> Privacy Policy

PRIVACY POLICY

(personal data processing policy)

Personal Data Operator:
Individual Entrepreneur
Kateryna Valerievna Kamyshova
Taxpayer Identification Number (INN): 771594439274
Primary State Registration Number of Individual Entrepreneur (OGRNIP): 326774600180481
Address:
Moscow, Leskova St., building 9, apartment 148
Email:
hanziway@yandex.ru
Website:
https://hanziway.com
This Policy defines the procedure for processing and protecting the personal data of users of the Hanziway.com service.


1. GENERAL PROVISIONS
This Privacy Policy (personal data processing policy) (hereinafter referred to as the “Policy”) of Individual Entrepreneur K.V. Kamyshova (hereinafter referred to as the “Operator”) has been developed in accordance with Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” and other regulatory acts of the Russian Federation (hereinafter referred to as “Federal Law No. 152-FZ”).
This Policy is the main internal regulatory document governing the Operator’s processing of personal data.
This Policy defines the purposes, procedure, conditions, content and methods of personal data processing by the Operator, the rights and obligations of the Operator, and information about the measures implemented to protect the personal data being processed.
This Policy applies to all personal data processed by the Operator using automated means, without using automated means, or by mixed processing methods.

2. TERMS AND DEFINITIONS
“Personal Data (PD)” means any information relating directly or indirectly to an identified or identifiable individual (personal data subject);
“PDIS” means a personal data information system;
“Processing of PD” means any action or set of actions performed with personal data, with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of PD;
“Website” means the website located at www.hanziway.com
“User” means visitors of the Website.
“Personal Account” means a set of protected Website pages created as a result of User registration and accessible by entering authentication data (email address/phone number and password) in the fields provided on the Website;
“Payment Request” means a record created in the Service when the User selects a paid plan and payment method, including data necessary for recording the payment, verifying the payment, and providing access to the paid functionality of the Service;
“Manual Payment Verification” means the Operator’s verification of the receipt of payment when the selected payment method does not provide automatic payment confirmation within the Service;
“Payment Partner” or “External Payment Service” means a third party that may be used to accept, process, or verify User payments;
“Provision of PD” means actions aimed at disclosing PD to a specific person or a specific group of persons;
“Cookies” means data automatically transmitted to the Operator during the use of the Website and/or Service by software installed on the User’s device, including IP address, geographic location, browser and operating system information, technical characteristics of the hardware and software used by the User, and the date and time of access to the Website and/or Service. By accepting this Policy, the User agrees to the use of cookies;
“Third Parties” means individuals acting in their own interests or representing the interests of other persons in their relations with the Personal Data Operator within or in connection with proposed, concluded, or existing civil law agreements.

3. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING
3.1. Personal data processing is carried out by the Operator in accordance with the following principles:
· PD processing must be carried out on a lawful and fair basis;
PD processing must be limited to achieving specific, predetermined, and lawful purposes;
· processing of PD incompatible with the purposes of PD collection is not permitted;
· merging databases containing PD processed for mutually incompatible purposes is not permitted;
· the content and scope of processed PD must correspond to the stated purposes of processing;
· processed PD must not be excessive in relation to the stated purposes of processing;
· when processing PD, the accuracy, sufficiency, and, where necessary, relevance of PD in relation to the purposes of processing must be ensured.
3.2. The Operator may process personal data using automated means, without using automated means, or by mixed processing methods.
3.3. The Operator regularly analyzes the compliance of PD processing procedures with the above principles. Such analysis is carried out in the event of:
· creation of new or modification of existing PD processing procedures;
· creation of new or modification of existing PDIS;
· changes in regulatory legal acts affecting the principles and/or processes of PD processing by the Operator.
3.4. Personal data is stored no longer than required by the purposes of personal data processing and is subject to destruction upon achievement of such purposes or if the need to achieve them is lost, unless otherwise provided by law.
3.5. Grounds for termination of personal data processing may include achievement of the purposes of personal data processing, expiration of consent, withdrawal of consent by the PD subject, or identification of unlawful personal data processing.
3.6. The Operator stores personal data exclusively within the territory of the Russian Federation.
3.7. The Operator does not make decisions that create legal consequences for PD subjects or otherwise affect their rights and legitimate interests based solely on automated processing of their PD.
3.8. Personal data is confidential information, and the Operator’s employees may not answer questions related to PD processing by phone or other communication channels that do not allow the identity of the requesting person to be verified.

4. PERSONAL DATA PROCESSED BY THE OPERATOR
The Operator processes PD for the following purposes:

Website Users
- full name;
- phone number;
- email address;
- date of birth;
- gender.
User registration on the Website

Website Users
cookie files
Improving the quality of the Website, ease of use, and development of new services and features.

Users purchasing paid access to the Service
- email address;
- selected subscription plan;
- payment amount;
- payment currency;
- date and time of creation of the payment request;
- payment request status;
- fact of submitting a manual payment verification request;
- technical identifier of the payment request inside the Service;
- payment verification result;
- information provided by the User to support for verification of a disputed, incorrect, or duplicate payment.
Recording payments, manual payment verification, providing access to the paid functionality of the Service, sending notifications about the result of payment verification, processing User requests, and resolving disputed situations.

4.1. When a User visits the Website, the Operator may collect technical information, including: IP address (Internet Protocol address), type of device used, operating system and browser, unique device identifier, referring website addresses, and the path taken by the subject through the websites and mobile application.
4.2. As the User browses the Website pages, the Operator may collect certain data about actions using automated data collection technologies. Such data includes: links clicked while visiting the website; pages or content viewed by the User; the period of viewing a page/content; as well as other similar information and statistics about page visits, for example, content response time, loading errors, and the duration of visits to certain pages. This information is recorded using automated technologies such as cookies (browser cookies, flash cookies) and web beacons, and is also collected using third-party tracking and web analytics services. The Operator uses this information to ensure the Website operates properly, improve the quality of services provided, fix errors, and simplify use of the Website.
4.3. The Operator informs Website users that the collection and processing of cookie files is carried out using internet statistics services:


Yandex Metrica:
· a web analytics service provided by Yandex LLC.
· address: 16 Leo Tolstoy St., Moscow, 119021.
· more information about the service is available here (https://yandex.ru/support/metrica/).
· Yandex Metrica privacy policy is available here (https://yandex.ru/legal/confidential/index.html).
4.4. The Operator processes analytical, marketing, and technical cookies.
Analytical and marketing cookies: determine user preferences and allow storing the history of page visits for the purpose of improving website performance and determining the most and least popular pages. For example, we may analyze the pages you visit, whether you encounter errors, and page loading times.
Technical cookies: necessary for normal operation of the website and cannot be disabled. These cookies do not store personal information.
4.5. You can always prohibit the use of cookies in the “Options” or “Settings” menu. If you need help, we recommend visiting the resources provided by the browser. You can also find additional information in the “Help” section directly in your browser.
4.6. When paying for paid access, the User may be redirected to the page of an external payment service or payment partner. The Operator does not receive or store full bank card details of the User, including card number, card expiration date, and CVV/CVC code. Data entered by the User on the side of the external payment service or payment partner is processed by the relevant payment service or payment partner in accordance with its own rules and privacy policy.
4.7. When using payment methods that require manual verification, the Operator processes only the information about the payment request that is necessary to verify receipt of payment, provide access to paid functionality, notify the User of the verification result, and resolve disputed situations.

5. GROUNDS FOR PERSONAL DATA PROCESSING
5.1. Personal data processing is permitted in the following cases:
· where consent to personal data processing has been obtained;
· where processing is necessary to achieve purposes provided by law, as well as to exercise and perform the functions, powers, and obligations imposed on the Operator by law;
· PD processing is necessary for the administration of justice, enforcement of a judicial act, act of another body or official subject to enforcement in accordance with the enforcement proceedings legislation of the Russian Federation;
· for the conclusion of a contract at the initiative of the PD subject and performance of a contract to which the PD subject is a party or beneficiary;
· PD processing is necessary to protect the life, health, or other vital interests of the PD subject if obtaining the consent of the PD subject is impossible;
· where processing is necessary to exercise the rights and legitimate interests of the Operator and/or third parties, or to achieve socially significant purposes, provided that the rights and freedoms of the PD subject are not violated;
· where processing is also carried out for statistical or other research purposes subject to mandatory depersonalization of personal data;
· where personal data is subject to publication or mandatory disclosure in accordance with the law.
5.2. Where written consent of the subject to PD processing is not required under Federal Law No. 152-FZ, consent may be given by the PD subject or their representative in any form that allows confirmation of the fact of obtaining consent, including electronically.
5.3. Personal data related to payment for paid access is processed for the conclusion and performance of a contract with the User, provision of access to paid functionality of the Service, payment accounting, verification of payment requests, sending notifications about payment verification results, processing User requests, and protecting the rights and legitimate interests of the Operator and the User in the event of disputed situations.
6. TRANSFER OF PERSONAL DATA
6.1. In the course of its activities, the Operator may entrust the processing of personal data to third parties with the consent of the PD subject, unless otherwise provided by the current legislation of the Russian Federation. In this case, the person processing personal data on behalf of the Operator must comply with the principles and rules for processing and ensuring the security of personal data established by the legislation of the Russian Federation.
6.2. The instruction for personal data processing must define:
· the list of personal data;
· the list of actions with personal data to be performed by the person processing personal data;
· the purposes of processing, which must not contradict the purposes stated by the PD subject in the contract with the Operator, consent, and other documents;
· the obligation to comply with personal data protection requirements and the principles and rules of personal data processing provided by Federal Law No. 152-FZ;
· the obligation of such person to maintain confidentiality of personal data and ensure the security of personal data during processing.
6.3. In the course of its activities and provision of services, the Operator does not carry out cross-border transfer of personal data to persons located in foreign countries, except in cases expressly provided for by the current legislation of the Russian Federation, or where such transfer is necessary for the performance of a contract with the User and is carried out on an appropriate legal basis.
6.4. When using external payment services or payment partners, the User may independently proceed to the page of such service or partner to make payment. The Operator does not transfer the User’s email address, internal User identifier, or other personal data of the User to the payment partner, unless otherwise expressly indicated in the payment interface or required to process the payment method selected by the User.
6.5. If, for the verification of a disputed, incorrect, or duplicate payment, the User independently provides the Operator with additional payment information, such information is used by the Operator solely to verify the payment, provide access to paid functionality, refund funds where there are grounds to do so, or resolve the disputed situation.
7. MEASURES AIMED AT ENSURING PERSONAL DATA SECURITY
7.1. The Operator takes necessary and sufficient legal, organizational, and technical measures to protect PD from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions. Such measures include, in particular:
· appointment of a person responsible for PD processing;
· application of organizational and technical measures to ensure the security of PD during processing in information systems;
· monitoring incidents of unauthorized access to PD and taking measures to prevent similar incidents in the future;
· control over the measures taken to ensure the security of PD and the level of protection of PD information systems.
8. RIGHTS OF THE PERSONAL DATA SUBJECT
8.1. The personal data subject has the right to:
· receive information about the processing of their personal data;
· withdraw previously given consent to personal data processing. Upon receipt of withdrawal of consent to PD processing, the Operator has the right to continue processing personal data where other legal grounds exist in accordance with Part 2 of Article 9 and Parts 4 and 5 of Article 21 of Federal Law No. 152-FZ;
· request clarification, blocking, or destruction of their personal data if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, as well as request termination of personal data processing if the purpose of such processing has already been achieved.
8.2. To exercise and protect their rights and legitimate interests, the PD subject or their representatives may contact the Operator by sending a request in electronic form to the email address hanziway@yandex.ru
8.3. The Operator specifically notes that the request must contain a description of the requirements, as well as the following information:
· full name;
· number of the identity document, information on the date of issue of the document and the issuing authority, or other information allowing the PD subject to be unambiguously identified;
· information confirming participation in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and/or other information), or information otherwise confirming the fact of personal data processing by the Operator;
· signature.
8.4. If the request is submitted by a representative, the request must also indicate the full name of the representative and include a document confirming their authority.
8.5. The Operator provides a response in the form in which the relevant request was submitted, unless otherwise specified in the request.
9. PROCEDURE FOR DESTRUCTION OF PERSONAL DATA
9.1. Personal data is subject to destruction in the following cases:
· upon achievement of the purpose of personal data processing or in the event of loss of the need to achieve the purpose of personal data processing, unless otherwise provided by Federal Law No. 152-FZ;
· upon amendment or repeal of regulatory legal acts establishing the legal grounds for personal data processing;
· upon identification of unlawful personal data processing;
· upon withdrawal of consent by the personal data subject, unless otherwise provided by Federal Law No. 152-FZ.
9.2. Personal data is destroyed within 30 (thirty) days from the date of receipt of a notice of withdrawal of consent to processing or discovery of data subject to destruction, unless another period is provided by law or by agreement between the PD subject and the Operator, except for personal data
processed unlawfully, which must be destroyed within a period not exceeding 10 (ten) business days from the date unlawful personal data processing is identified.
9.3. Physical media containing personal data stored in archives and personal data contained in electronic archives are destroyed in accordance with the rules of archival legislation in the Russian Federation.
9.4. Personal data related to payment requests, manual payment verification, provision of paid access, refunds, and disputed situations is stored for the period necessary to achieve the stated purposes of processing, as well as for the period necessary for the Operator to fulfill its obligations, keep records of services provided, and protect the rights and legitimate interests of the Operator and the User, unless another period is established by the legislation of the Russian Federation.
10. FINAL PROVISIONS
10.1. Officials and employees of the Operator guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil, and criminal liability in accordance with the legislation of the Russian Federation.
10.2. Each employee of the Operator is responsible for ensuring the confidentiality of PD that becomes known to them in connection with the performance of their duties, and in the event of unlawful disclosure (disclosure, transfer) of PD, they shall compensate the Operator in full for the damage caused.
10.3. The Operator may, at its own discretion, amend the provisions of this Policy, including updating them as necessary, including under the following conditions:
10.4. changes in regulatory legal acts governing the principles and/or processes of personal data processing by the Operator;
10.5. creation of new or modification of existing personal data processing procedures;
10.6. based on the results of audits, penetration tests, security testing, and confirmation of non-compliance of systems and/or processes with the current Policy.
10.7. Unless otherwise provided by this Policy, all changes made to it come into force from the date the new version is published on the Operator’s website.
10.8. In all other matters not provided for by this Policy, the Operator is guided by the provisions of the current legislation of the Russian Federation.


Subscribe