1. General Provisions
1.1. This Policy on the processing of personal data (hereinafter referred to as the Policy) has been developed and is applied by the Individual Entrepreneur Maxim Borisovich Belenkiy (TIN 320303888410, OGRNIP 322325600014611) (hereinafter referred to as the Operator) in accordance with the requirements of the Federal Law of the Russian Federation of 27.07.2006 No. 152-FZ "On Personal Data" (hereinafter referred to as the Law on Personal Data), and other applicable regulatory legal acts. When processing personal data, the Operator is guided by the principles of legality, fairness and confidentiality.
1.2. The Policy defines the general principles, goals, conditions and methods of processing personal data of users of the Operator's Internet resources, as well as information on the measures taken to protect personal data. This Policy applies to all personal data that the Operator receives or may receive from the subject of personal data (hereinafter referred to as the User) in the process of using the Operator's official website located at: https://belenkii.pro, as well as when interacting through other services and means of communication of the Operator (including, but not limited to, social networks and instant messengers: Telegram, WhatsApp, etc.).
1.3. The User's use of the Operator's website and/or provision of their personal data through forms on the website, by telephone, email, instant messengers and other means of communication means the User's unconditional consent to the terms of this Policy and to the processing of their personal data in accordance with this Policy. Consent to the processing of personal data may be expressed by the User by performing implicit actions (for example, checking a box in the appropriate field of the form, clicking the "Submit" button, etc.). In case of disagreement with the terms of the Policy, the User must refrain from using the website and not provide the Operator with their personal data. 1.4. The Operator does not verify the accuracy of personal data provided by Users. The Operator assumes that the User provides accurate and sufficient personal data about themselves and keeps this data up to date. The consequences of providing inaccurate or insufficient information are determined in accordance with the Russian Federation legislation and the contractual relations between the Operator and the User.
1.5. This Policy is a publicly available document. The current version of the Policy is freely available on the Operator's official website and applies until it is replaced by a new version. The Operator has the right to make changes to this Policy at its own discretion and without prior notice to the User. The User is advised to re-read the text of the Policy each time they visit the site. The new version of the Policy comes into force from the moment it is posted on the Operator's website, unless otherwise provided by the new version itself.
1.6. The provisions of the Law on Personal Data shall apply to relations related to the processing of personal data and not regulated by this Policy. In the event of a conflict between the provisions of this Policy and the provisions of the legislation of the Russian Federation, the provisions of the legislation of the Russian Federation shall apply.

2. Basic concepts and terms
The following basic concepts are used in this Policy:
• website – a set of web pages posted on the Internet, united by a single theme, design and a single address space of domains, including but not limited to the following domain name – https://belenkii.pro
• personal data – any information related to a directly or indirectly determined or determinable individual (subject of personal data);
• personal data processing – any action (operation) or set of actions performed with personal data using automation tools or without using such tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
• operator (of personal data) – a person who, independently or jointly with other persons, organizes and (or) carries out the processing of personal data, and also determines the purposes of processing personal data, the composition of personal data subject to processing, and actions (operations) performed with personal data;
• automated processing of personal data – processing of personal data using computer technology;
• dissemination of personal data – actions aimed at and disclosure of personal data to an indefinite number of persons;
• provision of personal data – actions aimed at disclosing personal data to a specific person or a specific number of persons;
• blocking of personal data – temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data);
• destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which tangible carriers of personal data are destroyed;
• depersonalization of personal data – actions as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without additional information;
• personal data information system – a set of personal data contained in databases and the information technologies and technical means that ensure their processing;
• cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a government body of a foreign state, a foreign individual or a foreign legal entity;
• cookies – a small piece of data sent by a web server and stored on the user’s computer; each time the web client or web browser attempts to open a page of the Operator’s website, it sends this piece of data to the web server as part of an HTTP request;
• IP address – a unique network address of a node in a computer network through which the User gains access to the Operator’s website;
• User – a person who has access to the Operator’s website via the Internet and uses this website to obtain information, order goods or services, or for any other purpose.

3. Purposes of personal data processing
The personal data of Users is processed by the Operator for the following purposes:
• ensuring identification of the User on the Operator’s website, including when registering an account, placing orders, participating in promotions, loyalty programs, or online surveys;
• ensuring the functioning of the Operator's website and providing the User with goods, works and services, access to services and materials requested by the User, including processing and delivering orders, receiving and recording payments, improving the quality of service;
• feedback with the User, sending notifications and requests regarding the use of the website and the provision of services, informing the User about the order status, processing requests and inquiries from the User (support service, feedback);
• informing the User about new goods, works and services of the Operator, about promotions, special offers, events; sending the User news and other information of an advertising and informational nature by e-mail, via SMS messages, instant messengers or other means of communication with the consent of the User;
• personalization of the user experience, providing the User with targeted (personalized) advertising information about the goods and services of the Operator, offering goods and services taking into account the preferences of the User;
• conducting statistical and other studies based on anonymized data, analyzing the behavior and activity of Users on the site in order to improve the operation of the site, the quality of services and the range of goods/services of the Operator;
• ensuring the security of the site and preventing cases of fraud or other illegal use of the Operator's services; identifying malfunctions and problems in the operation of the site, eliminating them;
• complying with the requirements of the legislation of the Russian Federation, fulfilling the legal obligations imposed on the Operator (for example, maintaining accounting and tax records, responding to official requests from authorized government agencies, etc.);
• implementing other legal actions and achieving other purposes of processing personal data in the presence of a separate consent of the User or on other legal grounds (for example, protecting the rights and legitimate interests of the Operator in the event of a violation by the User of the terms of use of the site; providing personal data at the request of a court or authorized bodies within their competence).

4. Composition of processed personal data
The Operator processes the following categories of personal data of Users:
4.1. Data provided directly by the User:
• User's last name, first name, patronymic;
• contact details (phone number, email address);
• account details for accessing the account on the website (login, password), if registration on the website is provided;
• other information about themselves that the User voluntarily provides to the Operator upon request or on their own initiative (for example, the name of the organization and position, gender, age, reviews and comments, information communicated in correspondence with the Operator) operator, etc.).
4.2. Data automatically collected when using the website:
• information about the technical means and software used by the User to interact with the website (including the device type, model, operating system, browser type and version, screen resolution and other similar data);
• the User's IP address and data on the approximate location (geolocation) of the User when accessing the website (determined if the User has allowed their transfer in the settings of their device/browser);
• cookies and other technologies that allow storing information about the User's actions on the website and their preferences (including unique session identifiers, website settings);
• information about the User's actions on the Operator's website: history of visits and use of the website, requested and viewed pages, products and services, activity sessions, clicks on links and interface elements, filling out forms, requests sent through the website, time of visit, source of transition to the website (referrer), and other similar data on user activity.
4.3. Data collected using third-party services:
The Operator may use third-party web analytics services and other tools on its website (for example, the Yandex.Metrica service and similar ones), which automatically collect anonymized statistical data about website visitors. The specified services may receive and process data about the User (including cookies, IP address, browser data, device, technical characteristics and actions on the website) in aggregate form for the purposes of analyzing and improving the operation of the website, as well as for customizing advertising materials. The processing of such data is carried out in accordance with the privacy policies of the relevant third-party services. All anonymized analytical data is used by the Operator for statistical purposes and does not contain personal information that allows identifying the User.
4.4. Data from public profiles and communications in third-party services:
If the User interacts with the Operator through third-party platforms and services (e.g., the Operator's official pages on social networks or via Telegram, WhatsApp, etc. messengers), the Operator may receive personal data from the User's profile on the relevant platform and the information that the User provides during such interaction. Such data may include: the User's first and last name or nickname, avatar or other profile photo, the User's identifier (username), publicly available profile contact information, as well as the content of the User's messages and requests. The specified data will be processed in accordance with this Policy, as well as under the confidentiality conditions and rules of the relevant platforms.
4.5. Special categories of data:
The Operator does not knowingly collect or process special categories of personal data of Users related to racial or national origin, political views, religious or philosophical beliefs, health status, intimate life, as well as biometric personal data (e.g. fingerprint data, facial images for identification purposes). The User is obliged to refrain from providing such data to the Operator, except for cases when the processing of such categories of data is carried out with the consent of the User or in cases expressly provided for by the legislation of the Russian Federation. If special or biometric personal data were nevertheless provided by the User, the Operator will process them only if there are legal grounds (for example, the consent of the subject or in order to comply with the requirements of the law).

5. Methods and conditions for processing personal data
5.1. The processing of Users' personal data is carried out by the Operator on a legal basis, in compliance with the principles and rules established by the Law on Personal Data. The processing of personal data can be carried out both with the use of automation tools and without the use of automation tools (non-automated processing).
5.2. The processing of personal data is carried out in personal data information systems located on the territory of the Russian Federation. The operator ensures that when collecting personal data of citizens of the Russian Federation, the recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of personal data are carried out in databases located on the territory of the Russian Federation (i.e. the requirement for localization of personal data in accordance with current legislation is met). Cross-border transfer of personal data to the territory of foreign states is not carried out. 5.3. The operator has the right to entrust the processing of personal data to a third party (an assigned processor) on the basis of an agreement with this person, subject to mandatory compliance by such processor with the confidentiality of personal data and other requirements Personal Data Law. In particular, the Operator may entrust the processing of personal data to specialized services and organizations (for example, a hosting service, a courier or postal service for delivering orders, payment systems) – to the extent necessary to perform the specified services. When entrusting processing, the Operator obliges such a third party to take measures to protect the confidentiality of personal data and ensures control over their compliance.
5.4. With regard to personal data permitted by the User for distribution (i.e. those that the User has independently made available to an unlimited number of people, for example, posted in a public section of the site), the processing of such data may be carried out by the Operator without the consent of the subject (on the grounds provided for in Part 2 of Article 10.1 of the Personal Data Law). When processing such data, the Operator undertakes to comply with the restrictions and requirements provided for cases of processing personal data permitted by the subject for distribution.
5.5. The Operator takes all necessary measures to ensure the security and confidentiality of personal data when processing them. Personal data of Users are processed strictly in accordance with the purposes stated when collecting them, and to the extent necessary to achieve these purposes. Processing of personal data that is incompatible with the originally stated purposes of collecting personal data is not permitted.
5.6. The Operator does not make decisions based solely on automated processing of personal data that generate legal consequences in relation to the User or otherwise affect his rights and legitimate interests, except in cases expressly provided for by the legislation of the Russian Federation or with the written consent of the User. All key decisions affecting the rights and interests of the User (for example, refusal to provide a service, creditworthiness assessment, etc.) are made by authorized employees of the Operator without full dependence on automated algorithms.

6. Rights of personal data subjects
6.1. Rights of the personal data subject (User). The personal data subject has the right to:
• receive information from the Operator regarding the processing of his personal data – including confirmation of the fact of processing, a list of personal data being processed, sources of their receipt, purposes, legal grounds and methods of processing applied by the Operator, terms of processing (storage) of data, information about which persons have access to personal data or to whom they may be disclosed on the basis of an agreement or law, information about completed or intended cross-border transfer of data, as well as other information stipulated by Art. 14 of the Law on Personal Data. The provision of this information is carried out at the request of the User in an accessible form and must not violate the rights of other persons;
• require the Operator to clarify (update, correct) his personal data if the data is incomplete, inaccurate or outdated;
• revoke previously given consent to the processing of personal data – at any time by sending the Operator a corresponding written notice or an electronic document signed with a qualified electronic signature. After receiving such a revocation, the Operator is obliged to stop processing personal data, except for cases when processing without consent is permitted by law (for example, to fulfill an agreement with the User, to comply with mandatory requirements of the law);
• demand that the Operator block their personal data if the processing is carried out illegally or the data is unreliable (inaccurate), as well as in other cases provided for by law;
• demand that the Operator destroy their personal data if there is no longer a need to process them for the stated purposes or if the data storage period has expired, or if the User has withdrawn their consent and there are no other legal grounds for processing;
• appeal the actions or inaction of the Operator – if, in the opinion of the User, such actions (inaction) violate the requirements of the legislation on personal data. A complaint can be sent to the authorized body for the protection of the rights of personal data subjects (Roskomnadzor) or protect your rights in court;
• for compensation for losses and moral damages – in court, in the manner established by the legislation of the Russian Federation if, as a result of the Operator’s violation of the rights of the personal data subject, the User suffered losses or moral damages.
Procedure for exercising rights. The User can exercise their rights by sending the Operator an official request (application) in person or through a representative. The request must contain the details of the main document certifying the identity of the personal data subject (or their representative), information confirming the User’s participation in relations with the Operator (for example, , order or contract number), or information otherwise confirming the fact of data processing by the Operator, the signature of the User or his representative. The request in electronic form must be signed with an electronic signature and sent to the Operator's email address. The Operator is obliged to consider and respond to the User's request within 30 days from the date of receipt of the request or within another period established by law.
6.2. Operator's Responsibilities
The Operator, being the person processing personal data, is obliged to:
• process the personal data of Users strictly on legal grounds and comply with the requirements of the legislation of the Russian Federation and this Policy;
• comply with the principles and conditions for processing personal data provided for in Art. 5 of the Law on Personal Data (for example, prevent redundancy and inconsistency of the processed data with the stated purposes, ensure the accuracy and relevance of the data, etc.);
• ensure the confidentiality of the personal data of Users and not disclose them to third parties without a legal basis. The Operator shall not have the right to disclose the User's personal data to anyone without the User's consent, except in cases expressly provided for by the Law on Personal Data or other federal laws;
• take the necessary legal, organizational and technical measures to protect the Users' personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as other illegal actions;
• at the User's request, provide information on the processing of his personal data in the manner prescribed by law (see the User's right to receive information above);
• at the request of the User or an authorized body, stop processing and destroy personal data in cases provided for by law (for example, upon withdrawal of consent, upon detection of illegal processing, upon achievement of the processing objectives and there is no need for further storage of data, etc.);
• upon receipt of a request from the User to stop processing his personal data – no later than 10 business days from the date of receipt of the request to stop any processing of the personal data of this User (with the exception of storage operations, if data preservation is necessary in accordance with the law). The Operator is obliged to notify the User in writing about the extension of the deadline for fulfilling the requirement (for no more than 5 working days) and the reasons for the delay;
• if inaccurate personal data is detected, independently or at the request of the User, suspend the processing of such data (except for storage) and clarify, update or correct the personal data or, if this is impossible, destroy them. If inaccurate personal data has been transferred to third parties, the Operator must notify these persons of the changes;
• if an illegal processing of personal data is detected, stop such processing within 3 working days from the date of detection of the violation. If illegally processed data has been transferred to third parties, the Operator notifies these persons of the termination of processing;
• keep records of User requests regarding the processing of personal data and recorded incidents related to unauthorized processing, and take measures to resolve such incidents;
• in the event of a personal data leak or other incident resulting in a violation of the rights of personal data subjects, act in accordance with the requirements of the law: within 24 hours, notify Roskomnadzor of the incident and the measures taken, and within 72 hours, provide Roskomnadzor with the results of the internal investigation and information about the guilty parties (if any). The Operator is also obliged to notify the Users themselves, whose data has been compromised, of the fact of the leak and the measures taken to protect their data;
• fulfill other obligations imposed on the personal data operator by the legislation of the Russian Federation, including requirements for the localization of databases with personal data of Russian citizens, ensuring the rights of personal data subjects during cross-border data transfer, assisting authorized bodies in exercising control over the sphere of personal data, etc.

7. Measures to protect personal data
7.1. The Operator shall take necessary and sufficient measures to ensure the protection of Users' personal data from unauthorized or accidental access, disclosure, destruction, modification, blocking, copying, distribution, as well as from other illegal actions. In order to ensure the security of personal data, the following organizational and technical measures are implemented:
• appointment of a person responsible for organizing the processing of personal data and compliance with the requirements of the legislation of the Russian Federation and this Policy;
• publication of internal documents on the processing and protection of personal data (orders, regulations, etc.) instructions), defining in them the list of persons authorized to process personal data and the procedure for such persons to access personal data; regular training of the Operator's employees directly involved in the processing of personal data in the requirements of the legislation and this Policy;
• application of the necessary information security tools (anti-virus tools, firewalls, intrusion detection systems, encryption and pseudonymization of data, if necessary) that have undergone the compliance assessment procedure;
• conducting regular checks of the conditions for processing personal data, taking measures to detect and eliminate violations; monitoring the safety of personal data carriers;
• identifying facts of unauthorized access to personal data and taking measures to prevent such facts; restoring personal data modified or destroyed due to unauthorized access;
• data backup and regular creation of backup copies of databases with personal data; timely updating of software and hardware used to process personal data, installing current security updates.
7.2. The Operator shall ensure internal control of compliance of personal data processing with the requirements of the Russian Federation legislation and this Policy. The Operator himself or a responsible person appointed by him shall control compliance with the requirements of this Policy. Scheduled and unscheduled inspections of compliance with data protection measures shall be conducted at least once a year. In the event of detection of violations of the requirements of this Policy, the guilty persons shall be held liable in the manner prescribed by the Operator's internal documents and the Russian Federation legislation.
7.3. Compliance with the confidentiality regime is one of the key elements of the Operator's personal data protection system. All persons who have gained access to the personal data of Users are obliged not to disclose or distribute this data without the permission of the personal data subject or other legal grounds. This requirement shall remain in force even after the termination of the activities of such persons (dismissal, termination of the contract, etc.). Violation of the confidentiality of personal data shall entail liability in accordance with the Russian Federation legislation.
7.4. In the event that third-party organizations are involved in the processing of personal data (under a commission agreement, outsourcing, etc.), the Operator carefully selects such partners in terms of their ability to ensure the security of personal data. An agreement on confidentiality and compliance with the requirements of the legislation on personal data is concluded with each such person. The Operator monitors the compliance of these persons with the terms of confidentiality and security when processing User data.
7.5. The Operator's website uses cookies that allow storing information about the User's preferences and actions. Cookies help the Operator personalize the operation of the website, analyze traffic and service efficiency, and offer the User relevant content and advertising. The User can change their browser settings at any time to prohibit the storage of cookies or delete previously saved cookies. However, disabling technically necessary cookies (for example, cookies for authorization of the User, saving the contents of the basket, etc.) may affect the functionality of some functions of the website. By continuing to use the website without changing the cookie settings, the User agrees to the use of this technology.
7.6. The Operator takes all possible measures to prevent incidents related to the violation of the security of personal data. In the event of detection of signs of personal data leakage or unauthorized access to them, the Operator immediately conducts an investigation, based on the results of which: if necessary, limits or suspends the processing of personal data until the detected violations are eliminated; assesses the harm caused to the subjects of personal data and the risks of further consequences; notifies Users whose data may have been damaged of the incident; notifies Roskomnadzor within the timeframes established by law (as specified in paragraph 6.2 above); carries out other actions provided for by law.
7.7. For violation of the rules governing the processing and protection of personal data, the Operator, as well as its employees and other persons who have access to personal data, are liable in accordance with the legislation of the Russian Federation. In the event of damages or moral harm caused to the User as a result of the culpable actions of the Operator when processing personal data, the Operator's liability occurs within the limits established by the legislation of the Russian Federation.

8. Storage periods of personal data
8.1. The storage (processing) periods for personal data are established by the Operator in accordance with the purposes of their processing and the terms of the concluded agreements. with the User, the requirements of the Russian Federation legislation and based on the principles of data storage minimization. Personal data are stored in a form that allows identifying the subject of the personal data for no longer than required by the processing purposes, unless another storage period is established by federal law or an agreement with the User. Personal data for which the processing purpose has been achieved or the storage period has expired are subject to termination of processing (except for storage in cases established by law) and subsequent destruction or depersonalization within the timeframes established by law.
8.2. The Operator stops processing personal data (except for storage in necessary cases) and destroys or depersonalizes personal data upon achieving the purposes of their processing, when the User revokes consent to processing (if there are no other legal grounds for further processing), as well as in the event of detection of illegal processing of personal data. At the same time, the Operator has the right to continue storing individual personal data of the User after the revocation of consent, if required by mandatory legal provisions (for example, to fulfill statutory obligations to store accounting documents, to provide information at the request of authorized bodies, to resolve disputes).
8.3. Certain categories of documents containing personal data of Users (accounting, tax, personnel documentation, etc.) shall be stored by the Operator for the periods established by the current legislation of the Russian Federation. Upon expiration of the established periods, such documents shall be destroyed in the established manner, unless their further storage is required by law for the purposes of archiving, scientific, historical or statistical research, or unless the User has given consent to extend the storage period.

9. Legal grounds for processing personal data
9.1. The legal basis for processing personal data is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
• The Constitution of the Russian Federation;
• The Civil Code of the Russian Federation;
9.2. The legal basis for processing personal data shall also include:
• agreements concluded between the Operator and personal data subjects;
• consent of personal data subjects to the processing of their personal data.

10. Final Provisions
10.1. This Policy applies only to information processed by the Operator within the framework of the website and other services of the Operator. The Operator does not control and is not responsible for the processing of the User's personal information by third-party websites to which the User may follow links from the Operator's website. The User is advised to independently familiarize themselves with the privacy policies and terms of personal data processing on such third-party resources.
10.2. The Operator's website is not intended for use by persons under 18 years of age. The Operator does not purposefully collect personal data of minors without the consent of their legal representatives. Legal representatives of a minor User are responsible for the actions of such User on the website, including the purchase of goods and services, and are obliged to promptly give reliable consent to the processing of the minor's personal data, if required, or prevent minors from providing personal information without their control.
10.3. The Operator shall not be liable for the consequences of the User providing false data or data of third parties without their consent. The User confirms that all personal information that he/she provides to the Operator relates personally to him/her, or the User has received the necessary consent of the personal data subject to provide it. The Operator has the right to refuse the User the services (or use of the website functionality) if the Operator has reason to believe that the personal data provided by the User is incorrect or provided in violation of the requirements of the law.
10.4. The Operator shall not be liable for the loss of the User's personal data due to reasons beyond the control of the Operator, including as a result of illegal actions of third parties (hacker attacks, data theft), software or equipment failures beyond the control of the Operator, or due to force majeure. In the event of loss or disclosure of the User's personal data, the Operator shall immediately inform the User of the incident and the measures taken, and shall take all possible steps to minimize the negative consequences and prevent similar incidents in the future.
10.5. Invalidity of a separate provision of this Policy (if it (recognized as such by a court or authorized state body) does not entail the invalidity of the remaining provisions of the Policy. If any part of the Policy becomes invalid, the parties shall be guided by the remaining provisions of the Policy, which shall continue to be in full force and effect.
10.6. All disputes and disagreements that may arise between the User and the Operator in connection with this Policy or the processing of personal data shall be resolved through the claims procedure. The User who believes that his rights have been violated shall send the Operator a written claim describing the violation. The Operator shall consider the claim within 30 working days from the date of its receipt and shall send a response to the applicant. If an agreement cannot be reached, the dispute shall be considered in court at the place of state registration of the Operator in accordance with the legislation of the Russian Federation.
10.7. The law of the Russian Federation shall apply to this Policy and to all relations between the User and the Operator related to the processing of personal data. Issues not regulated by the Policy are resolved in accordance with the Russian Federation legislation on personal data. Control and supervision of compliance with the legislation on personal data is carried out by the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), to which the User has the right to contact in the event of a violation of his rights.
10.8. Contact information of the Operator for personal data issues: Individual entrepreneur Belenkiy Maxim Borisovich (TIN 320303888410, OGRNIP 322325600014611). E-mail address: admin@belenkii.pro. The User can send any requests, complaints and suggestions regarding his personal data or this Policy to these contacts.