Personal Data Processing Policy for Website Visitors

Version dated May 31, 2026

1. GENERAL PROVISIONS

1.1. This Personal Data Processing Policy (hereinafter referred to as the “Policy”) has been developed pursuant to the requirements of Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” (hereinafter referred to as the “Personal Data Law”) for the purpose of ensuring the protection of human and civil rights and freedoms during the processing of personal data.
1.2. The Policy governs the processes of personal data processing by the operator – Individual Entrepreneur Anastasia Viktorovna Tarasova (Taxpayer Identification Number (INN) 732897965709, hereinafter referred to as the “Operator”) in the course of operation of the website located on the Internet at http://anastasia-fashiondoll.su (hereinafter referred to as the “Website”).
1.3. For the purposes of this Policy, personal data means any information relating directly or indirectly to an identified or identifiable individual who is a visitor (user) of the Website (hereinafter referred to as the “Personal Data Subject” or the “Subject”).

2. PRINCIPLES OF PERSONAL DATA PROCESSING
2.1. Personal data shall be processed by the Operator in accordance with the requirements of the legislation of the Russian Federation based on the following principles:
2.1.1. legality and fairness;
2.1.2. restriction of personal data processing to the achievement of specific, predetermined, and lawful purposes;
2.1.3. inadmissibility of personal data processing incompatible with the purposes of personal data collection;
2.1.4. inadmissibility of combining databases containing personal data where such data is processed for purposes incompatible with one another;
2.1.5. processing only those personal data that correspond to the purposes of their processing;
2.1.6. ensuring that the content and scope of personal data processed correspond to the declared purposes of processing;
2.1.7. prevention of excessive personal data processing in relation to the declared purposes of processing;
2.1.8. ensuring the accuracy, sufficiency, and relevance of personal data in relation to the purposes of personal data processing;
2.1.9. destruction of personal data upon achievement of the purposes of processing or in the event that the need to achieve such purposes ceases to exist, where it is impossible for the Operator to remedy violations committed in relation to personal data, unless otherwise provided by law.

3. MAIN RIGHTS AND OBLIGATIONS OF THE OPERATOR
3.1. The Operator shall have the right to:
3.1.1. independently determine the composition and list of measures necessary and sufficient to ensure compliance with the obligations established by the Personal Data Law, unless otherwise provided by legislation;
3.1.2. entrust the processing of personal data to another person with the consent of the Personal Data Subject, unless otherwise provided by federal law, on the basis of an agreement concluded with such person. A person processing personal data on behalf of the Operator shall be obliged to comply with the principles and rules of personal data processing established by the Personal Data Law;
3.1.3. transfer the Subject’s personal data to third parties with the Subject’s consent or in other cases expressly provided for by law;
3.1.4. continue processing personal data without the consent of the Personal Data Subject in the event that the Subject withdraws consent, provided there are grounds specified in the Personal Data Law.
3.2. The Operator shall be obliged to:
3.2.1. provide the Subject, upon request, with information regarding the processing of personal data;
3.2.2. use personal data exclusively for the purposes specified in this Policy;
3.2.3. maintain the confidentiality of personal data and not disclose or disseminate personal data to third parties without the Subject’s consent;
3.2.4. take legal, organizational, and technical measures to ensure the confidentiality and security of Subjects’ personal data in accordance with legal requirements and generally accepted business practices applicable to the protection of such information;
3.2.5. block personal data relating to the relevant Subject from the moment of receipt of a request or inquiry from the Subject, the Subject’s legal representative, or the authorized authority for the protection of personal data subjects’ rights for the period of verification in the event inaccurate personal data or unlawful actions are identified;
3.2.6. clarify personal data upon confirmation of the fact that such personal data is inaccurate;
3.2.7. terminate personal data processing or ensure its termination (where processing is carried out by another person acting on behalf of the Operator), and destroy personal data or ensure its destruction (where processing is carried out by another person acting on behalf of the Operator) within a period not exceeding thirty days from the date the purpose of personal data processing is achieved;
3.2.8. provide the authorized authority for the protection of personal data subjects’ rights with the necessary information upon request of such authority within 10 days from the date of receipt of the request;
3.2.9. respond to inquiries and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
3.2.10. in the event of establishing the fact of an unlawful accidental transfer (provision, dissemination, access) of personal data resulting in a violation of the rights of Subjects, notify the authorized authority of the incident within 24 hours from the moment such incident is identified and take other measures required by law within the prescribed time limits in connection with the identified incident;
3.2.11. perform other obligations stipulated by the Personal Data Law.

4. MAIN RIGHTS OF THE PERSONAL DATA SUBJECT
4.1. The Personal Data Subject shall have the right to:
4.1.1. obtain information concerning the processing of their personal data, unless access to such information is restricted by law. Such information shall be provided by the Operator to the Personal Data Subject in an accessible form. It shall not contain personal data relating to other Personal Data Subjects, except where lawful grounds exist for disclosure of such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
4.1.2. require the Operator to clarify, block, or destroy their personal data if such personal data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing;
4.1.3. withdraw previously granted consent to the processing of personal data and submit a request to the Operator to terminate personal data processing;
4.1.4. take measures provided for by law to protect their rights;
4.1.5. appeal unlawful actions or omissions of the Operator in connection with the processing of personal data to Roskomnadzor or in court;
4.1.6. exercise other rights provided for by the Personal Data Law.

5. PURPOSES AND CONDITIONS OF PERSONAL DATA PROCESSING
5.1. Personal data processing shall be limited to the achievement of specific, predetermined, and lawful purposes. Processing of personal data incompatible with the purposes of personal data collection shall not be permitted. Only personal data that correspond to the purposes of processing shall be processed.
5.2. The content and scope of the personal data processed must correspond to the declared processing purposes specified in this section. The personal data processed must not be excessive in relation to the declared purposes of processing.
5.3. The Operator processes the Subject’s personal data for the following purposes:
5.3.1. Processing of a preliminary application submitted by the Personal Data Subject for the purchase of the Operator’s goods and services
5.3.1.1. List of personal data processed
surname, first name, patronymic
residential address
country of residence
city of residence
telephone number
email address
5.3.1.2. Categories of Subjects whose personal data is processed
Website visitors
5.3.1.3. Legal basis for personal data processing
Consent of the Personal Data Subject to the processing of personal data
5.3.1.4. List of processing activities
Collection, systematization, storage, retrieval, transfer (provision, access), blocking, destruction, recording, accumulation, clarification (updating, modification), use, deletion
5.3.1.5. Methods of processing
Mixed processing of personal data involving receipt and/or transmission of information via the Internet
5.3.1.6. Processing and storage periods
Until the purpose of personal data processing is achieved, or until the Subject withdraws consent to the processing of personal data / the Operator receives a request to terminate personal data processing, unless another period is provided for by an agreement or applicable law.
5.3.1.7. Procedure for storage and destruction upon achievement of processing purposes or other grounds
Personal data shall be stored on physical media in specially designated locations preventing unauthorized access, or on electronic media (software, services) using software-based access restriction measures.
Upon achievement of the purposes of personal data processing or occurrence of other grounds for termination of processing, physical media containing personal data shall be destroyed, and personal data shall be deleted from electronic media and systems without the possibility of recovery.
5.3.2. Preparation, conclusion, and performance of a civil law contract
5.3.2.1. List of personal data processed
surname, first name, patronymic
residential address
country of residence
city of residence
telephone number
email address
5.3.2.2. Categories of Subjects whose personal data is processed
clients
Website visitors intending to enter into a civil law contract with the Operator for the purchase of goods and services presented on the Website
5.3.2.3. Legal basis for personal data processing
Conclusion and performance of a contract to which the Personal Data Subject is a party, beneficiary, or guarantor, as well as conclusion of a contract at the initiative of the Subject (including through acceptance by the Subject of the Operator’s offer published on the Website for the purchase of goods/works/services).
5.3.2.4. List of processing activities
Collection, systematization, storage, retrieval, transfer (provision, access), blocking, destruction, recording, accumulation, clarification (updating, modification), use, deletion
5.3.2.5. Methods of processing
Mixed processing of personal data involving receipt and/or transmission of information via the Operator’s internal network and via the Internet
5.3.2.6. Processing and storage periods
For a period of 3 years from the date the Parties fulfill their obligations under the concluded contract (provided such contract has been concluded and taking into account the limitation period for claims arising from contractual performance), or until the purpose of personal data processing is achieved, or until the Subject withdraws consent to the processing of personal data / the Operator receives a request to terminate personal data processing, provided there are no other legal grounds for continuing the processing of the Subject’s personal data.
5.3.2.7. Procedure for storage and destruction upon achievement of processing purposes or other grounds
Personal data shall be stored on physical media in specially designated locations preventing unauthorized access, or on electronic media (software, services) using software-based access restriction measures.
Upon achievement of the purposes of personal data processing or occurrence of other grounds for termination of processing, physical media containing personal data shall be destroyed, and personal data shall be deleted from electronic media and systems without the possibility of recovery.
5.3.3. Collection of statistical information regarding the Subject’s actions on the Website using web analytics services (metric programs)
5.3.3.1. List of personal data processed
cookie files (information collected through metric programs)
5.3.3.2. Categories of Subjects whose personal data is processed
Website visitors
5.3.3.3. Legal basis for personal data processing
Consent of the Personal Data Subject to the processing of personal data
5.3.3.4. List of processing activities
Collection, systematization, storage, retrieval, transfer (provision, access), blocking, destruction, recording, accumulation, clarification (updating, modification), use, deletion
5.3.3.5. Methods of processing
Automated processing of personal data involving receipt and/or transmission of information via the Operator’s internal network and via the Internet
5.3.3.6. Processing and storage periods
Until the purpose of personal data processing is achieved, or until the Subject withdraws consent to the processing of personal data / the Operator receives a request to terminate personal data processing, unless another period is provided for by an agreement or applicable law.
5.3.3.7. Procedure for storage and destruction upon achievement of processing purposes or other grounds
Personal data shall be stored in information systems (services) using software-based access restriction measures.
Upon achievement of the purposes of personal data processing or occurrence of other grounds for termination of processing, physical media containing personal data shall be destroyed, and personal data shall be deleted from electronic media (systems) without the possibility of recovery.
5.3.4. Ensuring compliance with tax legislation
5.3.4.1. List of personal data processed
Personal data:
surname, first name, patronymic
email address
5.3.4.2. Categories of Subjects whose personal data is processed
clients
Website visitors
5.3.4.3. Legal basis for personal data processing
Necessity to fulfill the functions, powers, and obligations imposed on the Operator by the legislation of the Russian Federation (issuance by the Operator of fiscal receipts to Website visitors who have purchased goods or services from the Operator).
5.3.4.4. List of processing activities
Collection, systematization, storage, retrieval, transfer (provision, access), blocking, destruction, recording, accumulation, clarification (updating, modification), use, deletion
5.3.4.5. Methods of processing
Mixed processing of personal data involving receipt and/or transmission of information via the Operator’s internal network and via the Internet
5.3.4.6. Processing and storage periods
Until the purpose of personal data processing is achieved, or until the Subject withdraws consent to the processing of personal data / the Operator receives a request to terminate personal data processing, unless another period is provided for by an agreement or applicable law.
5.3.4.7. Procedure for storage and destruction upon achievement of processing purposes or other grounds
Personal data shall be stored on physical media in specially designated locations preventing unauthorized access, or on electronic media (software, services) using software-based access restriction measures.
Upon achievement of the purposes of personal data processing or occurrence of other grounds for termination of processing, physical media containing personal data shall be destroyed, and personal data shall be deleted from electronic media and systems without the possibility of recovery.

6. LEGAL BASIS FOR PERSONAL DATA PROCESSING
6.1. The general legal basis for the Operator’s processing of personal data is the aggregate of regulatory legal acts pursuant to which the Operator carries out personal data processing, including:
6.1.1. the Constitution of the Russian Federation;
6.1.2. the Civil Code of the Russian Federation;
6.1.3. the Tax Code of the Russian Federation;
6.1.4. Federal Law No. 149-FZ dated July 27, 2006 “On Information, Information Technologies and Information Protection”;
6.1.5. other regulatory legal acts governing relations connected with the Operator’s activities, as well as regulatory documents of authorized state authorities of the Russian Federation.
6.2. Specific legal grounds for personal data processing include:
6.2.1. consent of the Personal Data Subject to the processing of personal data, where obtaining such consent is required under applicable law;
6.2.2. conclusion and performance of a contract to which the Personal Data Subject is a party, beneficiary, or guarantor, as well as conclusion of a contract at the Subject’s initiative (including through acceptance by the Subject of the Operator’s offer published on the Website for the purchase of goods/works/services);
6.2.3. necessity to fulfill the functions, powers, and obligations imposed on the Operator by the legislation of the Russian Federation.
6.3. The Operator is entitled to process the Subject’s personal data without obtaining consent where legal grounds provided for by the Personal Data Law exist.
6.4. The specific permissible legal grounds applicable to each purpose of processing the Subject’s personal data are specified in this Policy.
6.5. Obtaining consent for the processing of personal data is implemented through the functionality of the Website. By completing data collection forms on the Website and/or submitting personal data to the Operator, the Website user places a special mark (web mark) in the checkbox of the data collection form. Adjacent to the checkbox is a text indicating that the Subject grants consent to the Operator for personal data processing and confirms familiarity with this Policy. The text contains an active hyperlink through which the Subject may review the full text of the Policy. Checking the designated checkbox (performing conclusive actions) shall be deemed the Subject’s consent to the processing of their personal data by the Operator.
6.6. The Operator may send advertising and informational messages to the Personal Data Subject via email only upon obtaining prior consent to receive advertising in accordance with Part 1 of Article 18 of Federal Law No. 38-FZ dated March 13, 2006 “On Advertising”. Consent to receive advertising messages from the Operator via email may be provided in written form or electronically by checking the corresponding box on the Website. The Personal Data Subject may refuse to receive advertising messages by following the relevant unsubscribe link contained in emails received from the Operator or by sending a notice of refusal to receive advertising messages to the Operator.

7. INFORMATION COLLECTED THROUGH WEB ANALYTICS TOOLS
7.1. When a page of the Website is opened on the Internet, an informational banner is displayed on the Website informing the Subject about the collection and processing of cookie files through web analytics tools.
7.2. The Operator collects data regarding the Subject’s actions on the Website using the built-in service of the Tilda Publishing platform on which the Website operates.
7.3. Cookies are small text files placed on the Subject’s computer for the purpose of analyzing user activity. Information collected through cookies cannot identify the Subject; however, it may help the Operator improve the operation of the Website and make the Subject’s use of the Website more convenient and informative. Information regarding the use of the Website collected through cookies is processed by the provider of the web analytics service. Based on the data received, the provider of the web analytics service generates a report for the Operator regarding the functioning of the Website.
7.4. The Subject independently decides whether to provide consent to the processing of such personal data by clicking the confirmation button in the informational banner or by continuing to use the Website. The Subject has the right to refuse consent to the processing of data collected through web analytics tools by disabling cookie processing and user data collection in the browser settings or by leaving the Website.
7.5. Although most browsers automatically accept cookies, the Subject may configure their browser so that only the Subject decides whether to accept or block cookies. To do so, the Subject should refer to the “Tools” or “Settings” menu of the browser being used. The Subject may delete cookies from their device at any time. However, it should be taken into account that refusal to use cookies may affect the operation of certain functions of the Website.

8. TRANSFER OF THE SUBJECT’S PERSONAL DATA TO THIRD PARTIES
8.1. The Operator has the right to transfer the Subject’s personal data to third parties and/or entrust the processing of the Subject’s personal data to third parties where legal grounds provided by law exist or where the Subject’s consent has been obtained.
8.2. By using the functionality and services of the Website, the Personal Data Subject agrees that:
8.2.1. The Website is created on the Tilda platform, owned by Tilda Publishing JSC (Primary State Registration Number (OGRN) 1247700830354, 107031, Moscow, Tverskoy Municipal District, 2 Petrovskie Linii St., Premises 4/1). Taking into account the technical specifics of the platform’s operation, the Subject grants the Operator consent to entrust the processing of personal data (surname, first name, patronymic; residential address; country of residence; city of residence; telephone number; email address; information regarding actions on the Website (cookies)) to Tilda Publishing JSC for the purpose of automating interaction processes between the Subject and the Operator within the framework of the personal data processing purposes specified in this Policy and providing the Subject with the ability to use the Website and its services. The Data Processing Agreement is available at: https://tilda.ru/ru/dpa/. The Subject is informed that without such entrustment of personal data processing, operation of the Website by the Operator is impossible, and in the event of disagreement with such entrustment, the Subject undertakes to refrain from using the Website, including purchasing the Operator’s goods and services through it.
8.2.2. If the Subject has provided the Operator with consent to receive informational (advertising) mailings, the Subject grants the Operator consent to transfer the Subject’s Personal Data (full name and email address) to Unisender SMART LLC (OGRN 1227700213180, 127015, Moscow, Butyrsky Municipal District, 23 Bolshaya Novodmitrovskaya St., Floor/Premises 2/46) for the purpose of organizing informational (marketing) mailings and notifications regarding relevant events and offers of the Operator via email.
8.2.3. A Subject who has purchased goods from the Operator with delivery grants consent to the Operator to transfer personal data (surname, first name, patronymic, residential address, telephone number, email address) for the purpose of arranging courier delivery services for goods purchased from the Operator through one of the following delivery companies:
CDEK-Global LLC (OGRN 123456789125, Moscow, 10 Tsvetnoy Boulevard), or
Russian Post EMS JSC (125252, Moscow, 2A 3rd Peschanaya Street, OGRN 1197746000000), or
DHL International JSC (DHL Express courier service) (OGRN 1027739279920, 127083, Moscow, 14 8 Marta Street) for international delivery.
The Buyer agrees that courier delivery of the Goods is impossible without transferring the Buyer’s personal data to the delivery service.
8.2.4. The Subject independently selects (in coordination with the Operator) the company through which delivery of purchased goods will be carried out when placing an order. Personal data is not transferred to any other delivery companies. The Subject is informed that courier delivery of purchased goods is impossible without transferring personal data to the delivery service.
8.2.5. If the Subject does not agree with the transfer of personal data or the entrustment of personal data processing to the above-mentioned companies, the Subject must refrain from using the Website and/or the part of its functionality related to the transfer of data to a specific third party. In such a case, the Subject may contact the Operator through other communication channels that do not involve the use of the Website.
8.2.6. Third-party services, access to which is provided through the Website (payment systems, communication tools, and others, where applicable), collect and process the Subject’s personal data independently and without the Operator’s participation. The Subject independently decides whether to provide personal data to the owners of such services. The Operator bears no responsibility for the actions of the owners of such services. However, if the Operator has entrusted the processing of the Subject’s personal data to such a person, the Operator shall bear responsibility to the Personal Data Subject for the actions of that person. A person processing personal data on behalf of the Operator shall bear responsibility to the Operator.

9. PROCEDURE FOR COLLECTION, STORAGE, AND DESTRUCTION OF PERSONAL DATA
9.1. When collecting personal data, including through information and telecommunications networks (the Internet), the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of citizens of the Russian Federation using databases located within the territory of the Russian Federation.
9.2. By transferring personal data of third parties to the Operator (including names and contact details), the Subject confirms that prior consent of such third parties has been obtained for the transfer of their personal data to the Operator for the purpose for which the data is actually transferred, or that other lawful grounds for such transfer exist. In the absence of such consent, the Subject shall refrain from transferring the data. Persons who transfer information about another Personal Data Subject to the Operator, including through the Website, without the consent of the Subject whose personal data was transferred, shall bear liability in accordance with the legislation of the Russian Federation.
9.3. The Operator stores personal data in a form that allows identification of the Personal Data Subject no longer than required by the purposes of personal data processing, unless the storage period is established by federal law or a contract to which the Personal Data Subject is a party, beneficiary, or guarantor.
9.4. Personal data of Subjects may be obtained, subsequently processed, and stored both on paper media and in electronic form.
9.5. Processed personal data shall be destroyed in the following cases:
9.5.1. upon expiration of the maximum processing period for personal data;
9.5.2. upon achievement of the purposes of personal data processing;
9.5.3. upon loss of necessity to achieve the purposes of personal data processing;
9.5.4. upon receipt of a withdrawal of consent to personal data processing;
9.5.5. upon termination of the Operator’s activities.
9.6. Upon achievement of the purposes of personal data processing, as well as in the event that the Personal Data Subject withdraws consent to such processing, personal data shall be destroyed if:
9.6.1. otherwise is not provided for by a contract to which the Personal Data Subject is a party;
9.6.2. the Operator is not entitled to process personal data without the Subject’s consent on grounds provided for by the Personal Data Law or other federal laws;
9.6.3. otherwise is not provided for by another agreement between the Operator and the Personal Data Subject;
9.6.4. no other lawful grounds exist for the Operator to process the Subject’s personal data.
9.7. Documents (media) containing personal data shall be destroyed by burning or shredding. Personal data stored on electronic media shall be destroyed by deletion, formatting, or destruction of the storage medium.

10. PROTECTION OF PERSONAL DATA
10.1. The Operator takes the necessary legal, organizational, and technical measures to protect personal data against unlawful or accidental access, destruction, modification, blocking, dissemination, and other unauthorized actions, including:
10.1.1. identifying threats to the security of personal data during processing;
10.1.2. adopting local regulations and other documents governing relations in the field of personal data processing and protection;
10.1.3. appointing persons responsible for personal data processing and ensuring personal data security;
10.1.4. storing personal data under conditions ensuring its preservation and preventing unauthorized access thereto (including the use of passwords for access to computers on which personal data is stored, antivirus protection tools, and restrictions on access by third parties to premises where personal data is stored).

11. UPDATING, CORRECTION, DELETION, AND DESTRUCTION OF PERSONAL DATA; RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA
11.1. Confirmation of the fact that personal data is processed by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified by the Personal Data Law, shall be provided by the Operator to the Personal Data Subject (or their representative) upon application or upon receipt of a request. The information provided shall not include personal data relating to other personal data subjects, except in cases where there are lawful grounds for the disclosure of such personal data.
11.2. A request for information shall contain:
11.2.1. the number of the primary identification document of the Personal Data Subject or their representative, information regarding the date of issuance of such document, and the authority that issued it;
11.2.2. information confirming the participation of the Personal Data Subject in relations with the Operator (contract number, date of contract conclusion, date of acceptance of the Operator’s offer), or information otherwise confirming the fact that the Operator processes the Subject’s personal data;
11.2.3. the signature of the Personal Data Subject or their representative.
11.3. A request may be submitted in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
11.4. If the application (request) of the Personal Data Subject does not contain all information required under the Personal Data Law, or if the Subject does not have the right of access to the requested information, the Subject shall be provided with a reasoned refusal.
11.5. The right of a Personal Data Subject to access their personal data may be restricted in accordance with Part 8 of Article 14 of the Personal Data Law, including where access by the Personal Data Subject to their personal data violates the rights and legitimate interests of third parties.
11.6. If inaccurate personal data is identified upon application by the Personal Data Subject or their representative, or upon their request, or upon a request from Roskomnadzor, the Operator shall block personal data relating to the relevant Personal Data Subject from the moment such application or request is received and for the duration of verification, provided that such blocking does not violate the rights and legitimate interests of the Personal Data Subject or third parties. Upon confirmation that the personal data is inaccurate, the Operator, on the basis of information provided by the Personal Data Subject, their representative, Roskomnadzor, or other necessary documents, shall correct the personal data within seven business days from the date such information is provided and shall remove the block on the personal data.
11.7. If unlawful processing of personal data is identified upon application (request) of the Personal Data Subject or their representative, or upon a request from Roskomnadzor, the Operator shall block the unlawfully processed personal data relating to the relevant Personal Data Subject from the moment such application or request is received.
11.8. A Personal Data Subject may exercise their rights to obtain information regarding the processing of their personal data, as well as the rights to correct, block, or destroy their personal data and withdraw consent to the processing of personal data by submitting an appropriate request to the Operator. Such request may be sent to the Operator's email address: anastasia.fashiondoll@gmail.com

12. FINAL PROVISIONS
12.1. The place where consent is expressed and the place where the Operator performs obligations related to the processing of the Subject’s personal data shall always be the location of the Operator, and the law applicable to relations between the Operator and the Personal Data Subject shall always be the law of the Russian Federation, regardless of where the Personal Data Subject or the equipment used by them is located. All disputes and disagreements shall be resolved at the location of the Operator unless otherwise provided by law.
12.2. The Operator has the right to amend this Policy. When amendments are made, the current version shall indicate the date of the latest update. The new version of the Policy shall enter into force upon its publication on the Operator’s Website.
12.3. Compliance with the requirements of this Policy shall be monitored by the Operator or an authorized person responsible for organizing personal data processing within the Operator’s organization (if any).
12.4. Pursuant to Part 2 of Article 18.1 of the Personal Data Law, this Policy shall be made available at the Operator’s location and shall also be published in open access on the Website.
12.5. Liability for violations of the legislation of the Russian Federation in the field of personal data processing and protection shall be determined in accordance with the legislation of the Russian Federation.
Operator Details:
Individual Entrepreneur A.V. Tarasova
TIN (INN): 732897965709
Primary State Registration Number of Individual Entrepreneur (OGRNIP): 320732500042837
+7 960 365 03 02
anastasia.fashiondoll@gmail.com