Home
Privacy-policy
privacy-policy
Personal Data Processing Policy

1. General Provisions
This Privacy Policy describes how KEKS IN THE CITY (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from http://keksinthecity.com (the "Site") or otherwise communicate with us (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

1.1. The Operator considers the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family confidentiality, to be its most important goal and condition for carrying out its activities.
1.2. This Policy of the Operator regarding personal data processing (hereinafter — the Policy) applies to all information that the Operator may obtain about visitors to the website http://keksinthecity.com.

2. Key Terms Used in the Policy
2.1. Automated processing of personal data — processing of personal data using computer technology.
2.2. Blocking of personal data — temporary suspension of personal data processing (except where processing is required to clarify personal data).
2.3. Website — a set of graphic and informational materials, computer programs, and databases ensuring their availability on the Internet at http://keksinthecity.com.
2.4. Personal data information system — a set of personal data contained in databases and information technologies and technical means enabling their processing.
2.5. Depersonalization of personal data — actions as a result of which it becomes impossible to determine, without additional information, the ownership of personal data to a specific User or another personal data subject.
2.6. Processing of personal data — any action (operation) or set of actions performed with or without automation, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator — a state authority, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or processes personal data and determines the purposes and scope of such processing.
2.8. Personal data — any information relating directly or indirectly to a specific or identifiable User of the website http://keksinthecity.com.
2.9. Personal data permitted for distribution — personal data to which access is provided to an unlimited number of persons by the data subject through consent in accordance with the Personal Data Law.
2.10. User — any visitor to the website http://keksinthecity.com.
Provision of personal data — actions aimed at disclosing personal data to a specific person or group of persons.
2.12. Distribution of personal data — any actions aimed at disclosing personal data to an indefinite number of persons, including publication in mass media, placement in information and telecommunication networks, or providing access by other means.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign authority, foreign individual, or foreign legal entity.
2.14. Destruction of personal data — actions resulting in irreversible destruction of personal data with no possibility of recovery.

3. Rights and Obligations of the Operator
3.1. The Operator has the right to:receive reliable information and/or documents containing personal data from the data subject;
  • continue processing personal data without the data subject’s consent in cases provided by law;
  • independently determine measures necessary to ensure compliance with the Personal Data Law.
3.2. The Operator is obliged to:provide information regarding personal data processing upon request;
  • organize processing in accordance with Russian legislation;
  • respond to requests from data subjects and their representatives;
  • notify the authorized supervisory authority upon request within 10 days;
  • publish or otherwise ensure unrestricted access to this Policy;
  • take legal, organizational, and technical measures to protect personal data;
  • terminate processing and destroy personal data in cases prescribed by law.

4. Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right to:obtain information about the processing of their personal data;
  • request clarification, blocking, or destruction of personal data;
  • require prior consent for marketing purposes;
  • withdraw consent for processing;
  • appeal unlawful actions or inaction of the Operator.
  • 4.2. Personal data subjects are obliged to:provide accurate personal data;
  • notify the Operator of changes to their personal data.
4.3. Persons who provide false data bear responsibility in accordance with Russian law. 5. Principles of Personal Data Processing5.1. Processing is carried out on a lawful and fair basis.
5.2. Processing is limited to achieving specific lawful purposes.
5.3. Databases incompatible in purpose shall not be merged.
5.4. Only data relevant to processing purposes are processed.
5.5. Data volume corresponds to processing purposes.
5.6. Accuracy and relevance of data are ensured.
5.7. Data are stored no longer than required by processing purposes.

6. Purposes of Personal Data Processing
Purpose: Informing the User by sending emails
Personal data: Full name, email address, phone numbers
Legal basis: Federal Law No. 149-FZ “On Information, Information Technologies and Protection of Information”
Type of processing: Transfer of personal data

7. Conditions for Personal Data Processing
7.1. Processing is carried out with the consent of the data subject.
7.2–7.7. Processing may also occur in cases provided by law, contracts, public interest, or publication requirements.

8. Procedure for Collection, Storage, Transfer, and Other Processing
8.1. The Operator ensures data security and prevents unauthorized access.
8.2. Data are not transferred to third parties except as required by law or consent.
8.3. Users may update their data by emailing info@keksinthecity.com.
8.4. Data processing continues until purposes are achieved or consent is withdrawn.
8.5. Third-party services process data under their own policies.
8.6–8.9. Confidentiality and lawful storage are ensured.

9. List of Actions with Personal Data
Collection, recording, systematization, accumulation, storage, updating, extraction, use, transfer, depersonalization, blocking, deletion, and destruction.

10. Cross-Border Transfer of Personal Data
10.1. The Operator notifies the supervisory authority before such transfer.
10.2. Required information from foreign recipients is obtained prior to transfer.

11. Confidentiality of Personal DataThe Operator and other persons with access to personal data shall not disclose or distribute such data without consent, unless otherwise provided by law.

12. Final Provisions
12.1. Users may request clarifications by emailing info@keksinthecity.com.
12.2. The Policy is valid indefinitely until replaced by a new version.
12.3. The current version is available at http://keksinthecity.com/privacy-policy