1. General provisions
1.1. This Privacy Policy (the “Policy”) sets out the rules for processing and protecting personal data processed through the website aleksandra-eliseeva.com, its pages, the order form, shopping cart, feedback channels and related services.
1.2. Personal data operator / seller (based on the details published on the site's current offer page): Individual entrepreneur Tatyana Vladimirovna Ionkina, TIN 470310824109, OGRNIP 304470332200041, e-mail: bodrug@mail.ru, phone: 8 (812) 556-33-05, address for personal data requests and postal address: St. Petersburg, Tikhoretsky Prospekt 15k1.
1.3. The Policy is prepared with due regard to Federal Law No. 152-FZ of 27 July 2006 “On Personal Data”, Federal Law No. 149-FZ of 27 July 2006 “On Information, Information Technologies and Information Protection”, and other applicable laws of the Russian Federation.
1.4. The Russian version of this Policy prevails. The English text is published for convenience only.
2. What personal data may be processed
2.1. Website visitor data: IP address, cookies and similar identifiers, browser and device data, operating system, language, time zone, date and time of visit, visited page URLs, referral source, technical logs and other information automatically transmitted when using the website.
2.2. Buyer and/order applicant data: full name (if provided), e-mail address, phone number, shipping address, country, city, postal code, order details, shopping cart contents, selected delivery and payment method, order communications and information relating to returns or claims.
2.3. Data of recipients and other persons indicated by the buyer for order fulfilment: name, phone number, shipping address and any other details submitted by the buyer for delivery purposes.
2.4. Data of persons sending enquiries or messages: name, contact details, message contents, attached files and any other information voluntarily provided to the Operator.
2.5. The Operator does not intentionally request special categories of personal data or biometric personal data through the website unless this is expressly required by law and supported by a separate legal basis.
3. Purposes, legal grounds and means of processing
3.1. Ensuring website operation, shopping cart and/order form functionality, and protecting the website against failures and abuse. Legal grounds: the Operator’s legitimate interest in maintaining website functionality and security, as well as other grounds permitted by law.
3.2. Entering into and performing a retail sale contract, processing orders, confirming orders, communicating with the buyer, preparing an invoice or payment link, and arranging packaging and delivery. Legal grounds: contract performance and steps taken at the data subject’s request prior to contract conclusion.
3.3. Handling returns, exchanges, claims and service requests, confirming the fact of purchase and complying with the seller’s duties under consumer protection law. Legal grounds: contract, law and the Operator’s legitimate interests in defending its rights.
3.4. Mandatory accounting, tax, cash register and other record-keeping, storing supporting documents and complying with lawful requests of public authorities. Legal grounds: obligations established by Russian law.
3.5. Responding to enquiries sent through the website, e-mail, telephone or messengers, including requests about artwork availability, shipping and payment terms. Legal grounds: the data subject’s consent, contract, or steps taken at the data subject’s request before a contract is concluded.
3.6. Sending marketing and informational messages about new works, releases, exhibitions and special offers - only where a separate valid consent has been obtained if such consent is required.
3.7. Website analytics and improvement, where relevant tools are enabled. Strictly necessary technical cookies may be processed on the basis of the Operator’s legitimate interest in website functionality; additional analytics or marketing tools are used on the basis of user consent where required by law.
3.8. Personal data may be processed by automated, non-automated and mixed means. Processing operations may include collection, recording, systematisation, accumulation, storage, updating, retrieval, use, transfer (provision, access), anonymisation, blocking, deletion and destruction.
4. Disclosure of personal data to third parties
4.1. The Operator discloses personal data to third parties only to the extent necessary for the stated processing purposes and only where a legal basis exists.
4.2. Recipients may include payment service providers and banks, courier, postal and transport services, hosting providers, website platforms and IT contractors, CRM and e-mail service providers, accounting and legal advisers, and public authorities where expressly required by law.
4.3. Where processing is entrusted to a third party, the Operator ensures that the contract contains confidentiality and security obligations and limits processing to the entrusted scope.
4.4. The Operator does not sell users’ personal data and does not disclose personal data to an indefinite circle of persons without a separate legal basis.
5. Cross-border transfer and localisation
5.1. When collecting personal data via the Internet, the Operator ensures that the recording, systematisation, accumulation, storage, updating and retrieval of personal data of citizens of the Russian Federation are carried out using databases located in the Russian Federation, unless the law expressly provides otherwise.
5.2. If cross-border transfer is necessary for delivery, communication with a foreign buyer, use of foreign services or other lawful purposes, such transfer is carried out in accordance with Russian law and only to the extent necessary for the relevant purpose.
6. Cookies and similar technologies
6.1. The website may use technical and session cookies required for the shopping cart, order placement, session continuity, security and proper page rendering.
6.2. If website analytics tools are enabled, additional cookies or similar technologies may be used to analyse traffic, improve the website structure and measure content performance.
6.3. Users may adjust cookie settings in their browser or in a cookie banner or control panel, if such a panel is used on the website. Disabling technical cookies may affect website functions, including the shopping cart and/order form.
7. Storage periods
7.1. Personal data related to orders and contracts are stored for the duration of the contractual relationship and thereafter for the periods required by law, accounting and tax rules, and for the protection of the Operator’s rights in potential claims or disputes.
7.2. Enquiry data concerning artwork availability, shipping or other terms are stored until the purpose of the response is achieved and thereafter for a reasonable period necessary to confirm the content of the communication and protect the parties’ rights.
7.3. Data processed on the basis of consent are stored until the purpose of processing is achieved or until consent is withdrawn, unless a different period is required by law.
7.4. Once the processing purpose is achieved, consent is withdrawn, or the mandatory retention period expires, personal data are deleted, destroyed or anonymised unless the law requires otherwise.
8. Rights of the data subject
8.1. A data subject may obtain information about the processing of their personal data and require rectification, blocking or destruction if the data are incomplete, outdated, inaccurate, unlawfully obtained or unnecessary for the stated purpose.
8.2. A data subject may withdraw consent where processing is based specifically on consent and may opt out of marketing communications.
8.3. A data subject may lodge a complaint with Roskomnadzor or a court and use any other remedies available under Russian law.
9. Security measures
9.1. The Operator takes necessary legal, organisational and technical measures to protect personal data against unlawful or accidental access, destruction, modification, blocking, copying, disclosure, distribution and other unlawful actions.
9.2. Such measures may include access control, passwords and other authentication means, logging and record-keeping, careful selection of contractors, backups, antivirus protection, encrypted communication channels and training of persons authorised to process personal data.
9.3. Access to personal data is granted only to those persons who genuinely need such access to perform their official, contractual or legal duties.
10. How to submit a personal data request
10.1. Requests relating to personal data processing may be sent by e-mail to: bodrug@mail.ru.
10.2. Postal address for personal data requests: St. Petersburg, Tikhoretsky Prospekt 15k1.
10.3. To speed up the response, the requester is advised to indicate their name, contact details, a description of the request and, where the request relates to an order, the order number and date.
11. Changes to the Policy
11.1. The Operator may amend this Policy. A new version becomes effective when posted on aleksandra-eliseeva.com, unless the new version states otherwise.
11.2. Users are encouraged to review the current version of the Policy before submitting an order, enquiry or other data through the website.