Personal Data Processing Policy
of the Nunto mobile application
Version 1.0. Effective date: 2026-05-01
This Policy defines how personal data of Users of the Nunto mobile application is processed and protected.
1. General provisions
1.1. This Personal Data Processing Policy of the Nunto mobile application (the “Policy”) defines the procedure for processing and protecting personal data of Users of the Nunto mobile application (the “Application”).
1.2. The Policy applies to all personal data the Operator receives from or about Users in connection with installation, launch and use of the Application, support requests, orders, reviews, and other functions.
1.3. The Policy is developed taking into account Federal Law No. 152-FZ of 27.07.2006 “On Personal Data” of the Russian Federation, other applicable regulations, and general recommendations of the authorized data protection authority.
1.4. By using the Application, the User confirms that they have read this Policy. If the User does not agree with its terms, they must stop using the Application.
1.5. This Policy is a public document and is published in the Application and/or on the Operator's website.
2. Information about the Operator
2.1. The Operator of personal data is the entity that organizes and/or carries out the processing of personal data of Users of the Nunto Application and determines the purposes and scope of processing.
| Detail | Value |
|---|---|
| Operator full name | Individual entrepreneur Spiridonov A.P. |
| INN / OGRNIP | INN: 772821440513; OGRNIP: 306770000026122 |
| Legal / postal address | 117570, Russia, Moscow, Leninsky prospect, 121, building 1, structure 1, apt. 131 |
| Mobile application | Nunto |
| Email for personal data inquiries | support@nunto.tech |
3. Key terms
Personal data — any information directly or indirectly relating to an identified or identifiable User.
Processing of personal data — any action or set of actions with personal data, including collection, recording, systematization, accumulation, storage, clarification, retrieval, use, transfer, depersonalization, blocking, deletion and destruction.
Operator — an entity that, alone or jointly with others, organizes and/or carries out the processing of personal data and determines the purposes and scope of processing.
User — an individual using the Nunto mobile application.
Application — the Nunto mobile application, intended for the User to use available functions, including orders, reviews, preferences and support requests.
Confidentiality of personal data — a mandatory requirement not to disclose personal data to third parties and not to distribute it without the User's consent, unless otherwise provided by law.
4. Categories of subjects and personal data processed
4.1. The Operator processes personal data of the following categories of subjects:
- Users of the Nunto mobile application;
- persons sending requests, reviews, queries or messages to the support service;
- other persons whose data may be provided by the User while using the Application's functions.
| Data category | Examples | Source |
|---|---|---|
| Device information | device model, OS version, unique device identifier | automatically when using the Application |
| Application interaction data | order history, reviews, preferences, in-app actions | User and Application technical means |
| Support request data | request content, contact details if provided by the User | User |
| Technical diagnostics data | error reports, app events and other technical parameters | automatically when using the Application |
4.3. The Operator does not deliberately process special categories of personal data unless the User has voluntarily provided such information in a request.
4.4. The Operator does not verify the accuracy of personal data provided by the User, except where such verification is necessary to perform obligations to the User or required by law.
5. Purposes and legal grounds for processing personal data
5.1. The Operator processes Users' personal data only for specific, predefined and legitimate purposes.
| Purpose | Data that may be used | Legal basis |
|---|---|---|
| Operating the Application | device information, interaction data, order history | performance of the user agreement, User consent, legal requirements |
| Improving service quality and features | depersonalized or aggregated usage data, reviews, preferences | User consent, service analytics |
| Personalizing user experience | preferences, interaction history, settings | User consent, performance of Application functions |
| Technical support and bug fixing | support requests, technical data, error reports | User request, performance of Operator obligations |
| Usage analysis and marketing | interaction data, technical and statistical information | User consent, depersonalized analytics |
5.2. The Operator does not process personal data incompatible with the stated purposes.
5.3. Where processing is based on the User's consent, such consent may be withdrawn in the manner specified in this Policy.
6. Personal data processing principles
6.1. When processing personal data, the Operator complies with the following principles:
- lawful and fair basis for processing;
- limiting processing to specific, predefined and legitimate purposes;
- preventing processing incompatible with the purposes of collection;
- ensuring the content and scope of processed data match the stated purposes;
- ensuring accuracy, sufficiency and relevance of personal data;
- storing personal data no longer than required by purposes or law;
- taking necessary organizational and technical measures to protect personal data.
7. Actions with personal data and processing methods
7.1. The Operator may perform the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification, updating, modification, retrieval, use, transfer, provision, access, depersonalization, blocking, deletion and destruction.
7.2. Personal data may be processed both with and without the use of automation tools.
7.3. The Operator may use depersonalized and aggregated data to analyze Application quality, diagnose errors, develop features and prepare statistics.
8. Transfer of personal data to third parties
8.1. The Operator may transfer personal data to third parties only with a legal basis and to the extent necessary to achieve the processing purposes.
8.2. Categories of third parties to whom data may be transferred:
- partners and contractors providing Application operation, technical support and other service functions;
- analytics platforms used to assess Application quality;
- government authorities, courts and other authorized persons — in cases provided by law.
8.3. When entrusting processing to third parties, the Operator takes measures to ensure confidentiality and security.
8.4. The Operator does not sell Users' personal data and does not disclose it outside the purposes of this Policy.
9. Cross-border transfer and localization of personal data
9.1. When collecting personal data of Russian citizens, the Operator complies with Russian legislation on personal data localization, where applicable.
9.2. Cross-border transfer may be performed only with a legal basis and protective measures for User rights.
9.3. When using services located outside the Russian Federation, the Operator separately assesses the necessity of cross-border transfer and follows the required procedures.
10. Storage periods and termination of processing
10.1. Personal data is stored no longer than required by the purposes of processing, User consent or law.
10.2. Processing is terminated when the purposes are achieved, consent is withdrawn, the account is deleted, the storage period expires or other grounds occur.
10.3. After termination, data is subject to deletion, destruction or depersonalization, unless further storage is required by law or to protect the Operator's rights.
10.4. Technical backups may be retained for the period necessary to ensure reliability and security of information systems.
11. Personal data protection measures
11.1. The Operator takes necessary and sufficient organizational and technical measures to protect personal data from unlawful or accidental access, destruction, modification and other unlawful actions.
11.2. Such measures may include:
- appointment of persons responsible for organizing processing and protection of personal data;
- limiting access to personal data on a need-to-know basis;
- use of access control and authentication tools;
- logging actions with personal data in information systems;
- data backup and recovery;
- use of technical protection means, including encryption of data transmission channels;
- monitoring confidentiality compliance by persons with access to data;
- periodic assessment of the effectiveness of protection measures.
11.3. The specific list of protection measures is determined by the Operator based on the nature of the data, infrastructure, possible threats and legal requirements.
12. Rights of the personal data subject
12.1. As a personal data subject, the User has the right to:
- receive information about the processing of their personal data;
- request access to their personal data;
- demand clarification, blocking or destruction of data if it is incomplete, outdated, inaccurate or unlawfully obtained;
- withdraw consent to processing of personal data;
- object to processing in cases provided by law;
- appeal the Operator's actions to the authorized authority or court;
- exercise other rights provided by Russian Federation legislation.
12.2. The exercise of certain rights may be limited in cases provided by law.
13. Procedure for User requests
13.1. To exercise rights related to personal data processing, the User may send a request to the Operator at: support@nunto.tech.
13.2. The request should include:
- name and contact details, where needed for identification;
- the substance of the request;
- information confirming the User's connection to the Application or account;
- the date of the request and signature, if submitted in writing.
13.3. The Operator considers requests within the time limits provided by law and may request additional information to verify the applicant's identity.
13.4. Withdrawal of consent may make further use of certain Application functions impossible.
14. Changes to the Policy
14.1. The Operator may amend this Policy. The new version takes effect upon its publication in the Application or on the Operator's website.
14.2. Users are advised to periodically review the current version of the Policy.
14.3. If changes substantially affect personal data processing, the Operator takes reasonable steps to additionally inform Users.
15. Final provisions
15.1. This Policy is valid indefinitely until replaced by a new version.
15.2. Matters not regulated by this Policy are governed by the legislation of the Russian Federation.
15.3. Contact for questions and requests: support@nunto.tech.
Appendix 1. Summary table of personal data processing
The table serves as a brief summary of personal data processing for internal control and publication as part of the Policy.
| Purpose | Data categories | Subject categories | Recipients / third parties | Processing period |
|---|---|---|---|---|
| Application operation | device, OS, device identifier, order history | Users | infrastructure contractors, technical services | until purpose is achieved or use of Application stops |
| Service quality improvement | reviews, preferences, usage data | Users | analytics platforms, contractors | until purpose is achieved or consent is withdrawn |
| Experience personalization | preferences, interaction history, settings | Users | contractors providing the functions | until settings change or use of Application stops |
| Technical support | requests, contact details if provided, technical error data | Users, applicants | support team, technical contractors | for the request review period and subsequent storage |
| Analytics and marketing | usage statistics, depersonalized or aggregated data | Users | analytics platforms | until analytical purpose is achieved or consent is withdrawn |
Email: support@nunto.tech