Policy regarding
Processing of personal data
Edition № 2 of 05.28.25

This Privacy Policy (hereinafter referred to as the Policy) was developed by IP Kasap Kristina Alekseevna (hereinafter - the Operator) in accordance with the Federal Law of 27.07.2006 № 152-FZ "On Personal Data" and defines the procedure for processing personal data, measures to ensure their security, as well as the rights of personal data subjects interacting with the website https://saynomore.shop (hereinafter referred to as the Site).

1. General provisions

1.1. The operator sets as its most important goal the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the rights to privacy, personal and family secrets.

1.2. The policy applies to all information that the Operator may receive about visitors to the Site.

1.3. The Policy is a public document and is posted on the Website at https://saynomore.shop/privacy

1.4. The operator notified the authorized body for the protection of the rights of personal data subjects of the intention to process personal data in accordance with the established procedure.

2. Basic concepts

2.1. Personal data - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).

2.2. Processing of personal data - any action (operation) or set of actions performed with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.3. Automated processing - processing of personal data using computer equipment.

2.4. The subject of personal data is an individual to whom the personal data relate.

2.5. The operator is IE Kasap Kristina Alekseevna, who organizes and processes personal data.

2.6. Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state.

2.7. Depersonalization of personal data - actions as a result of which it is impossible to determine the belonging of personal data to a specific subject without additional information.

2.8. Destruction of personal data - actions as a result of which it is impossible to restore the content of personal data in the information system or on material media.

3. Categories of subjects, personal data and purposes of processing

3.1. The operator processes personal data of subjects for the following purposes:
3.2. The processing of personal data is carried out with the consent of the subject, except in cases provided for by the legislation of the Russian Federation, when consent is not required (for example, for the execution of the contract or compliance with the law).

3.3. The subject of personal data may consent to the processing of personal data when filling out feedback forms on the Site and in other ways provided for by the Policy.

4. Principles of personal data processing

4.1. Processing is carried out on a legal and fair basis.

4.2. Processing is limited to the achievement of specific, predetermined and legitimate goals.

4.3. It is not allowed to combine databases containing personal data if their purposes are incompatible.

4.4. Processing is limited to the data necessary for the stated purposes;

4.5. The accuracy, sufficiency and relevance of personal data are ensured.

4.6. Personal data is stored for no longer than required to achieve the purposes of processing, unless otherwise provided by law.

4.7. Personal data is destroyed or depersonalized upon achievement of the purposes of processing or loss of necessity.

5. Rights and obligations of the Operator

5.1. Operator's Rights:

• Receive reliable personal data from the subject;

• Continue data processing without the consent of the subject in cases provided for by law;

• Define measures to ensure the security of personal data.

5.2. Operator's Duties:

• Provide the subject with information about the processing of his personal data upon request;

• Ensure the confidentiality of personal data;

• Take legal, organizational and technical measures to protect data;

• Notify Roskomnadzor of its intention to carry out cross-border data transfer;

• Stop processing and destroy data when achieving goals or withdrawing consent;

• Respond to the requests of subjects within 10 working days.

6. Rights and obligations of personal data subjects

6.1. Rights of the subject:

• Request information about the processing of your personal data;

• Require clarification, blocking or destruction of data if it is incomplete, inaccurate or illegally obtained;

• Withdraw consent to data processing by sending a notification to saynomoremoscow@gmail.com marked "Revocation of consent to the processing of personal data";

• Appeal the Operator's actions to the authorized body or court;

• Restrict data transfer to an unlimited number of persons.

6.2. Responsibilities of the subject:

• Provide reliable data;

• Notify the Operator about changes to your data.

6.3. Persons who have provided inaccurate data or data of another person without consent are liable under the legislation of the Russian Federation.

7. Procedure for processing personal data

7.1. Processing is carried out using automated and non-automated means in the following ways: collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer, depersonalization, blocking, deletion, destruction.

7.2. The subject's consent to data processing is freely given through forms on the Site (for example, feedback forms) with a checkbox containing a link to the Policy and a description of the purposes of processing. The checkbox does not have a preset tick.

7.3. Personal data is not transferred to third parties without the consent of the subject, except in cases provided by law or contract.

7.4. The subject can update the data by sending a notification to saynomoremoscow@gmail.com marked "Updating personal data".

7.5. The operator does not make decisions based solely on automated processing if they cause legal consequences for the subject.

7.6. In case of cross-border data transfer, the Operator notifies Roskomnadzor and receives the necessary information from foreign persons.

8. Measures to ensure the security of personal data

8.1. The operator shall take the following measures to protect personal data (including, but not limited to)

• identification and authentication of access subjects and access objects;

- access control of access subjects to access objects;

• limitation of the software environment;

- protection of machine data carriers on which personal data is stored and/or processed;

• anti-virus protection;

• ensuring the integrity of the information system and personal data;

• protection of technical means;

• protection of the information system, its means, communication and data transmission systems;

• detection of incidents (one event or group of events) that may lead to failures or disruption of the functioning of the information system and/or threats

• security of personal data (hereinafter referred to as incidents) and response to them;

• restriction of access to data only to authorized persons;

- conducting a regular audit of compliance of processing with the legislation;

• accounting of machine and material carriers of personal data;

- ensuring the safety of media and restoring data in case of unauthorized access.

8.2. In case of data leakage, the Operator:

• Notifies Roskomnadzor within 24 hours;

• Conducts an investigation and reports the results within 72 hours.

9. Destruction of personal data

9.1. Personal data is destroyed in the following cases:

• Achievement of processing goals;

• Withdrawal of the subject's consent;

• Expiry of the storage period established by law or contract;

• In cases established by law.

9.2. Destruction is carried out by removing data from databases or mechanical destruction of media, which excludes recovery

10. Final provisions

10.1. The Policy is approved by the Operator and is valid indefinitely until it is replaced with a new version.

10.2. Changes to the Policy are made when the legislation or local acts of the Operator are changed. Subjects are notified of changes by e-mail, if possible.

10.3. For personal data processing, please contact: saynomoremoscow@gmail.com. The answer is provided within 10 working days.

11. Operator's details:

IE Kasap Kristina Alekseevna

TIN: 344707510335

OGRNIP 321508100135853

E-mail: saynomoremoscow@gmail.com

Website: https://saynomore.shop/privacy