1. General Provisions

This Personal Data Processing Policy is drawn up in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” (hereinafter referred to as the “Personal Data Law”) and defines the procedure for personal data processing and measures to ensure the security of personal data undertaken by Konyusheva Nina Vladimirovna (hereinafter referred to as the “Operator”).

1.1 The Operator considers compliance with human and civil rights and freedoms during the processing of personal data, including the protection of the right to privacy and personal and family confidentiality, to be its most important objective and condition for carrying out its activities.
1.2 This Operator’s Personal Data Processing Policy (hereinafter referred to as the “Policy”) applies to all information that the Operator may obtain about visitors to the website https://ninavk.com.


2. Key Terms Used in the Policy

2.1 Automated personal data processing — processing of personal data using computer equipment.
2.2 Blocking of personal data — temporary suspension of personal data processing (except where processing is necessary to clarify personal data).
2.3 Website — a set of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at https://ninavk.com.
2.4 Personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2.5 Depersonalization of personal data — actions as a result of which it becomes impossible, without the use of additional information, to determine the ownership of personal data by a specific User or another personal data subject.
2.6 Personal data processing — any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7 Operator — a state authority, municipal authority, legal entity, or individual who independently or jointly with others organizes and/or carries out personal data processing, as well as determines the purposes of personal data processing, the composition of personal data subject to processing, and the actions (operations) performed with personal data.
2.8 Personal data — any information relating directly or indirectly to a specific or identifiable User of the website https://ninavk.com.
2.9 Personal data authorized by the personal data subject for dissemination — personal data to which access by an unlimited number of persons is granted by the personal data subject by providing consent to the processing of personal data authorized for dissemination in accordance with the procedure stipulated by the Personal Data Law (hereinafter referred to as “personal data authorized for dissemination”).
2.10 User — any visitor to the website https://ninavk.com.
2.11 Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12 Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or making personal data available to an unlimited number of persons, including publication in mass media, placement in information and telecommunication networks, or granting access to personal data in any other way.
2.13 Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign state authority, foreign individual, or foreign legal entity.
2.14 Destruction of personal data — any actions as a result of which personal data are irreversibly destroyed with no possibility of restoring their content in a personal data information system and/or physical media containing personal data are destroyed.


3. Rights and Obligations of the Operator

3.1 The Operator has the right to:

• receive accurate information and/or documents containing personal data from the personal data subject;
• continue processing personal data without the consent of the personal data subject in the event of withdrawal of consent or submission of a request to terminate processing, provided there are legal grounds stipulated by the Personal Data Law;
• independently determine the composition and list of measures necessary and sufficient to ensure compliance with obligations established by the Personal Data Law and regulations adopted pursuant thereto, unless otherwise provided by federal law.

3.2 The Operator is obliged to:

• provide the personal data subject, upon request, with information regarding the processing of their personal data;
• organize personal data processing in accordance with the legislation of the Russian Federation;
• respond to requests and inquiries of personal data subjects and their legal representatives in accordance with the Personal Data Law;
• notify the authorized body for the protection of personal data subjects’ rights upon its request within 10 days from receipt of such request;
• publish or otherwise ensure unrestricted access to this Policy;
• take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination, and other unlawful actions;
• terminate transfer (dissemination, provision, access), cease processing, and destroy personal data in cases and in accordance with procedures provided by the Personal Data Law;
• fulfill other obligations stipulated by the Personal Data Law.

4. Rights and Obligations of Personal Data Subjects

4.1 Personal data subjects have the right to:

• receive information regarding the processing of their personal data, except in cases provided by federal law;
• request clarification, blocking, or destruction of personal data if such data are incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated processing purposes;
• require prior consent for processing personal data for marketing purposes;
• withdraw consent for personal data processing and submit a request to terminate processing;
• appeal unlawful actions or inaction of the Operator to the authorized body or in court;
• exercise other rights provided by Russian law.

4.2 Personal data subjects are obliged to:

• provide accurate personal data about themselves;
• notify the Operator of updates or changes to their personal data.

4.3 Persons who provide inaccurate information about themselves or personal data of another subject without their consent shall bear liability in accordance with the legislation of the Russian Federation.


5. Principles of Personal Data Processing

5.1 Personal data processing is carried out on a lawful and fair basis.
5.2 Processing is limited to achieving specific, predetermined, and legitimate purposes.
5.3 Combining databases containing personal data processed for incompatible purposes is not permitted.
5.4 Only personal data relevant to the purposes of processing are subject to processing.
5.5 The content and volume of processed personal data correspond to the stated purposes; excessive data processing is not allowed.
5.6 Accuracy, sufficiency, and relevance of personal data are ensured; necessary measures are taken to update or delete inaccurate data.
5.7 Personal data are stored no longer than required by processing purposes unless otherwise established by law or contract; data are destroyed or depersonalized upon achievement of processing purposes.


6. Purposes of Personal Data Processing

Purpose of processing:
Informing the User by sending emails
Personal data:

• Full name
• Email address
• Phone numbers

Legal grounds:

• Founding documents of the Operator

Types of processing:

• Sending informational emails

7. Conditions for Personal Data Processing

7.1 Processing is carried out with the consent of the personal data subject.
7.2 Processing is necessary to fulfill international treaties or legal obligations.
7.3 Processing is necessary for the administration of justice or enforcement of legal acts.
7.4 Processing is necessary for contract performance or conclusion.
7.5 Processing is necessary to protect the legitimate interests of the Operator or third parties without violating rights of the subject.
7.6 Processing of publicly available personal data provided by the subject is permitted.
7.7 Processing of personal data subject to mandatory disclosure by law is permitted.


8. Procedure for Collection, Storage, Transfer, and Other Processing

Personal data security is ensured through legal, organizational, and technical measures.

8.1 The Operator ensures the safety of personal data and prevents unauthorized access.
8.2 Personal data are not transferred to third parties except as required by law or with consent.
8.3 Users may update their data by emailing nina@mixbs.com with the subject “Personal Data Update”.
8.4 Processing duration is determined by achievement of processing purposes unless otherwise stipulated.
Consent may be withdrawn at any time via email to nina@mixbs.com with the subject “Withdrawal of Consent to Personal Data Processing”.
8.5 Data collected by third-party services are processed according to their own policies; the Operator is not responsible for their actions.
8.6 Restrictions on dissemination do not apply to processing in public or state interests.
8.7 The Operator ensures confidentiality of personal data.
8.8 Data are stored only as long as necessary for processing purposes.
8.9 Grounds for termination include achievement of purposes, expiration or withdrawal of consent, or unlawful processing.


9. List of Actions Performed with Personal Data

9.1 Collection, recording, systematization, accumulation, storage, updating, extraction, use, transfer, depersonalization, blocking, deletion, and destruction.
9.2 Automated processing with or without information and telecommunication networks.


10. Cross-Border Transfer of Personal Data

10.1 Prior notification to the authorized body is required before cross-border transfer.
10.2 Required information must be obtained from foreign recipients prior to notification.


11. Confidentiality of Personal Data

The Operator and persons with access to personal data must not disclose or distribute such data without consent unless otherwise provided by law.


12. Final Provisions

12.1 Users may contact the Operator for clarifications via nina@mixbs.com.
12.2 Any changes to this Policy will be reflected in this document. The Policy is valid indefinitely until replaced.
12.3 The current version is publicly available at https://ninavk.com.