To Be Blossom's Personal Data Processing and Security Policy

Key Definitions

• Website Administration — authorised persons managing the Website https://www.tobeblossom.ru/, acting on behalf of Individual Entrepreneur Marina Aleksandrovna Zavgorodnyaya.
• Processing of Personal Data — any action or set of actions performed on personal data, with or without the use of automation tools, including collection, recording, systematisation, accumulation, storage, rectification (updating, modification), retrieval, use, transfer (dissemination), depersonalisation, blocking, deletion, and destruction of personal data.
• Personal Data — any information that relates directly or indirectly to a specific or identifiable User. Such information may include, in particular:

 

• information about your computer, including your IP address, geographical location, browser type and version, and operating system;
• information about your visits to and use of our Website, including the referral source, visit duration, page views, and navigation paths on the Website;
• your email address, name, phone number, and address that you enter when placing an order on our Website;
• information generated by your use of our Website, including when, how often, and under what circumstances you use it;
• information relating to the services you use or transactions you make through our Website, which includes your name, address, phone number, email address, and credit card details;
• any other personal information that you send to us.

 

• Website User — a person who has access to the Website via the Internet and uses the Website https://www.tobeblossom.ru/.
• Dissemination of Personal Data — actions aimed at disclosing personal data to an indefinite circle of persons.
• Website — an information system created on the basis of a web server of a communication node, identified by the domain name https://www.tobeblossom.ru/, designed for publishing information on the Internet, its visual presentation, and interaction with users via web clients.
• Consent to the Processing of Personal Data — the permission granted by the Website User to the interested party to obtain, collect, store, and use personal information about themselves.
• Data Subjects — a person who is directly or indirectly identified or identifiable using personal data.
• Cross-Border Transfer of Personal Data — the transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual, or a foreign legal entity.

1. Purpose and Scope of the Document
   1. «TO BE BLOSSOM Policy on the Processing and Security of Personal Data» (hereinafter – the Policy) defines the position and intentions of Individual Entrepreneur Marina Aleksandrovna Zavgorodnyaya (hereinafter also – ToBeBlossom) in the field of processing and ensuring the security of personal data, with the aim of upholding and protecting the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrets, and the protection of honour and good name.
   2. To maintain business reputation and ensure compliance with applicable international personal data standards, ToBeBlossom considers it a priority to ensure the lawfulness of processing and the security of personal data of subjects within business processes. To this end, a personal data protection system has been introduced, operates, and undergoes periodic review (control).
   3. The Policy is strictly observed by the managers and employees of all structural divisions and branches of ToBeBlossom.
   4. The Policy applies to all personal data of data subjects processed by ToBeBlossom, both with and without the use of automation tools.
   5. This document defines ToBeBlossom’s policy on the processing and protection of personal data and is published at https://www.tobeblossom.ru/. Any data subject has access to this Policy.
   6. The Policy is developed and used together with the Consent to the Processing of Personal Data, which is also published at https://www.tobeblossom.ru/.
2. Principles and Conditions of Personal Data Processing
   1. The processing and security of personal data at ToBeBlossom are carried out in accordance with international personal data standards, Regulation (EU) 2016/679 (General Data Protection Regulation), and the legislation of the Russian Federation on personal data protection.
   2. When processing personal data, ToBeBlossom adheres to the following principles:

       

      • lawfulness and fairness;
      • limiting personal data processing to the achievement of specific, pre-defined, and legitimate purposes;
      • accuracy of personal data, and their relevance and sufficiency for processing purposes;
      • prevention of processing personal data incompatible with the purposes of their collection;
      • prevention of combining databases containing personal data processed for incompatible purposes;
      • legitimacy of organisational and technical measures to ensure the security of personal data;
      • processing of personal data that meet the purposes of their processing;
      • content relevance.

       

   3. ToBeBlossom processes personal data only if at least one of the following conditions applies:

       

      • the processing of personal data is carried out with the data subject’s consent to the processing of their personal data;
      • the processing of personal data is necessary to achieve purposes provided for by law, to exercise and fulfil the functions, powers, and duties imposed on the controller by international personal data standards;
      • the processing of personal data is necessary for the performance of a contract to which the data subject is a party, a beneficiary, or a guarantor, as well as to conclude a contract at the initiative of the data subject or a contract under which the data subject will be a beneficiary or guarantor;
      • the processing of personal data is necessary to exercise the rights and legitimate interests of ToBeBlossom or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the data subject are not violated;
      • the processing of personal data is necessary for obtaining feedback, analysis to improve the quality of the Services and offerings, as well as for obtaining information on loyalty and satisfaction with ToBeBlossom’s Services and offerings, and for further research and processing of this information;
      • the processing of personal data is carried out for personal data made publicly available by the data subject or at their request;
      • the processing of personal data is carried out for data to be published or mandatorily disclosed in accordance with international personal data standards.

       

   4. In cases established by international personal data standards, ToBeBlossom has the right to transfer Users’ personal data.
   5. ToBeBlossom destroys or depersonalises personal data upon achieving the processing purposes or if the need to achieve the processing purpose is lost.
3. Purposes of Personal Data Processing
   1. ToBeBlossom processes a data subject’s personal data exclusively for the following purposes:

    

   • (A) facilitating contact and providing consultations to Website Users;
   • (B) identifying the User and/or their representative;
   • (C) informing about promotional and/or marketing campaigns, surveys, questionnaires, and market research conducted by ToBeBlossom and/or third parties on whose behalf ToBeBlossom acts, in relation to services provided by ToBeBlossom and/or such third parties;
   • (D) communicating with the User when necessary, including sending notifications, requests, and information related to their use of the Website, the provision of services, as well as processing User requests and applications;
   • (E) improving the quality and convenience of services, and developing new services and offerings;
   • (F) conducting statistical and other research based on depersonalised data.

    

4. Rights of Data Subjects
   1. A User whose personal data are processed by ToBeBlossom has the right to:
      1. receive from ToBeBlossom:

          

         • confirmation of the fact of personal data processing by ToBeBlossom;
         • the legal grounds and purposes of personal data processing;
         • information on the methods of personal data processing used by ToBeBlossom;
         • the name and location of ToBeBlossom;
         • information about persons who have access to personal data or to whom personal data may be disclosed in accordance with international personal data standards;
         • a list of personal data processed relating to the User who submitted the request, and the source of their receipt, unless another procedure for providing such data is provided by law;
         • information on the time frames for personal data processing, including their retention periods;
         • information about any ongoing or intended cross-border transfer of personal data;
         • the name and address of the person processing personal data on behalf of ToBeBlossom;
         • other information provided for by international personal data standards.

          

      2. request the rectification of their personal data, or the blocking or destruction of personal data that are incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated processing purpose;
      3. require the elimination of unlawful actions by ToBeBlossom with respect to their personal data;
      4. appeal actions or inactions of ToBeBlossom to the supervisory authority for personal data protection or in court, if the individual believes that ToBeBlossom processes their personal data in violation of international personal data standards or otherwise infringes their rights and freedoms;
      5. the protection of their rights and legitimate interests, including compensation for losses and/or moral harm through judicial proceedings.
   2. Withdrawal of consent to personal data processing does not affect the lawfulness of processing based on your consent prior to its withdrawal. If you wish to submit a request, you should contact ToBeBlossom in writing using the contact details provided below. ToBeBlossom will decide on your request within four weeks.
   3. The User has the right to receive the personal data concerning him or her, which he or she has provided to ToBeBlossom, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller without objection from ToBeBlossom if:

       

      • the processing is based on consent in accordance with section 1.6 of this Policy;
      • the processing is carried out by automated means.

       

   4. When exercising the right to data portability in accordance with clause 4.3, the User has the right to have the personal data transmitted directly from ToBeBlossom to another controller, where technically feasible.
   5. The exercise of the right referred to in clause 4.3 does not prejudice the User’s right to erasure of data. This right does not apply to processing necessary for a task carried out in the public interest or in the exercise of official authority conferred on ToBeBlossom.
   6. The right referred to in clause 4.3 must not adversely affect the rights and freedoms of third parties.
5. Procedure, Conditions, and Methods of Personal Data Processing
   1. The processing of the Website User’s personal data is carried out in accordance with this Policy, the User Agreement, and the User’s consent to the processing of personal data.
   2. ToBeBlossom processes personal data both by automated means and without the use of automation tools.
   3. ToBeBlossom ceases processing personal data in the following cases:

       

      • achievement of the purposes of personal data processing;
      • withdrawal of the data subject’s consent;
      • detection of unlawful personal data processing;
      • termination of ToBeBlossom’s activities.

       

   4. The User’s personal data are processed by ToBeBlossom using the following possible methods: collection, recording (including on electronic media), systematisation, accumulation, storage, compiling lists, labelling, rectification (updating, modification), retrieval, use, transfer (dissemination, provision, access), depersonalisation, blocking, deletion, destruction, cross-border transfer of personal data, obtaining an image by photographing, as well as performing any other actions with the User’s personal data in accordance with applicable law.
6. Cross-Border Transfer of Personal Data
   1. To achieve the purposes set out in the Policy, ToBeBlossom reserves the right to transfer personal data to countries other than the country in which they were originally collected. Users’ data may be transferred to countries that do not have data protection laws equivalent to those in force in the European Economic Area. However, before initiating the cross-border transfer of personal data, ToBeBlossom must ensure that the foreign state to which the personal data are transferred provides adequate protection of your rights as a data subject.
   2. During cross-border transfer of personal data, ToBeBlossom protects the data in accordance with this Policy, the User Agreement, and the consent to the processing of personal data.
   3. You expressly consent to the transfer of personal information described in this section.
7. Ensuring the Security of Personal Data
   1. ToBeBlossom applies necessary and sufficient organisational and technical measures, including the use of information security tools, detection of unauthorised access, restoration of personal data, establishment of rules for access to personal data, as well as monitoring and evaluating the effectiveness of the measures applied.
   2. All persons authorised at ToBeBlossom to process personal data are familiar with the provisions of the legislation of the Russian Federation on personal data, including international requirements for personal data protection, documents defining ToBeBlossom’s policy regarding personal data processing, and local acts on personal data processing.
   3. The following organisational measures are in effect at ToBeBlossom:

       

      • persons responsible for organising the processing and ensuring the security of personal data are appointed;
      • local acts on personal data processing have been developed;
      • internal control of compliance with personal data protection requirements is carried out.

       

   4. The following technical measures are in effect at ToBeBlossom:

       

      • security and fire alarm systems, as well as video surveillance systems, are installed in the buildings;
      • paper-based records are stored in safes or lockable cabinets with restricted access;
      • physical security is ensured, including access control for unauthorised persons and reliable barriers to prevent unauthorised entry;
      • the exchange of personal data during processing in information systems is carried out via communication channels protected through appropriate organisational measures and technical means (including antivirus protection, firewalling, and other technical tools).

       

   5. When collecting Users’ personal data, ToBeBlossom undertakes to ensure the recording, systematisation, accumulation, storage, rectification (updating, modification), and retrieval of Users’ personal data using databases.
8. Cookies and Web Beacons
   1. A cookie is a file stored on your computer’s hard drive in your browser. Cookies may be «persistent» or «session»: a persistent cookie will be stored in the web browser and remain valid until its expiry date, unless deleted by the User before its expiry; a session cookie expires at the end of the User’s session when the web browser is closed. Cookies usually do not contain information that personally identifies the User, but personal information we store about you may be linked to the information stored in and obtained from cookies.
   2. A web beacon, also called an internet tag or pixel tag, is used to collect information about your use of the internet. Thanks to this, ToBeBlossom can provide you with more relevant information. When using the Website, ToBeBlossom informs you which cookies and web beacons relate to the Website, and you are invited to consent to the placement of such cookies and web beacons.
   3. Blocking or deleting all cookies negatively affects the usability of many websites. If you block/delete cookies, you will not be able to use all the features on our Website.
9. Third-Party Websites
   1. Our Website includes hyperlinks to third-party websites. We do not control and are not responsible for their privacy policies and practices.
10. Liability
    1. In the event of non-compliance with the provisions of this Policy, ToBeBlossom bears liability in accordance with the applicable legislation of the Russian Federation.
    2. To obtain clarification on any questions regarding personal data processing, you must send an official request to info@tobeblossom.ru. If sending an official request to the Website Administration, the text of the request must include:

        

       • full name;
       • the number of the primary identity document of the data subject or their representative, details of the date of issue of the document, and the issuing authority;
       • information confirming the fact of ToBeBlossom’s processing of your personal data;
       • signature.

        

    3. Official requests and complaints must be submitted in writing to ToBeBlossom’s specified address and sent by a reliable method. For the resolution of any dispute, please refer to the legislation of the Russian Federation.
11. Limitation of the Privacy Policy
    1. Data subjects must act reasonably and responsibly when making their personal data publicly available, including on the Website when leaving reviews and comments.
    2. ToBeBlossom is not responsible for the actions of third parties who gain access to a subject’s personal data through the subject’s own fault.
    3. ToBeBlossom reserves the right, at its sole discretion, to amend this Policy at any time without special notice. The new version of this Policy takes effect from the moment it is published on the Website.