Personal Data Processing Policy1. General ProvisionsThis Personal Data Processing Policy is drafted in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" (hereinafter referred to as the "Personal Data Law") and defines the procedure for processing personal data and the measures taken to ensure the security of personal data by LLC "Yantarnaya Kosmetika" (hereinafter referred to as the "Operator").
1.1. The Operator considers the highest priority in its activities to be the observance of human and civil rights and freedoms when processing their personal data, including the protection of privacy, personal, and family secrets.
1.2. This Operator’s policy regarding the processing of personal data (hereinafter referred to as the "Policy") applies to all information that the Operator may obtain about visitors to the website https://julia-amber.com.
2. Key Terms Used in the Policy2.1. **Automated Processing of Personal Data** – processing of personal data using computer technology.
2.2. **Blocking of Personal Data** – temporary suspension of personal data processing (except where processing is necessary to clarify personal data).
2.3. **Website** – a collection of graphical and informational materials, as well as computer programs and databases, ensuring their availability on the internet at the network address https://julia-amber.com.
2.4. **Personal Data Information System** – a set of personal data contained in databases and the information technologies and technical means enabling their processing.
2.5. **Depersonalization of Personal Data** – actions that make it impossible to determine the ownership of personal data by a specific User or other subject of personal data without additional information.
2.6. **Processing of Personal Data** – any action (operation) or set of actions (operations) performed with or without automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction of personal data.
2.7. **Operator** – a state body, municipal body, legal entity, or individual organizing and/or performing personal data processing independently or jointly with others, as well as determining the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed on personal data.
2.8. **Personal Data** – any information directly or indirectly related to an identified or identifiable User of the website https://julia-amber.com.
2.9. **Personal Data Permitted for Dissemination** – personal data to which access has been granted to an unlimited number of persons by the personal data subject through consent to the processing of personal data permitted for dissemination in accordance with the Personal Data Law (hereinafter referred to as "dissemination-permitted personal data").
2.10. **User** – any visitor to the website https://julia-amber.com.
2.11. **Provision of Personal Data** – actions aimed at disclosing personal data to a specific person or group of persons.
2.12. **Dissemination of Personal Data** – any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or making personal data available to an unlimited number of persons, including publishing personal data in mass media or providing access to personal data in any other way.
2.13. **Cross-Border Transfer of Personal Data** – transfer of personal data to the territory of a foreign state to a foreign authority, foreign individual, or foreign legal entity.
2.14. **Destruction of Personal Data** – any actions resulting in the irreversible destruction of personal data with no possibility of further restoration in the personal data information system and/or destruction of physical media containing personal data.
3. Operator’s Key Rights and Obligations3.1. The Operator has the right to:
— Receive accurate information and/or documents containing personal data from the personal data subject;
— Continue processing personal data without the subject’s consent if grounds specified in the Personal Data Law exist, including if the subject withdraws consent or requests termination of processing;
— Independently determine the necessary measures to comply with the Personal Data Law and related regulations, unless otherwise specified by law.
3.2. The Operator is obliged to:
— Provide the personal data subject, upon request, with information regarding the processing of their personal data;
— Organize personal data processing in accordance with Russian law;
— Respond to inquiries and requests from personal data subjects and their legal representatives in accordance with the Personal Data Law;
— Provide the authorized body for personal data protection with necessary information within 10 days of receiving a request;
— Publish or otherwise ensure unrestricted access to this Personal Data Processing Policy;
— Implement legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, or dissemination, as well as other unlawful actions;
— Cease processing and destroy personal data in cases stipulated by the Personal Data Law;
— Fulfill other obligations under the Personal Data Law.
4. Key Rights and Obligations of Personal Data Subjects4.1. Personal data subjects have the right to:
— Obtain information regarding the processing of their personal data, except in cases specified by federal laws;
— Demand clarification, blocking, or destruction of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated processing purposes;
— Impose a condition of prior consent for processing personal data for marketing purposes;
— Withdraw consent to personal data processing and demand termination of processing;
— Appeal unlawful actions or inaction of the Operator to the authorized body or in court;
— Exercise other rights granted by Russian law.
4.2. Personal data subjects must:
— Provide the Operator with accurate personal data;
— Notify the Operator of updates or changes to their personal data.
4.3. Persons who provide false personal data or data about another subject without consent bear responsibility under Russian law.
5. Principles of Personal Data Processing5.1. Processing is conducted lawfully and fairly.
5.2. Processing is limited to specific, predefined, and lawful purposes. Processing incompatible with collection purposes is prohibited.
5.3. Merging databases containing personal data processed for incompatible purposes is prohibited.
5.4. Only personal data relevant to processing purposes may be processed.
5.5. The content and scope of processed data must align with stated purposes. Excessive data processing is prohibited.
5.6. Accuracy, sufficiency, and relevance of personal data must be ensured. The Operator takes measures to delete or clarify incomplete or inaccurate data.
5.7. Storage must allow identification of the subject only as long as necessary, unless otherwise required by law or agreement. Processed data is destroyed or depersonalized upon achieving processing purposes or when no longer necessary.
6. Purposes of Personal Data Processing**Purpose of processing:**
Informing the User by sending emails.
**Personal data:**
- Last name, first name, patronymic
- Email address
- Phone numbers
- Postal address
**Legal basis:**
- Federal Law "On Information, Information Technologies, and Information Protection" No. 149-FZ of July 27, 2006
**Types of personal data processing:**
- Collection, recording, systematization, accumulation, storage, destruction, and depersonalization of personal data
7. Conditions for Personal Data Processing7.1. Processing is carried out with the consent of the personal data subject.
7.2. Processing is necessary to achieve objectives under an international treaty or Russian law, or to fulfill the Operator’s legal obligations.
7.3. Processing is required for the administration of justice, enforcement of court rulings, or other legally binding acts.
7.4. Processing is necessary to execute a contract where the personal data subject is a party, beneficiary, or guarantor, or to conclude a contract at the subject’s initiative.
7.5. Processing is necessary to protect the Operator’s or third parties’ legitimate interests, provided the subject’s rights and freedoms are not violated.
7.6. Processing involves publicly available personal data disclosed by the subject or at their request.
7.7. Processing involves personal data subject to mandatory disclosure under federal law.
8. Procedure for Collection, Storage, Transfer, and Other Processing of Personal DataThe Operator ensures security through legal, organizational, and technical measures to fully comply with personal data protection laws.
8.1. The Operator safeguards personal data and prevents unauthorized access.
8.2. Personal data will **not** be disclosed to third parties, except where required by law or with the subject’s explicit consent for contractual obligations.
8.3. Users may update their data by emailing **julia-amber@inbox.ru** with the subject line **"Personal Data Update."**
8.4. Processing continues until the purpose is fulfilled, unless otherwise stipulated by contract or law.
Users may withdraw consent by emailing **julia-amber@inbox.ru** with the subject line **"Withdrawal of Consent for Personal Data Processing."**
8.5. Third-party services (e.g., payment systems) process data under their own policies. The Operator is not liable for their actions.
8.6. Restrictions on data transfer/processing do not apply in cases of state, public, or other legally defined public interests.
8.7. The Operator ensures confidentiality during processing.
8.8. Data is stored only as long as necessary for processing purposes, unless extended by law or agreement.
8.9. Processing ceases upon achieving its purpose, expiration/withdrawal of consent, or if processing is deemed unlawful.
9. Actions Performed by the Operator with Personal Data9.1. The Operator conducts:
- Collection, recording, systematization, storage, updating, retrieval, use, transfer (including cross-border), depersonalization, blocking, deletion, and destruction.
9.2. Automated processing may involve data transmission via IT networks.
10. Cross-Border Transfer of Personal Data 10.1. The Operator must notify the authorized data protection authority before initiating cross-border transfers.
10.2. Prior to notification, the Operator must obtain relevant information from foreign authorities/entities receiving the data.
11. Confidentiality of Personal DataThe Operator and authorized personnel must not disclose or distribute personal data without consent, unless required by law.
12. Final Provisions12.1. Users may request clarifications via **julia-amber@inbox.ru**.
12.2. This Policy may be updated; changes will be published here. It remains effective until replaced by a new version.
12.3. The current version of this Policy is freely available on the Internet at:
https://julia-amber.com/en/privacy