1. General Provisions
This Personal Data Processing Policy has been drafted in accordance with the requirements of the Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data as well as the measures taken to ensure the security of personal data by individual entrepreneur Darya Yuryevna Nepevna (hereinafter referred to as the Operator).

1. General Provisions
1.1. The Operator considers the protection of human and civil rights and freedoms when processing personal data, including the right to privacy, personal and family confidentiality, as a primary objective and an essential condition of its activities.
1.2. This Policy of the Operator regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may receive about visitors to the website darumahr.ru.

2. Key Concepts Used in the Policy
2.1. Automated processing of personal data — processing of personal data using computing equipment.
2.2. Blocking of personal data — temporary cessation of personal data processing (except when processing is necessary to clarify personal data).
2.3. Website — a collection of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at darumahr.ru.
2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical means ensuring their processing.
2.5. Anonymization of personal data — actions making it impossible to identify the personal data of a specific user or other subject without additional information.
2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with personal data, with or without automation, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, or destruction.
2.7. Operator — a government body, municipal body, legal entity, or individual that independently or jointly organizes and/or carries out the processing of personal data and determines the purposes, scope, and actions performed with the personal data.
2.8. Personal data — any information relating directly or indirectly to an identified or identifiable user of the website darumahr.ru.
2.9. Personal data permitted for distribution — personal data for which the subject has provided consent for unlimited access in accordance with the Personal Data Law.
2.10. User — any visitor to the website darumahr.ru.
2.11. Providing personal data — actions aimed at disclosing personal data to a specific person or group of persons.
2.12. Distribution of personal data — any actions aimed at disclosing personal data to an undefined circle of persons or making it publicly available, including publication in media, placement on information and telecommunication networks, or other access provision.
2.13. Cross-border transfer of personal data — transfer of personal data to a foreign state’s territory to government bodies, foreign individuals, or foreign legal entities.
2.14. Destruction of personal data — actions resulting in the irreversible deletion of personal data from information systems and/or destruction of physical media containing personal data.

3. Main Rights and Obligations of the Operator
3.1. The Operator has the right to:

• Obtain accurate information and/or documents containing personal data from the subject of personal data.
• Continue processing personal data without consent if consent is withdrawn, provided there are legal grounds under the Personal Data Law.
• Independently determine the necessary and sufficient measures to comply with the obligations under the Personal Data Law unless otherwise stipulated by law.

3.2. The Operator is obliged to:

• Provide the subject with information regarding their personal data upon request.
• Organize personal data processing according to Russian legislation.
• Respond to requests of personal data subjects and their legal representatives.
• Provide necessary information to authorized bodies within 10 days of a request.
• Publish or provide unlimited access to this Policy.
• Implement legal, organizational, and technical measures to protect personal data from unauthorized access, destruction, alteration, blocking, copying, distribution, or other illegal actions.
• Cease transfer, processing, or destroy personal data as required by law.
• Fulfill other obligations provided by the Personal Data Law.

4. Main Rights and Obligations of Personal Data Subjects

4.1. Subjects have the right to:

• Receive information about the processing of their personal data, except as restricted by law.
• Request clarification, blocking, or destruction of personal data if incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the intended purpose.
• Pre-consent to marketing processing.
• Withdraw consent and demand cessation of processing.
• Appeal illegal actions or inaction by the Operator to the authorized body or court.
• Exercise other rights under Russian law.

4.2. Subjects must:

• Provide accurate personal data.
• Inform the Operator about updates or changes.

4.3. Responsibility:
Persons providing false data or data about others without consent bear liability under Russian law.
5. Principles of Personal Data Processing5.1. Processing is carried out lawfully and fairly.
5.2. Processing is limited to specific, legitimate purposes.
5.3. Databases with incompatible processing purposes must not be combined.
5.4. Only personal data relevant to processing purposes are collected.
5.5. Data volume must not exceed what is necessary.
5.6. Accuracy, sufficiency, and relevance of data must be ensured.
5.7. Storage occurs only as long as necessary; data is destroyed or anonymized afterward.
6. Purpose of Personal Data Processing

• Purpose: Inform the user via email.
• Personal data: Full name, phone numbers.
• Legal grounds: Founding documents of the Operator.
• Processing types: Collection, recording, systematization, accumulation, storage, destruction, anonymization.

7. Conditions of Personal Data Processing
7.1. Processing is based on user consent.
7.2. Necessary for purposes under international treaties or Russian law.
7.3. Necessary for justice enforcement or execution of legal acts.
7.4. Necessary for contractual obligations.
7.5. Necessary for legitimate interests of Operator or third parties without violating rights.
7.6. Processing publicly available data is permitted.
7.7. Processing mandatory for publication under federal law.

8. Procedure for Collection, Storage, Transfer, and Other Types of ProcessingThe Operator ensures data security through legal, organizational, and technical measures.
8.1. Personal data is kept secure from unauthorized access.
8.2. Personal data is not shared with third parties without consent or legal obligation.
8.3. Users may update their data by emailing darya.nepevnaya@yandex.ru
8.4. Processing duration is until the purpose is achieved; consent can be withdrawn anytime.
8.5. Third-party service data is managed according to their policies; the Operator is not responsible.
8.6. Restrictions set by users do not apply to legally required processing.
8.7. Confidentiality is ensured.
8.8. Storage is limited to the necessary duration; data is destroyed/anonymized afterward.
8.9. Processing may cease upon purpose achievement, consent withdrawal, or unlawful processing detection.

9. Actions Performed by the Operator
9.1. Collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer, anonymization, blocking, deletion, destruction.
9.2. Automated processing may involve telecommunication networks or not.
10. Cross-Border Transfer10.1. The Operator must notify authorized bodies before transferring data abroad.
10.2. Relevant information must be obtained from foreign authorities or recipients prior to transfer.
11. ConfidentialityThe Operator and other parties with access must not disclose personal data without consent, except as provided by law.

12. Final Provisions
12.1. Users may request clarifications via darya.nepevnaya@yandex.ru
12.2. Any changes to this Policy will be reflected in updates; the Policy is effective indefinitely until replaced.
12.3. The current Policy is publicly available at darumahr.ru/privacy.