To main page Contact
APPROVED
(UPDATED):
May 28, 2025

Privacy policy on the processing of personal data

1. GENERAL PROVISIONS

1.1. This Personal Data Processing Policy (hereinafter referred to as the “Policy”) defines the main objectives, conditions, content, procedures, and methods of personal data processing, lists of subjects and objects of personal data processed by the Operator, measures aimed at protecting personal data, as well as procedures aimed at identifying and preventing violations by the Operator of the legislation of the Russian Federation in the field of personal data, the functions of responsible persons during personal data processing, and the requirements for personal data protection implemented in the Operator’s Information Systems.

1.2. The Policy, in particular, defines the procedure for processing personal data and measures to ensure the security and use of the personal data of the Subject (including Client or User) on the Operator’s Web Resources.

1.3. The Operator processes personal data in compliance with the principles established by the legislation of the Russian Federation in the field of personal data and the conditions specified in this Policy.

1.4. This Policy has been developed to implement the requirements of legislation in the field of personal data processing and is aimed at ensuring the protection of the rights and freedoms of individuals during the processing of their personal data, taking into account the requirements of the Constitution of the Russian Federation and other legislative and normative legal acts of the Russian Federation.

1.5. The provisions of this Policy form the basis for organizing the personal data processing work, including the development of internal documents by the Operator that regulate the personal data processing process.

1.6. This Policy applies to all information that the Operator may receive about the Subject (including the Client or User).

1.7. This Policy becomes effective upon its approval by the Operator and remains in effect indefinitely until replaced by a new version of the Policy. Unlimited access to the Policy is ensured, in particular, by publishing it on the Operator’s website in the information and telecommunications network “Internet.”

2. KEY TERMS AND DEFINITIONS

2.1. Automated processing of personal data – processing of personal data using computer technology;
2.2. Administrator – the personal data Operator, owner and holder of the Operator’s web resources;
2.3. Blocking of personal data – temporary cessation of personal data processing (except when processing is necessary to clarify personal data);
2.4. Operator’s Web Resource – a set of graphic and informational materials, as well as software and databases, made available via the Operator’s network addresses on the Internet. The Operator’s Web Resources include electronic resources such as, but not limited to, social media, messengers, and websites registered in the name of the Operator on the Internet;
2.5. Personal data information system – a set of personal data contained in the Operator’s databases and the information technologies and technical means that ensure their processing;
2.6. Information – any data (messages, personal data) regardless of the form in which they are provided by the Subject (including the Client or User);
2.7. Client – a person who has entered into a civil law agreement with the Operator for the performance of work, provision of services, or purchase of the Operator’s products;
2.8. Metric data – a web analytics tool that helps to obtain reports, recordings of User actions, track traffic sources, and assess the effectiveness of online advertising;
2.9. Depersonalization of personal data – actions that result in the impossibility of identifying the personal data as belonging to a specific Subject without the use of additional information;
2.10. Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, updating (modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
2.11. Operator – a person who organizes and/or carries out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data by adopting this Policy;
2.12. Personal data – any information related to an identified or identifiable natural person, processed by the Operator for the achievement of predetermined purposes;
2.13. User – a Subject of personal data who visits the Operator’s Web Resources;
2.14. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
2.15. Dissemination of personal data – actions aimed at disclosing personal data to an indefinite group of persons;
2.16. Personal data subject – a natural person who is directly or indirectly identified through personal data (hereinafter – the Subject);
2.17. Destruction of personal data – actions that result in the impossibility of restoring the content of personal data in the personal data information system and/or that result in the destruction of physical carriers of personal data;
2.18. Cookies – data set and stored on a user’s device when the Subject (including Client or User) visits the Operator’s Web Resource or performs any actions on it. Cookie data may include information about the User, number of visits, action sequences, and other data.

3. LEGAL GROUNDS FOR PERSONAL DATA PROCESSING

3.1. The Operator’s data processing policy is governed by the following legal and regulatory acts:

  • Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”;
  • Government Resolution of the Russian Federation No. 1119 of November 1, 2012 “On the Approval of Requirements for the Protection of Personal Data When Processed in Personal Data Information Systems”;
  • Order of FSTEC of Russia No. 21 of February 18, 2013 “On the Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data When Processed in Personal Data Information Systems”;
  • Civil Code of the Russian Federation;
  • Tax Code of the Russian Federation;
  • Federal Law No. 402-FZ of December 6, 2011 “On Accounting”;
  • Government Resolution of the Russian Federation No. 687 of September 15, 2008 “On the Approval of the Regulation on the Specifics of Personal Data Processing Without the Use of Automation Tools”.

3.2. The basis for processing the Subject’s Personal Data (including Client or User) is their written consent to this Policy.

3.3. The basis for processing information about the Subject (including Client or User) also includes their consent to this Policy by interacting with the Operator’s Web Resources and clicking buttons such as “Accept,” “Agree,” “Continue,” “Submit,” “Apply,” or similar.

3.4. The Operator also processes the Subject’s Personal Data (including Client or User) based on and in fulfillment of a contract concluded between the Operator and the Subject.

3.5. The Operator also processes the Subject’s Personal Data (including Client or User) if such data is entered and/or submitted by the Subject through special forms available on the Operator’s Web Resources. By filling out such forms and/or submitting Personal Data to the Operator, the Subject provides their consent to this Policy.

4. CATEGORIES OF PERSONAL DATA PROCESSED

4.1. The general category of personal data includes personal data received by the Operator with the Subject’s (including Client or User) consent. Providing Information, using the Operator’s Web Resources, services, or products, or entering into agreements with the Operator signifies the Subject’s consent to the processing of their Information in accordance with this Policy.

4.2. For the purposes specified in this Policy, the following Information and Personal Data of the Subject (including Client or User) may be processed:

  • Last name, first name, patronymic (if applicable);
  • Date of birth (day, month, year);
  • Place of birth;
  • Gender;
  • Citizenship information;
  • Type, series, and number of identity document (e.g. Russian passport), issuing authority, code, and date of issue;
  • Taxpayer Identification Number (INN);
  • Residential/registration address, date of registration;
  • Phone number;
  • Messenger contact;
  • Email address;
  • Bank account number;
  • Bank card details;
  • Other information the Subject may choose to provide, including while visiting the Operator’s Web Resources.

4.3. The Operator does not process special categories of Personal Data as defined in Article 10 of the Federal Law “On Personal Data” or biometric personal data, including data of minors. If a Subject believes that special categories of personal data have been submitted via the Operator’s Web Resources, they should notify the Operator via email.

4.4. The Operator does not process special categories of Personal Data related to racial or ethnic origin, political views, religious or philosophical beliefs, or sexual life.

4.5. The Operator does not collect or process cookies or metric data of the Subject (including Client or User).

5. LIST OF DATA SUBJECTS (INCLUDING CLIENTS OR USERS)

5.1. The following persons are covered by this Policy and may have their Information and/or Personal Data processed by the Operator:

  • The Subject (including Client or User) who submits a request or application for the Operator’s work/services/products using the Operator’s Web Resource functionality;
  • The Subject who contacts the Operator by email, phone, or messenger;
  • The Subject who consents to Personal Data processing by filling out feedback forms on the Web Resource;
  • The Subject who has entered into or intends to enter into a civil law contract with the Operator for services, works, or product purchases;
  • Individuals representing the interests of the Subject;
  • The Subject in contractual relationships with the Operator using the Operator’s services/products;
  • The Subject whose Information and/or Personal Data was made public by them, if such processing does not violate their rights and complies with data protection laws;
  • The Subject or other individuals acting as contractors (or their representatives) or counterparties (or their representatives) under civil law contracts;
  • The Subject or other individuals submitting complaints against actions/inaction of the Operator or its contractors/counterparties.

6. COLLECTION, RECORDING, SYSTEMATIZATION, ACCUMULATION, AND VERIFICATION OF PERSONAL DATA

6.1 The collection, recording, systematization, accumulation, and verification (updating, modification) of personal data are carried out through the following methods:

  • Obtaining originals of the required documents;
  • Copying original documents;
  • Entering information into registration forms (on paper and electronic media);
  • Generating personal data during the internal operations of the Operator;
  • Entering personal data into Personal Data Information Systems.

7. PURPOSES OF PERSONAL DATA PROCESSING

Purposes of Personal Data Processing                 Personal Data of the Subject That May Be Processed Processing Period Procedure for Destruction
Ensuring the operation of the Operator’s web resources, including providing the User with access to functionality, services, information and/or materials contained on the Operator’s web resources Personal data specified in Clause Error! Reference source not found. of the Policy Until the processing purpose is achieved or consent to processing is withdrawn Until the processing purpose is achieved or consent to processing is withdrawn
Processing a request for the Operator’s services and during the service provision period Personal data specified in Clause 4.2 of the Policy
Obtaining data for the conclusion and execution of a contract for services/work Personal data specified in Clause 4.2 of the Policy
Compliance with legal obligations, including protecting the rights of Data Subjects (including Clients or Users) and the rights of the Operator Personal data specified in Clause 4.2 of the Policy
HR, accounting, and tax record management Personal data specified in Clause 4.2 of the Policy
Providing responses to inquiries from Data Subjects (including Clients or Users) Personal data specified in Clause 4.2 of the Policy
Sending notifications and requests to Data Subjects (including Clients or Users) regarding the operation of the Operator’s web resource, and communication with the Subject (including Client or User) for the purpose of sending notifications and executing agreements Personal data specified in Clause 4.2 of the Policy
Identifying security threats to the Operator’s web resources, to Data Subjects (including Clients or Users), and/or third parties, including reliability checks when concluding contracts via the web resources Personal data specified in Clause 4.2 of the Policy
Communication for collecting feedback on service satisfaction, and publication of reviews from Data Subjects (including Clients or Users) Personal data specified in Clause 4.2 of the Policy

8. CONDITIONS AND PROCEDURE FOR PROCESSING PERSONAL DATA

8.1. The processing of personal data is carried out by the Operator with the consent of the personal data subject to the processing of their personal data, except in cases provided for by the legislation of the Russian Federation when the processing of personal data may be carried out without such consent.

8.2. The Operator may process personal data without the consent of the subject of personal data in cases provided for by the legislation of the Russian Federation, including, but not limited to:

  • when the processing of personal data is necessary to achieve the goals provided for by an international treaty of the Russian Federation or by law, for the implementation and performance of functions, powers, and duties imposed on the Operator by the legislation of the Russian Federation;
  • when the processing of personal data is necessary for the administration of justice, enforcement of a judicial act, an act of another body or official subject to enforcement in accordance with the legislation of the Russian Federation on enforcement proceedings;
  • when the processing of personal data is necessary for the performance of an agreement to which the personal data subject is a party, beneficiary, or guarantor, including when the Operator exercises its right to assign rights (claims) under such an agreement, as well as to conclude an agreement at the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor;
  • when the processing of personal data is necessary to protect the life, health, or other vital interests of the personal data subject, if obtaining their consent is not possible;
  • when the processing of personal data is necessary for the exercise of the rights and legitimate interests of the Operator or third parties or for the achievement of socially significant goals, provided that this does not violate the rights and freedoms of the personal data subject;
  • if personal data is processed for statistical or other research purposes, subject to the mandatory depersonalization of personal data;
  • if the personal data is made publicly available by the personal data subject.

8.3. If it is necessary to transfer personal data to a third party on the basis of a contract for the processing of personal data on behalf of the Operator, such transfer and subsequent processing are carried out in accordance with the requirements of Article 6 of Federal Law No. 152-FZ “On Personal Data”.

9. CONDITIONS AND PROCEDURE FOR THE TRANSFER OF PERSONAL DATA TO THIRD PARTIES

9.1. The Operator uses the services of third parties who assist in providing the Subject (including the Client or User) with certain solutions to ensure high-quality service delivery. For this purpose, information about the Subject (including the Client or User) may be transferred to the following recipients or categories of recipients:

  • Payment service providers, who may receive (depending on the payment method and flow, e.g., phone number, email address, physical address, identification number, cardholder name, cardholder address, card expiration date, card type, etc.) information for payment processing. The Operator does not collect or store payment information. This information is transmitted directly to the respective payment processor. All information collected by third-party services, including payment systems, communication means, and other service providers, is stored and processed by these parties (Operators) in accordance with their User Agreements and Privacy Policies. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this clause;
  • Parties providing the Subject (including the Client or User) with access to the Operator’s web resources, including administrators and/or technical support of the Operator’s web resource;
  • Parties assisting in the performance of work/provision of services to the Subject (including the Client or User), as well as those otherwise involved in delivering various services to the Subject. These parties may use the Subject’s Personal Data (including the Client or User) to provide feedback, conduct consultations, and for other purposes related to the performance of their duties;
  • Parties ensuring legal protection of the Operator or third parties in the event of a violation or threat of violation of their rights, including breaches of laws or regulations.

10. RIGHTS OF DATA SUBJECTS (INCLUDING CLIENTS OR USERS)

10.1. The Subject (including the Client or User) has the right to:

  • Freely, voluntarily, and in their own interest give consent to the processing of personal data, in compliance with the requirements for the form and content of such consent;
  • Receive full information about the personal data processed by the Operator;
  • Submit requests and/or inquiries, including repeated ones, and receive information regarding the processing of their personal data within the procedure, form, scope, and timeframes established by the legislation of the Russian Federation;
  • Access their personal data, including the right to obtain a copy of any record containing their personal data, except where otherwise provided by the legislation of the Russian Federation;
  • Receive information about the duration of processing of their personal data, including the duration of storage;
  • Request that the Operator clarify, block, or delete their personal data if the data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing;
  • Request that the Operator stop processing their personal data and withdraw previously granted consent;
  • Appeal actions or inactions of the Operator that violate the law to the authorized data protection authority or to court;
  • Request that all parties to whom incorrect or incomplete personal data was previously disclosed be notified of any deletions, corrections, or additions made to such data;
  • Exercise other rights provided by the legislation of the Russian Federation.

10.2. The Subject (including the Client or User) has the right to submit a request to terminate the processing of their personal data by the Operator by sending a statement to the Operator’s email address marked “Withdrawal of consent to personal data processing” or by submitting a written statement to the Operator’s postal address. The withdrawal takes effect on the business day following its submission to the Operator, but in any case not earlier than the actual delivery of the statement to the Operator.

10.3. In the event of inaccuracies in personal data, the Subject (including the Client or User) has the right to initiate data updates by notifying the Operator at its email address with the note “Personal data update”.

10.4. The Subject (including the Client or User) has the right to opt out of receiving advertising and informational messages by sending a statement to the Operator’s email with the note “Unsubscribe” or by submitting a written request to the Operator’s legal address.

10.5. The Subject (including the Client or User) must:

  • Provide the Operator with accurate data about themselves;
  • Inform the Operator about any clarifications (updates or changes) to their personal data.

10.6. Providing personal data by the Subject (including the Client or User), entering into contractual relations through the Operator’s web services, and paying for work, services, or products via the Operator’s web services implies the Subject’s consent to this Policy and the terms for processing personal data contained herein. If the Subject (including the Client or User) disagrees with these terms, they must refrain from using the Operator’s web services.

10.7. Persons who submit false information about themselves to the Operator, or provide information about another Subject (including the Client or User) without their consent, are liable in accordance with the legislation of the Russian Federation.

11. RIGHTS AND OBLIGATIONS OF THE OPERATOR

11.1. The Operator has the right to:

  • Defend its interests in court;
  • Provide personal data of Subjects to third parties if permitted by applicable law and this Policy;
  • Refuse to provide personal data in cases stipulated by law;
  • Use the Subject’s personal data (including Client or User) without their consent, in cases provided for by the legislation of the Russian Federation and this Policy.

11.2. The Operator must:

  • Comply with the requirements of Russian legislation concerning the processing and protection of personal data, including requirements for data collection;
  • When collecting personal data, including through the Internet, ensure the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of Subjects (including Clients or Users) using databases located in the territory of the Russian Federation, except in cases provided for by law;
  • Fulfill the responsibilities of a personal data operator when receiving requests and/or inquiries from the Subject (including the Client or User) and/or their representative and/or from regulatory or supervisory bodies;
  • Take measures to ensure compliance with personal data protection requirements during processing;
  • Remedy any violations of Russian legislation in the processing of personal data and fulfill obligations related to clarification, blocking, or deletion of personal data where required.

11.3. The Operator does not control and is not responsible for third-party websites that the Subject (including the Client or User) may access via links available on the Operator’s web resources. These third-party websites may have their own privacy policies, and they may collect or request other personal data from the Subject (including the Client or User).

12. FUNCTIONS OF THE OPERATOR IN PROCESSING PERSONAL DATA

12.1. For the purpose of ensuring the security of personal data, the Operator:

  • Takes measures to localize the personal data of users who are residents of the Russian Federation within the territory of the Russian Federation, including but not limited to entering into civil law contracts for server equipment rental or obtaining hosting services located within the Russian Federation;
  • Takes the necessary and sufficient measures to ensure compliance with the legislation of the Russian Federation;
  • Implements legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as from other unlawful actions;
  • Acts independently or appoints a person responsible for organizing the processing of personal data;
  • Issues internal documents regulating the processing and protection of personal data;
  • Ensures the confidentiality of personal data of the Data Subject (including the Client or User) on its part;
  • Publishes this Policy on the Operator’s Web resource or otherwise ensures unrestricted access to it;
  • Terminates the processing and destroys personal data in cases provided by the legislation of the Russian Federation.

13. MEASURES TAKEN BY THE OPERATOR TO ENSURE COMPLIANCE WITH PERSONAL DATA PROCESSING OBLIGATIONS

13.1. The security of processed personal data is ensured by the Operator within a unified comprehensive system of organizational, technical, and legal measures for information protection, in accordance with the requirements of Russian legislation on personal data and related regulations. The Operator’s information security system is continuously developed and improved based on international and national information security standards.
13.2. The necessary and sufficient measures to ensure the Operator’s fulfillment of its obligations under Russian personal data legislation include:

  • Technical measures to prevent unauthorized access to Information and/or Personal Data and/or their transfer to unauthorized parties, such as configuring protection tools to detect unauthorized access to Personal Data and isolating technical means of automated data processing to prevent disruptions;
  • Appointment of a person responsible for organizing the processing of personal data;
  • Adoption of internal documents on personal data matters;
  • Obtaining the Data Subject’s (including the Client’s or User’s) consent to process their personal data, unless otherwise provided by Russian law;
  • Prohibition of transmitting Personal Data to unauthorized persons via open communication channels and computing networks;
  • Internal control to ensure compliance with Russian personal data legislation;
  • Implementation of other measures as required by Russian personal data legislation.

 

13.3. Measures to ensure the security of Personal Data in the Operator’s information systems are established by internal Operator rules regulating data security.
13.4. The security of personal data in information systems is achieved by preventing unauthorized, including accidental, access.
13.5. Internal compliance monitoring is carried out by the Operator or the person responsible for organizing personal data processing.
13.6. The Operator bears personal responsibility for complying with Russian legal requirements concerning personal data security.
13.7. If personal data processing violations are identified in the Operator’s information systems, measures are taken to identify and eliminate the causes.
13.8. In the event of a data breach, the Operator must notify the authorized data protection authority within 24 hours and conduct an internal investigation within 72 hours, subsequently reporting the results to the authority.

14. CROSS-BORDER TRANSFER OF PERSONAL DATA

14.1. For the purposes of this section, cross-border data transfer means the transfer of personal data to a foreign country, a foreign government authority, a foreign individual, or a foreign legal entity. The use of messengers and email does not constitute a cross-border transfer.
14.2. Before initiating a cross-border transfer, the Operator must ensure that the foreign country in question provides adequate protection of the rights of data subjects.
14.3. Cross-border transfers to countries that do not provide such adequate protection may only occur with the Data Subject’s (including the Client’s or User’s) written consent and/or for the execution of a contract to which the Data Subject is a party.
14.4. When conducting a cross-border data transfer, the Operator acts in accordance with Russian personal data legislation.

15. DURATION OF PROCESSING, STORAGE, AND DESTRUCTION OF INFORMATION AND PERSONAL DATA

15.1. Processing of the Data Subject’s (including the Client’s or User’s) personal data ceases in the following cases:

  • Achievement of processing purposes or loss of necessity;
  • Expiration of consent for processing or its withdrawal (unless there are other legal grounds for processing);
  • Unlawful processing is identified and cannot be rectified;
  • The Operator’s web resource is deleted.

15.2. If the Data Subject (including the Client or User) withdraws consent, processing is carried out only as necessary for the execution of contracts and legal obligations.
15.3. The retention period for personal data in information systems is the same as that for data on paper media.
15.4. Information and Personal Data shall be destroyed in the following cases:

  • When the processing purpose is achieved or is no longer necessary, unless otherwise specified by law;
  • When regulations establishing processing grounds are amended or repealed;
  • When unlawful processing is identified;
  • Upon withdrawal of consent by the Data Subject (including the Client or User), unless otherwise provided by law.

15.5. The Operator systematically monitors and identifies documents containing personal data with expired retention periods.
15.6. Upon expiration of the processing period, destruction of electronic data is carried out by mechanically damaging storage media or using guaranteed data deletion methods. If data is not processed automatically, physical media are destroyed.

16. FINAL PROVISIONS

16.1. This Policy is subject to updates and amendments upon the introduction of new legal acts and regulatory documents regarding the processing and protection of personal data.
16.2. This Policy is an internal document of the Operator and must be published on the Operator’s website. Any changes must also be publicly posted on the Operator’s official website.
16.3. Compliance with this Policy is monitored by the Operator or the designated person responsible for organizing personal data processing.
16.4. For any questions regarding the processing of personal data, the Data Subject (including the Client or User) may contact the Operator via email.
16.5. In all other matters not covered by this Policy, the Operator shall follow applicable legislation of the Russian Federation.

Operator’s Name: Sarakula Ekaterina Igorevna
Operator’s TIN: 910919886026
Operator’s Address: Republic of Crimea, Ukromnoe village, Degtyarya St. 85
Operator’s Phone: +79782691994
Operator’s Email: sarakula.interiors@gmail.com
Operator’s Website: https://sarakula-interiors.com/
Leave a request

You will be contacted shortly

    The User hereby:
    Your application has been sent!
    Our specialist will contact you soon.