Information Security Policy

Opentrade Commerce LTD (hereinafter referred to as “Company”, “we”) is committed to ensuring information security and personal data protection of all users who visit our website at https://otcommerce.com/ (hereinafter referred to as “Website”). This Information Security Policy outlines the goals, principles and measures aimed at protecting information from unauthorized access, loss, destruction, or other unauthorized use.

1. General Provisions

1.1. This Policy applies to all data processed on the Website, including users’ personal data, technical information and Company internal information.

1.2. The Policy has been developed in accordance with Federal Law No. 152-FZ “On Personal Data,” other regulatory acts of the Russian Federation and Company internal regulations.

1.3. Responsibility for compliance with this Policy lies with Company management.

2. Information Security Objectives

Protection of users’ confidential information from data leaks and unauthorized access.
Ensuring data integrity — protection against distortion and unauthorized modifications.
Maintaining availability of services and information — resilience to failures, attacks, and incidents.
Compliance with the requirements of the Russian Federation legislation and international information security standards.

3. Categories of Protected Information

Users’ personal data (name, email address, phone number, etc.).
Technical data (IP addresses, cookies, device and browser parameters).
Service information related to Website operation and user activity.
Commercial and other confidential information of the Company.

4. Key Information Protection Measures

Organizational measures:

Access control and data segregation within the Company.
Employee briefings and training on information security.
Signing non-disclosure agreements (NDAs) with personnel.
Regular security audits.
Technical measures:
Data encryption during transmission (HTTPS, TLS protocols).Protection against malware, viruses, and DDoS attacks.
Use of certified software.
Password hashing and account protection.
Data backup and recovery.
Security event monitoring and logging.

5. Security Incident Response

5.1. If incident is detected (e.g., data breach), the Company shall:

conduct an internal investigation;
notify authorized authorities within 72 hours, if required;
inform affected users if the incident may impact their rights and freedoms;
take measures to eliminate consequences and prevent recurrence.

5.2. Incident logging and reporting are carried out in accordance with the Russian Federation legislation.

6. User Responsibilities

Do not disclose your login credentials or passwords to third parties.
Immediately report any suspicious activity or unauthorized access attempts to the Company.
Use antivirus software and keep your web browser up to date.

7. Data Retention and Deletion

Personal data is stored no longer than necessary for the purposes of its processing.
Data is deleted upon expiration of retention period or at user’s request.
Physical and logical deletion is carried out in accordance with security principles.

8. Contact Information

For any questions regarding information security you can contact us at: info@otcommerce.com

9. Policy Changes and Updates

The Company reserves the right to make changes to this Policy. The most current version is always available on the Website at the following link: https://otcommerce.ru/documents-terms/. In the event of significant changes, we may notify users via email or through the Website.