investigation of the identified incident, and to provide information about the persons whose actions were the cause of the identified incident (if any).

10.2. In the event of the loss or disclosure of personal data, the Operator shall inform the personal data subject of the loss or disclosure of their personal data in the manner established by the Personal Data Law.

11.1. To ensure the security of personal data during their processing, the Operator takes the necessary and sufficient legal, organisational and technical measures to protect personal data from unauthorised or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in respect of personal data.

11.2. Such measures include, in particular:

• appointment of a person responsible for organising the processing of personal data;
• issuance by the Operator of local acts on the issues of processing personal data, as well as local acts establishing procedures aimed at the prevention and identification of violations of the legislation of the Russian Federation, the elimination of the consequences of such violations;
• application of legal, organisational and technical measures to ensure the security of personal data in accordance with Article 19 of the Personal Data Law;
• implementation of internal control and (or) audit of the conformity of personal data processing with the Personal Data Law and the regulatory legal acts adopted in accordance with it;
• familiarisation of the Operator's employees who directly carry out the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, and the training of the said employees;
• use of a secure data transmission protocol (HTTPS/SSL) when transferring personal data over the Internet;
• use of information protection means that have undergone the procedure of conformity assessment with the requirements of the legislation of the Russian Federation in the field of ensuring information security, in cases where the application of such means is necessary for neutralising current threats;
• restriction of access to personal data by the Operator's employees who have such access exclusively to the extent necessary for the performance of their job duties.

12.1. The User may receive any clarifications on questions of interest concerning the processing of their personal data by contacting the Operator using the contact email listed on the Contacts page.

12.2. This document shall reflect any changes to the personal data processing policy by the Operator. The Policy is in effect indefinitely until replaced by a new version.

12.3. The current version of the Policy is freely available on the Internet at /privacy.

12.4. This Policy has been developed in accordance with the requirements of the Personal Data Law, including its Articles 18.1 and 19, and is mandatory for application by all employees of the Operator who are involved in personal data processing processes.

Date of last revision: May 1, 2026