About the storage of personal data, Roskomnadzor and dating sites

Hello.

The writing of this article is dictated by the reading of this material . Well, stories about Fyodor Vlasov with his Kate Mobile, too , but this is at the end.
')
As well as the occasional study of connection logs from employees' work computers in one small office.

The study showed that employees in working hours are sitting on IP 185.203.72.22, which is the Mamba Dating Service. But it’s not about the performance of employees and working time. It's about compliance with federal laws.

So, Mamba Dating Site (mamba.ru) has been owned by MAMBA since 2003. CJSC “MAMBA” (TIN 7714548885, KPP 770301001, OGRN 1047796286020, OKPO 72777958) is registered at the address 138, Zvenigorodskaya St., Moscow, building 42, room 1, floor 12, 123022, Moscow.

This boring information suggests that mamba.ru fully falls within the scope of the Federal Law of 27.07.2006 N 152-FZ (as amended on 12/31/2017) “On Personal Data”. By the way, according to this law, “personal data is any information relating to directly or indirectly determined or determined individual (subject of personal data),” so the phone number specified during registration is already personal information, even if the photo is alien and the name is invented .

At the moment mamba.ru has IP 185.203.72.22. This address is owned by Variti International GmbH, Denkmalstrasse 2, 6006, Luzern, Switzerland

Let that? That is, dating site data is stored in Switzerland?

But according to Article 18, paragraph 5 of the Federal Law, when collecting personal data, including through the Internet information and telecommunications network, the operator is obliged to ensure recording, systematization, accumulation, storage, clarification (updating, changing), and personal data extraction citizens of the Russian Federation using databases located on the territory of the Russian Federation .

Do not rush to call in Roskomnadzor, in fact, Variti International Gmbh does not provide hosting, and provides anti-DDOS-protection . And the data is stored on the range of 193.0.170.0 - 193.0.171.255, which are in Russia.

In this case, as reported by the Swiss , they work like this:

• We pass all incoming traffic of the protected website through the distributed network of VARITI filtering nodes.
• We analyze real-time traffic by several characteristics.
• Using our own mathematical algorithms , we filter traffic, providing requests only from real users.
• All requests are classified - from real users or from bots.
• We share traffic from a single IP (mobile or wireless Internet, providers with NAT, Wi-Fi open access).
• Suspicious users log in unnoticed; advanced analysis is performed on behavioral factors .
• In the case of registration of a DDoS attack or the threat of an automatic scan, the protection immediately blocks malicious traffic (response speed of less than 50 ms).

I’ve outlined some points here that don’t ensure the safety of personal data, certification of encryption tools and other things at the FSB and FSTEC.

Total:

1. How is the fact of hosting location checked? Any whois, ping and anything on mamba.ru gives exactly the Swiss address. Roskomnadzor so closely monitors the real work and hosting? Checks domain name servers? Checks domain name server responses? Tracks real traffic? Hmmm ...
2. How is the information flow checked when using anti-DDOS services like the one above?
3. Recently, a man was arrested for using a pedophile for his service . What will the competent services do (FSB, MFA, FSTEC, MIA, etc.) regarding anti-DDOS services in a similar situation? Specifically, in the example discussed above, I can find a lot of actions, responsibility for which is provided for by article 241 of the Criminal Code of the Russian Federation.
4. Does the federal law on my personal data really care?

PS During the writing of the article, not one employee from the office behind the seat on the dating site was hurt.
PPS Thanks to the distinguished Sabubu - it turns out that you can call Roskomnadzor and ban Mambu :

However, according to whois sources, it has been established that the provision of computing power for hosting databases containing personal data of citizens of the Russian Federation, through which recording, systematization, accumulation, storage, refinement (updating, changing), extraction of personal data of citizens is provided Of the Russian Federation, permanently connected to the Internet ... is carried out through the server facilities of Cloudflare, Inc., located in the United States of America

You can add many more to the list.
Unfortunately, I could not find the remaining answers to my questions.