2.14. The Company has the right to entrust the processing of personal data to another party with the consent of the personal data subject based on a contract with that party. The contract must specify the actions (operations) with personal data that the party will perform, the purposes of processing, the obligation to maintain the confidentiality of personal data, and the responsibility to ensure the security of personal data during processing, following Article 19 of the Federal Law "On Personal Data."
2.15. Personal data processed by the Company includes: surname, first name, patronymic (including previous surnames, first names, and/or patronymics if they have changed), gender, date of birth, place of birth, taxpayer identification number (INN), personal insurance number (SNILS), home and mobile phone numbers, email address, citizenship information (including previous and other citizenships), passport data, residential address (registration and actual address), contact phone numbers, bank details, and other necessary personal data.
2.16. The personal data subject has the right to: demand clarification, blocking, or destruction of personal data if it is incomplete, outdated, inaccurate, obtained unlawfully, or not necessary for the declared purposes of processing; obtain information about the list of their personal data processed by the Operator and the source of its acquisition; receive information about the periods of personal data processing, including storage periods; file complaints with the authorized body or in court regarding unlawful actions or omissions in processing their personal data; and withdraw consent for personal data processing in cases provided by law.
2.17. To receive the necessary information, the personal data subject must submit a written request to the Company, signed personally, at the address: 26 Begovaya Street, Moscow, or contact the Customer Support Service by phone at +7(915)111-98-89, or via email at esply@mail.ru.
2.18. The Company provides the information specified in Part 7, Article 14 of the Personal Data Law to the personal data subject or their representative in the form requested in the inquiry, unless otherwise specified in the request. If the personal data subject's inquiry does not include all necessary information or if the personal data subject does not have the right to access the requested information, the Company will send a reasoned refusal.
Personal Data Processing
3.1. The Company collects, records, systematizes, accumulates, stores, clarifies (updates, modifies), retrieves, uses, transfers (distributes, provides, grants access), anonymizes, blocks, deletes, and destroys personal data.
3.2. Methods of personal data processing used by the Company:
Non-automated personal data processing;
Automated personal data processing, including with the transfer of information through telecommunication networks;
Mixed personal data processing.
3.2.1. Non-automated personal data processing is carried out in such a way that for each category of personal data, the storage location of personal data (physical carriers) is identifiable. The Company has a list of individuals responsible for processing personal data or having access to it. Separate storage of personal data processed for different purposes is ensured. The Company ensures the security of personal data and takes measures to prevent unauthorized access.
3.2.2. Automated personal data processing with the use of automation tools is carried out under the following conditions: The Company takes technical measures to prevent unauthorized access to personal data and its transmission to unauthorized persons; protective tools are set up to promptly detect instances of unauthorized access to personal data; technical means of automated personal data processing are isolated to prevent external influences; the Company performs regular data backups to allow for the immediate restoration of personal data in case of unauthorized access; continuous monitoring of personal data protection measures is carried out.
3.2.3. Personal data processing is carried out by employees who:
Have signed internal regulations governing the procedure for working with personal data;
Have signed confidentiality agreements regarding personal data when working with it;
Use individual access attributes for information systems containing personal data. Each employee is granted the minimum access rights necessary to perform their duties.
3.3. Personal data subjects have the right to:
Full information about their personal data processed by the Company;
Access their personal data, including the right to receive a copy of any record containing their personal data, except as provided by Russian law;
Request the correction of their personal data, its blocking, or its destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purposes of processing;
Withdraw consent to the processing of personal data;
Exercise other rights granted by Russian law.
3.4. Measures necessary and sufficient to ensure the Company's compliance with the operator's duties under Russian law on personal data include:
Appointing a person responsible for organizing personal data processing;
Adopting local regulations and other documents on personal data processing and protection;
Training employees of the Company whose duties involve personal data processing;
Obtaining personal data subjects' consent for data processing, unless otherwise provided by law;
Ensuring that personal data processed without automation tools is kept separate from other information, particularly by storing it on distinct material carriers in specific sections;
Preventing the transmission of personal data through open communication channels and computer networks without taking security measures established by the Company (except for publicly available or anonymized data);
Storing physical carriers containing personal data under conditions that ensure data security and prevent unauthorized access;
Conducting internal audits of compliance with Russian law on personal data processing;
Other measures as required by Russian law.
3.5. Personal data processing purposes for different categories of personal data subjects:
3.5.1. Personal data processing for representatives of legal entities and individual entrepreneurs, such as the Company's partners, contractors, and distributors, is carried out to facilitate logistics, payments, contract execution, debt notices, and sending legally significant messages, including marketing emails.
3.5.2. Personal data processing for individuals in civil law contracts is carried out to ensure compliance with civil, pension, tax, and other legal requirements, including monitoring the quality and quantity of services rendered, protecting the Company’s assets, and providing legal and tax reports.
3.5.3. Personal data processing for customers (individuals), including buyers of the Company’s products and Website visitors, is carried out for the following purposes:
Fulfilling the Company's obligations under contracts, including providing services, processing orders, selling and delivering goods;
Providing additional information about the Company, including product/service information via SMS, email, or phone calls;
Collecting feedback on products/services and analyzing the feedback;
Studying and analyzing the market through Website and app monitoring;
Organizing events, including promotional activities;
Analyzing preferences regarding the Company’s products/services through monitoring activity on the Website and apps;
Administering user accounts on the Website and apps;
Sending promotional and informational messages via email, SMS, or phone regarding the Company’s products, services, or activities.
3.6. When storing personal data, the following measures are taken to ensure data security and prevent unauthorized access: appointing an employee responsible for data processing, limiting physical access to data storage areas with locks, labeling and registering removable storage devices, and using certified information protection tools.
3.7. Personal data is stored in paper form in secure metal cabinets or safes, or other lockable locations. In electronic form, data is stored in databases and backed up regularly.
3.8. The Company does not process special categories of personal data related to race, ethnicity, political beliefs, religion, health, or intimate life, except in cases provided by law.
3.9. The Company records cookies on the user’s device to facilitate their experience on the Website and collects analytics to improve service quality. Cookies do not contain confidential information. By using the Website, the user consents to the collection and use of cookies for statistical and advertising purposes by third parties.
3.10. The Company may collect technical information during Website visits, including IP addresses, device types, operating systems, browser types, and user navigation paths on the Website and in mobile apps. This data is used for improving the Company’s Website and services.
3.11. The Company may record phone conversations with clients. The Company is obligated to prevent unauthorized access to the recorded information.
3.12. By providing personal data, the subject agrees to receive electronic receipts under the contracts with the Company.
3.13. Personal data is stored no longer than required for the purposes of processing and is destroyed when no longer needed.
3.14. Personal data processing is terminated in the following cases:
The data has been unlawfully processed;
The purpose of the data processing has been achieved;
The processing period has expired, or the subject has withdrawn consent, except when processing is legally permitted without consent.
3.15. Upon achieving the purposes of personal data processing or upon the withdrawal of consent, the Company ceases processing, unless otherwise provided by law.
3.16. The destruction of personal data must be secure, preventing any possibility of recovery. The process is documented and carried out by a designated commission.
3.17. Methods for destroying personal data are defined by the Company's internal regulations.
3.18. Any issues related to personal data processing not covered by this Policy are governed by Russian law.
3.19. The Company reserves the right to amend this Policy. The updated version will specify the date of the latest changes and will come into effect when published unless otherwise specified.
Consent to Personal Data Processing
Under Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, I confirm my consent to the processing of my personal data by Individual Entrepreneur Kruglikova Svetlana Yuryevna, INN 771474709585, acting on the basis of OGRNIP 323774600330870, registered at 26 Begovaya Street, Moscow.
I consent to the processing of the following personal data:
Full name, date of birth, delivery address(es), contact information (phone, email);
Order information, including order history and satisfaction levels;
Device type and browser information for Website and app access, including data collected through Yandex.Metrika, Google Analytics, etc.;
Geolocation;
Social media account information;
Skin and hair type;
Information about products purchased directly from the Company or its retail sellers;
Purchase location, including the specific retail store or chain;
Satisfaction information regarding products and services;
Activities on the Company’s Website and apps;
Feedback, including phone, email, and SMS reviews;
Data submitted for contests or promotional events organized by the Company.
The purpose of processing personal data includes:
Fulfilling obligations under contracts, including order processing, sales, and delivery of goods;
Providing additional information about the Company’s activities, products, and services via SMS, email, and phone;
Collecting feedback and analyzing customer satisfaction;
Market analysis through monitoring the Company's Website and apps;
Organizing events, including promotional activities;
Administering user accounts on the Website and apps;
Sending promotional and informational messages via email, SMS, or phone.
This consent includes the following actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), use, transfer (including distribution, provision to specific third parties or a group of third parties for the above purposes, access, and cross-border transfer), anonymization, blocking, deletion, and destruction.
I consent to the transfer of my personal data to the following legal entities:
Individual Entrepreneur Kruglikova Svetlana Yuryevna, for the purpose of processing and fulfilling orders, delivering goods, analyzing customer preferences related to the goods and services provided by Individual Entrepreneur Kruglikova Svetlana Yuryevna, conducting advertising and informational campaigns via email, SMS, or phone calls, as well as for obtaining feedback regarding products and services offered by Individual Entrepreneur Kruglikova Svetlana Yuryevna (including via SMS, email, phone calls), and analyzing the data received.
I agree.
I confirm that I am familiar with the requirements of Russian legislation regarding the processing of personal data, with the document "Personal Data Processing Policy of Individual Entrepreneur Kruglikova Svetlana Yuryevna," as well as with my rights and obligations in this area.
This consent is valid for a period of 5 (five) years. The consent period is automatically extended for the same duration if, during the period of this consent, the personal data subject visits the Website at least once using their account. The number of extensions is not limited.
I may withdraw this consent at any time by submitting a written request in accordance with the requirements of current Russian legislation, addressed to the location of Individual Entrepreneur Kruglikova Svetlana Yuryevna.