This personal data processing policy is compiled in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" (hereinafter — the Personal Data Law) and defines the procedure for personal data processing and measures to ensure the security of personal data undertaken by Individual Entrepreneur Chuvachko Anna Sergeevna, TIN 761026612455, OGRN 322784700093321 (hereinafter — the Operator).
1.1. The Operator's most important goal and condition for carrying out its activities is to observe the rights and freedoms of individuals and citizens when processing their personal data, including the protection of rights to privacy, personal and family secrets.
1.2. This Operator's policy regarding personal data processing (hereinafter — the Policy) applies to all information that the Operator may obtain about visitors to the website
hronika.co/en.
2.1.
Automated personal data processing — processing of personal data using computer technology.
2.2.
Blocking of personal data — temporary cessation of personal data processing (except when processing is necessary for clarifying personal data).
2.3.
Website — a collection of graphic and informational materials, as well as computer programs and databases, ensuring their accessibility on the internet at the network address
hronika.co.2.4.
Personal data information system — a collection of personal data contained in databases, and the information technologies and technical means that ensure their processing.
2.5.
Anonymization of personal data — actions that make it impossible to determine, without the use of additional information, the belonging of personal data to a specific User or other personal data subject.
2.6.
Personal data processing — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion, destruction of personal data.
2.7.
Operator — a state body, municipal body, legal entity, or individual, independently or jointly with others, organizing and/or carrying out personal data processing, as well as determining the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.8.
Personal data — any information relating directly or indirectly to an identified or identifiable User of the
hronika.co. website.
2.9.
Personal data authorized by the personal data subject for dissemination — personal data to which an unlimited circle of persons has been granted access by the personal data subject by giving consent to the processing of personal data authorized by the personal data subject for dissemination in the manner prescribed by the Personal Data Law (hereinafter — personal data authorized for dissemination).
2.10.
User — any visitor to the
hronika.co. website.
2.11.
Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific circle of persons.
2.12.
Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or at familiarizing an unlimited circle of persons with personal data, including the publication of personal data in the media, placement in information and telecommunication networks, or providing access to personal data by any other means.
2.13.
Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual, or a foreign legal entity.
2.14.
Destruction of personal data — any actions that result in the irreversible destruction of personal data with the impossibility of further restoring the content of personal data in the personal data information system and/or the destruction of material carriers of personal data.
3. Operator's Basic Rights and Obligations
3.1. The Operator has the right to:
3.1.1. receive accurate information and/or documents containing personal data from the personal data subject;
3.1.2. in the event that the personal data subject withdraws consent for personal data processing, the Operator may continue to process personal data without the personal data subject's consent if there are grounds specified in the Personal Data Law;
3.1.3. independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Operator is obliged to:
3.2.1. provide the personal data subject, upon their request, with information concerning the processing of their personal data;
3.2.2. organize the processing of personal data in the manner established by the current legislation of the Russian Federation;
3.2.3. respond to appeals and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
3.2.4. provide the authorized body for the protection of personal data subjects' rights with the necessary information upon that body's request within 30 days from the date of receiving such a request;
3.2.5. publish or otherwise ensure unrestricted access to this Personal Data Processing Policy;
3.2.6. take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions concerning personal data;
3.2.7. cease the transfer (dissemination, provision, access) of personal data, cease processing, and destroy personal data in the manner and cases provided for by the Personal Data Law;
3.2.8. fulfill other obligations stipulated by the Personal Data Law.
4. Basic Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right to:
4.1.1. receive information concerning the processing of their personal data, except in cases provided for by federal laws. Information is provided to the personal data subject by the Operator in an accessible form and must not contain personal data relating to other personal data subjects, except when there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
4.1.2. demand from the operator the clarification of their personal data, its blocking, or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated processing purpose, and to take measures provided by law to protect their rights;
4.1.3. set a condition for prior consent when processing personal data for the purpose of promoting goods, works, and services in the market;
4.1.4. withdraw consent for personal data processing;
4.1.5. appeal to the authorized body for the protection of personal data subjects' rights or to a court against unlawful actions or inaction of the Operator during the processing of their personal data;
4.1.6. exercise other rights provided for by the legislation of the Russian Federation.
4.2. Personal data subjects are obliged to:
4.2.1. provide the Operator with accurate data about themselves;
4.2.2. inform the Operator about the clarification (updating, modification) of their personal data.
4.3. Persons who have provided the Operator with inaccurate information about themselves, or information about another personal data subject without the latter's consent, bear responsibility in accordance with the legislation of the Russian Federation.
5. The Operator may process the following user personal data
5.1. The Operator processes the following categories of personal data: surname, first name, patronymic, year, month, date of birth, place of birth, username (login) and password, address, phone number, email address, information about identity documents, payment data.
5.2. The Operator does not verify the accuracy of personal data provided by the data subject and assumes that the data subject provides accurate and sufficient personal information and keeps the information up to date.
5.3. To improve the Website, data such as IP address, browser and operating system information, data from Cookies, and other similar information are processed. Such data is automatically transmitted by the data subject's device from which the Website is accessed and is used exclusively for statistical purposes, to analyze ways to improve the quality of service, goods, and related services.
5.4. As a result of processing the personal data of the data subject through anonymization, anonymized statistical data may be obtained, which may be transferred to third parties for research, work, or services on behalf of the Operator.
5.5. The User's consent to the processing of personal data permitted for dissemination is formalized separately from other consents to the processing of their personal data. In this case, the conditions provided for, in particular, by Article 10.1 of the Personal Data Law, are observed. The requirements for the content of such consent are established by the authorized body for the protection of personal data subjects' rights.
5.5.1. The User provides consent to the processing of personal data permitted for dissemination directly to the Operator.
5.5.2. The Operator is obliged, no later than three working days from the moment of receiving the specified User's consent, to publish information about the processing conditions, the existence of prohibitions and conditions for the processing of personal data permitted for dissemination by an unlimited circle of persons.
5.5.3. The transfer (dissemination, provision, access) of personal data permitted by the personal data subject for dissemination must be terminated at any time at the request of the personal data subject. This request must include the surname, first name, patronymic (if any), contact information (phone number, email address, or postal address) of the personal data subject, as well as a list of personal data whose processing is to be terminated. The personal data specified in this request may only be processed by the Operator to whom it was sent.
6. Principles of Personal Data Processing
6.1. Personal data processing is carried out on a lawful and fair basis.
6.2. Personal data processing is limited to achieving specific, predetermined, and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection is not permitted.
6.3. The merging of databases containing personal data, the processing of which is carried out for incompatible purposes, is not permitted.
6.4. Only personal data that corresponds to the purposes of its processing is subject to processing.
6.5. The content and volume of processed personal data correspond to the stated processing purposes. Excessiveness of processed personal data in relation to the stated processing purposes is not permitted.
6.6. When processing personal data, the accuracy of personal data, its sufficiency, and, where necessary, its relevance to the purposes of personal data processing are ensured. The Operator takes necessary measures and/or ensures their adoption to delete or clarify incomplete or inaccurate data.
6.7. Personal data is stored in a form that allows identification of the personal data subject for no longer than required by the purposes of personal data processing, unless the storage period for personal data is established by federal law, by a contract to which the personal data subject is a party, beneficiary, or guarantor. Processed personal data is destroyed or anonymized upon achievement of the processing purposes or in case of loss of necessity to achieve these purposes, unless otherwise provided by federal law.
7. Purposes of Personal Data Processing
7.1. The purpose of processing User's personal data:
7.1.2. providing the User with access to services, information, and/or materials contained on the website
hronika.co/en; 7.1.3. compliance with and execution of agreements for the purchase and sale of acquired goods or any other agreements between the operator and the personal data subject;
7.1.4. offers to participate in promotions, loyalty programs, and receive prizes/rewards provided by the promotion;
7.1.5. providing personal data subjects with information about the operator's goods;
7.1.6. conducting marketing research;
7.1.7. conducting marketing campaigns.
7.2. To achieve the above purposes, the operator may undertake the following actions:
7.2.1. processing orders and returns of goods through online services;
7.2.2. sending text messages notifying of the delivery status of goods;
7.2.3. contacting the personal data subject in case of problems with the delivery of ordered goods;
7.2.4. providing answers to questions and informing about new or changed services;
7.2.5. sending marketing offers;
7.2.6. conducting analysis to provide the most relevant marketing offers and information;
7.3. The Operator also has the right to send the User notifications about new products and services, special offers, and various events. The User can always refuse to receive informational messages by sending an email to the Operator at
hello@hronika.co with the subject line "Opt-out of notifications about new products and services and special offers".
8. Legal Grounds for Personal Data Processing
8.1. The legal grounds for personal data processing by the Operator are:
8.2.1. Federal Law "On Information, Information Technologies and Information Protection" of 27.07.2006 N 149-FZ;
8.2.2. Federal laws, other regulatory legal acts in the field of personal data protection;
8.2.3. Users' consent to the processing of their personal data, to the processing of personal data permitted for dissemination.
8.2. The Operator processes the User's personal data only if it is filled in and/or sent by the User independently through special forms located on the website
hronika.co/en or sent to the Operator via email and other text messages. By filling out the relevant forms and/or sending their personal data to the Operator, the User expresses their consent to this Policy.
8.3. The Operator processes anonymized data about the User if this is allowed in the User's browser settings (saving "cookie" files and using JavaScript technology are enabled).
8.4. The personal data subject independently decides on the provision of their personal data and gives consent freely, by their own will, and in their own interest.
9. Procedure for Collection, Storage, Transfer, and Other Types of Personal Data Processing
9.1. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized access to personal data.
9.2. The User's personal data will never, under any circumstances, be transferred to third parties, except in cases related to the execution of current legislation or if the personal data subject has given consent to the Operator for the transfer of data to a third party for the fulfillment of obligations under a civil law contract.
9.3. In case of inaccuracies in personal data, the User can update them independently by sending a notification to the Operator's email address
hello@hronika.co with the subject line "Personal Data Update".
9.4. The period of personal data processing is determined by the achievement of the purposes for which the personal data were collected, unless a different period is provided by contract or current legislation.
9.5. The User can withdraw their consent to personal data processing at any time by sending a notification to the Operator via email at
hello@hronika.co with the subject line "Withdrawal of Consent to Personal Data Processing".
9.6. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by these individuals (Operators) in accordance with their User Agreement and Privacy Policy. The personal data subject and/or User is obliged to independently and timely familiarize themselves with these documents. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this clause.
10. List of Actions Performed by the Operator with Received Personal Data
10.1. The Operator carries out the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion, and destruction of personal data.
10.2. The Operator performs automated processing of personal data with or without receiving and/or transmitting the obtained information via information and telecommunication networks.
11. Cross-Border Transfer of Personal Data
11.1. Before carrying out cross-border transfer of personal data, the Operator must ensure that the foreign state to whose territory the personal data is intended to be transferred provides reliable protection of the rights of personal data subjects.
11.2. Cross-border transfer of personal data to the territories of foreign states that do not meet the above requirements may only be carried out with the written consent of the personal data subject for the cross-border transfer of their personal data and/or for the performance of a contract to which the personal data subject is a party.
12. Confidentiality of Personal Data
12.1. The Operator and other persons who have gained access to personal data are obliged not to disclose personal data to third parties or disseminate it without the consent of the personal data subject, unless otherwise provided by federal law.
13. Concluding Provisions
13.1. The User may obtain any clarifications on questions of interest concerning the processing of their personal data by contacting the Operator via email
hello@hronika.co.13.2. Any changes to the Operator's personal data processing policy will be reflected in this document. The policy is valid indefinitely until replaced by a new version.
13.3. The current version of the Policy is freely available online at
hronika.co/en/privacy PERSONAL
DATA
PROCESSING
POLICY
WE TREAT OUR CUSTOMERS' PERSONAL DATA WITH CARE. WE DO NOT ABUSE TRUST OR SEND UNNECESSARY COMMUNICATIONS.