Privacy Policy for the Processing of Personal Data

1. General Provisions
This Privacy Policy for the Processing of Personal Data is prepared in accordance with the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data undertaken by Sofya Andreevna Ganievskaya (hereinafter referred to as the Operator).
1.1. The Operator considers the observance of human and civil rights and freedoms in the processing of personal data, including the protection of privacy, personal and family secrets, as a key objective and condition for conducting its activities.
1.2. This Policy applies to all information that the Operator may receive about visitors to the website sopicoviz.com/.
2. Key Terms Used in This Policy
2.1. Automated processing of personal data — processing using computer technology.
2.2. Blocking of personal data — temporary suspension of data processing (except where processing is necessary to clarify the data).
2.3. Website — a set of graphic and informational materials, as well as computer software and databases, accessible online at sopicoviz.com/.
2.4. Information system of personal data — a set of personal data contained in databases and the information technologies and technical means ensuring their processing.
2.5. Depersonalization of personal data — actions that make it impossible to identify the data subject without additional information.
2.6. Processing of personal data — any action or combination of actions performed with or without automation involving personal data, including collection, recording, systematization, accumulation, storage, updating, retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction.
2.7. Operator — a state body, municipal authority, legal entity or individual who organizes and/or carries out the processing of personal data and defines the purpose, content, and operations performed on such data.
2.8. Personal data — any information relating directly or indirectly to an identified or identifiable User of the sopicoviz.com/ website.
2.9. Personal data allowed for dissemination by the data subject — personal data made publicly accessible by the data subject through consent given under the Personal Data Law (hereinafter — data allowed for dissemination).
2.10. User — any visitor of the sopicoviz.com/ website.
2.11. Provision of personal data — actions aimed at disclosing data to a specific person or a specific group of persons.
2.12. Dissemination of personal data — actions aimed at disclosing data to an indefinite group of persons, including publication in media, posting online, or granting access by any other means.
2.13. Cross-border transfer of personal data — transfer to the territory of a foreign state, to a foreign authority, individual or legal entity.
2.14. Destruction of personal data — actions resulting in the irreversible deletion of data with no possibility of recovery.
3. Operator's Rights and Obligations
3.1. The Operator has the right to:
  • Receive reliable information and/or documents from the data subject;
  • Continue processing personal data without consent if grounds exist under the Personal Data Law;
  • Independently define necessary measures to fulfill its obligations unless otherwise stated by law.
3.2. The Operator must:
  • Provide the data subject with information on their data processing upon request;
  • Organize data processing in accordance with Russian law;
  • Respond to requests from data subjects and authorities within the legal timeframe;
  • Publish or otherwise ensure public access to this Privacy Policy;
  • Take legal, organizational, and technical measures to protect personal data from unauthorized access, destruction, modification, copying, provision, or dissemination;
  • Cease processing and destroy personal data when required by law;
  • Fulfill other obligations as per the Personal Data Law.
4. Rights and Obligations of Data Subjects
4.1. Data subjects have the right to:
  • Receive information regarding their data processing, except as limited by law;
  • Request correction, blocking, or destruction of inaccurate or illegally obtained data;
  • Require prior consent for use of their data for marketing;
  • Withdraw consent at any time;
  • File complaints with supervisory authorities or courts;
  • Exercise other rights under Russian law.
4.2. Data subjects must:
  • Provide accurate information about themselves;
  • Notify the Operator about updates to their data.
4.3. Persons providing false or third-party data without consent are liable under Russian law.
5. Principles of Personal Data Processing
5.1. Data must be processed lawfully and fairly.
5.2. Data processing must pursue specific, lawful objectives.
5.3. Databases with incompatible purposes may not be merged.
5.4. Only data relevant to the purposes of processing may be processed.
5.5. The scope of processed data must be proportionate to its intended purpose.
5.6. Accuracy and relevance must be ensured, with corrections made when needed.
5.7. Data must not be stored longer than necessary, and must be deleted or depersonalized when no longer needed, unless otherwise required by law.
6. Conditions for Personal Data Processing
6.1. Personal data is processed with the consent of the data subject, unless otherwise stipulated by law.
6.2. Processing of personal data without the subject’s consent is allowed in the following cases:
  • To achieve objectives specified by law or fulfill legal obligations of the Operator;
  • For justice administration, execution of a judicial act or an act of another authorized body;
  • For the execution of a contract where the data subject is a party or beneficiary;
  • To protect the life, health, or other vital interests of the data subject if obtaining consent is not possible;
  • When processing is necessary for the Operator to exercise rights or legal interests or for the functioning of a third party, provided the rights of the data subject are not violated;
  • If processing is for statistical or other research purposes (subject to mandatory depersonalization of data);
  • If the data has been made publicly available by the subject;
  • If processing is necessary for journalistic, scientific, literary, or creative activities, provided the rights of the subject are not infringed.
6.3. The Operator ensures the confidentiality of personal data and must not disclose or disseminate it without lawful grounds and the subject's consent.
6.4. The Operator processes personal data using automation tools and without them.
7. List of Actions Performed with Personal Data and the Processing Methods Used by the Operator
7.1. The Operator collects, records, systematizes, accumulates, stores, updates, retrieves, uses, transfers (with consent), depersonalizes, blocks, deletes, and destroys personal data.
7.2. The Operator performs both automated and non-automated processing.
8. Cross-Border Transfer of Personal Data
8.1. Before transferring personal data across borders, the Operator must ensure the foreign country provides adequate protection of data subjects' rights.
8.2. Cross-border transfers to countries not ensuring adequate protection may occur only if:
  • The data subject consents in writing;
  • The transfer is necessary to fulfill a contract involving the data subject;
  • It is required by Russian legislation, international agreements, or for protecting vital interests of the subject or others;
  • It is necessary for justice or the performance of public functions.
9. Confidentiality of Personal Data
The Operator and others with access to personal data must not disclose it to third parties or disseminate it without the subject’s consent unless required by law.
10. Final Provisions
10.1. The User can obtain any clarifications regarding the processing of their personal data by contacting the Operator via email at: sopicoviz@gmail.com.
10.2. This document will reflect any changes to the Operator’s personal data processing policy. The policy is valid indefinitely until replaced by a new version.
10.3. The current version of the Policy is freely available online at: https://sopicoviz.com/privacypolicy.
11. Data Storage Period
11.1. Personal data is stored no longer than required by the purposes of processing, unless a longer retention period is established by law or agreement.
12. Rights of the Data Subject
12.1. The data subject has the right to:
  • Access their personal data;
  • Request clarification, blocking, or destruction of their data if it is incomplete, outdated, inaccurate, or unlawfully obtained;
  • Withdraw consent to processing;
  • Object to processing;
  • Appeal actions or inaction of the Operator to a supervisory authority or in court.
13. Contact Details of the Operator
Operator: Sofya Andreevna Ganievskaya
Email: sopicoviz@gmail.com
Website: https://sopicoviz.com