Personal Data Processing Policy

1. General Provisions
This personal data processing policy (hereinafter referred to as the Policy) has been prepared in accordance with the requirements of Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006 (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and the measures to ensure the security of personal data undertaken by Alb Valentyna (hereinafter referred to as the Operator).
1.1. The Operator considers the observance of human and civil rights and freedoms in processing personal data, including the right to privacy, personal and family secrets, as the most important condition for its activity.
1.2. This Policy applies to all information the Operator may obtain about visitors to the website https://sankhara-jewelry.com/.

2. Key Terms Used in the Policy
2.1. Automated processing of personal data – processing using computing technologies.
2.2. Blocking of personal data – temporary cessation of personal data processing (except when processing is needed to clarify personal data).
2.3. Website – a collection of graphical and informational materials, as well as software and databases available online at https://sankhara-jewelry.com/.
2.4. Information system of personal data – a set of personal data contained in databases and the technologies used to process them.
2.5. Depersonalization of personal data – actions that make it impossible to identify a user without additional information.
2.6. Personal data processing – any action with personal data, including collection, recording, storage, use, transfer, depersonalization, blocking, deletion, and destruction.
2.7. Operator – any entity that organizes and processes personal data and determines the purpose and scope of the processing.
2.8. Personal data – any information relating to a directly or indirectly identifiable User of the website https://sankhara-jewelry.com/.
2.9. Personal data allowed for distribution – personal data that a subject allows to be made available to the public through consent.
2.10. User – any visitor to the website https://sankhara-jewelry.com/.
2.11. Providing personal data – actions aimed at disclosing personal data to specific individuals or groups.
2.12. Distribution of personal data – any actions aimed at disclosing personal data to an unlimited number of individuals, including in the media or online.
2.13. Cross-border transfer of personal data – transferring personal data to a foreign state, foreign legal entity, or individual.
2.14. Destruction of personal data – any actions that irreversibly destroy personal data, preventing their recovery.

3. Rights and Obligations of the Operator
3.1. The Operator has the right to:
— Request accurate information and/or documents containing personal data from the subject.
— Continue processing personal data without consent in cases specified by law.
— Independently determine the necessary measures for personal data protection unless otherwise specified by law.
3.2. The Operator must:
— Provide information to the data subject about the processing of their personal data.
— Organize data processing according to Russian law.
— Respond to requests from data subjects and their legal representatives.
— Report to the regulatory body on the protection of data subjects' rights upon request.
— Publish this Policy to ensure public access.
— Take measures to protect personal data from unauthorized access, destruction, modification, or other illegal actions.
— Cease personal data transmission and processing as required by law.

4. Rights and Obligations of Data Subjects
4.1. Data subjects have the right to:
— Obtain information about the processing of their personal data, except in cases specified by federal law.
— Request corrections, blocking, or destruction of personal data if it is incomplete, outdated, inaccurate, illegally obtained, or unnecessary for processing purposes.
— Require prior consent for personal data processing for marketing purposes.
— Withdraw consent to personal data processing at any time.
— Appeal against unlawful actions in processing personal data.
4.2. Data subjects are obligated to:
— Provide accurate information about themselves.
— Notify the Operator of any changes to their personal data.

5. Principles of Personal Data Processing
5.1. Processing must be carried out lawfully and fairly.
5.2. Processing is limited to achieving specific, legitimate purposes.
5.3. It is prohibited to combine databases with incompatible processing purposes.
5.4. Only personal data relevant to the stated processing purposes can be processed.
5.5. The scope and content of the data must match the declared purposes.
5.6. Personal data must be accurate and up-to-date where necessary.
5.7. Personal data storage should allow identification of the data subject no longer than necessary to achieve the processing purposes.

6. Purposes of Processing Personal Data
Purpose: To inform the User via email.
Personal Data: Email address, phone numbers.
Legal Grounds: The Operator's statutory documents, contracts between the Operator and the data subject.
Processing Activities: Sending informational emails to the User.

7. Conditions for Processing Personal Data
7.1. Personal data is processed with the subject’s consent.
7.2. Processing is necessary to achieve purposes outlined by international treaties or Russian law.
7.3. Processing is necessary to fulfill legal obligations or court rulings.
7.4. Processing is necessary for contract performance where the subject is a party or beneficiary.

8. Procedure for Collecting, Storing, and Transferring Personal Data
8.1. The Operator ensures the confidentiality of personal data and prevents unauthorized access.
8.2. Personal data will not be disclosed to third parties without the subject’s consent unless required by law.
8.3. Users may update their personal data by sending an email to the Operator.
8.4. The processing period is defined by the purposes for which the data was collected. Users can withdraw consent by notifying the Operator.

9. Actions Performed with Personal Data
The Operator collects, records, stores, updates, extracts, uses, transfers, depersonalizes, blocks, deletes, and destroys personal data.

10. Cross-border Transfer of Personal Data
Before cross-border transfer, the Operator must notify the regulatory body and obtain necessary information from foreign entities involved in the transfer.

11. Confidentiality of Personal Data
The Operator and others with access to personal data must not disclose or distribute it without the subject’s consent unless otherwise required by federal law.

12. Final Provisions
12.1. Users can contact the Operator for clarification regarding the processing of their personal data via email at valentynaalb.jewelry@gmail.com.
12.2. This Policy will reflect any changes in personal data processing.
12.3. The current version of the Policy is publicly available at https://sankhara-jewelry.com/privacy.