Privacy Policy for the Processing of Personal Data
  1. General Provisions
  2. This Personal Data Processing Policy has been drawn up in accordance with the requirements of Federal Law No. 152‑FZ of 27.07.2006 “On Personal Data” (hereinafter – the Personal Data Law) and defines the procedure for processing personal data and the measures taken by Ekaterina Davidenko (hereinafter – the Operator) to ensure the security of personal data.
  3. 1.1. The Operator considers compliance with the rights and freedoms of individuals and citizens in the processing of their personal data—including the protection of the right to privacy, personal and family secrets—to be its most important objective and a necessary condition for its activities.
  4. 1.2. This Personal Data Processing Policy (hereinafter – the Policy) applies to all information that the Operator may obtain about visitors to the website http://estilistamarbella.com/.
  5. Key Terms Used in the Policy
  6. 2.1. Automated processing of personal data – processing of personal data by means of computer equipment.
  7. 2.2. Blocking of personal data – temporary suspension of personal data processing (except where processing is required to clarify personal data).
  8. 2.3. Website – a set of graphical and informational materials, as well as computer programs and databases that ensure their availability on the Internet at http://estilistamarbella.com/.
  9. 2.4. Personal data information system – a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
  10. 2.5. Anonymization of personal data – actions that make it impossible to determine, without additional information, that personal data belong to a particular user or other personal data subject.
  11. 2.6. Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automated means on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
  12. 2.7. Operator – a state body, municipal authority, legal or natural person, acting alone or jointly with others, organizing and/or carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of the personal data to be processed, and the actions (operations) performed with personal data.
  13. 2.8. Personal data – any information relating directly or indirectly to a specific or identifiable user of the website http://estilistamarbella.com/.
  14. 2.9. Personal data permitted by the data subject for dissemination – personal data to which the data subject has provided unrestricted access by giving consent to the processing of personal data permitted for dissemination in the manner provided by the Personal Data Law (hereinafter – personal data permitted for dissemination).
  15. 2.10. User – any visitor to the website http://estilistamarbella.com/.
  16. 2.11. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.
  17. 2.12. Dissemination of personal data – any actions aimed at disclosing personal data to an unspecified group of persons (transfer of personal data) or making personal data available to an unlimited group of persons, including publication in mass media, placement in information and telecommunications networks, or providing access to personal data in any other way.
  18. 2.13. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a state authority of that foreign state, to a foreign natural person, or to a foreign legal entity.
  19. 2.14. Destruction of personal data – any actions resulting in irreversible destruction of personal data with impossibility of further restoration of personal data content in the personal data information system and/or destruction of material carriers of personal data.
  20. Main Rights and Obligations of the Operator
  21. 3.1. The Operator has the right to:
  22. — obtain from the personal data subject accurate information and/or documents containing personal data;
  23. — in the event the personal data subject withdraws consent for processing or demands cessation of processing, the Operator may continue processing personal data without the subject’s consent if grounds for such processing are provided by the Personal Data Law;
  24. — independently determine the composition of necessary and sufficient measures to fulfill the obligations prescribed by the Personal Data Law and the normative legal acts adopted pursuant thereto, unless otherwise provided by federal law.
  25. 3.2. The Operator is obliged to:
  26. — provide the personal data subject, upon request, with information concerning the processing of their personal data;
  27. — organize personal data processing in the manner prescribed by the current legislation of the Russian Federation;
  28. — respond to inquiries and requests of personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
  29. — upon request of the authorized body for protecting personal data subjects’ rights, provide necessary information within ten (10) days from receipt of such request;
  30. — publish or otherwise ensure unrestricted access to this Personal Data Processing Policy;
  31. — take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, distribution, as well as from other illegal actions;
  32. — cease transfer (distribution, provision, access) of personal data, cease processing and destroy personal data in the manner and cases provided by the Personal Data Law;
  33. — perform other obligations provided by the Personal Data Law.
  34. Main Rights and Obligations of Personal Data Subjects
  35. 4.1. Personal data subjects have the right to:
  36. — receive information concerning the processing of their personal data, except as otherwise prescribed by federal law. Such information must be provided in an accessible form and must not contain personal data relating to other subjects, except when there are legal grounds for disclosing such data. The list of information and procedure for obtaining it are established by the Personal Data Law;
  37. — demand that the Operator clarify their personal data, block or destroy them if the data are incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the declared purpose of processing, and take legally provided measures to protect their rights;
  38. — impose the condition of prior consent for processing personal data for the purpose of marketing goods, works, or services;
  39. — withdraw consent to the processing of personal data and demand cessation of processing;
  40. — appeal to the authorized body for personal data protection or to a court against unlawful actions or omissions of the Operator in processing their personal data;
  41. — exercise other rights provided by the legislation of the Russian Federation.
  42. 4.2. Personal data subjects are obliged to:
  43. — provide the Operator with accurate data about themselves;
  44. — notify the Operator of any clarifications (updates, changes) to their personal data.
  45. 4.3. Persons who provide the Operator with inaccurate information about themselves or information about another personal data subject without that subject’s consent bear responsibility in accordance with the legislation of the Russian Federation.
  46. Principles of Personal Data Processing
  47. 5.1. Personal data processing is carried out on a lawful and fair basis.
  48. 5.2. Processing of personal data is limited to achieving specific, predetermined, and lawful purposes. Processing incompatible with the purposes of data collection is not permitted.
  49. 5.3. Combining databases containing personal data processed for incompatible purposes is not permitted.
  50. 5.4. Only personal data that meet the purposes of processing may be processed.
  51. 5.5. The content and volume of processed personal data must correspond to stated purposes. Excessive processing relative to purposes is not allowed.
  52. 5.6. Accuracy, sufficiency, and, when necessary, relevance of personal data are ensured. The Operator takes measures to delete or clarify incomplete or inaccurate data.
  53. 5.7. Personal data are stored in a form that allows identification of the subject no longer than required by processing purposes, unless a longer retention period is prescribed by federal law or contract. Upon achieving processing purposes or loss of necessity, data are destroyed or anonymized, unless otherwise provided by federal law.
  54. Purposes of Personal Data Processing

Purpose of Processing

Personal Data Collected

Legal Basis

Types of Processing

Informing the User by sending e‑mails

Last name, first name, patronymic; e‑mail address; phone numbers

Contracts concluded between the Operator and the data subject

Sending informational messages to e‑mail addresses

  1. Conditions for Personal Data Processing
  2. 7.1. Processing is carried out with the data subject’s consent.
  3. 7.2. Processing is necessary for purposes provided by an international treaty of the Russian Federation or law, or for exercising functions, powers, and obligations imposed by the legislation of the Russian Federation.
  4. 7.3. Processing is necessary for administration of justice, enforcement of a court decision, or acts of another body or official enforceable under Russian law on enforcement proceedings.
  5. 7.4. Processing is necessary for performance of a contract to which the data subject is a party, beneficiary, or guarantor, or for concluding such a contract at the subject’s initiative.
  6. 7.5. Processing is necessary for exercising the rights and lawful interests of the Operator or third parties, or for achieving socially significant purposes, provided it does not violate the rights and freedoms of the data subject.
  7. 7.6. Processing of publicly available personal data to which the subject has granted unrestricted access.
  8. 7.7. Processing of personal data subject to publication or mandatory disclosure under federal law.
  9. Procedure for Collection, Storage, Transfer, and Other Types of Processing
  10. Security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures required by current legislation on personal data protection.
  11. 8.1. The Operator ensures the security of personal data and takes all possible measures to exclude access by unauthorized persons.
  12. 8.2. Personal data of the User will never be disclosed to third parties, except for cases required by law or with the User’s consent for transfer to a third party to fulfill obligations under a civil law contract.
  13. 8.3. If inaccuracies in personal data are discovered, the User may update them by sending a notice to the Operator’s e‑mail: Carelika.spain@gmail.com with the subject line “Updating Personal Data.”
  14. 8.4. The retention period of personal data is determined by the purposes for which they were collected, unless otherwise provided by contract or law. The User may withdraw consent at any time by emailing Carelika.spain@gmail.com with the subject “Withdrawal of Consent for Personal Data Processing.”
  15. 8.5. All information collected by third‑party services (payment systems, communication tools, other service providers) is stored and processed by those entities in accordance with their User Agreement and Privacy Policy. The Operator is not responsible for third‑party actions.
  16. 8.6. Restrictions imposed by the data subject on transfer (except provision of access) or conditions of processing of personal data permitted for dissemination do not apply where processing is carried out in the public interest as defined by Russian law.
  17. 8.7. The Operator ensures confidentiality of personal data during processing.
  18. 8.8. The Operator stores personal data in an identifiable form no longer than required by processing purposes, unless otherwise provided by law or contract.
  19. 8.9. Processing may cease upon achieving processing purposes, expiration of consent, withdrawal of consent, demand to cease processing, or detection of unlawful processing.
  20. List of Actions Performed by the Operator with Received Personal Data
  21. 9.1. The Operator performs collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
  22. 9.2. The Operator carries out automated processing of personal data with transmission or receipt of information over telecommunication networks or without such networks.
  23. Cross‑Border Transfer of Personal Data
  24. 10.1. Before commencing cross‑border transfer, the Operator must notify the authorized body for personal data protection (this notification is sent separately from the notice of intent to process personal data).
  25. 10.2. Prior to such notification, the Operator must obtain from the foreign state bodies, foreign natural persons, or foreign legal entities—recipients of personal data—relevant information.
  26. Confidentiality of Personal Data
  27. The Operator and other persons with access to personal data must not disclose or distribute personal data to third parties without the subject’s consent unless otherwise provided by federal law.
  28. Final Provisions
  29. 12.1. The User may obtain any clarifications regarding processing of their personal data by contacting the Operator at Carelika.spain@gmail.com.
  30. 12.2. Any changes to this Policy will be reflected in this document. This Policy is effective indefinitely until replaced by a new version.
  31. 12.3. The current version of the Policy is publicly available at https://estilistamarbella.com/privacy_policy.
Made on
Tilda