well the provider let also executes.
translate these norms into an agreement with him

Not an answer to the question, just as an option, to score on the fact that there are 152-fz.
Any Yandex metrics do not receive the user's consent that the metric captures data on their movement with the mouse on the site and matches cookies (although they do not give all the information to the site owner, but they themselves process and take into account when displaying ads in direct).
You may not be registered with Yandex at all and search exclusively with Google, but the metrics on sites without asking your permission collects information about which sites you visit and takes it into account when generating advertising in direct.

from pdn: login, e-mail, ip, cookies

If it is not possible to refuse the collection of personal data, then the information resource becomes an information system of personal data, and the owner of the information resource becomes the operator of personal data. The operator is responsible for fulfilling the requirements for the protection of personal data, and in accordance with 152 FZ, the operator has the right to entrust the processing of personal data to another person on the basis of an agreement. The contract must define a list of actions performed with personal data, as well as the obligation of such a person to maintain confidentiality and ensure the protection of personal data, indicating the requirements for the protection system in accordance with Article 19 of Federal Law 152-FZ. The Cloud4Y Cloud Provider Agreement contains all the necessary obligations for the protection of personal data,
You can read more here https://www.cloud4y.ru/cloud-hosting/oblako-fz-152/

Why the hell do you need all this?
Email IP and cookies are not personal data