Online Video Platform. Boomstream Platform.

Privacy Policy

RULES GOVERNING THE POLICY OF THE LIMITED LIABILITY COMPANY "HWD" (TIN 6161062312) REGARDING THE PROCESSING OF PERSONAL DATA

Rostov-on-Don

"___" ________ 2026

1. TERMS AND DEFINITIONS

The following terms are used in these Rules:

Term Definition
Personal Data Any information relating to a directly or indirectly identified or identifiable natural person (the personal data subject) in accordance with Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006 (hereinafter — the Law).
Operator Limited Liability Company "HWD" (OGRN 1116193005202, TIN 6161062312), registered address: 344092, Rostov Region, Rostov-on-Don, Tvorcheskaya St., 9, bldg. 1, premises N 13, which, independently or jointly with other persons, organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing, the composition of the personal data and the actions performed with them.
User Agreement The public offer of HWD Ltd. governing the terms of access to and use of the "Boomstream" service, the current version of which is published at: https://boomstream.ru/terms.
Site / Platform The aggregate of software and technical solutions and content available on the Internet at the addresses: https://boomstream.ru (Russian-language version), https://boomstream.com (international version), as well as on their subdomains.
Processing of Personal Data Any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction.
Author A User who has registered an Account on the Platform and uses its services to publish, stream, or monetize content.
Buyer A User who has acquired access to an Author's content through the Platform's monetization service.
Transaction The sequence of actions by the Buyer and the Author for the acquisition of an Electronic Ticket on the "Boomstream" Site.

1.1. Other terms used in these Rules are interpreted in accordance with the current legislation of the Russian Federation and the definitions set out in the User Agreement. In the event of discrepancies, the definitions of the User Agreement shall prevail.

1.2. These Rules constitute a local regulatory act of the Operator on matters of personal data processing and have been developed in pursuance of the requirements of the Law and other regulatory legal acts of the Russian Federation.

1.3. The purpose of these Rules is to ensure the protection of the rights and freedoms of personal data subjects during the processing of their personal data, including the protection of the right to privacy and personal and family secrets.

2. GENERAL PROVISIONS

2.1. These Rules determine the procedure for processing and protecting information about natural persons (hereinafter — the "User", the "personal data subject") that may be obtained by the Operator when the User uses the Platform's services, including registration, the execution of Transactions, and the conclusion and performance of service agreements.

2.2. These Rules apply to all information and personal data that the Operator may obtain about a User of the Internet who uses the Platform's services.

2.3. The Operator does not control and is not responsible for third-party websites to which the User may navigate via links available on the Platform, or for the use of personal information provided by the User on third-party websites.

2.4. In pursuance of the Law and these Rules, the Operator has the right to adopt other local regulatory acts governing particular aspects of the processing and protection of personal data.

2.5. Should the User refuse to accept the terms of these Rules, the use of the Platform must be ceased immediately.

3. COMPOSITION OF THE PERSONAL DATA PROCESSED

3.1. The personal information of Platform Users means any information directly or indirectly relating to a natural person (the personal data subject), namely:

3.1.1. Data provided by the User independently:

  • surname, first name, patronymic (if any);
  • email address;
  • contact mobile telephone number;
  • data required to execute a Transaction and issue an Electronic Ticket;
  • other contact and registration information provided when creating an Account or filling out forms on the Platform.

3.1.2. Data transmitted automatically during the use of the Platform:

  • IP address, MAC address, ICCID;
  • cookie data and similar tracking technologies;
  • information about the device, browser, and operating system;
  • geolocation data (where the relevant permission is enabled in the device settings);
  • information about the User's actions on the Platform (views, purchases, settings).

3.1.3. Data received from third parties:

  • information from Authors about Buyers to the extent necessary to fulfill obligations under a Transaction;
  • data from payment providers and banks required to process payments;
  • other information obtained in cases provided for by the legislation of the Russian Federation.

3.2. Information that is mandatory to provide is specially marked on the Platform. The provision of non-mandatory data is carried out by the User voluntarily.

3.3. By accepting the User Agreement, the User confirms the accuracy of the personal data provided and consents to its processing in the manner and on the terms set out in these Rules.

4. PURPOSES OF PERSONAL DATA PROCESSING

The processing of the User's personal data is carried out by the Operator in accordance with the legislation of the Russian Federation for the following purposes:

4.1. Registration and identification of the User on the Platform, and the creation and maintenance of an Account.

4.2. Fulfillment of obligations under the User Agreement, including the execution of Transactions, issuance of Electronic Tickets, and provision of access to Content.

4.3. Processing of payments, interaction with payment providers, and refunds.

4.4. Technical support, sending notifications about the status of Transactions, and responding to User inquiries.

4.5. Sending informational and marketing communications, only where the User has given separate consent.

4.6. Ensuring the security of the Platform, preventing fraud, and complying with the requirements of the law.

4.7. Conducting analytics and improving the Services on the basis of anonymized data.

4.8. Transfer of data to Authors to the extent necessary to fulfill obligations under a Transaction.

5.1. The processing of personal data is carried out on the following legal grounds:

  • the consent of the personal data subject to the processing of their personal data;
  • the performance of a contract to which the personal data subject is a party, beneficiary, or guarantor (the User Agreement);
  • the Operator's fulfillment of the requirements of the legislation of the Russian Federation, including tax, accounting, and anti-money-laundering legislation;
  • the legitimate interest of the Operator that does not violate the rights and freedoms of the personal data subject;
  • the administration of justice and the enforcement of judicial acts.

5.2. The processing of special categories of personal data (race, nationality, political views, religious or philosophical beliefs, state of health, intimate life) is not carried out on the Platform, except in cases where such data has been provided by the User voluntarily and explicitly, and only with the User's written consent in the cases provided for in Article 10 of the Law.

5.3. The processing of biometric personal data is not carried out on the Platform.

6. CONDITIONS FOR THE PROCESSING AND TRANSFER OF PERSONAL DATA

6.1. The Operator takes all necessary organizational and technical measures to protect the User's personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions in respect of personal data.

6.2. Access to the User's personal data is granted only to authorized employees of the Operator who require this information to perform their job functions, as well as to the Operator's counterparties acting on the basis of processing assignment agreements in accordance with Article 6 of the Law.

6.3. Transfer of personal data to third parties

The Operator has the right to transfer the User's personal data to the following categories of recipients:

Recipient Purpose of transfer Scope of data transferred
Content Authors Fulfillment of obligations under a Transaction, provision of access to Content, informing about the order status Surname, first name, email address, data on the purchased Electronic Ticket
Payment providers and banks Processing of payments, refunds, compliance with financial legislation Data required to process a payment in accordance with the requirements of payment systems
Hosting providers and technical partners Ensuring the functioning of the Platform, technical support Technical data (IP, cookies, device data) in anonymized or aggregated form
Analytics services (Yandex.Metrica, etc.) Analysis of user behavior, improvement of the Services Anonymized data: cookies, IP address, information about actions on the site
Authorized government bodies Fulfillment of the requirements of the law, consideration of requests within the competence of such bodies Data to the extent provided for by the request of the authorized body

6.4. The Operator does not transfer personal data for purposes unrelated to the performance of the User Agreement without the separate informed consent of the User.

6.5. When using embedded data collection forms, the Author is deemed to be the personal data operator within the meaning of Law No. 152-FZ, and the Company acts as a processor on behalf of the Author (clause 1.7.27 of the User Agreement). In this case, the processing of personal data is carried out in accordance with the Author's privacy policy.

7. PERIODS OF PROCESSING AND STORAGE OF PERSONAL DATA

7.1. The period of personal data processing is determined by the purpose of processing and is as follows:

Category of data Storage period
Data required for the performance of the User Agreement For the term of the Agreement + 3 (three) years after its termination
Data for the fulfillment of tax and accounting legislation For the periods established by the Tax Code of the Russian Federation and the Federal Law "On Accounting" (but not less than 5 years)
Data processed on the basis of consent (marketing) Until the consent is withdrawn by the personal data subject
Data for ensuring security and preventing fraud For 3 (three) years from the date of the User's last action on the Platform
Anonymized data for analytics Indefinitely, in anonymized form

7.2. Upon the expiry of the specified periods, personal data is subject to anonymization or destruction, unless otherwise provided by federal law.

7.3. Procedure for the destruction of personal data:

  • personal data on paper media is destroyed using a shredder without the possibility of recovery;
  • personal data in electronic form is deleted from information systems using software tools that ensure the impossibility of recovery.

8. RIGHTS OF THE PERSONAL DATA SUBJECT

8.1. The User has the right to:

  • obtain information concerning the processing of their personal data, including whether the Operator holds personal data, and the purposes, legal grounds, and periods of processing;
  • demand the clarification, blocking, or destruction of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing;
  • withdraw consent to the processing of personal data;
  • demand the cessation of the processing of personal data, except in the cases provided for in Parts 2–11 of Article 6 of the Law;
  • appeal the actions or omissions of the Operator to the authorized body for the protection of the rights of personal data subjects or through the courts.

8.2. To exercise the rights specified in clause 8.1, the User may:

  • use the functionality of the Personal Account on the Platform: viewing and editing data, managing subscriptions;
  • send a written request to the address: 344092, Rostov-on-Don, Tvorcheskaya St., 9, bldg. 1, premises N 13, room 38;
  • send a request to the email address: support@boomstream.com marked "For the Personal Data Protection Department".

8.3. The period for considering a request from a personal data subject is 30 calendar days from the date the Operator receives the request. In exceptional cases, the period may be extended by no more than 30 days, with mandatory notification to the subject of the reasons for the extension.

8.4. The response to a request is sent in a form that allows confirmation of its receipt, at the subject's choice: in writing to the postal address or in electronic form to the email address specified in the request.

9.1. Consent to the processing of personal data may be withdrawn by the User at any time.

9.2. Methods of withdrawing consent:

  • sending a written application to the address: 344092, Rostov-on-Don, Tvorcheskaya St., 9, bldg. 1, premises N 13, room 38;
  • sending an application to the email address: support@boomstream.com;
  • using the functionality of the Personal Account (where technically possible);
  • sending an application via the feedback form on the Platform marked "Withdrawal of consent to the processing of personal data".

9.3. In the event of withdrawal of consent, the Operator has the right to continue processing personal data without the subject's consent where there are grounds specified in clauses 2–11 of Part 1 of Article 6, Part 2 of Article 10, and Part 2 of Article 11 of the Law, for example, to perform a contract, protect the Operator's rights, or comply with the requirements of the law.

9.4. The withdrawal of consent to the processing of personal data does not automatically terminate the User Agreement. To terminate the contractual relationship, the User must terminate the Agreement in the manner provided for in Section 1.1 of the User Agreement.

10. PROCESSING OF PERSONAL DATA USING THIRD-PARTY SERVICES

10.1. Yandex.Metrica and Yandex.Webmaster

The Platform uses the web analytics services "Yandex.Metrica" and "Yandex.Webmaster" provided by Yandex LLC (Russia). The services collect anonymized data about visits to the Platform using cookie technologies for the purposes of:

  • analyzing user behavior;
  • assessing the effectiveness of the Platform;
  • improving the user experience.

The User may opt out of data collection by installing the relevant browser extension: https://yandex.ru/support/metrica/general/opt-out.html. Alternatively, the User may disable marketing and analytics cookies in the consent form settings on the Site.

10.2. Other analytics services

The Operator has the right to use other analytics services and technical tools that collect anonymized data about the use of the Platform. Information about such services is published in the "Cookie" section on the Platform.

10.3. Managing cookies

The User may manage cookie settings in their browser. Disabling cookies may limit the functionality of the Platform.

11. REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA

11.1. In accordance with the requirements of Article 19 of the Law and Resolution of the Government of the Russian Federation No. 1119 dated 01.11.2012 "On Approval of the Requirements for the Protection of Personal Data during Their Processing in Personal Data Information Systems", the Operator has determined a Personal Data Protection Level — Level 3 (UZ-3) (for information systems processing personal data that does not relate to special categories, in the absence of threats associated with leakage via technical channels).

11.2. Organizational protection measures implemented:

  • appointment of a person responsible for organizing the processing of personal data;
  • development and approval of local regulatory acts on the processing and protection of personal data;
  • delineation of employees' access rights to personal data based on a role model;
  • training and certification of employees authorized to process personal data;
  • regular monitoring and auditing of protection measures.

11.3. Technical protection measures implemented:

  • the use of cryptographic information protection tools when transmitting data over open communication channels (TLS 1.2 protocol and above);
  • regular backup of databases containing personal data;
  • the use of tools for detecting and preventing unauthorized access;
  • ensuring the physical security of premises and technical means of processing personal data.

11.4. In the event of an incident resulting in the unlawful transfer of personal data, the Operator undertakes to:

  • within 24 hours, notify Roskomnadzor of the fact of the incident, its presumed causes and the harm caused to the rights of the personal data subject, as well as the measures taken;
  • within 72 hours, submit the results of the internal investigation and information about the persons whose actions caused the incident;
  • ensure interaction with the State System for Detecting, Preventing, and Eliminating the Consequences of Computer Attacks (GosSOPKA) in accordance with the requirements of the law.

12. AMENDMENTS TO THE RULES. APPLICABLE LAW

12.1. The Operator has the right to make amendments and additions to these Rules. When amendments are made, the date of the latest update is indicated in the current version.

12.2. The new version of the Rules enters into force from the moment of its publication on the Platform at: https://boomstream.ru/privacy, unless otherwise provided in the version itself.

12.3. The User undertakes to independently and promptly familiarize themselves with the current version of the Rules when visiting the Platform. Continued use of the Platform after the entry into force of a new version of the Rules signifies the User's agreement with the amendments.

12.4. In the event of disagreement with amendments to the Rules that have entered into force, the User is obliged to cease using the Platform and terminate the User Agreement in the manner provided for in Section 1.1 of the User Agreement.

12.5. These Rules are governed by the law and legislation of the Russian Federation. All disputes related to the processing of personal data are resolved in the manner provided for by the User Agreement and the legislation of the Russian Federation.

13. OPERATOR'S DETAILS

Limited Liability Company "HWD"

  • OGRN: 1116193005202
  • TIN: 6161062312
  • KPP: 616101001
  • Registered address: 344092, Rostov Region, Rostov-on-Don, Tvorcheskaya St., 9, bldg. 1, premises N 13
  • Address for inquiries from personal data subjects: 344092, Rostov-on-Don, Tvorcheskaya St., 9, bldg. 1, premises N 13, room 38
  • Telephone: +7 (863) 303-21-30
  • Email for inquiries on personal data matters: support@boomstream.com
  • Website: https://boomstream.ru

ANNEXES TO THE RULES

Annex No. 1

I, acting freely, of my own will, and in my own interest, hereby give written consent to the Limited Liability Company "HWD" (OGRN: 1116193005202, TIN: 6161062312), address: 344092, Rostov Region, Rostov-on-Don, Tvorcheskaya St., 9, bldg. 1, premises N 13 (hereinafter — the "Operator"), to the processing of the personal data I have provided.

1. List of personal data for the processing of which consent is given:

  • surname, first name, patronymic (if any);
  • email address;
  • contact mobile telephone number;
  • other personal data that I provide to the Operator when using the Platform's services.

2. Purposes of processing:

  • registration and identification on the Platform;
  • fulfillment of obligations under the User Agreement, including the execution of Transactions and issuance of Electronic Tickets;
  • processing of payments and refunds;
  • technical support and communication;
  • sending informational messages (where separate consent is given);
  • ensuring the security of the Platform.

3. Actions with personal data:
I authorize the Operator to perform any actions (operations) with my personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), anonymization, blocking, deletion, and destruction — both with and without the use of automation tools.

4. Transfer of personal data:
I authorize the Operator to transfer my personal data to:

  • Content Authors — to the extent necessary to fulfill obligations under a Transaction;
  • payment providers and banks — for the processing of payments;
  • technical partners — to ensure the functioning of the Platform;
  • authorized government bodies — in the cases provided for by the legislation of the Russian Federation.

5. Validity period of consent:
This consent is valid for the term of the User Agreement and 3 (three) years after its termination, unless a longer period is established by federal law.

6. Withdrawal of consent:
This consent may be withdrawn by me at any time by sending a written application:

  • to the address: 344092, Rostov-on-Don, Tvorcheskaya St., 9, bldg. 1, premises N 13, room 38;
  • to the email address: support@boomstream.com;
  • through the functionality of the Personal Account, where technically possible.

7. Legal consequences of withdrawal:
I am informed that the withdrawal of consent to the processing of personal data does not automatically terminate the User Agreement and does not release the Operator from processing data in the cases provided for by the legislation of the Russian Federation.

8. Confirmation:
This consent is given in a form that allows confirmation of its receipt. I give consent by checking the relevant box on the Platform and/or by continuing to use the Services after familiarizing myself with these Rules.

Annex No. 2

I, acting freely, of my own will, and in my own interest, hereby give written consent to the Limited Liability Company "HWD" (OGRN: 1116193005202, TIN: 6161062312), address: 344092, Rostov Region, Rostov-on-Don, Tvorcheskaya St., 9, bldg. 1, premises N 13 (hereinafter — the "Operator"), to receive informational and advertising mailings.

1. Communication channels:
I consent to receiving messages via:

  • email (provided at registration);
  • mobile phone (SMS, messengers);
  • telephone calls (during the time permitted by law);
  • notifications in the Personal Account on the Platform.

2. Content of the mailings:

  • information about new features and updates to the Platform;
  • advertising offers, promotions, and special conditions;
  • informational materials related to the use of the Services;
  • notifications about the status of Transactions and technical maintenance.

3. Validity period of consent:
This consent is valid until it is withdrawn by me.

4. Withdrawal of consent:
I have the right to withdraw this consent at any time by:

  • following the "Unsubscribe" link contained in each advertising message;
  • changing the notification settings in the Personal Account;
  • sending an application to the email address: support@boomstream.com;
  • sending a written application to the Operator's address.

5. Legal grounds:
This consent is given in accordance with Article 18 of Federal Law No. 38-FZ "On Advertising" dated 13.03.2006 and Article 9 of Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006.

6. Confirmation:
This consent is given in a form that allows confirmation of its receipt. I give consent by checking the relevant box on the Platform.

Annex No. 3

INFORMATION ON THE IMPLEMENTED REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA

1. General provisions

This Information has been developed in pursuance of the requirements of Articles 18.1 and 19 of Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006 and Resolution of the Government of the Russian Federation No. 1119 dated 01.11.2012 "On Approval of the Requirements for the Protection of Personal Data during Their Processing in Personal Data Information Systems".

2. Personal data protection level

Based on an analysis of threats to the security of personal data, the Operator has determined a Protection Level — Level 3 (UZ-3):

  • personal data not relating to special categories or biometric data is processed;
  • the information system does not process personal data that allows obtaining information about racial or national origin, political views, religious or philosophical beliefs, state of health, or intimate life;
  • there are no threats of personal data leakage via technical communication channels requiring the application of the highest level of protection.

3. Current security threats

The information system of the Platform takes into account the following types of current threats:

  • threats of unauthorized access to personal data from external violators;
  • threats associated with the use of malicious software;
  • threats associated with the human factor (employee errors, insider threats);
  • threats associated with software vulnerabilities.

4. Organizational protection measures

Measure Description
Appointment of a responsible person A person responsible for organizing the processing of personal data has been appointed by an order of the Operator
Local regulatory acts Policies, regulations, and instructions on the processing and protection of personal data have been approved
Delineation of access rights A role-based access model to personal data has been implemented based on the principle of least privilege
Employee training Regular training and certification of employees working with personal data is conducted
Security audit A periodic internal audit of personal data protection measures is conducted

5. Technical protection measures

Measure Description
Cryptographic protection The use of the TLS 1.2+ protocol to encrypt data during transmission over open communication channels
Perimeter protection The use of firewalls and intrusion detection systems
Backup Daily backup of databases with copies stored on secure media
Access control The use of multi-factor authentication for access to administrative interfaces
Monitoring Round-the-clock monitoring of security events and response to incidents

6. Incident response procedure

Upon detecting an incident resulting in the unlawful transfer of personal data, the Operator:

  1. Immediately takes measures to contain the incident and minimize harm.
  2. Within 24 hours, notifies Roskomnadzor of the fact of the incident in the manner established by Roskomnadzor Order No. 98 dated 01.09.2021.
  3. Conducts an internal investigation to establish the causes and the persons responsible.
  4. Within 72 hours, submits to Roskomnadzor the results of the investigation and a plan of measures to eliminate the consequences.
  5. Notifies the personal data subjects whose rights may have been violated, where this is necessary to protect their rights.

7. Updating of the Information

This Information is subject to updating upon:

  • a change in the composition of the personal data processed;
  • a change in security threats;
  • a change in the protection measures applied;
  • the entry into force of new legal requirements.

The current version of the Information is published at: https://boomstream.ru/privacy/security