1. General Provisions
1.1. This Personal Data Processing Policy is prepared in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006, “On Personal Data” (hereinafter referred to as the “Personal Data Law”) and defines the procedure for processing personal data and measures to ensure the security of personal data undertaken by Sole Proprietor Daria Vladimirovna Kireeva (hereinafter referred to as the “Operator”). This Policy determines the procedure for processing and protecting information about Buyers using the services of the website http://dariakireeva.com (hereinafter referred to as the “Site”) and its services, as well as the mobile application.
1.2. The provisions of this Policy apply to personal data obtained both before and after the approval of this Policy.
1.3. By registering and using the personal account, the Buyer expresses their consent to the terms of this Policy.
1.4. In case of disagreement with the terms of this Policy, the Buyer shall not start using the Site and its services, or if started, must immediately discontinue its use. This Policy is a public document that declares the Operator’s conceptual framework for processing and protecting personal data.
1.5. The Operator’s primary goal and condition for its activities is to respect human and citizen rights and freedoms during the processing of their personal data, including the protection of the right to privacy, personal and family secrets.
1.6. This Policy regarding the processing of personal data (hereinafter referred to as the “Policy”) applies to all information the Operator may receive about visitors to the website http://dariakireeva.com.
2. Key Terms Used in the Policy
2.1. Automated processing of personal data – processing personal data using computer technology.
2.2. Blocking of personal data – temporary cessation of personal data processing (except when processing is necessary for the clarification of personal data).
2.3. Website – a set of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the internet at the network address http://dariakireeva.com.
2.4. Information system of personal data – a set of personal data contained in databases, and information technologies and technical means ensuring their processing.
2.5. Depersonalization of personal data – actions that result in the impossibility of determining, without the use of additional information, the identity of personal data to a specific User or another personal data subject.
2.6. Processing of personal data – any action (operation) or a set of actions (operations) performed using automated means or without using such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Operator – a state or municipal body, legal or physical entity, independently or jointly with others organizing and (or) carrying out the processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, and actions (operations) performed with personal data.
2.8. Personal data – any information directly or indirectly related to a specific or identifiable User of the website http://dariakireeva.com.
2.9. Personal data allowed by the subject of personal data for dissemination – personal data to which the subject of personal data has provided access to an unlimited number of people by giving consent to process personal data allowed for dissemination under the procedure established by the Personal Data Law (hereinafter – personal data allowed for dissemination).
2.10. User – any visitor to the website http://dariakireeva.com.
2.11. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific circle of people.
2.12. Distribution of personal data – any actions aimed at disclosing personal data to an indefinite circle of people (transferring personal data) or familiarizing an indefinite circle of people with personal data, including making personal data publicly available in mass media, posting in information and telecommunication networks, or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign natural or legal person.
2.14. Destruction of personal data – any actions resulting in the irreversible destruction of personal data with the impossibility of further restoring the content of personal data in the personal data information system and (or) the destruction of the physical media containing personal data.
3. Key Rights and Obligations of the Operator
3.1. The Operator has the right to: – Receive accurate information and/or documents containing personal data from the subject of personal data; – Continue processing personal data without the consent of the personal data subject if the consent is withdrawn and if there are grounds specified by the Personal Data Law; – Independently determine the composition and list of measures necessary and sufficient to ensure compliance with the obligations under the Personal Data Law and regulations issued pursuant to it, unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Operator is obliged to: – Provide the personal data subject with information about the processing of their personal data at their request; – Organize the processing of personal data in accordance with the requirements of current Russian legislation; – Respond to requests and inquiries from personal data subjects and their legal representatives according to the Personal Data Law; – Inform the authorized body for the protection of personal data subjects’ rights upon the request of such body within 30 days from receiving such a request; – Publish or otherwise provide unrestricted access to this Policy regarding personal data processing; – Take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions related to personal data; – Stop transferring (distributing, providing, accessing) personal data, cease processing, and destroy personal data as required by the Personal Data Law; – Fulfill other obligations established by the Personal Data Law.
4. Key Rights and Obligations of the Personal Data Subjects
4.1. Personal data subjects have the right to:

• Receive information regarding the processing of their personal data, except as provided by federal laws. Information is provided to the personal data subject by the Operator in an accessible form and must not contain personal data related to other personal data subjects, unless there are legal grounds for disclosing such data. The list of information and the procedure for obtaining it is established by the Personal Data Law;
• Require the Operator to clarify their personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained, or unnecessary for the stated purpose of processing, and also take legal measures to protect their rights;
• Set the condition for prior consent when processing personal data for the purpose of promoting goods, works, and services in the market;
• Withdraw consent to the processing of personal data;
• Appeal to the authorized body for the protection of the rights of personal data subjects or in court against illegal actions or inactions of the Operator in the processing of their personal data;
• Exercise other rights provided by Russian legislation.

5. Principles of Personal Data Processing
5.1. The processing of personal data is carried out legally and fairly.
5.2. The processing of personal data is limited to achieving specific, predetermined, and lawful purposes. Processing of personal data that is incompatible with the purposes of personal data collection is not allowed.
5.3. The merging of databases containing personal data, the processing of which is carried out for purposes incompatible with each other, is not allowed.
5.4. Only personal data that meets the purposes of its processing is subject to processing.
5.5. The content and volume of processed personal data correspond to the stated processing purposes. The redundancy of processed personal data in relation to the stated purposes of its processing is not allowed.
5.6. When processing personal data, the accuracy of personal data, its sufficiency, and, where necessary, its relevance concerning the purposes of personal data processing must be ensured. The Operator takes the necessary measures and/or ensures their adoption to remove or clarify incomplete or inaccurate data.
5.7. Storage of personal data is carried out in a form that allows identifying the subject of personal data for no longer than the purposes of personal data processing require, unless the period of personal data storage is established by federal law, an agreement to which the subject of personal data is a party, a beneficiary, or a guarantor. Processed personal data is destroyed or depersonalized when the purposes of processing have been achieved or when it is no longer necessary to achieve these purposes unless otherwise provided by federal law.
6. Purposes of Personal Data Processing
6.1. The purpose of processing the User's personal data is:

• Providing the User with access to services, information, and/or materials contained on the website http://dariakireeva.com;
• Establishing feedback with the User, including sending notifications, requests regarding the use of the website, providing services, processing requests and applications from the User;
• Determining the location of the User to ensure security and prevent fraud;
• Confirming the accuracy and completeness of personal data provided by the User;
• Providing the User with effective customer and technical support in case of problems related to the use of the website;
• Offering the User special offers, newsletters, and other information on behalf of the website with their consent;
• Conducting advertising activities with the User’s consent;
• Providing the User with access to websites or services of partners of the website in order to receive products, updates, and services.

7. Legal Grounds for Personal Data Processing
7.1. The Operator processes the User's personal data only if it is provided by the User through forms on the website http://dariakireeva.com or sent by the User to the Operator via other means.
7.2. The Operator processes depersonalized data about the User if it is allowed in the User's browser settings (enabling the storage of cookies and using JavaScript technologies).
8. The Procedure for Collecting, Storing, Transferring, and Other Types of Personal Data Processing
8.1. The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary to comply fully with the requirements of current legislation in the field of personal data protection.
8.2. The Operator ensures the safety of personal data and takes all possible measures to prevent access to personal data by unauthorized persons.
8.3. The User's personal data will never be transferred to third parties, except in cases related to the fulfillment of applicable law.
8.4. In case of inaccuracies in personal data, the User can update them independently by sending a notification to the Operator’s email address indicating “Personal Data Update” in the subject line.
8.5. The processing time of personal data is unlimited. The User can withdraw their consent to the processing of personal data at any time by sending a notification to the Operator via email with the subject line “Withdrawal of Consent to Personal Data Processing.”
9. Cross-border Transfer of Personal Data
9.1. Before starting the cross-border transfer of personal data, the Operator must ensure that the foreign state to whose territory the personal data is being transferred provides reliable protection of the rights of personal data subjects.
9.2. Cross-border transfer of personal data to foreign states that do not meet the above requirements can only be carried out with the written consent of the personal data subject to the cross-border transfer of their personal data and/or for the execution of an agreement to which the personal data subject is a party.
10. Final Provisions
10.1. The User can obtain any clarification on issues related to the processing of their personal data by contacting the Operator via email.
10.2. This document will reflect any changes to the personal data processing policy made by the Operator. The policy is valid indefinitely until replaced by a new version.
10.3. In case inaccuracies in personal data are identified, the User can update them independently by sending a notification to the Operator's email address http://dariakireeva.com with the subject "Update of Personal Data."
10.4. The term for processing personal data is determined by achieving the purposes for which the personal data was collected, unless a different term is provided by a contract or applicable law. The User may withdraw their consent to the processing of personal data at any time by sending a notification to the Operator via email at http://dariakireeva.com with the subject "Withdrawal of Consent to Process Personal Data."
10.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by these parties (Operators) in accordance with their User Agreement and Privacy Policy. The data subject and/or User is responsible for independently and timely familiarizing themselves with these documents. The Operator is not liable for the actions of third parties, including the service providers mentioned in this section.
10.6. Restrictions set by the data subject on the transfer (other than providing access), as well as on the processing or conditions of processing (other than gaining access) of personal data allowed for distribution, do not apply in cases of processing personal data in state, public, and other public interests defined by Russian Federation law.
10.7. The Operator ensures the confidentiality of personal data during processing.
10.8. The Operator stores personal data in a form that allows the identification of the data subject for no longer than necessary for the purposes of processing the personal data, unless the storage period is established by federal law, contract, or by which the data subject is a party, beneficiary, or guarantor.
10.9. Conditions for the cessation of personal data processing may include achieving the purposes of processing personal data, expiration of the data subject's consent, withdrawal of consent by the data subject, or detection of unlawful processing of personal data.
11. List of actions performed by the Operator with the received personal data
11.1. The Operator performs collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
11.2. The Operator performs automated processing of personal data with or without receiving and/or transmitting the obtained information via information and telecommunication networks.
12. Cross-border transfer of personal data
12.1. Before initiating cross-border transfer of personal data, the Operator must ensure that the foreign country to which the data is to be transferred provides reliable protection for the rights of personal data subjects.
12.2. Cross-border transfer of personal data to foreign countries that do not meet the aforementioned requirements can only be carried out if there is written consent from the data subject for the cross-border transfer of their personal data and/or for the execution of a contract to which the data subject is a party.
13. Confidentiality of personal data
The Operator and other persons who have access to personal data are obliged not to disclose personal data to third parties and not to distribute it without the consent of the data subject, unless otherwise provided by federal law.
14. Final provisions
14.1. The User can obtain any clarifications on issues related to the processing of their personal data by contacting the Operator via email at http://dariakireeva.com.
14.2. This document will reflect any changes to the personal data processing policy of the Operator. The Policy is effective indefinitely until replaced by a new version.
14.3. The current version of the Policy is available online at [URL].

1. General Provisions
1.1. This Policy (hereinafter referred to as the "Policy") is adopted by Sole Proprietor Daria Vladimirovna Kireeva (hereinafter referred to as the "Company"). The Policy applies to all actions related to the processing of personal data on the information resource accessible at the domain name http://dariakireeva.com/ or using the mobile application (hereinafter referred to as the "Site").
1.2. Personal data processing is carried out with the voluntary and self-provided data of personal data subjects (Site users) on the Site, with the consent of such subjects.
1.3. The purpose of adopting this Policy is to comply with the rights and legal interests of individuals and the provisions of current legislation of the Russian Federation regarding personal data processing.
1.4. The Policy is adopted in accordance with the requirements of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" and Federal Law No. 38-FZ of 13.03.2006 "On Advertising" and other regulatory legal acts of the Russian Federation regulating relations in the field of personal data processing.
1.5. This document applies to all cases of personal data processing of Site users, both with and without the use of automation tools.
1.6. The terms used in this document ("personal data," "personal data processing," etc.) are interpreted according to their definitions in the Federal Law "On Personal Data."
1.7. If a personal data subject objects to the processing of personal data by the Company in accordance with the Policy, the personal data subject has the right to refuse to use the Site and/or send a corresponding request to the Company. In this case, the provision of Site functionalities, including personal account registration, will not be provided.
1.8. Personal data processing of a personal data subject is carried out with the subject’s consent for the processing of their personal data, as well as without obtaining consent in cases provided by the legislation of the Russian Federation.
1.9. This Policy comes into force from the moment of its approval by the Company and remains in effect indefinitely until replaced by a new Policy.
1.10. The Company has the right to unilaterally change the terms of the Policy.
1.11. Since the text of the Policy is publicly available on the Internet, the personal data subject must independently monitor changes made to the Policy.
1.12. This Policy applies to personal data received both before and after the implementation of this Policy.
1.13. Internal control over the implementation of the Policy’s requirements is carried out by the person responsible for organizing personal data processing in the Company.
1.14. The following terms and definitions are used in the Policy:

• Automated personal data processing – processing of personal data using computing technology.
• Blocking of personal data – temporary cessation of personal data processing (except when processing is necessary to clarify personal data).
• Information system of personal data – a set of personal data contained in databases and information technologies and technical means ensuring their processing.
• Personal data processing – any action (operation) or set of actions (operations) with personal data, carried out with or without the use of automation tools. Personal data processing includes, among other things: collection recording systematization accumulation storage clarification (updating, modification) extraction use transmission (distribution, provision, access) anonymization blocking deletion destruction
• Anonymization of personal data – actions that make it impossible, without additional information, to determine the belonging of personal data to a specific subject.
• Personal data – any information relating to a directly or indirectly identified or identifiable individual (personal data subject).
• Provision of personal data – actions aimed at disclosing personal data to a specific person or group of persons.
• Distribution of personal data – actions aimed at disclosing personal data to an indefinite number of persons.
• Personal data subject – users of the site www.dariakireeva.com.
• Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign authority, foreign individual, or foreign legal entity.
• Destruction of personal data – actions that make it impossible to restore the content of personal data in the personal data information system and/or actions that destroy material carriers of personal data.
• Confidentiality of personal data – a mandatory requirement for the Society or any person who has access to personal data to not disclose or distribute personal data without the consent of the personal data subject or other legal basis provided by federal law.

2. Purposes of Personal Data Processing
2.1. The processing of personal data of Site users is carried out by the Company for the following purposes:

• Carrying out activities for administering the Site and ensuring its functionality
• Providing the possibility to inform Site users about the Company’s services and news
• Providing users with the ability to contact the Company for obtaining the information they are interested in, etc.
• Registration and use of a personal account for placing orders on the Site, as well as for receiving informational and promotional newsletters
• Conducting statistical accounting
• Sending Site users messages related to the operation and use of Site services, as well as promotional messages
• Using the personal account of a registered user on the Site, by filling in information about themselves; placing orders (including payment and delivery of orders), tracking order status, writing reviews about products, making inquiries, and providing the possibility of returning goods or funds (within the warranty period)
• For other purposes not conflicting with the current legislation of the Russian Federation and the terms of agreements between the Company and the relevant Site users.

3. Principles of Personal Data Processing
3.1. Processing of personal data provided by their subjects via the Site is carried out in accordance with the following basic principles:

• Personal data processing is carried out lawfully and fairly
• Personal data processing is limited to achieving specific, predetermined, and lawful purposes
• Personal data processing incompatible with the purposes of data collection is not allowed
• Combination of databases containing personal data processed for incompatible purposes is not allowed
• Only personal data that meets the purposes of processing is processed
• Other principles provided by the current legislation of the Russian Federation on personal data.

Under this Policy, "User's personal information" includes:

• Data voluntarily provided by the User while using the Site, Services, including but not limited to: first name, last name, gender, mobile phone number and/or email address, marital status, date of birth, hometown, family connections, home address, education and occupation information
• Data automatically transmitted to Services during their use via software installed on the User's device, including IP address, cookie information, information about the user's browser (or other program used to access the Services), access time, requested page address.

4. Conditions of Personal Data Processing
4.1. Personal data processing is carried out by the Company on the following legal grounds:

• Personal data processing is carried out with the consent of the personal data subject to process their personal data, which the subject provides through an active action, including marking a checkbox in the interface next to the phrase: "I agree to the processing of personal data" and/or "I agree to the return policy."

4.2. Personal data processing in the Company is carried out in accordance with the principles and conditions provided by the current legislation of the Russian Federation on personal data.
4.3. Employees of the Company who have access to personal data of Site users are obligated to not disclose it to third parties and not distribute it in any other way without obtaining the consent of the relevant personal data subjects, unless otherwise expressly provided by the current legislation of the Russian Federation.
4.4. The Company has the right to entrust the processing of personal data of Site users to another entity with their consent, unless otherwise provided by the current legislation of the Russian Federation.
4.5. Personal data processing of Site users is carried out by the Company for an unlimited period from the moment the personal data subject provides consent for their processing until the consent is withdrawn in accordance with the legislation of the Russian Federation.
4.6. The Company does not verify the accuracy of personal data (and documents containing them) provided by the personal data subject or their legal representative, as well as personal data received from third parties (other sources of personal data).
5. Rights of Personal Data Subjects
5.1. Site users decide to provide their personal data and give the Company consent for their processing freely, willingly, and in their own interest. Use of the Site confirms the user’s unconditional consent to this Policy and the conditions for processing their personal information specified therein. If the user disagrees with these conditions, they should refrain from using the Site.
5.2. Site users have the right to obtain information related to the processing of their personal data based on requests sent to the Company.
5.3. Clarification, modification, and deletion of their personal data are carried out by Site users independently through their personal account (if provided). If it is impossible to perform these actions independently, Site users have the right to contact the Company’s employees at the address: Novosibirsk, Sovetskaya, 22, with a request to clarify, block, or destroy their personal data.
6. Ensuring the Security of Personal Data Processing 6.1. The security of personal data processed by the Company is ensured through the application of legal, organizational, technical, and software measures necessary and sufficient to comply with the requirements of the current legislation of the Russian Federation on personal data. 6.2. The specific measures taken by the Company to ensure the security of personal data are determined by the Company and may include, in particular:

• Limiting the number of employees with access to personal data;
• Appointing an official responsible for organizing personal data processing within the Company;
• Familiarizing Company employees with the requirements of the current legislation of the Russian Federation on personal data and the provisions of this document;
• Implementing an access control system for users of the Site to the informational resources of the Site containing personal data;
• Recording and monitoring the actions of Site users;
• Protecting access to the Site’s information system containing personal data with unique login credentials;
• Conducting antivirus software control;
• Using information protection tools that meet the requirements of the current legislation of the Russian Federation;
• Other measures in accordance with the requirements of the current legislation of the Russian Federation for personal data protection. 6.3. The Company does not transfer or disclose personal data provided by users or visitors of the Site to third parties, except as required by the legislation of the Russian Federation.

7. Final Provisions
7.1. This Policy may be amended in cases of relevant changes or additions to the current legislation of the Russian Federation on personal data, and may also be changed at any time at the discretion of the Company.
7.2. The current version of the Policy is always available for viewing by an unlimited number of people at the Site at the permanent address: http://dariakireeva.com/.
7.3. All relations involving the Company concerning the processing and protection of personal data not directly regulated by this document are governed by the provisions of the current legislation of the Russian Federation on personal data. 7.4. By accepting and agreeing to the terms of this Policy, the subject grants the Company permission to send postal correspondence to the specified postal address, including welcome letters containing their personal data, postal attachments, personalized advertising brochures/prospects, other information, as well as to send emails, advertising and/or informational messages to the specified email address and/or mobile phone number, including those sent via real-time internet messaging systems (WhatsApp / Telegram and others), including information about the Company's and its partners' advertising campaigns, information about services and news, as well as other informational messages.
7.5. By accepting and agreeing to the terms of this Policy, the subject confirms that the personal data provided to the Company (and the documents containing them) are accurate and reliable.