This Personal Data Processing Policy (hereinafter — "Policy") defines the basic principles, objectives, conditions and ways of processing of personal data of
https://alexeibutirskiyart.com/ site users (as defined in section 1 below) as well as all other natural persons who provide the Operator with their personal data.
1. General terms
1.1. This Policy has been drawn up in accordance with the Federal Law "On Personal Data" 152-Federal Law of 27 July 2006, as well as other legal and regulatory acts of the Russian Federation in the field of personal data protection and processing.
1.2. The legislation of the Russian Federation shall apply to this Policy, including the interpretation of its provisions and the procedure for the adoption, enforcement, modification and termination thereof.
1.3. The Policy applies to all personal data processed by Alixei Butirskiy (hereinafter — the Operator).
1.4. The Policy shall apply to relations in the field of personal data processing, which have arisen with the Operator both before and after the approval of this Policy.
1.5. In accordance with the requirements of art. 2. 18.1 of the Federal Law "On Personal Data" this Policy is publicly available on the Internet Information and Telecommunications Network on the Operator’s website.
1.6. The following terms and definitions are used in this Policy:
The User is a personal data subject who is a visitor to the Site, accepting the terms of this Policy and wishing to place or having placed orders in the
alexeibutirskiyart.com/, or using any other features of the site;
Personal data is any information relating to a directly or indirectly defined or identified natural person;
Processing of personal data is any action (transaction) or set of actions (transactions) performed with Personal Data with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (dissemination, providing, accessing), anonymizing, blocking, deleting, destroying of Personal Data;
The Personal Data Subject is a natural person directly or indirectly identified on the basis of received information;
Personal Data Protection is the complex of The Company’s activities aimed at ensuring the confidentiality of Personal Data, establishing and observing the procedure for processing Personal Data, as well as the application of organizational and technical measures to ensure the security of Personal Data and other measures in accordance with the legislation of the Russian Federation;
Confidential information — information (in a documented or digital format) access to which is restricted in accordance with the legislation of the Russian Federation or local regulations of the Company;
Automated processing of personal data — computer processing of personal data;
Cross-border transfer of personal data — transfer of personal data to the territory of a foreign State to the authority of a foreign State, to a foreign natural person or to a foreign company.
2. Rights and obligations of Personal Data Subjects and the Operator
2.1. The Personal Data Subjects has the right to:
2.1.1. receive information relating to the processing of his personal data in the manner, form and time frame established by law;
2.1.2. request clarification of the personal data, its destruction or blocking if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
2.1.3. withdraw the consent to the processing of personal data in accordance with the procedure specified in this Policy;
2.1.4. be delisted from the Operator’s mailing list;
2.1.5. exercise other rights provided by current legislation.
2.2. The Opeator has the right to:
2.2.1. process the personal data of Personal Data Subjects in accordance with stated objectives and in compliance with established requirements;
2.2.2. require entities to provide reliable personal data necessary to achieve the stated objectives;
2.2.3. restrict the Subject’s access to personal data in cases when the processing of personal data is carried out in accordance with the legislation on combating the legalization (laundering) of the proceeds of crime and the financing of terrorism, the Subject’s access to his personal data violates the rights and legitimate interests of third parties, as well as in other cases specified by federal law.
2.3. The Operator is obliged to:
2.3.1. organize the processing of personal data in accordance with the requirements of the Personal Data Law;
2.3.2. respond to communications and queries from Personal Data Subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
2.3.3. inform the competent body for the protection of the rights of Personal Data Subjects (Federal Service for the Supervision of Communications, Information Technologies and Mass Communications (Roskomnadzor)) at the request of this body of the necessary information within 30 days from the date of receipt of the request.
2.4. Monitoring of compliance with the requirements of this Policy is carried out by the authorized person responsible for arranging the processing of personal data at the Operator.
2.5. Liability for violation of the requirements of the legislation of the Russian Federation and the regulations of the Operator in the field of processing and protection of personal data shall be determined in accordance with the legislation of the Russian Federation.
3. Volume and type of personal data processed
3.1. The Operator processes the personal data of the Personal Data Subjects within the bounds limited to the purposes of processing personal data. With regard to Users of the Site, their personal information in this Policy shall be understood as:
3.1.1. data provided by the User independently upon registration or in the process of using the Site, namely: name, first name, patronymic, date of birth, sex, postal address; home, working, mobile phone numbers, e-mail address, password from the Site profile. Mandatory information is marked by the Site. Other information is provided by the User at his discretion;
3.1.2. technical data which is transmitted automatically to the Operator during the use of the Site by means of software installed on the device of the User, including the IP address, cookie data, information about the User’s browser (or other program by which the Site is accessed), technical specifications of the equipment and software used by the User, the date and time of access to the Site, the addresses of requested pages and such other information;
3.2. Operator does not process special categories of Users' personal data
(information on race, nationality, political views, religious or philosophical beliefs, private life), as well as their biometric personal data.
3.3. The Operator does not control or take responsibility for processing the personal data of the Users by third party sites to which the User can access by links available on the Site.
3.4. The Operator does not check and does not assume responsibility for the accuracy of the information provided by the User on the Site.
4. Purposes of personal data processing
4.1. The Operator shall process only those personal data that are necessary to achieve the objectives defined in paragraph 4.2 of this Policy.
4.2. Personal data is processed by the Operator with the aim of:
4.2.1. Enforcement of Russian Federation legislation;
4.2.2. Pursuance of its business activity;
4.2.3. Exercise of civil law relations;
4.2.4. Ensuring interaction with Operator’s customers and counterparties as well as conclusion and execution of contracts with them;
4.5.3. With regard to Users of the Site, the purposes of processing their personal data by the Operator are:
User registration on the Site and their ordering of goods, or purchase of goods on the Site without registration;
processing of queries and requests from Users via the Site;
improving the quality of the Site, making it user-friendly, developing new services;
targeting of promotional materials;
conducting promotional and marketing activities, programs, campaigns, surveys, giveaways, etc. as well as for the promotion of goods and services on the market through direct contacts (advertising and information) with the User by various means of communication including, but not limited to: mail, e-mail, telephone, Internet;
conducting statistical and other studies based on impersonal data to improve the quality of services.
5. Principles of personal data processing
5.1. The Operator processes the personal data of the Personal Data Subjects according to the following principles:
5.1.1. Personal Data of the Subject is processed for predetermined and legitimate purposes, which are listed in Section 4 of this Policy.
5.1.2. The Operator shall process only that personal data that is necessary to achieve the objectives specified in this Policy.
5.1.3. The Operator ensures the accuracy and relevance of the personal data processed and its sufficiency in relation to processing purposes.
5.1.4. The Operator shall ensure confidentiality in the processing of personal data and shall apply all necessary measures in accordance with paragraph 9.1 of the Policy.
6. Procedures and conditions for processing and transmitting personal data to third parties
6.1. Processing of personal data of a Personal Data Subject includes collection, systematization, accumulation, storage, clarification, use and transfer of personal data to third parties both within the territory of the Russian Federation and cross-border transfer, anonymization, blocking, and destruction of personal data for the purpose of fulfilling the Operator’s obligations under this Policy as specified in Section 4 of the Policy.
6.2. Personal data of a Personal data Subject is processed by the Operator both by means of automation tools (with the help of automated database management systems as well as other software tools) and without their use.
6.3. If it is necessary to achieve the objectives specified in this Policy, the Operator may grant access or transfer personal data to other companies. In addition, if necessary to achieve the stated objectives of personal data processing, access to personal data may be provided to third-party suppliers, such as technology service providers, financial management services, logistics. Access to personal data/transfer of personal data shall be subject to a contract with such persons, provided that such third parties respect the confidentiality of personal data and the security of personal data in their processing.
6.4. Personal data of a Personal Data Subject is processed only with his
consent. The consent given by the Personal Data Subject to the processing of his personal data shall be of unlimited duration and may be revoked by him or his representative by means of a written declaration from the Personal Data Subject to the Operator’s location, specified in this Policy, or by written notification to an e-mail address
alexei.fineart@gmail.com.7. Modification and deletion of personal data. Mandatory storage
7.1. The Operator is obliged, at the request of the Personal Data Subject, to specify, block or delete the personal data processed if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing.
7.1.1. The Operator shall, within a period not exceeding 10 (ten) calendar days from the date on which the Subject provides information that the personal data is incomplete, inaccurate or irrelevant, amend it and notify the Personal Data Subject.
7.1.2. Personal data to be destroyed in the following cases:
1) where it is impossible to properly process personal data within a period not exceeding 15 (fifteen) calendar days from the date of detection of improper processing;
2) upon receipt of a written application by a Personal Data Subject for the destruction of personal data or withdrawal of the User’s consent for the processing of personal data;
3) achieving or forfeiting the goal of personal data processing;
4) expiry of retention periods for personal data.
7.1.3. Personal data is to be destroyed within 30 (thirty) calendar days, unless otherwise stipulated by Russian law or policy.
7.2. Rights under the provisions of this Policy may be restricted as required by law. For example, such restrictions may include the obligation of the Operator to retain the information modified or removed by the User for a period of time specified by law and to transmit such information in accordance with a legally established procedure to the public authority.
7.3. Personal data shall be kept in storage no longer than the purpose of processing personal data requires, unless a time limit for the storage of personal data has been established by federal law or a treaty to which the Personal Data Subject is the beneficiary or the guarantor.
8. Processing personal data with cookies and counters
8.1. Cookies transmitted by the Operator to the User’s hardware and equipment and vice versa may be used by the Operator to provide personalized services to the User, to target advertising that is shown to the User for statistical and research purposes and to improve the operation of the Site.
8.2. The Users realize that the hardware and software they use to visit websites on the Internet may have the function of disallowing cookies (for any sites or for certain sites) and removing previously received cookies.
8.3. Search engines are entitled to specify that the provision of a certain service is only possible if the User is allowed to receive cookies.
8.4. The structure of the cookie, its content and technical parameters are defined by the Operator and can be changed without prior notice to the User.
8.5. Сounters posted by the Site can be used to analyze the User’s cookies, to collect and process statistical information about the use of the Site, as well as to ensure the functionality of the Site as a whole or its individual functions in particular. The technical parameters of the field operations are defined by the Operator and can be modified without prior notification of the User.
9. Personal data protection
9.1. The Operator shall take necessary and sufficient legal, organizational and technical measures to protect the personal data of the Subjects from improper or accidental access, destruction, modification, blocking, copying, proliferation, and other unlawful acts of third parties.
9.2. To ensure adequate protection of personal data, the Operator assesses the harm that may be caused in the event of a breach of the security of personal data, and also identifies the current threats to the security of personal data during their processing in personal information systems.
10. Policy change
10.1. The Operator has the right to change this Policy without the consent of the Personal Data Subject. The latest update date is indicated when changes are made to the current version. The new version of the Policy shall enter into force from the moment of its promulgation until the date of approval of the new version of the Policy, unless otherwise provided for in the new version of the Policy. The current edition is permanently available on the Site.
11. Contacts and questions on personal data
11.1. All offers, questions, queries and other communications concerning this Policy and the use of personal data the Personal Data Subject is entitled to send to the Operator:
— by email address ;
This Personal Data Processing Policy (hereinafter — "Policy") defines the basic principles, objectives, conditions and ways of processing of personal data of
https://alexeibutirskiyart.com/ site users (as defined in section 1 below) as well as all other natural persons who provide the Operator with their personal data.