1. General Provisions This privacy policy on personal data processing is prepared in accordance with the requirements of Federal Law No. 152-FZ "On Personal Data," dated July 27, 2006 (hereinafter referred to as the "Personal Data Law"). It defines the procedure for processing personal data and the measures implemented by Damira Ramilevna Rakhmatulina (hereinafter referred to as the "Operator") to ensure its security. 1.1. The Operator’s primary objective is to protect human and civil rights and freedoms when processing personal data, including the right to privacy, personal security, and family confidentiality. 1.2. This privacy policy (hereinafter referred to as the "Policy") applies to all information that the Operator may obtain about visitors of the website damirawebdesign.ru.
2. Definitions 2.1. Automated processing of personal data — processing performed using computing technology. 2.2. Blocking of personal data — temporary suspension of processing (except when processing is necessary for clarification). 2.3. Website — a collection of graphic and information materials, as well as software and databases, ensuring their accessibility on the internet at damirawebdesign.ru. 2.4. Personal data information system — databases containing personal data and technologies enabling processing. 2.5. Anonymization of personal data — actions making it impossible to identify a user without additional information. 2.6. Processing of personal data — any operation performed with or without automation, including collection, recording, storage, updating, retrieval, use, transfer, anonymization, blocking, deletion, and destruction. 2.7. Operator — a legal or natural person who organizes and/or conducts personal data processing. 2.8. Personal data — any information directly or indirectly related to an identified or identifiable website user. 2.9. Public personal data — data made accessible to an unlimited number of people with the subject’s consent. 2.10. User — any visitor of damirawebdesign.ru. 2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or group. 2.12. Distribution of personal data — actions allowing access to personal data by an unlimited number of people. 2.13. Cross-border transfer of personal data — transfer of personal data to a foreign country. 2.14. Destruction of personal data — actions resulting in the irreversible elimination of data.
3. Operator’s Rights and Obligations 3.1. The Operator has the right to:
Request and receive accurate personal data;
Continue processing personal data without consent in cases permitted by law;
Determine the necessary measures for fulfilling legal obligations.
3.2. The Operator is obligated to:
Provide requested information regarding data processing;
Organize personal data processing in accordance with the law;
Respond to user requests;
Publish this policy for public access;
Implement security measures to protect personal data.
4. Rights and Obligations of Data Subjects 4.1. Data subjects have the right to:
Receive information about the processing of their data;
Request corrections, blocking, or deletion of their data;
Withdraw consent at any time;
File complaints regarding unauthorized data processing.
4.2. Data subjects are obligated to:
Provide accurate personal data;
Notify the Operator of any updates to their personal data.
4.3. Persons providing false or unauthorized data may be held legally responsible.
5. Principles of Personal Data Processing 5.1. Processing must be lawful and fair. 5.2. Processing must be limited to predefined legal purposes. 5.3. Combining personal data for purposes incompatible with processing is prohibited. 5.4. Only data necessary for the stated purposes should be processed. 5.5. Data must be accurate, sufficient, and relevant. 5.6. Data should only be stored for as long as necessary.
6. Purposes of Personal Data Processing
Providing access to website services and materials.
Processed data: Name, email, phone number.
Legal basis: Federal Law "On Information, Information Technologies, and Information Protection" No. 149-FZ.
7. Conditions for Personal Data Processing 7.1. Processing is conducted with the user’s consent. 7.2. Processing is required to fulfill legal obligations, judicial processes, or contractual obligations. 7.3. Publicly available personal data may be processed. 7.4. Personal data required for legal disclosure may be processed.
8. Data Collection, Storage, Transfer, and Other Processing Methods 8.1. The Operator ensures data security through legal, organizational, and technical measures. 8.2. Personal data is not transferred to third parties unless required by law or with user consent. 8.3. Users may update their personal data by sending an email to damirarakhmatulina@gmail.com with the subject "Data Update." 8.4. Processing duration is determined by the processing purposes unless otherwise specified by law. 8.5. Users may withdraw consent by emailing damirarakhmatulina@gmail.com with the subject "Withdrawal of Data Processing Consent." 8.6. Data collected by third-party services is governed by their respective policies. 8.7. The Operator ensures the confidentiality of personal data during processing. 8.8. The Operator stores personal data in a form that allows identification of the data subject for no longer than necessary unless a longer retention period is required by federal law or a contract. 8.9. The processing of personal data may be terminated if processing purposes are achieved, consent expires, consent is withdrawn, a request for termination is received, or unlawful processing is identified.
9. Actions Performed by the Operator with Personal Data 9.1. The Operator collects, records, systematizes, accumulates, stores, updates, retrieves, uses, transfers (distributes, provides, grants access to), anonymizes, blocks, deletes, and destroys personal data. 9.2. The Operator may conduct automated processing of personal data with or without the use of information and telecommunications networks.
10. Cross-Border Transfer of Personal Data 10.1. Before initiating cross-border personal data transfers, the Operator must notify the authorized data protection body (this notification is separate from the general processing notification). 10.2. Before submitting such notification, the Operator must obtain relevant information from foreign authorities, individuals, or legal entities involved in the data transfer.
11. Confidentiality of Personal Data The Operator and any persons granted access to personal data must not disclose or distribute it to third parties without the data subject’s consent, unless otherwise provided by federal law.
12. Final Provisions 12.1. Users may obtain clarifications on any questions related to personal data processing by contacting the Operator via email at damirarakhmatulina@gmail.com. 12.2. Any changes to this privacy policy will be reflected in this document. The policy remains in effect indefinitely until replaced with a new version. 12.3. The latest version of this Policy is publicly available at damirawebdesign.ru/privacy.