PERSONAL DATA PROCESSING POLICY

1. General Provisions
This Personal Data Processing Policy (hereinafter referred to as the "Policy") has been developed by Sole Proprietor Sofya Andreevna Safronova (TIN 501850216514) (hereinafter referred to as "Sole Proprietor Safronova S.A.," "Operator") in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006, "On Personal Data" (hereinafter referred to as the "Personal Data Law"). The Policy is aimed at protecting the rights and freedoms of individuals when processing their personal data, including the right to privacy, personal, and family secrets.

By continuing to use the Website, you accept the terms of this Policy and consent to the processing of your personal data.

This Policy applies to all personal data collected, processed, stored, updated, or destroyed by Sole Proprietor Safronova S.A., including when using the following websites:
- https://sonyastretch.ru/women
- https://tazovoyedno-sonyastretch.ru/2
- https://tazovoyedno-sonyastretch.ru/
- https://sonyastretch.ru/osanka
- https://hyperlordoz-sonyastretch.ru/
- https://sonyastretch.ru/yagoditci
- https://sonyastretch.ru/ploskyizhivot
- https://sonyastretch.ru/novayaosanka
- https://sonyastretch.ru/tazovoedno2025
(hereinafter referred to as the "Website").

The Policy applies to all personal data processed by the Operator and governs personal data processing relationships that arose before or after the adoption of this Policy.

This Policy is a publicly available document. In compliance with Part 2, Article 18.1 of the Personal Data Law, this Policy is published in open access on the Operator's Website.

Key Definitions Used in the Policy:
- Personal Data – Any information relating to a directly or indirectly identified or identifiable individual (data subject).
- Personal Data Operator (Operator) – A state body, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or processes personal data, determining the purposes, composition, and actions performed with personal data.
- Processing of Personal Data – Any action (operation) or set of actions performed with personal data, including collection, recording, systematization, storage, updating, retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, or destruction.
- Automated Processing of Personal Data – Processing using computer technology.
- Client, Website Visitor – An individual using the Website and/or submitting a request/application/order to receive information about Sole Proprietor Safronova S.A.'s services.
- Counterparty – An individual or legal entity that has entered into or is in the process of entering into an agreement with the Operator.
- Dissemination of Personal Data – Actions aimed at disclosing personal data to a specific group of persons with prior consent, where required by law.
- Provision of Personal Data – Actions aimed at disclosing personal data to a specific person or group.
- Blocking of Personal Data – Temporary suspension of processing (except when necessary for updating data).
- Destruction of Personal Data – Actions making it impossible to restore personal data in the information system or resulting in the destruction of physical storage media.
- Anonymization of Personal Data – Actions making it impossible to identify the data subject without additional information.
- Personal Data Information System – A combination of personal data databases and information technologies ensuring their processing.

2. Purposes, Principles, and Legal Basis for Collection and Processing of Personal Data
2.1. Purposes of Collection and Processing:
- Preparation, conclusion, and execution of civil contracts.
- Compliance with tax, labor, pension, and insurance laws.
- Promotion of goods, works, and services.
- Communication with the data subject (notifications, requests, service-related information).
- Provision of personalized services.
- Posting reviews about the Operator's products and services.
- Ensuring Website access and providing technical support.

2.2. Marketing Communications:
The Operator may send notifications about new products, services, and special offers. The data subject may opt out by emailing bogdanova.son@mail.ru with the subject "Unsubscribe from notifications."

2.3. Processing Principles:
- Lawfulness and fairness.
- Purpose limitation (no processing incompatible with stated purposes).
- Data minimization (only necessary data is processed).
- Accuracy and relevance.
- Storage limitation (data is retained only as long as necessary).

2.4. Legal Basis for Processing:
- Consent of the data subject.
- Contractual necessity (e.g., fulfilling an agreement).
- Legal obligations (e.g., tax compliance).
- Vital interests (e.g., protecting life/health).
- Legitimate interests (e.g., fraud prevention).

2.5. Processing Methods:
Mixed processing (internal networks + Internet transmission).

3. Scope and Categories of Processed Personal Data
### 3.1. Data Processed:
- Clients/Website Visitors: Name, phone, email.
- Counterparties: Name, contact details, bank information.

3.2. Processing Actions:
Collection, recording, storage, updating, transfer, anonymization, deletion.

4. Rights and Obligations of the Operator
4.1. Operator’s Rights:
- Request accurate personal data.
- Engage third-party processors (with consent).
- Continue processing if legally justified after consent withdrawal.

4.2. Operator’s Obligations:
- Respond to data subject requests.
- Ensure lawful processing.
- Publish this Policy openly.
- Provide information to Roskomnadzor upon request.

5. Transfer of Personal Data to Third Parties
- Processing may be delegated to third parties (e.g., Sole Proprietor Svetlana Aleksandrovna Osipenko, TIN 420106935470, "Bizon 365" Service).
- Third parties must comply with data protection laws.
- The Operator is not responsible for third-party websites linked on the Website.

6. Rights of Data Subjects
Data subjects may:
- Request access, correction, blocking, or deletion of their data.
- Withdraw consent (via email to bogdanova.son@mail.ru).
- Receive information about processing purposes and methods.

7. Confidentiality and Security Measures
7.1. Operator’s Responsibilities:
- Ensure confidentiality.
- Prevent unauthorized access, destruction, or leakage.

7.2. Security Measures:
- Access restrictions.
- Encryption and anonymization.
- Employee training.
- Regular audits.

8. Processing and Storage Procedures
8.1. Consent-Based Processing:
Consent is obtained when:
- Registering on the Website.
- Signing a contract.
- Making payments.
- Contacting the Operator.

8.2. Storage Period:
Data is stored only as long as necessary unless otherwise required by law.
Here is the English translation of the remaining sections of your Personal Data Processing Policy:

8.3. Counterparties and/or Their Representatives
Counterparties and/or their representatives consent to the processing of personal data when contacting the Operator for contract negotiations or communication purposes.

8.4. Processing Methods
The Operator processes personal data using both automated and non-automated means.

8.5. Authorized Processing
Processing is carried out by:
- The Operator directly.
- Authorized persons acting on the Operator’s behalf.

8.6. Data Collection Methods
Personal data is obtained through:
- Direct submission (oral/written) by users.
- Publicly available sources.
- Entry into the Operator’s registries and information systems.
- Other lawful methods.

8.7. Storage Period
Personal data is stored only as long as necessary for processing purposes, unless a longer retention period is required by law or contract.

8.8. Data Localization
For Russian citizens, personal data collected online is recorded, systematized, and stored exclusively in databases located in Russia, unless exceptions under the Personal Data Law apply.

8.9–8.10. Retention Rules
- Data is retained until processing purposes are fulfilled or until the data subject requests deletion.
- The Operator may engage third-party processors (with the subject’s consent).

8.12. Disclosure to Authorities
Personal data may be shared with investigative bodies, tax authorities (FTS), pension funds (PFR), social insurance (FSS), and other authorized agencies as required by Russian law.

9. Updates, Corrections, Deletion, and Responses to Data Subject Requests
9.1. Access Rights
Only authorized personnel may access personal data, per their job responsibilities.

9.2. Subject Requests
- Response Time: 10 business days (extendable by 5 days with justification).
- Request Requirements: Must include proof of identity (e.g., contract details, full name, email, phone, signature).
- Refusal: Possible if the request violates third-party rights or lacks required details.

9.3–9.5. Data Accuracy & Blocking
- If inaccuracies are found, data is blocked during verification (unless it harms the subject’s rights).
- Corrections are made within 7 business days upon confirmation.
- Users may update their data by emailing *bogdanova.son@mail.ru* with the subject line “Update Personal Data.”

9.6. Breach Notification
- Within 24 hours: Roskomnadzor is notified of breaches (cause, impact, mitigation steps).
- Within 72 hours: Investigation results are submitted.

9.7–9.8. Termination of Processing
- Processing stops within 10 business days of a valid request (extendable by 5 days).
- Data is deleted/destroyed when:
- Processing purposes are achieved.
- Consent is withdrawn.
- Retention periods expire.


10. Cookies (Cookie Files)
10.1. Definition
Cookies are small data files stored on a user’s device. They may or may not contain personal data.

10.2. User Control
- Users may disable cookies, but some website features may malfunction.
- The Operator does not provide technical/legal advice on cookie settings.

10.3. Cookie Types & Purposes
Type - Purpose

Technical - Ensures website functionality (e.g., browser compatibility).
Preference - Saves language, location, and display settings.
Analytical (e.g., Yandex.Metrika, Google Analytics) - Tracks visits, popular content, and user behavior.
Behavioral - Tests new features and identifies errors.
Third-Party/Advertising - Delivers targeted ads based on user interests.

10.4. Cookie Policy
- Operator-managed cookies follow this Policy.
- Third-party cookies (e.g., Yandex, Google) are governed by their respective privacy policies:
- [Yandex.Metrika](https://yandex.ru/legal/confidential/)
- [Google Analytics](https://policies.google.com/privacy).

11. Final Provisions
11.1–11.2. Legal Compliance
This Policy aligns with Russian law. If conflicts arise, legal requirements prevail.

11.3–11.5. Amendments
- The Policy is effective indefinitely until replaced.
- The Operator may modify the Policy unilaterally.
- Changes take effect upon publication on the Website.

11.7–11.8. Feedback & Governing Law
- Suggestions may be emailed to *bogdanova.son@mail.ru*.
- Russian law governs all Policy-related matters.