POSITION on the processing and protection of personal data (privacy policy)
- General Provisions
1.1. This Position on the processing and protection of personal data by individual entrepreneur Kaliani Anna-Mikhaila-Dagmar Alexandrovna (hereinafter referred to as the Entrepreneur), acting on the basis of OGRNIP 319784700308201, (hereinafter referred to as the Position), is developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, Federal Law of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection", Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter referred to as the Federal Law "On Personal Data") and regulatory legal acts of the Russian Federation adopted in accordance with them.
1.2. The purpose of developing this Position is to determine the procedure for the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data processed by the Entrepreneur (hereinafter referred to as the Project, Operator) when providing services.
1.3. This Position applies to all Project websites containing links to this Position, regardless of the method of their use or access, including access from mobile devices, including:
www.kalianidesign.ru, including all subdomains (hereinafter - the Site).
1.4. By this Position, the recipient of Operator's services or the visitor of the Site as a subject of personal data is notified and gives consent to the objective necessity arising in the process of the Site's operation and receiving Operator's services to allow access to their personal data for Operator's software and third parties (partners or service providers of the Operator). This access is provided solely for the purposes defined by this Position (clause 3.1.1.).
1.5. In case of disagreement of the subject of personal data, in whole or in part, with the terms of this Position, the use of the Site and its services must be immediately terminated.
**2. Composition of Personal Data**
2.1. The Project processes personal data of individuals who have purchased consulting services of the Project (or other paid services), as well as subscribed to email newsletters or SMS newsletters through corresponding subscription forms on the Project's Website.
2.2. The list of personal data processed in the Project includes:
- Name (surname and first name - for certain types of services);
- Contact information (phone, email);
- Time, date, and place of birth (for certain types of services);
- Image;
- Account addresses in messaging programs and social networks.
2.3. The Project's Website uses cookies and visitor data from visit statistics services (IP address; information from cookies, browser information, time of access to the website, address of the page containing the advertisement block, referrer (address of the previous page), and other data).
Using this data, information about the actions of visitors on the website is collected to improve its content, enhance website functionality, and consequently, create quality content and services for visitors.
The subject of personal data can at any time change their browser settings so that all cookies are blocked or they are notified of their sending. However, the subject should understand that some functions and services of the Project may not work properly.
2.4. The Operator does not intentionally process personal data of minors. All visitors under the age of 18 must obtain permission from their legal representatives before providing any personal information about themselves.
If the Operator becomes aware that they have received personal information about a minor without the consent of their legal representative, such information will be deleted as soon as possible.
**3. General Requirements for Processing Personal Data**
3.1. Purposes of Processing Personal Data
3.1.1. Processing of personal data in the Project is carried out for the following purposes:
a) for proper performance of a contract for the provision of information and consulting services purchased by the Project's client (according to the selected service package), or other paid services of the Operator, including by means of email and SMS distribution to the email and phone specified by the relevant subject of personal data when paying for Operator's services;
b) for improvement and personalization of Project's services;
c) for providing advertising and marketing materials of the Project, including through email and SMS distribution to the email and phone specified by the relevant subject of personal data when filling out subscription (purchase) forms on the Operator's website;
d) for detection, prevention, mitigation, and investigation of fraudulent or illegal actions against the Operator.
3.1.2. Only personal data that corresponds to the purposes of their processing (clause 3.1.1.) are subject to processing. Personal data cannot be used to cause property or moral harm to subjects of personal data.
3.2. Obtaining Personal Data
3.2.1. Processing of personal data in the Project is carried out without limitation of the term, by any lawful means, including in personal data information systems using automation tools or without using such tools (mixed processing) via the Internet.
3.2.2. All personal data is provided (collected) directly from the subject of personal data.
The subject independently decides to provide their personal data and consents to their processing by the Project freely, voluntarily, and in their own interest. Such consent also means the subject's consent to the transfer of their personal data to third parties, to entrust processing of their personal data to third parties, including cross-border transfer of data via the Internet (when such transfer is necessary for effective provision of services by the Project or necessary to achieve other purposes established by this Position), as well as to receive email and SMS newsletters within the framework of the contract for paid provision of services with the Operator or for receiving advertising and marketing materials of the Project.
3.2.3. Consent to the processing of personal data is provided when filling out special subscription forms on the Operator's website, when submitting an application for conclusion of the corresponding service provision agreement, or directly when making payment for services under the specified agreement by checking the "I agree to the processing of my personal data" checkbox. Separate written consent is not required.
**3.2.4.** For the convenience of using the Website or receiving Operator's services, personal data may be obtained automatically using special software with notification of the subject of personal data before sending a request for their receipt in this way.
**3.2.5.** Consent to the processing of personal data may be revoked by the subject of personal data at any time by contacting the Project's support service at info@kalianidesign.ru. In this case, the Project does not guarantee that in the event of such a request, Project services that have not yet been provided at the time of receipt of the specified revocation will be provided properly.
**3.3. Rights and Obligations of Parties in Processing Personal Data**
**3.3.1.** Subjects of personal data are obliged to provide the Project only with accurate personal data and to promptly inform about changes in their personal data. At the same time, the Operator does not verify the accuracy of such information and accepts it on the "as is" basis. The risk of providing inaccurate personal data lies with the subject of personal data.
**3.3.2.** Each subject of personal data has the right to:
- obtain complete information about their personal data and have free access to their personal data, except in cases provided for by current legislation;
- receive information related to the processing of their personal data;
- demand from the Operator the clarification of their personal data, their blocking, or destruction in case the personal data are incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;
- other rights provided by the legislation of the Russian Federation.
**3.3.3.** The subject of personal data has the right to make necessary changes to the personal data provided during registration on the Website by submitting the corresponding application to the Project's support service at info@kalianidesign.ru.
**3.3.4.** The Project is obliged to provide the subject of personal data with the opportunity to familiarize themselves with the personal data relating to them and to make necessary changes to them when providing the subject of personal data with information confirming that the personal data are incomplete, outdated, inaccurate, or unlawfully obtained. The Operator must notify the subject or their representative of the changes made and take reasonable measures to notify third parties to whom the personal data of this subject have been transferred.
**3.3.5.** Consideration of a subject's request regarding their personal data by the Operator is carried out within 30 (thirty) calendar days from the date of such request, unless otherwise provided by this Position. All correspondence regarding such requests is conducted through the Project's support service by sending messages to the email of the subject of personal data provided during the request.
**3.4. Transfer of Personal Data**
**3.4.1.** For the purpose of effective processing of personal data and proper performance of the agreement concluded between the Operator and the subject of personal data, the Project has the right to entrust the processing of personal data to other legal or natural persons based on a contract (hereinafter - Project assignment), including by means of cross-border transfer of data via the Internet. In this case, separate consent of the subject of personal data for such transfer is not required. The person processing personal data on behalf of the Project is obliged to comply with the principles and rules of personal data processing provided by the legislation of the Russian Federation on personal data.
**3.4.2.** The transfer of personal data of subjects with whom the Project interacts is carried out only for proper performance of obligations under concluded agreements (agreements) within which the Project and the specified subjects interact.
**3.4.3.** When transferring personal data of a subject, the Operator must inform the recipients of personal data that this data may be used only for the purposes for which it was provided and require these persons to ensure the confidentiality of the received personal data.
**3.5. Storage of Personal Data**
**3.5.1.** Storage of personal data is carried out in electronic form in relevant personal data information systems located in databases on the territory of the Russian Federation.
**3.5.2.** Storage of personal data is carried out in a form that allows determining the subject of personal data within time frames ensuring compliance with and achievement of the purposes of processing personal data established by this Position.
**3.5.2.** Storage of personal data is carried out with access restrictions, including by creating appropriate access levels.
**3.5.3.** Personal data contained in different electronic databases and processed for different purposes are stored separately.
**3.6. Termination of Processing and Destruction of Personal Data**
**3.6.1.** In the event of identifying inaccurate personal data when dealing with a subject of personal data, the Project is obliged to block the personal data related to this subject of personal data from the moment of such contact for the verification period if blocking the personal data does not violate the rights and legitimate interests of the subject of personal data or third parties.
**3.6.2.** In case the fact of inaccuracy of personal data is confirmed, the Operator, based on the information provided by the subject of personal data, is obliged to clarify the personal data within 7 (seven) working days from the date of providing such information and remove the blocking of personal data.
**3.6.3.** In case of identifying unlawful processing of personal data carried out by the Project, the latter, within a period not exceeding three working days from the date of such identification, is obliged to terminate the unlawful processing of personal data.
If it is impossible to ensure the lawfulness of processing personal data, the Project, within a period not exceeding ten working days from the date of identification of unlawful processing of personal data, is obliged to destroy such personal data. The Project is obliged to inform the subject of personal data about the elimination of the violations committed or about the destruction of personal data.
**3.6.4.** In case of withdrawal by the subject of personal data of consent to their processing, the Project is obliged to terminate their processing and, if the retention of personal data is no longer required for the purposes of processing personal data, destroy the personal data within a period not exceeding thirty working days from the date of receipt of the specified withdrawal.
**3.6.5.** The Project has the right to continue using personal data about the subject following the consideration of the withdrawal of consent to their processing, ensuring anonymization of such information.
**3.6.6.** The Operator sends a notification of the results of considering requests from subjects of personal data specified in this section through the support service info@kalianidesign.ru by sending messages to the email of the subject of personal data specified in the request.
**4. Protection of Personal Data**
**4.1.** When processing personal data, the Project takes necessary legal, organizational, and technical measures to prevent unauthorized or accidental access to them, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as other unlawful actions regarding personal data.
**4.2. Ensuring the Security of Personal Data is Achieved Through:**
- **Application of Organizational and Technical Measures:** To ensure the security of personal data during their processing in information systems of personal data, necessary for compliance with the requirements for the protection of personal data.
- **Evaluation of the Effectiveness of Security Measures:** Before putting the information system of personal data into operation.
- **Detection of Unauthorized Access:** To personal data and taking measures to eliminate and prevent their recurrence.
- **Recovery of Personal Data:** Modified or destroyed due to unauthorized access to them.
- **Establishment of Access Rules:** To personal data processed in the information system of personal data, as well as ensuring registration and accounting of all actions performed with personal data in the information system of personal data.
- **Verification of the Presence in Contracts:** Concluded in the Project, and, if necessary, inclusion in contracts of clauses on ensuring the confidentiality of personal data.
- **Control Over the Measures Taken:** To ensure the security of personal data and the level of security of information systems of personal data.
**4.3. Third parties** who have been granted access to personal data by the Operator undertake to take necessary organizational and technical measures to ensure the confidentiality of such information on their personal device from which they process personal data.
**5. Responsibility for Disclosure of Confidential Information Containing Personal Data**
**5.1. Third parties** who have been granted access to the personal data of the subjects of personal data of the Project and are guilty of violating their confidentiality bear responsibility in the manner established by the legislation of the Russian Federation, including under contracts concluded with the Operator under which such access was granted.
**5.2. The Operator** is not responsible for possible unauthorized use of personal data and causing any damage to the subject of personal data, resulting from:
- Technical malfunctions in software and technical means and networks beyond the control of the Operator.
- Intentional or unintentional use of the Operator's Website by third parties not for their direct purpose.
- Failure to ensure the confidentiality of access passwords or intentional transmission of access passwords, other information from the Website by the subject of personal data when receiving Operator's services (using the Website) to other persons without access to this information.
- Unlawful actions of third parties regarding access to the Website's data, including personal data.
**5.3. The Operator** is not responsible for the processing of personal data of third parties that the recipient of the Operator's services has provided as their own. The risk of liability in this case lies with the recipient of the Operator's services who provided inaccurate data.
**6. Dispute Resolution**
**6.1. Before** filing a lawsuit with a claim for disputes arising from the relationship between the subject of personal data and the Operator, it is mandatory to present a claim (a written proposal for voluntary settlement of the dispute).
**6.2.** The recipient of the claim within 30 (thirty) calendar days from the date of receiving the claim, notifies the claimant in writing of the results of the claim consideration.
**6.3.** In case of failure to reach an agreement, the dispute will be referred to a judicial authority in accordance with the legislation of the Russian Federation.
**6.4.** The legislation of the Russian Federation applies to this Privacy Policy and the relationship between the subject of personal data and the Operator.
**7. Additional Terms**
**7.1.** The Operator has the right to make changes to this Privacy Policy without the consent of the subjects of personal data.
**7.2.** The new Privacy Policy comes into effect from the moment of its publication on the website, unless otherwise provided by the new version of the Privacy Policy.
**7.3.** Suggestions and comments for amending the Privacy Policy should be sent to info@kalianidesign.ru.
**8. Operator's Details**
Independent designer "Kaliani Design,"
www.kalianidesign.ru
Full name of the organization:
INDIVIDUAL ENTREPRENEUR KALIANI ANNA-MICHAELA-DAGMAR ALEKSANDROVNA
Legal address of the organization:
197022, St. Petersburg, Medikov Ave. 10, bldg. 8, apt. 27
TIN (Taxpayer Identification Number): 780243817179
OGRNIP (Primary State Registration Number of the Individual Entrepreneur): 319784700308201
Banking details:
Account number: 40817810500014304222
Bank: Tinkoff Bank JSC
Legal address of the bank: Moscow, 123060, 1st Volokolamsky Proezd, bldg. 10, str. 1
Correspondent account: 30101810145250000974
Bank TIN: 7710140679
BIC (Bank Identifier Code): 044525974