ru
en

Personal Data Processing Policy

POLICY ON THE PROCESSING AND PROTECTION OF PERSONAL DATA ON THE WEBSITE OF LLC "MASHUK" https://bossanovabrand.com/en/

1. General Provisions

1.1. This Policy on the processing of personal data (hereinafter referred to as the "Policy") of users of the website of LLC "MASHUK" (INN 2632800220, legal address: 357528, Pyatigorsk, Fevralskaya St., 54, lit. G1, pom. 217 on the 5th floor) (hereinafter referred to as the "Operator") is an official document that defines the general principles, purposes, and procedures for processing personal data of users of the website https://bossanovabrand.com/en/ (hereinafter referred to as the "Website"), as well as information about the implemented measures to protect personal data.

1.2. The Policy has been developed in accordance with the legislation of the Russian Federation due to the Operator's registration in the territory of the Russian Federation. The terms and definitions used in the Policy shall be applied and interpreted in the meaning established by Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" (hereinafter referred to as "Federal Law No. 152-FZ"). The Operator processes personal data in compliance with the requirements of Federal Law No. 152-FZ, its subordinate regulations, and regulatory and methodological documents of the state authorities of the Russian Federation authorized in the field of information security and protection of the rights of personal data subjects.

1.3. This Policy applies exclusively to the Website and its users (hereinafter referred to as the "User") (category of personal data subjects). The Operator does not control and is not responsible for third-party websites that the User may access via links available on the Website.

1.4. The processing of personal data of other categories of personal data subjects by the Operator is regulated by other local acts of the Operator.

1.5. This Policy comes into force from the moment of its publication on the Website and remains in effect indefinitely until replaced by a new Policy.

1.6. The use of the Website implies the User's unconditional consent to this Policy and the terms of processing their personal data specified herein. In case of disagreement with these terms, the User must refrain from using the Website.

1.7. The legal grounds for the Operator's processing of personal data are:
– The Constitution of the Russian Federation;
– The Civil Code of the Russian Federation;
– Federal Law No. 126-FZ of July 7, 2003, "On Communications";
– Federal Law No. 149-FZ of July 27, 2006, "On Information, Information Technologies, and Information Protection";
– Federal Law No. 152-FZ of July 27, 2006, "On Personal Data";
– Other regulatory legal acts governing relations related to the Operator's activities.

1.8. The purpose of the Policy is to ensure the protection of the rights and freedoms of personal data subjects during the processing of their personal data by the Operator.

2. Key Terms Used in the Policy

2.1. Automated processing of personal data – processing of personal data using computer technology.

2.2. Blocking of personal data – temporary cessation of processing personal data (except in cases where processing is necessary to clarify personal data).

2.3. Website – a collection of graphical and informational materials, as well as computer programs and databases that ensure their availability on the Internet at the network address https://bossanovabrand.com/en/.

2.4. Information system of personal data — a set of personal data contained in databases and information technologies and technical means that ensure their processing.

2.5. Depersonalization of personal data — actions that make it impossible to determine the belonging of personal data to a specific User or other personal data subject without using additional information.

2.6. Processing of personal data – any action (operation) or set of actions (operations) performed with personal data, with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction of personal data.

2.7. Operator – a state body, municipal body, legal entity, or individual that independently or jointly with others organizes and/or processes personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data.

2.8. Personal data – any information relating directly or indirectly to a specific or identifiable User of the website https://bossanovabrand.com/en/.

2.9. Personal data permitted for dissemination by the personal data subject – personal data to which access by an unlimited number of persons is provided by the personal data subject by giving consent to the processing of personal data permitted for dissemination in the manner prescribed by the Law on Personal Data (hereinafter referred to as "personal data permitted for dissemination").

2.10. User – any visitor to the website https://bossanovabrand.com/en/.

2.11. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.

2.12. Dissemination of personal data – any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or at familiarizing an unlimited number of persons with personal data, including the publication of personal data in the media, placement in information and telecommunication networks, or providing access to personal data in any other way.

2.13. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign state authority, foreign individual, or foreign legal entity.

2.14. Destruction of personal data – any actions resulting in the irreversible destruction of personal data with the impossibility of further restoration of the content of personal data in the personal data information system and/or the destruction of physical media of personal data.

3. Key Rights and Obligations of the Operator

3.1. The Operator has the right:
– To receive from the personal data subject reliable information and/or documents containing personal data;
– In case the personal data subject withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Law on Personal Data;
– To independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Law on Personal Data and the regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws.

3.2. The Operator is obliged:
– To provide the personal data subject, upon request, with information regarding the processing of their personal data;
– To organize the processing of personal data in accordance with the current legislation of the Russian Federation;
– To respond to appeals and requests from personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
– To notify the authorized body for the protection of the rights of personal data subjects, upon request of this body, of the necessary information within 30 days from the date of receipt of such request;
– To publish or otherwise provide unrestricted access to this Policy regarding the processing of personal data;
– To take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination, as well as from other unlawful actions regarding personal data;
– To cease the transfer (dissemination, provision, access) of personal data, cease processing, and destroy personal data in the manner and cases provided for by the Law on Personal Data;
– To perform other obligations provided for by the Law on Personal Data.

4. Key Rights and Obligations of Personal Data Subjects

4.1. Personal data subjects have the right:
– To receive information regarding the processing of their personal data, except in cases provided for by federal laws. The information is provided to the personal data subject by the Operator in an accessible form and should not contain personal data relating to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Law on Personal Data;
– To demand from the Operator the clarification of their personal data, their blocking, or destruction if the personal data are incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;
– To set a condition of prior consent when processing personal data for the purpose of promoting goods, works, and services on the market;
– To withdraw consent to the processing of personal data;
– To appeal to the authorized body for the protection of the rights of personal data subjects or in court against unlawful actions or inaction of the Operator in processing their personal data;
– To exercise other rights provided for by the legislation of the Russian Federation.

4.2. Personal data subjects are obliged:
– To provide the Operator with accurate data about themselves;
– To inform the Operator about the clarification (updating, changing) of their personal data.

4.3. Persons who provided the Operator with false information about themselves or information about another personal data subject without the latter's consent shall bear responsibility in accordance with the legislation of the Russian Federation.

5. Procedure, Conditions, and Terms of Personal Data Processing

5.1. Conditions for processing personal data:

5.1.1. In cases not expressly provided for by the legislation of the Russian Federation but corresponding to the Operator's authority, the processing of other categories of personal data is carried out with the consent of the personal data subject to the processing of their personal data. Users of the Website give their consent to the processing of their personal data in the following cases when filling out the feedback form and/or by checking the box confirming consent to the personal data processing policy.

5.1.2. The Operator does not process information characterizing the physiological and biological characteristics of a person, on the basis of which their identity can be established (biometric personal data) and which is used to establish the identity of the personal data subject.

5.1.3. The Operator does not process special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, health status, or intimate life.

5.2. In case of the User's disagreement with the terms of this Policy, the use of the Website and/or any services available through the Website must be immediately terminated. If the User refuses to process cookies, they must stop using the Website or disable the use of cookies in the browser settings, in which case some functions of the Website may become unavailable.

5.2.1. Cookies are pieces of data stored in the browser of a computer, mobile phone, or other smartphone used to visit websites on the Internet.

5.2.2. Through cookies, the following information may be transmitted to the Operator from the User: IP address, MAC address, external source of referral to the Services (including backlinks), PHP session ID, invitation ID to the Service under referral programs, information about the software and equipment used by the User to work on the Internet, communication channels, information and materials transmitted and received using the Service, the User's behavior on the Service, as well as other similar information.

5.2.3. The User has the ability to independently delete cookies and prohibit their transmission by using the functionality of their browser.

5.2.4. By using the Services, the User expresses their consent to the transmission of cookies insofar as the possibility specified in clause 8.4 of the Appendix has not been implemented in relation to the Internet site.

5.3. The personal data of Users are processed for the following purposes:
– Informing the User via email;
– Conclusion, execution, and termination of civil contracts;
– Providing the User with access to services, information, and/or materials contained on the website https://bossanovabrand.com/en/. The Operator also has the right to send notifications to the User about new products and services, special offers, and various events. The User can always refuse to receive informational messages by sending an email to the Operator at sale@bossanovabrand.com with the subject "Opt-out of notifications about new products and services and special offers."

5.4. For the purposes set forth in this Policy, the Operator processes the following personal data of the User:
– Last name, first name, and patronymic (if any);
– Phone number;
– Sender's address;
– Email address;
– Anonymized data about visitors (including "cookie" files) using Internet statistics services.

5.5. The processing of personal data by the Operator is carried out in accordance with the following principles:
– Processing of personal data is carried out on a lawful basis;
– Processing of personal data is limited to achieving specific, predetermined, and lawful purposes;
– Processing of personal data incompatible with the purposes of collecting personal data is not allowed;
– Merging databases containing personal data processed for incompatible purposes is not allowed;
– Only personal data that meet the purposes of their processing are processed;
– The content and scope of processed personal data correspond to the stated purposes of processing;
– Processed personal data are not excessive in relation to the stated purposes of their processing;
– When processing personal data, the accuracy of personal data, their sufficiency, and, where necessary, relevance in relation to the purposes of processing personal data are ensured;
– The Operator takes necessary measures (or ensures their adoption) to delete or clarify incomplete or inaccurate data;
– Storage of personal data is carried out in a form that allows identification of the personal data subject for no longer than required by the purposes of processing personal data, unless the storage period of personal data is established by Federal Law No. 152-FZ of July 27, 2006, "On Personal Data," a state contract to which the personal data subject is a party, beneficiary, or guarantor;
– Processed personal data are subject to destruction upon achieving the purposes of processing or in case of loss of necessity to achieve these purposes, unless otherwise provided by Federal Law No. 152-FZ of July 27, 2006, "On Personal Data."

5.6. The processing of personal data is carried out using automation tools without transferring information over the Operator's internal local network, with the transfer of information over the Internet. When processing personal data using automation tools, the Operator uses, among other things, information technologies and technical means, including computer equipment, information and technical complexes and networks, means and systems for transmitting, receiving, and processing personal data, software (operating systems, database management systems, etc.), and information protection means used in information systems.

5.7. Processed personal data are subject to destruction under the following conditions:
– Achieving the purposes of processing personal data or the maximum storage periods – to be destroyed within 30 days;
– Loss of necessity to achieve the purposes of processing personal data – within 30 days;
– Provision by the personal data subject or their legal representative of confirmation that the personal data were unlawfully obtained or are not necessary for the stated purpose of processing – within 7 days;
– Inability to ensure the lawfulness of processing personal data – within 10 days;
– Withdrawal by the personal data subject of consent to the processing of personal data, if the retention of personal data is no longer required for the purposes of processing personal data – within 30 days.

5.8. Cross-border transfer of personal data is not carried out.

5.9. The Operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), blocking, deletion, destruction using databases located on the territory of the Russian Federation.

6. Measures to Ensure the Security of Personal Data

6.1. The security of personal data processed by the Operator is ensured by implementing legal, organizational, technical, and software measures necessary and sufficient to meet the requirements of the legislation of the Russian Federation.

6.2. The Operator takes the following measures to ensure the security of personal data:
– Appointment of responsible persons for organizing the processing and ensuring the protection of personal data;
– Limiting the number of Operator employees with access to personal data;
– Determining the level of security of personal data when processing in personal data information systems;
– Establishing rules for access control to personal data processed in personal data information systems and ensuring registration and accounting of all actions performed with personal data;
– Restricting access to premises where the main technical means and systems of personal data information systems are located and where non-automated processing of personal data is carried out;
– Organizing backup and recovery of the functionality of personal data information systems and personal data modified or destroyed due to unauthorized access to them;
– Setting requirements for password complexity for access to personal data information systems;
– Implementing antivirus control, preventing the introduction of malicious programs (viruses) and software bookmarks into the corporate network;
– Ensuring timely updating of software used in personal data information systems and information protection means;
– Conducting regular assessments of the effectiveness of measures taken to ensure the security of personal data;
– Detecting facts of unauthorized access to personal data and taking measures to establish the causes and eliminate possible consequences;
– Monitoring the measures taken to ensure the security of personal data and the security levels of personal data information systems.

7. Confidentiality of Personal Data

7.1. The Operator and other persons who have gained access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.

8. Final Provisions

8.1. The User can obtain any clarifications on questions of interest regarding the processing of their personal data by contacting the Operator via email at sale@bossanovabrand.com.

8.2. This document will reflect any changes to the Operator's personal data processing policy. The Policy is valid indefinitely until replaced by a new version.

*This Policy was approved by Order No. 24 of LLC "MASHUK" dated May 23, 2025.

FOLLOW US