1. General Provisions, Parties, and Purpose of the Document

1.1. This Privacy and Personal Data Processing Policy (hereinafter referred to as the "Policy") defines the terms and conditions for processing information about an individual that may be obtained by the Operator from that individual or from their legal representative (hereinafter referred to as the "Personal Data Subject" or "You") by Sole Proprietor Alina Alekseevna Churilova, OGRNIP: 325237500125092, INN: 232104545529, based on her Certificate of State Registration as an Individual Entrepreneur (hereinafter referred to as the "Operator" or "We"), in the following relationships with the Personal Data Subject:

1.1.1. When using the functions of the website https://aichurilova.com/, including all its domains, subdomains, and pages, their content, as well as the Internet services and software offered by the Operator for use on this website (hereinafter collectively referred to as the "Website");

1.1.2. When calling the Operator at the phone numbers listed as contact information on the website and other information sources;

1.1.3. When the Operator exercises the rights and obligations established by agreements/contracts concluded between the Operator and the Personal Data Subject; 1.1.4. When processing requests, complaints, requests, and messages sent between the Operator and the Personal Data Subject.

1.2. The Operator's primary goal and condition for carrying out its activities is to respect the rights and freedoms of individuals and citizens when processing their personal data, including the protection of privacy, personal and family secrets.

1.3. Categories of personal data that the Operator may process:

- Last name, first name;
- Phone number/messenger number;
- Email address.

By providing us with personal data, you consent to its processing in accordance with this policy.

1.4. Information about the Operator: Sole Proprietor Alina Alekseevna Churilova, OGRNIP: 325237500125092, INN: 232104545529 (hereinafter referred to as the Operator).

1.5. The following terms and definitions are used in this Policy:

- Personal data – any information related to a directly or indirectly identified or identifiable individual (personal data subject);
- Personal data operator (operator) – an individual (Sole Proprietor A.A. Churilova) who independently organizes and processes personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data;
- Personal data processing – any action (operation) or set of actions (operations) with personal data, performed with or without the use of automation tools. Personal data processing includes, but is not limited to: collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (distribution, provision, access); depersonalization; blocking; deletion; destruction – both with and without the use of automated data processing tools.

We may process your data in the ways listed for the purposes set out in this Policy.

- Automated processing of personal data – processing of personal data using computer technology;
- Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
- Blocking of personal data – temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data);
- Destruction of personal data – actions that make it impossible to restore the contents of personal data in the personal data information system and/or that result in the destruction of tangible media containing personal data;
- Anonymization of personal data – actions that make it impossible to determine the ownership of personal data by a specific data subject without the use of additional information;
- Personal data information system – the collection of personal data contained in databases and the information technologies and technical means that support their processing;
- Cross-border transfer of personal data – the transfer of personal data to a foreign government agency, foreign individual, or foreign legal entity;
- User – a visitor to the website https://aichurilova.com/;
- Website – a collection of graphic and informational materials, as well as computer programs and databases, making them available online at the address https://aichurilova.com/.

2. Legal Basis for Processing Personal Data

2.1. The personal data subject makes the decision to provide their personal data and consents to its processing voluntarily, of their own free will, and in their own interests. Inaction by the personal data subject cannot be construed as consent. Consent to the processing of personal data must be specific, objective, informed, conscious, and unambiguous. Consent to the terms of this Policy may be expressed by the personal data subject by performing any of the following actions:

2.1.1. concluding an agreement with the Operator through a public offer, provided that the personal data subject is provided with the opportunity to review the full text of this Policy at each point of personal data collection; 2.3.2. By checking the box (in the input field) on the Website next to the text "I consent to the processing of my personal data in accordance with the Policy," provided that the Data Subject is provided with the opportunity to review the full text of this Policy at each point where the personal data is collected. 2.3.3. By clicking the "Submit Data" or "Contact" button or a button with similar text, provided that the Data Subject is provided with the opportunity to review the full text of this Policy at each point where the personal data is collected.

3. Rules and Purposes of Personal Data Processing

3.1. A data subject provides personal data when:

- using the Operator's Website and the company's services (including without registration, such as when calling phone numbers listed on the Website);
- subscribing to newsletters;
- participating in events, research, and surveys;
- writing or calling the Operator (for example, when contacting us via the application form).

By completing the relevant forms and/or submitting your personal data to the Operator, the User consents to this Policy.
We may receive your personal data from our partners in connection with the performance of an agreement to which you are a party or beneficiary.
Your device automatically transmits technical data: information stored in cookies, information about your browser and its settings, the date and time of access to the Website, the addresses of requested pages, actions on the website or in the application, technical characteristics of the device, IP address, etc.

3.2. The procedure for collecting, storing, transferring, and otherwise processing personal data, as well as the security of personal data processed by the Operator, are ensured by implementing legal, organizational, and technical measures necessary to fully comply with the requirements of current legislation on personal data protection.

3.3. The Operator processes the personal data of the Website user (visitor) only if the user submits it independently. By submitting their personal data to the Operator, the user (visitor) consents to this Policy. The personal data subject consents to the processing of their personal data by checking the box (consent) on the Operator's resources.

3.4. The Operator processes personal data automatically, using computer technology.

3.5. When registering and ordering services on the Operator's resources, the personal data subject provides the information necessary to identify the personal data subject and to provide services.

If you contact us as a representative of a government agency or the media, we process the data provided in your request (last name, first name, middle name, email address, telephone number, position, place of work) to fulfill our legal obligations and respond to your request.
3.7. Procedure for destroying personal data upon achieving the processing purpose or upon the occurrence of other legal grounds: the person responsible for processing personal data erases the data by overwriting (replacing all storage units with "0") and draws up a personal data destruction report.
3.8. About cookie technology:
3.8.1. By using the Website, the Personal Data Subject agrees to the use of cookies as described in the Policy.
3.8.2. A cookie is a small piece of text that is stored in the browser when visiting the Website. The Operator's Website transfers cookies to the Personal Data Subject's browser. Each device from which the Data Subject accesses the Website is assigned a separate cookie. Using cookies does not give the Operator access to any data of the Data Subject on the device other than the data stored in the cookie. Cookies collected by the Website do not contain personal data of the Data Subject, such as name or address.
3.8.3. The Operator uses cookies to identify the Data Subject of the Website and analyze how the Data Subject uses the Website for further improvement.
3.8.4. Cookies are stored indefinitely, not just during the session. The Data Subject may change cookie settings at any time, delete, or reject all cookies. To do this, the Data Subject must activate the setting in their browser that allows them to refuse cookies. However, this may result in the inability to access certain functions of the Website.
3.9. The Operator does not receive or process information about race, political views, religious and philosophical beliefs, health, or intimate life, unless otherwise provided by law.
3.10. The Customer's consent to the processing of personal data is not required in the following cases:
3.10.1. Personal data is publicly available.
3.10.2. Personal data is processed on the basis of federal law establishing its purpose, the conditions for obtaining personal data, and the scope of subjects whose personal data is subject to processing, as well as certain powers of the Operator.
3.10.3. At the request of authorized government agencies - in cases stipulated by federal law.
3.10.4. Personal data is processed for the purpose of fulfilling the agreement concluded with the Operator.
3.10.5. Personal data is processed for statistical or other scientific purposes, subject to mandatory anonymization of the personal data.
3.10.6. Personal data is processed to protect the life, health, or other vital interests of the client if obtaining their consent is impossible.

4. Information on Ensuring the Security of Personal Data

4.1. The Operator ensures the secure storage of personal data, including:
4.1.1. The storage, compilation, accounting, and use of documents containing personal data are organized in the form of a separate archive of the Operator.
4.1.2. Personal data must be stored in a form that allows for the identification of the personal data subject, for no longer than required for the purposes of processing the personal data, unless the storage period for personal data is established by federal law, an agreement to which the personal data subject is a party, beneficiary, or guarantor. Processed personal data are subject to destruction or anonymization upon achieving the processing purposes or when the need to achieve these purposes is no longer necessary, unless otherwise provided by federal law.
4.1.3. The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary to fully comply with the requirements of current legislation on personal data protection.
4.1.4. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized persons from accessing it.
4.1.5. The processing period for personal data is unlimited. The User may revoke their consent to the processing of personal data at any time by sending the Operator a notice via email to the Operator's email address with the subject line "Revocation of consent to the processing of personal data."
4.2. Personal Data Protection Measures:
4.2.1. The Operator takes all necessary measures to protect personal data from unauthorized, accidental, or unlawful destruction, loss, alteration, improper use, disclosure, or access, as well as other illegal forms of processing. 4.2.2. By default, personal information is processed automatically by unauthorized equipment without access by anyone. If such access is required, the Operator grants access to personal data only to those persons who need this information to fulfill the Purpose of Processing. To protect and ensure the confidentiality of data, such persons must undertake to comply with internal legal rules and procedures, as well as technical and organizational security measures regarding the processing of personal information.
4.2.3. When automated processing of personal data, adequate security is ensured at the location where the personal data is processed.
4.2.6. The Operator is not responsible for the processing of personal data of third parties that the recipient of the Operator's services has provided as their own. In this case, the recipient of the Operator's services who provides inaccurate data bears the risk of liability. 4.2.7. The Operator does not intentionally process the personal data of minors. The Operator recommends that only individuals aged 18 (eighteen) years or older use the Site. Responsibility for the actions of minors, including their purchase of services on the Site, lies with their legal representatives. If the Operator becomes aware that it has received personal information about a minor without the consent of their legal representatives, such information will be deleted as soon as possible.
4.2.8. The Operator appoints a person responsible for organizing the processing of personal data to fulfill the obligations stipulated by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance therewith.

5. Basic Rights and Obligations of the Personal Data Subject

5.1. A Data Subject has the right to permit, restrict, or prohibit the processing of personal data of third parties only on the basis of representation established by law (e.g., parents and guardians) or a transaction (e.g., a power of attorney), which authorizes them to grant permission to process personal information on behalf of a third party and to assume other rights and obligations in the interests of such third party. If a Data Subject does not have the right to grant such permission or has lost the right to grant such permission, they are obligated to refrain from providing the data to the Operator or to cease posting the data (delete the data), respectively. In the event of any corresponding claims, they undertake to independently resolve the dispute and indemnify the Operator from the relevant claims. In the event of failure to comply with these requirements, such a data Subject is obligated to compensate the Operator for all damages and other losses caused by such failure. 5.2. The personal data subject is obliged to ensure the accuracy of the information provided, the timely introduction of changes to the provided information, and its updating; otherwise, the Operator shall not be liable for failure to fulfill obligations, or any damage, harm, or loss.
5.3. Supplementation, correction, blocking, and deletion of personal data, and response to requests from personal data subjects shall be carried out in the following order: 5.3.1. The personal data subject may supplement and correct personal information by using the relevant functions of their account, and if the account functions are insufficient in the opinion of the personal data subject, by sending a written request to the Operator's email address specified in this Policy; 5.3.2. The personal data subject may block and delete personal information by using the relevant functions of their account, and if the account functions are insufficient in the opinion of the personal data subject, by sending a written request to the Operator's email address specified in this Policy; 5.3.3. Other rights of the Personal Data Subject are exercised in a similar manner: to exercise a right, the User may use the relevant functions of their account, or if the account functions are insufficient in the opinion of the Personal Data Subject, by sending a written request to the Operator's email address specified in this Policy.
5.4. Basic Rights of the Personal Data Subject:
5.4.1. Request information about the processing of personal data;
5.4.2. Revoke consent to the processing of personal data;
5.4.3. Request restrictions on the processing of personal data;
5.4.4. Request termination of the processing of personal data, if provided for by applicable law and this Policy;
5.4.5. In cases provided for by applicable law, the Personal Data Subject has other rights not specified above.
5.5. The personal data subject undertakes to use the details in this Policy to submit requests for the exercise of their rights or complaints regarding the inaccuracy of information or the illegality of its processing. Such requests and complaints will be processed within 10 (ten) business days from the date of receipt by the Operator. If the personal data subject is dissatisfied with the results of the review of their request or complaint, they have the right to submit the request or complaint to the body authorized to protect the rights of personal data subjects.
5.6. The personal data subject has the right to revoke consent to the processing of personal data at any time. To revoke consent to the processing of personal data, the personal data subject must send the Operator a written notice of the revocation of consent to the email address specified in the details section of this Policy, or by sending a notice by mail to the address of the Operator's location specified in the details section of this Policy. .
5.7. Information for the exercise of the rights of the Personal Data Subject:
5.7.1. The personal data subject may exercise all rights inherent to the personal data subject, as well as obtain clarification on matters related to the processing of personal data, by contacting the Operator by email or by sending inquiries by mail to the Operator's registered office. 5.7.2. The personal data subject is hereby notified that the personal data subject's refusal to provide the Operator with the following categories of data: first name, last name, patronymic, telephone number, and email address, will result in the impossibility of concluding and performing an agreement between the Operator and the personal data subject. Therefore, if the personal data subject refuses to provide the specified categories of personal data, the Operator has the right to refuse the personal data subject's request to conclude and perform the agreement.

6. Changes to the Privacy Policy. Applicable Law. Interpretation.

6.1. The Operator reserves the right to amend this Policy. When amending it, the date of the last update is indicated in the current version. The new version of the Policy shall take effect from the moment it is posted, unless otherwise provided in the new version of the Policy. Revoked versions are available in the archive at the address specified in the Policy. 6.2. The Operator shall inform personal data subjects who have previously consented to the Policy of changes to the Policy, taking into account, when choosing the form of notification, that the Subject's consent to the processing of personal data must be specific, objective, informed, conscious, and unambiguous.
6.3. The place of consent and the place of execution of the Policy shall always be the location of the Operator, and the law applicable to the relationship between the Operator and the Personal Data Subject shall always be the law of the, regardless of the location of the Personal Data Subject or the equipment used by them. All disputes and disagreements shall be resolved at the location of the Operator, unless otherwise provided by law.
6.4. The Policy shall govern the relationship between the Personal Data Subject and the Operator from the moment the Personal Data Subject expresses consent to its terms and is valid indefinitely. The indefinite validity of the Policy as a document in no way implies an indefinite or unlimited period for processing personal data. Unilateral termination of the Policy by either party is not permitted. 6.5. Rules of Interpretation:
6.5.1. The terms "agreement" and "contract" are interchangeable;
6.5.2. The words "include," "includes," "including," "for example," "for instance," "including," and "such as" are always deemed to be followed by the phrase "but not limited to," which does not limit the general nature of what precedes these words;
6.5.3. The words "either/or" are deemed to be understood by default as an enumeration, that is, similar to "and," unless the meaning of the text directly implies that the word "either/or" denotes a choice of one of the options;
6.5.4. It is considered that the meaning of a Word used with a Capital letter is no different from the meaning of the same word used with a lowercase letter.

7. Transfer to Third Parties

7.1. The Operator has the right to transfer personal data or instruct third parties to process it if this is necessary to provide the Operator's services to you or, in the case of services provided by the Operator's partners, with the separate consent of the Personal Data Subject.

8. Information about the Operator

8.1. Individual Entrepreneur Alina Alekseevna Churilova is the person responsible for organizing the processing of personal data.

Abbreviated name of the organization: Individual Entrepreneur A.A. Churilova
TIN 232104545529
OGRNIP 325237500125092
Legal Address: 352125, Krasnodar Krai, Tikhoretsky District, Tikhoretsk, Turgeneva Street
Email: info@aichurilova.com