Privacy Policy

This privacy policy (hereinafter referred to as the "Policy") describes the procedure and conditions for processing personal data on the website https://krije.ru and related communication channels (phone, email, messengers) by individual entrepreneur Krivosheeva Evgenia Mikhailovna (INN 503007815192) (hereinafter referred to as the "Operator", "we").

By using the Website and providing us with your personal data, you confirm that you have read the Policy. If you do not agree with the terms, please stop using the Website and contact us to exercise your rights as a data subject.

1.1. Personal data processing is carried out in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data", Federal Law No. 149-FZ of July 14, 2006 "On Information, Information Technologies and Information Protection", the Code of Administrative Offenses (Articles 13.11, 19.7), and other regulatory acts of the Russian Federation.

1.2. The authorized body for the protection of the rights of personal data subjects is Roskomnadzor.

1.3. The Operator processes personal data on the basis of:

• - consent of the personal data subject;
• - performance of a contract/pre-contractual relations (processing of inquiries, applications, orders);
• - fulfillment of obligations imposed by the legislation of the Russian Federation;
• - exercise of the Operator's rights and legitimate interests, provided that this does not violate the rights and freedoms of data subjects.

1.4. Roskomnadzor Notification. The Operator is obliged to submit a notification about personal data processing before starting processing and keep the information in the notification up to date; when carrying out cross-border transfer - additionally submit a notification about cross-border transfer.

2.1. We process the following categories of data:

• - identification data: first name, last name (if provided);
• - contact data: phone number, email, messenger accounts;
• - inquiry/order data: content of requests, communication history, order status, payment information (without storing card details - if payment is made through payment providers);
• - technical data: IP address, cookie identifiers, session data, device data and logs (date/time, referrers, browser parameters);
• - other information voluntarily provided by the user through Website forms or in communications.

2.2. The Operator does not intentionally request or process special categories of data (about health, beliefs, etc.) or biometric data. If such information was provided by mistake, please notify us immediately - we will delete it.

2.3. Minors' data. The Website is not intended for persons under 18 years of age. We do not purposefully collect children's data. If such collection is identified, the data is deleted.

• - receiving and processing inquiries, applications, orders;
• - feedback, consultations, service support;
• - performance of contracts, invoicing and payment processing, accounting and tax accounting;
• - improving the Website and services, analytics and usage statistics;
• - sending informational and marketing messages (with consent, with the possibility to opt out at any time);
• - compliance with legal requirements and responding to government requests.

4.1. The Website uses technically necessary cookies (ensure the Website functions) and, with your consent, analytical/marketing cookies (e.g., for statistics and personalization).

4.2. On the first visit, a consent banner is displayed with options: accept all; reject all except necessary; configure by categories. You can change your choice at any time via the "Cookie Settings" link in the footer.

4.3. We may use the following analytics and marketing providers: Yandex.Metrica, VK Pixel, as well as other Russian/localized solutions. When using foreign services, cross-border transfer is carried out in compliance with legal requirements and after notifying Roskomnadzor.

5.1. The following may have access to personal data:

• - contractors and processors providing hosting, IT support, analytics, mailing, call center, order delivery and payment services;
• - banks and payment providers - for processing payments;
• - government authorities - on the basis of law and in accordance with established procedure;
• - other persons - with separate consent of the data subject.

5.2. Processing instructions agreements are concluded with each processor, including requirements for data protection measures, confidentiality and data localization. Processors are not allowed to use data for their own purposes.

6.1. Personal data of Russian citizens is processed and stored on servers located in the territory of the Russian Federation.

6.2. Cross-border transfer of personal data is permitted if there are legal grounds, after assessing the level of protection in the receiving country (or with contractual guarantees/consent) and preliminary notification to Roskomnadzor. In such cases, appropriate protection measures and access control are ensured.

Data is stored in a form that allows identification of the subject no longer than required by the processing purposes, unless a longer period is provided by law (e.g., accounting documents - for at least the established periods). Upon achieving the purposes, data is deleted or anonymized.

We implement necessary legal, organizational and technical protection measures: internal policies and regulations; appointment of a responsible person for organizing personal data processing; access control; encryption and backup; action logging; risk and threat assessment; staff training; contractor verification; incident management.

9.1. Upon detection of a personal data security incident, we:

• - immediately take measures to localize it and minimize consequences;
• - within 24 hours, notify Roskomnadzor about the incident and known circumstances;
• - within 72 hours, send the results of the internal investigation to Roskomnadzor;
• - inform affected data subjects within a reasonable time if the incident may pose risks to their rights and freedoms.

9.2. We maintain a record of incidents and store investigation materials for the established periods.

You have the right to:

• - receive information about the processing of your personal data;
• - request clarification (updating, correction) of data;
• - request blocking or destruction of data if processing is unlawful or purposes are achieved;
• - withdraw consent to processing and to receiving marketing messages;
• - object to processing for marketing purposes;
• - appeal the Operator's actions/inaction to Roskomnadzor or in court.

To exercise your rights, send a request to the contacts in section 13. We will respond within 30 days (unless another period is established by law).

11.1. Mailings and other marketing messages are sent only with your consent or within the framework of service/sales relationships.

11.2. You can unsubscribe from mailings at any time via the link in the email or by sending us a request.

We may update the Policy when processes and legal requirements change. The new version comes into force from the moment of publication on the Website, unless otherwise specified. The date of the last update is indicated in the document header.

Operator: Individual Entrepreneur Krivosheeva Evgenia Mikhailovna, INN 503007815192.

Mailing address (if available): [to be specified]

Phone: +7 (926) 523-90-36

Email: krijemsk@gmail.com

Telegram: https://t.me/Krije_bot

Responsible for organizing personal data processing (contact person): [Full name, email]

If applicable: number and date of the personal data processing notification; information about cross-border transfers and notifications. This section is filled out after submission/updating of the notification.

• - We do not currently use cookies.

Hosting provider Versel; mailing service Gmail. Processing instructions agreements have been concluded with each, and information security and localization requirements have been signed.