POLICY ON PERSONAL DATA PROCESSING 1. GENERAL PROVISIONS This personal data processing policy (hereinafter referred to as the Policy) is drawn up and defines the procedure for processing personal data and measures to ensure the security of personal data received by IE Maksim Kovalenko 343571940 (hereinafter referred to as the Operator). The Operator sets its most important goal and condition for carrying out its activities to respect the rights and freedoms of a person and a citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets. The main concepts used in the Policy are as follows: Personal data is any information related to a directly or indirectly identified or identifiable individual (subject of personal data). A User is an individual who is the subject of personal data. Cookies are small pieces of data related to personal data that are stored in a computer's browser, mobile phone, or other device after a User visits the Website. Automated processing of personal data is the processing of personal data using computer technology. Blocking of personal data is the temporary cessation of the processing of personal data (except in cases where processing is necessary to clarify personal data); Website is a set of graphic and information materials, as well as computer programs and databases that ensure their availability on the Internet at the network address richatrstory.com Personal data information system is a set of personal data contained in databases and the information technologies and technical means that ensure their processing; Personal data anonymization is an action that makes it impossible to determine, without the use of additional information, whether personal data belongs to a specific User or another subject of personal data. Personal data processing is any action (operation) or a set of actions (operations) performed using automation tools or without such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data. Personal data provision — actions aimed at disclosing personal data to a specific person or an indefinite circle of persons; Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or at making personal data available to an unlimited circle of persons, including the publication of personal data in the media, posting in information and telecommunication networks, or providing access to personal data in any other way; Destruction of personal data — any actions, as a result of which personal data is irretrievably destroyed with the impossibility of further recovery of the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed. To the subjects of personal data, the personal data of which are processed by the Operator, in accordance with this Policy, include: 1) clients and contractors of the Operator (individuals) 2) representatives/employees of clients and contractors of the Operator (legal entities) website visitors. 2. PURPOSES AND CONDITIONS OF PERSONAL DATA PROCESSING AND THE CORRESPONDING LIST OF PERSONAL DATA PROCESSED 2.1. Personal data permitted to be processed under this Policy is provided by the User voluntarily by filling out the User data form on the Website or by submitting information personally to the Operator through electronic correspondence. 2.2. The personal data of the persons specified in subparagraphs 1-2 of clause 1.3 of the Policy is processed for the following purposes: identification of the party within the framework of agreements and contracts concluded with the Operator; provision of services to the User, access to the Website, and services; communication with the User, sending emails to the User upon receipt of payment from the User, sending notifications and requests to the User; interchange with the User within the framework of the contracts concluded with him; transfer of the results of the execution of the contract — photos and/or other works created within the framework of the contracts concluded between the user and the Operators. 2.3. For the purposes specified in paragraph 2.2 of the Policy, the following personal data of the persons specified in subparagraphs 1-2 of paragraph 1.3 of the Policy is processed: 1) surname, name, patronymic (if any); 2) contact phone number 3) email address 4) residential address 5) TIN 6) date of birth 7) passport data 8) position (when processing personal data of employees/representatives of legal entities) 2.4. The processing of personal data specified in paragraph 2.3 of the Policy is carried out with the consent of the subject of personal data to the processing of his personal data, except in cases where the processing of personal data is necessary for the execution of a contract in which the User is a party, a beneficiary, or a guarantor, as well as for the conclusion of a contract at the User's initiative or a contract in which the User will be a beneficiary or a guarantor, and in cases where the processing of personal data is necessary to achieve the goals specified in an international treaty or law, or to carry out the functions, powers, and obligations assigned to the operator by law. 2.5. The processing of personal data of the persons specified in subparagraph 3 of paragraph 1.3 of this Policy (Site visitors) is carried out for the following purposes: organizing access to information about the Operator's activities posted on the Internet information and telecommunication network communication with the User, sending emails to the User at the time of registration on the website promoting the Operator's services and informing new customers about the quality of services — providing information about previous experience when the User posts a review about working with the Operator on the Website. research and analysis of data that allows us to maintain and improve the services and sections of the Site, as well as develop new services and sections of the Site; conducting statistical and other research based on anonymized data. 2.6. For the purposes specified in paragraph 2.5 of this Policy, the following personal data of the persons specified in subparagraph 3 of paragraph 1.3 of this Policy is processed: 1) surname, name; 2) email address 3) phone number 4) Cookies. The collection and processing of Cookies is regulated by Section 7 of this Policy. 2.7. The processing of personal data specified in Section 2.6 of the Policy is carried out with the consent of the subject of personal data to the processing of his personal data. 2.8. Consent to the processing of Personal Data is the User's action to put a flag (check mark) next to the column «I give my consent to the processing of my personal data in accordance with the Personal Data Processing Policy. " 2.9. Consent to the processing of Personal Data, including Cookies, for Users using the Site To obtain information about the Operator's activities, it is necessary to use the Website and click the «OK» button or a similar button on the Cookie collection notification in accordance with this Privacy Policy. 2.10. The personal data specified in paragraphs 2.3 and 2.6 of this Policy are collectively referred to as Personal Data. 2.11. Special categories of personal data are not processed. 3. PERSONAL DATA PROCESSING REGULATIONS 3.1. Personal data processing is performed using automation tools or without using such tools. Personal data processing without using automation tools can be carried out in the form of documents on paper media and in electronic form (files, databases) on electronic media. 3.2. The Operator does not carry out cross-border transfer of personal data 3.3. The Operator does not transfer personal data to third parties, except in the following cases: when the transfer is necessary to fulfill the contract with the subject; when required by law at the request of government agencies, courts, investigative bodies, and other authorized bodies, based on the current legislation 3.4. The Operator and other persons who have obtained access to personal data are obliged not to disclose personal data to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by law. 3.5. The Operator has the right to store (archive storage) and collect documents and personal data. 3.6. The period of personal data processing is until the goals of personal data processing are achieved. The User may at any time revoke their consent to the processing of personal data by sending a notification to the Operator via email to the Operator's email address richart-studio@yandex.ru with the subject line «Revocation of consent to the processing of personal data.» 3.7. The Operator is obliged to stop processing personal data in the following cases: if the Operator detects any illegal processing of personal data within three business days from the date of detection; if the subject of personal data revokes their consent to the processing of their personal data; in the event that the purpose of processing personal data is achieved, and to destroy personal data within a period not exceeding thirty days from the date of achieving the purpose of processing personal data. In the event that it is not possible to destroy personal data within this period, the operator shall block such personal data and ensure that personal data is destroyed within a period of no more than six months, unless otherwise specified by law. 4. RIGHTS AND OBLIGATIONS OF THE PARTIES.   4.1. The operator has the right to: receive reliable information containing personal data from the User; 4.2. The Operator is obliged to: process personal data in accordance with the procedure established by the current legislation; consider the User's requests regarding the processing of personal data and provide motivated responses; take measures to clarify and destroy the User's personal data in connection with his (or his legal representative's) request for legitimate and reasonable requirements; organize the protection of personal data in accordance with the requirements of the legislation. 4.3. The User has the right to: to receive full information about their personal data processed by the Operator; to clarify their personal data, block it, or destroy it in cases where the personal data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing; to withdraw their consent to the processing of personal data; if the User believes that the Operator is processing their personal data in violation of the requirements of current legislation or otherwise violates their rights and freedoms, the subject of personal data has the right to appeal the actions or inaction of the Operator to the authorized body for the protection of the rights of subjects of personal data or in court. The User has the right to protect their rights and legitimate interests, including the right to compensation for damages and (or) compensation for non-pecuniary damage in court. to exercise other rights provided for by law. 4.4. The User is obliged to: provide the Operator with only accurate information about themselves. 5. PROCEDURE FOR PROCESSING SUBJECT'S APPEALS PERSONAL DATA 5.1. The persons specified in clause 1.3 of this Policy have the right to receive information concerning the processing of their personal data, including the following: 1) confirmation of the fact of processing of personal data by the Operator; 2) legal grounds and purposes of processing of personal data; 3) purposes and methods of processing of personal data used by the Operator; 4) the personal data being processed, which relates to the relevant data subject, and the source of its acquisition; 5) the terms of processing personal data, including the terms of its storage; The operator is obliged to provide the data subject or their representative with the opportunity to review the personal data relating to this data subject without charge. 5.2. The persons specified in paragraph 1.3 of this Policy have the right to request the Operator to clarify their personal data, block it, or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing, and to take legal measures to protect their rights. 5.3. The information specified in paragraph 5.1 of this Policy must be provided to the personal data subject by the Operator in an accessible form, and it must not contain personal data related to other personal data subjects, unless there are legal grounds for disclosing such personal data. 5.4. The information specified in paragraph 5.1 of this Policy must be provided to the personal data subject or their representative within ten business days of the request or receipt of the request by the Operator. The request must contain: 1) the number of the main identity document of the personal data subject or his representative, information on the date of issue of the specified document and the issuing authority; 2) information confirming the personal data subject's participation in the relationship with the operator (contract number, date of conclusion of the contract, conditional designation and (or) other information), or information otherwise confirming the fact of personal data processing by the operator 3) the signature of the personal data subject or his representative. The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation. 5.5. In the event of inaccuracies in the personal data, the User may update them independently by sending a notification to the Operator at the Operator's email address richart-studio@yandex.ru with the subject «Updating of personal data.» Within a period of no more than seven business days from the date of submission by the subject of personal data or their representative of information confirming that the personal data are incomplete, inaccurate, or irrelevant, the operator is obliged to make the necessary changes. 5.6. Within a period not exceeding seven business days from the date of submission by the subject of personal data or his representative of information confirming that such personal data is illegally obtained or is not necessary for the stated purpose of processing, the operator is obliged to destroy such personal data. The operator is obliged to notify the subject of personal data or his representative of the changes made and the measures taken. 6. MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA DURING THEIR PROCESSING 6.1. The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection. These protection measures include, among others: the use of antivirus information protection tools; identification and authentication of users when logging into the information system using a password; restricting access to premises designated for processing personal data; storing personal data on secure storage media; detection of unauthorized access to personal data and taking measures, including measures to detect, prevent, and eliminate the consequences of computer attacks on personal data information systems, and to respond to computer incidents in them restoration of personal data that has been modified or destroyed as a result of unauthorized access to it. 6.2. The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized access to personal data. 7. COOKIES 7.1. The following cookies are collected on the Website: 7.1.1. Technical cookies — the collection of these files cannot be prohibited when visiting, as they are necessary for the proper operation and provision of the full functionality of the Site.; 7.1.2. Analytical cookies are collected through web analytics tools for the purpose of general analysis of the use of the Site and obtaining data on User actions on the Site to improve its functionality: IP address; browser information; access time; referrer (previous page address). 7.2. The purposes of collecting cookies: — authentication of the Website Users; — as an element of security measures used to protect user accounts, including preventing fraudulent use of login credentials, as well as to protect the Website as a whole; — for data analytics purposes. 7.3. How to prevent the collection of cookies on the website: 7.3.1. If the User does not want cookies to be stored on their device, they can disable this option in their browser settings. Saved cookies can also be deleted at any time in the browser's system settings. The User can change their browser settings to accept or reject all cookies or cookies from the Site by default. 7.3.2. PLEASE NOTE THAT BY DISABLING COOKIE FILES, THE USER WILL NOT BE ABLE TO USE SOME OF THE SITE'S FUNCTIONS AND TOOLS. Cookie files are processed for statistical or other research purposes, subject to the mandatory anonymization of personal data. 8. FINAL PROVISIONS The User can get any clarifications on the issues of interest regarding the processing of their personal data by contacting the Operator via the email address richart-studio@yandex.ru This document will reflect any changes to the Operator's personal data processing policy. The policy is valid indefinitely until it is replaced by a new version. The current version of the Policy is freely available on the Internet.