This policy explains how NDDev processes personal data across nddev.it.com and active subdomains under GDPR, Kazakhstan, and Russian data protection requirements.
Last updated: March 3, 2026
This policy applies to nddev.it.com and active NDDev subdomains, including dev, design, ai, on, rnd, and platform.
NDDev determines the purposes and means of processing personal data received through website interactions, legal requests, and security operations.
For users in Kazakhstan and the Russian Federation, processing is aligned to local legal requirements in addition to international standards.
We may process contact details you submit voluntarily (for example email and message content) and technical metadata generated by website access.
Technical metadata may include IP-derived diagnostics, user-agent class, request timestamps, and security telemetry required for abuse prevention.
We do not intentionally collect special categories of personal data through public website forms.
Data is processed to provide requested communication, maintain security, ensure service availability, and protect the infrastructure against abuse.
With consent, we use analytics signals to measure performance, navigation quality, and product usability for continuous improvement.
We do not sell personal data or use collected data for unrelated profiling activities.
Under GDPR, processing may rely on consent, legitimate interests (security and reliability), and pre-contractual communication initiated by the user.
Under Kazakhstan and Russian regulations, processing is limited to lawful grounds and documented purposes, including explicit consent where required.
You can withdraw optional analytics consent at any time via Cookie settings in the website footer.
Required technical cookies are always active because they are necessary for secure website operation and routing consistency.
Analytics cookies and analytics scripts remain disabled by default until you grant consent through the cookie banner or settings dialog.
When consent is revoked, analytics runtime is disabled and known analytics cookies are removed on the client side.
Access to operational data is limited to authorized NDDev personnel and required infrastructure or security providers acting under instructions.
If analytics consent is granted, data may be processed by Google Analytics and Yandex Metrika according to their service terms.
We use contractual and organizational controls to reduce unauthorized access and limit processor scope.
Depending on the enabled services, analytics and infrastructure processing may involve cross-border data transfer.
For Russian personal data, storage and processing are organized with localization requirements in mind, and transfer procedures follow applicable legal restrictions.
For international users, transfers are limited to what is necessary for service operation and protected by technical and organizational safeguards.
Consent choices are stored for up to 180 days in first-party storage to preserve your privacy preferences across NDDev subdomains.
Operational logs are retained for the minimum period required for stability, security investigations, and legal compliance.
When retention periods expire or processing purposes are fulfilled, data is deleted, anonymized, or blocked according to applicable law.
We apply access control, network segmentation, update management, and monitoring to protect confidentiality, integrity, and availability of systems.
Security incidents are handled through internal response procedures, with notifications issued when required by applicable legal rules.
No security measure can guarantee absolute protection, but safeguards are continuously reviewed and improved.
You may request access, correction, deletion, restriction, objection, and portability where these rights are granted by applicable law.
You may withdraw consent for optional processing at any time without affecting prior lawful processing.
You may submit complaints to a competent supervisory authority in your jurisdiction.
Our services are not intended for intentional collection of data from minors without legal basis or authorized representation.
If you believe a minor submitted personal data unlawfully, contact us and we will review and remove data where required.
Parents and legal representatives can contact us to exercise rights related to a minor’s personal data.
We may revise this policy to reflect legal, technical, or operational changes.
Material updates are published on this page with an updated revision date.
Continued use of the website after updates means you acknowledge the revised policy.