The edition is valid from October 14, 2021

Moscow, Russian Federation

This Personal Data Processing Policy (hereinafter referred to as the "Policy") was developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and Information Protection", Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" and the regulatory legal acts of the Russian Federation adopted in accordance with them. This Policy has been issued and applied by the individual entrepreneur Stepanova Natalia Georgievna, TIN 772176276698, PSRN of IE 316774600555002, (hereinafter referred to as the "Operator") in accordance with paragraph 2 of part 1 of Art. 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" in relation to all information that the Operator can receive about the user while using the Operator's Website with the network address: https://nayada-online.com/, including all its sections (pages, subdomains), (hereinafter referred to as the “Website”) and governs any kind of processing of personal data and personal information (any personally identifiable information and any other information related to this) about individuals who are consumers of the products or services of the Operator. This Policy applies to the processing of personal data collected by any means, both active and passive, both via the Internet and without its use, from persons located anywhere in the world.

All issues related to the processing of personal data that are not regulated by this Policy are resolved in accordance with the current legislation of the Russian Federation on personal data.

1. Personal information of users received and processed by the Website

1.1. Within the framework of this Policy, "personal data of the user" (subject of personal data) means:

1.1.1. Personal information that the user provides about themselves to the individual entrepreneur Stepanova Natalia Georgievna - independently when leaving an application, making a purchase, registering (creating an account) or in another process of using the Website, including: last name, first name; contact phone number; email address.

1.1.2. Data that is automatically transmitted to the Website during its use using the software installed on the user's device, including IP address, cookie information, information about the user's browser (or other program that helps access the Website), access time , the address of the requested page, other data about visitors from traffic statistics services (the address of the page on which the ad unit is located, the referrer (address of the previous page), etc.), geolocation data and other data, the collection and processing of which occurs automatically on the Website, owned by the Operator.

With the help of this data, information is collected about the actions of visitors on the Website in order to improve its content, improve the functionality of the Website and, as a result, create high-quality content and services for visitors.

The subject of personal data can at any time change the settings of their browser so that all cookies are blocked, or so that notification is made about their sending. At the same time, the subject must understand that in this case, some functions and services of the Website will not be able to work properly.

1.1.3. In addition to the information specified in paragraphs 1.1.1-1.1.2 of this Policy, the Operator also registers data on purchases made by the subject of personal data on the Website.

1.2. This Policy applies only to the Website, and the Operator (Website administrator) does not control and is not responsible for third-party sites to which the user can go through the links available on the Website. On such resources, other personal information may be collected or requested from the user, and other actions may be performed that are not related to the Operator.

1.3. The Website generally does not verify the accuracy of personal information provided by users, and does not control their legal capacity. The Operator administering the Website proceeds from the fact that the user provides reliable and sufficient personal information on the issues proposed in the forms of the Website resources, and maintains this information up to date.

2. Purposes of collecting and processing personal information of users.

2.1. The Website collects and stores only those personal data that are necessary for the provision of services and / or provision of other values for visitors to the Website (subjects of personal data).

2.2. The Operator has the right to use the personal information of the user (subject of personal data) for the following purposes:

2.2.1. Identification of the party within the framework of agreements and contracts with the Website and the Operator.

2.2.2. Providing the user with personalized services, products and other values.

2.2.3. Communication with the user, including sending notifications, requests and information regarding the use of the Website, the provision of services, as well as processing requests and applications from the user.

2.2.4. Improving the quality of the Website, the convenience of its use, the development of new services and products.

2.2.5. Targeting informational materials.

2.2.6. Conducting statistical and other studies based on the data provided.

2.2.7. Conclusion, execution and termination of civil law contracts with individuals, legal entities, individual entrepreneurs and other persons, in cases provided for by applicable law.

2.2.8. Detection, prevention, mitigation and investigation of fraudulent or other illegal activities against the Operator.

3. Terms of processing the user's personal information and its transfer to third parties.

3.1. The Website generally does not verify the accuracy of personal information provided by users, and does not control their legal capacity. The Operator proceeds from the fact that the user provides reliable and sufficient personal information on the issues offered in the forms of these online resources, and maintains this information up to date (clause 1.3).

3.2. With respect to the user's personal information, its confidentiality is maintained, except in cases where the user voluntarily provides information about themselves for general access to an unlimited number of persons.

3.3. The Website has the right to transfer the user's personal information to third parties in the following cases:

3.3.1. The user has expressed their consent to such actions by providing personal data;

3.3.2. The transfer is necessary as part of the user's use of the Website, or to provide services, values and / or provide services to the user through the Website;

3.3.3. The transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law;

3.3.4. In order to ensure the possibility of protecting the rights and legitimate interests of the Website, the Operator or third parties in cases where the user violates the Public Offer Agreement or commits other illegal actions.

Thus, the Operator does not disclose to third parties and does not distribute personal data without the consent of the subject of personal data, except as expressly provided by applicable law and this Policy. In particular, the Operator transfers the user's personal data to third parties in order to provide the latter with services, while observing the provisions of this Policy and taking measures to preserve them.

3.4. When processing personal data of users of the Website, the Operator is guided by the Federal Law "On Personal Data" dated July 27, 2006 No. 152-FZ. The law applicable to the relationship between the user and the Operator is the law of the Russian Federation.

3.5. The processing of personal data is organized by the Operators on the principles of:

3.5.1. Legality of the purposes and methods of processing personal data, good faith and fairness in the activities of the Operator;

3.5.2. The reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of collecting personal data that is excessive in relation to the purposes stated when collecting personal data;

3.5.3. Processing only personal data that meet the purposes of their processing;

3.5.4. Compliance of the content and volume of the processed personal data with the stated purposes of processing. The processed personal data should not be excessive in relation to the stated purposes of their processing;

3.5.5. The inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;

3.5.6. Ensuring the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the purposes of processing personal data. The Operator takes the necessary measures or ensures their adoption to remove or clarify incomplete or inaccurate data;

3.5.7. Storage of personal data in a form that allows you to determine the subject of personal data, no longer than required by the purposes of processing personal data.

3.6. The processing of personal data is carried out by the Operator for the period necessary to fulfill the purposes for which they were collected, in any legal way, including in personal data information systems using automation tools or without using such tools (mixed processing) via the Internet. In any case, the user's personal data are stored and processed for no longer than 10 (ten) years from the date of receipt of the user's consent to their processing.

3.7. All personal data are provided (collected) directly from the user as the subject of personal data.

The subject of personal data independently decides on the provision or non-provision of their personal data, and agrees to their processing by the Operator freely, at their own will and in their own interest.

3.8. The consent specified in clause 3.7. of this Policy, also means the user's consent to the transfer of their personal data to third parties, to the instruction of the processing of these data by third parties, as well as the user's consent to the cross-border transfer of these data via the Internet (when such transfer is necessary for the effective provision of services by the Operator or is necessary to achieve other purposes established by this Policy), as well as to receive e-mail and SMS mailings within the framework of a user agreement concluded with the Operator, another agreement, or to receive advertising and marketing materials.

At the same time, cross-border data transfer refers to the transfer of data to third parties both in countries with an adequate level of data protection, and not related to such countries. The necessary level of protection of personal data is in any case provided by the Operator by complying with the conditions specified in Section 5 of this Policy.

3.9. Consent to the processing of personal data is provided by the user when filling out special subscription forms on the Operator’s website, when placing an application for receiving a free service from the Operator (registration of a personal account on the Website, etc.), concluding an appropriate service agreement (service (user) agreement) or directly when paying for services under the agreement (acceptance of a public offer) by putting a check mark confirming consent to the processing of personal data in a special checkbox. In this case, this action has the legal force of written consent.

3.10. In some cases, specifically stipulated in the local acts of the Operator, the user provides personal data in a different way (other than specified in clause 3.9 of this Policy). For example, when filling out applications for the provision of certain types of services, submitting an application for the return of money paid for third-party services, the user transfers personal data directly to third parties, and when sending proposals to the Operator to improve the content and operation of the Website, by sending a letter to the email address: nayadanail@gmail.com, at the same time - in case of transfer of data other than those listed in clause 1.1 of this Policy - the user separately agrees to the processing of additionally reported data.

4. Change by the user of personal information and withdrawal of consent to the processing of personal data.

4.1. The user can at any time change (update, supplement) the personal information provided by them or part of it, as well as the parameters of its confidentiality, by sending an application to the Operator-owner of the Website at the email address: nayadanail@gmail.com.

4.2. The user can, at any time, withdraw his consent to the processing of personal data by leaving a statement to the administration at the email address: nayadanail@gmail.com.

5. Measures taken to protect the personal information of users.

5.1. When processing personal data, the Operator applies legal, organizational and technical measures to ensure the security of personal data in accordance with Art. 19 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data".

Ensuring the security of personal data is achieved, in particular:

5.1.1. Assessing the effectiveness of measures to ensure the security of personal data prior to the use of such measures;

5.1.2. Detection of facts of unauthorized access to personal data and taking measures to eliminate them and prevent repetition;

5.1.3. Recovery of personal data modified or destroyed due to unauthorized access to them;

5.1.4. Establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;

5.1.5. Checking the availability of clauses on ensuring the confidentiality of personal data in contracts concluded by the Operator with third parties and including them, if necessary, in contracts;

5.1.6. Control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.

5.2. Third parties who have gained access to personal data on behalf of the Operator undertake to take the necessary organizational and technical measures to ensure the confidentiality of such information on their personal device from which they process personal data.

5.3. Interaction with federal executive authorities on the processing and protection of personal data of subjects whose personal data is processed by the Operator is carried out within the framework of the legislation of the Russian Federation.

5.4. The Operator is obliged to immediately stop, at the request of the subject of personal data, the processing of their personal data specified in Part 1 of Art. 15 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data".

6. Responsible for the processing of personal data:

6.1. The Operator is personally responsible for the processing of personal data.

6.2. Responsible person in their activities:

6.2.1. Carries out internal control over compliance by the Operator, its employees and counterparties with the legislation of the Russian Federation on personal data to which they receive access from the Operator, including the requirements for the protection of personal data.

6.2.2. Controls the acceptance and processing of appeals and requests of personal data subjects.

6.2.3. Takes measures to detect facts of unauthorized access to personal data and takes immediate measures to protect personal data.

6.2.4. Performs constant monitoring of ensuring the level of security of personal data.

6.2.5. Acquaints, under signature, the Operator's employees who have access to personal data with the provisions of the legislation of the Russian Federation and the EU on personal data, including the requirements for the protection of personal data, as well as with local acts of the Operator that determine the procedure for processing personal data.

6.2.6. Carries out internal control and (or) audit of compliance of personal data processing with the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” and the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, this Policy and other local acts of the Operator.

7. User responsibility.

7.1. Subjects of personal data are obliged to provide the Operator with only reliable personal data and promptly inform about their change. At the same time, the Operator does not verify the accuracy of personal data, and does not exercise control over the legal capacity of personal data subjects, and proceeds from the fact that the subject provides reliable and sufficient personal information on the issues proposed in the registration (subscription, payment) form, and maintains this information in up to date.

The risk of providing false personal data is borne by the subject of personal data.

7.2. The Operator does not intentionally process personal data of minors. The Operator recommends using the site to persons over 18 years of age. Responsibility for the actions of minors, including their purchase of services on the Website, lies with the legal representatives of minors. If the Operator becomes aware that they have received personal information about a minor without the consent of legal representatives, then such information will be deleted as soon as possible.

7.3. The Operator is not responsible for the processing of personal data of third parties that the recipient of the Operator's services reported as their own. In this case, the recipient of the Operator's services, who provided false data, bears the risk of being held liable.

7.4. In case of disagreement of the subject of personal data in whole or in part with the terms of this Policy, their use of the Website and its services must be immediately terminated.

8. Storage of personal data.

8.1. The storage of personal data is carried out in electronic form in the relevant information systems of personal data placed in databases on the territory of the Russian Federation.

8.2. The storage of personal data is carried out in a form that allows you to determine the subject of personal data in a timeframe that ensures compliance with and achievement of the purposes of processing personal data established by this Policy.

8.3. The storage of personal data is carried out with access restriction, including by creating appropriate access levels.

8.4. Personal data contained in different electronic databases and processed for different purposes are stored separately.

9. Termination of processing and destruction of personal data.

9.1. In case of revealing inaccurate personal data when contacting the subject of personal data, the Operator is obliged to block personal data relating to this subject of personal data from the moment of such request for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the subject of personal data or third parties.

9.2. If the fact of inaccuracy of personal data is confirmed, the Operator, on the basis of information provided by the subject of personal data, is obliged to clarify personal data within 7 (seven) working days from the date of submission of such information and remove the blocking of personal data.

9.3. In case of detection of illegal processing of personal data by the Operator, the latter, within a period not exceeding 3 (three) business days from the date of this detection, is obliged to stop the illegal processing of personal data.

If it is impossible to ensure the legality of the processing of personal data, the Operator, within a period not exceeding 10 (ten) business days from the date of detection of illegal processing of personal data, is obliged to destroy such personal data. The Operator is obliged to notify the subject of personal data about the elimination of the violations committed or the destruction of personal data.

9.4. In the event that the subject of personal data withdraws consent to their processing, the Operator is obliged to stop processing them and, if the storage of personal data is no longer required for the purposes of processing personal data, destroy personal data within a period not exceeding thirty business days from the date of receipt of the said withdrawal.

9.5. The Operator has the right to continue using the personal data about the subject after consideration of the withdrawal of consent to their processing, ensuring the depersonalization of such information.

9.6. The Operator sends a notification of the results of consideration of the requests of personal data subjects specified in this section through the support service nayadanail@gmail.com by sending messages to the email of the personal data subject specified in the request.

10. Dispute resolution.

10.1. Before going to court with a claim on disputes arising from the relationship between the subject of personal data and the Operator, it is mandatory to submit a claim (a written proposal for a voluntary settlement of the dispute).

10.2 The recipient of the claim, within 30 (thirty) calendar days from the date of receipt of the claim, notifies the claimant in writing of the results of the consideration of the claim.

10.3. If an agreement is not reached, the dispute will be referred to the judicial authority at the place of registration of the Operator in accordance with the current legislation of the Russian Federation.

10.4. The current legislation of the Russian Federation applies to this Personal Data Processing Policy and the relationship between the subject of personal data and the Operator.

11. Additional terms

11.1. The Operator has the right to make changes to this Personal Data Processing Policy without the consent of the subjects of personal data.

11.2. The new version of the Personal Data Processing Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy.

11.3. Suggestions and comments for making changes to the Personal Data Processing Policy should be sent to: nayadanail@gmail.com.

11.4. The invalidity of certain provisions of this Policy, if such is recognized by a decision of a court or other authorized state body, does not entail its invalidity as a whole.

11.5. When processing personal data, the Operator does not specifically check for the existence of a special regime for the processing of personal data established by the legislation of the countries whose jurisdiction includes individual recipients of the Operator's services or persons who provided their data in the subscription form on the Website. If the personal data subject is a resident of a state with a special personal data protection regime, for example, in the European Economic Area (EEA), and accesses the Website from European countries, the Operator takes all reasonable measures to ensure compliance with such requirements of personal data protection legislation established by the relevant state or group of countries (GDPR). To do this, the subject of personal data is obliged to notify the Operator of the existence of a special regime for the protection of their personal data by contacting the support service at nayadanail@gmail.com.

12. Details of the Operator

Individual entrepreneur

Stepanova Natalia Georgievna

TIN 772176276698

PSRN of IE 316774600555002

Address: Russia, Moscow, 109377, Zelenodolskaya street, 11, apartment 60

e-mail: nayadanail@gmail.com

Phone: 89150073247

Acc: 40802810238000042863

Bank: PJSC "SBERBANK"

RC BIC 044525225

Corr. Acc.: 30101810400000000225

By filling out this form, in accordance with the requirements of Article 9 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data", I confirm my consent to the processing of my personal data entered into the form - to the individual entrepreneur Stepanova Natalia Georgievna, TIN 772176276698, PSRN of IE 316774600555002, (hereinafter referred to as the Operator), including:

1) last name, first name;

2) contact phone number;

3) email address;

4) region of residence;

5) qualifications and work experience;

6) IP address, information from cookies, information about the user's browser (or other program that accesses the site), access time, address of the requested page, other data about visitors from traffic statistics services (address of the page on which the ad unit is located, referrer (previous page address), etc.), geolocation data and other data, the collection and processing of which occurs automatically on sites owned by the Operator.

I grant the Operator the right to carry out all actions (operations) with my personal data, including collection, systematization, accumulation, storage, updating, modification, use, depersonalization, blocking, destruction.

The purpose of processing personal data is to provide me with services based on the completed form. The Services mean the performance by the Operator (Individual entrepreneur Stepanova N.G.) of the public offer agreement, the provision of other paid and free services to me, including the performance by the Operator.

The Operator has the right to exchange (receive and transfer) my personal data using machine media or via communication channels (including cross-border transfer), subject to measures to ensure their protection from unauthorized access.

This consent is valid until the end of my receipt of the Services, the period of storage of my personal data is limited by the period of provision of the Services, but not longer than 5 (five) years from the date the Operator receives this consent.

I reserve the right to withdraw my consent by drawing up a written statement about this and sending it to the Operator's address (nayadanail@gmail.com) by email. In case of withdrawal of this consent, the Operator is obliged to delete all my personal data they have and stop providing me with any services and sending any materials.