Privacy policy

Policy on the Processing and Protection of Personal Data

Effective Date: 06.07.2026

1. General Provisions

This Policy on the Processing and Protection of Personal Data (hereinafter — the Policy) is developed in accordance with Federal Law No. 152-FZ of 27.07.2006 “On Personal Data” (hereinafter — Law No. 152-FZ) and defines the procedure for collecting, processing, storing and protecting personal data of website users and clients.

The purpose of adopting this Policy is to ensure the security of personal data and respect for the rights of personal data subjects.

Personal Data Operator (hereinafter — the Operator):

  • Full name: Limited Liability Company “Art Net Studio”
  • INN: 4345354270
  • OGRN: 1134345007906 dated 25.03.2013
  • Legal address: 610027, Kirov region, Kirov, Defenders of the Fatherland Street, 120, room 1002
  • Actual address: 610027, Kirov region, Kirov, Defenders of the Fatherland Street, 120, office 202
  • Contact phone: +7 (8332) 222-001
  • Email address: mail@artnetstudio.ru
  • Person responsible for organizing the processing of personal data: Smetanin Anton Sergeevich, Director
  • Contact of the responsible person: mail@artnetstudio.ru
  • Link to the separate document “Consent to the Processing of Personal Data” (hereinafter — Consent): https://yapiar.ru/privacy_consent/

2. Concepts and Terms

  • Personal data — any information relating to a directly or indirectly identified or identifiable individual (personal data subject). For the purposes of this Policy, personal data means the information that the user (including a representative of a legal entity) provides about themselves independently when using the Site, as well as data automatically collected when visiting the Site.
  • Personal data subject — an individual to whom the personal data relates. In the context of this Policy, subjects may be both citizens (consumers) and representatives (employees, contact persons) of legal entities, whose data is processed in connection with the conclusion and execution of contracts, as well as for other purposes provided for by the Policy.
  • Site — a set of web pages accessible on the Internet information and telecommunication network at https://yapiar.ru, as well as all subdomains of the specified domain (hereinafter — the Site).
  • Processing of personal data — any action (operation) or set of actions performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer, depersonalization, blocking, deletion, destruction of personal data.
  • Consent of the personal data subject — a separate document signed by the subject (including by electronic signature or by checking a checkbox field if a link to the text of such document is provided), confirming their will to process personal data for specific purposes.
  • Confidentiality of personal data — a requirement not to allow their distribution without the consent of the subject or another legal basis.

3. List of Collected Personal Data

3.1. Data that may be collected during registration, placing an order, booking, or concluding a contract (including with a legal entity):

  • last name, first name, patronymic (if any) of the contact person;
  • phone number (mobile, work);
  • email address (personal or corporate);
  • delivery address (if required for contract execution);
  • name of the organization, position (when interacting with legal entities);
  • other information that the user voluntarily provides in feedback forms.

3.2. Data collected automatically when visiting the Site:

  • IP address;
  • type of web browser, operating system;
  • history of visits to the Site pages;
  • cookies and other tracking technologies.

3.3. Data related to special categories (for example, passport data, date of birth) are processed only in cases expressly provided for by the legislation of the Russian Federation (for example, when selling air and railway tickets, when concluding contracts requiring identification) and only with the separate explicit consent of the subject.

3.4. Payment data: The Operator does not store full bank card details. When processing payments, secure services of payment partners are used. Only anonymized information about the fact of payment (amount, date, status) may be transmitted to the Operator.

4. Purposes of Processing Personal Data

The processing of personal data is carried out strictly for the following purposes:

  • conclusion and execution of contracts with users (individuals) and legal entities (through their authorized representatives) — provision of services, sale of goods, booking;
  • identification of a party within contractual relations;
  • making payment settlements;
  • providing the user with information about orders, their status;
  • sending technical informational messages;
  • improving the quality of services, analyzing user experience (at an anonymized level);
  • sending advertising and news materials only with a separate consent to the advertising newsletter;
  • ensuring security and preventing fraudulent actions;
  • complying with the requirements of the legislation of the Russian Federation, including tax and administrative.

5. Retention Periods for Personal Data

Data Category Retention Period
Data necessary for contract execution During the term of the contract and 3 years after its termination (limitation period)
Accounting data (invoices, acts) 5 years (according to tax legislation requirements)
Data processed on the basis of consent For the entire duration of the consent, but not longer than the achievement of the processing purpose
Website access logs 30 days
Anonymized statistical data Unlimited
Data after withdrawal of consent Deleted within 30 days, unless otherwise required by law

Upon expiration of the established periods, the data is subject to deletion or anonymization.

6. Sources of Obtaining Personal Data

  • Directly from the personal data subject (when filling out forms on the Site, during correspondence, when concluding a contract — including from a representative of a legal entity).
  • Automatically as a result of visiting the Site (cookies, IP address).
  • From payment systems and banks (only payment status information).
  • From third parties only with the consent of the subject or if the transfer is provided for by a contract with such a third party (for example, within partner programs).

7. Persons Having Access to Personal Data. Transfer to Third Parties

7.1. Access to personal data is granted only to authorized employees of the Operator who have signed a non-disclosure obligation and have been instructed on working with personal data.

7.2. Transfer of personal data to third parties is allowed only in the following cases:

  • the subject has given explicit consent to such transfer;
  • the transfer is necessary for the execution of a contract (for example, to a courier service for delivery of goods, to a payment service for processing a payment);
  • the transfer is carried out at the request of state authorities within the framework of their lawful powers;
  • other cases provided for by the legislation of the Russian Federation.

7.3. In all cases of data transfer to third parties, the Operator concludes agreements (assignments) with them, obliging such persons to maintain confidentiality and ensure the security of personal data in accordance with the requirements of 152-FZ.

8. Measures for the Protection of Personal Data

The Operator takes all necessary organizational and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions:

Organizational measures:

  • appointment of a person responsible for organizing the processing of personal data;
  • development of local acts on the processing and protection of personal data;
  • conducting instruction and training of employees;
  • control over compliance with data protection requirements;
  • timely destruction of data upon expiration of retention periods.

Technical measures:

  • use of encryption protocols when transmitting data via the Internet;
  • restriction of access to databases (password protection, multi-factor authentication);
  • use of antivirus tools and firewalls;
  • regular backup;
  • logging of actions with personal data.

9. Rights of Personal Data Subjects

The personal data subject (including representatives of legal entities) has the right to:

  • receive information about the processing of their personal data;
  • demand clarification, blocking or destruction of their data if it is incomplete, outdated, inaccurate or processed in violation of the law;
  • withdraw consent to the processing of personal data at any time (the consequences of withdrawal are explained in the Consent);
  • appeal the actions or inaction of the Operator to the authorized body for the protection of the rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Communications) or in court.

Procedure for exercising rights:
To exercise their rights, it is necessary to send a request in one of the following ways:

  • in writing to the address: the Actual address specified in section 1;
  • in electronic form to the address: the Email address specified in section 1.

The request must include: last name, first name, patronymic, contact details, the essence of the request. In order to establish identity, the email request must be sent from the address specified by the user during registration. The Operator has the right to request additional information to confirm identity.

The response period for the request is no more than 30 days from the date of receipt.

10. Use of Cookies and Tracking Technologies

The Site uses cookies and similar technologies for:

  • ensuring the operability and improving the functionality of the Site;
  • collecting statistics (using web analytics systems located on the territory of the Russian Federation, for example, Yandex.Metrica or other similar services);
  • storing user preferences.

By continuing to use the Site, the user agrees to the use of cookies in accordance with the settings of their web browser. The user can disable the storage of cookies at any time in the settings, but this may affect the availability of some functions of the Site. For more details, see the Cookie Policy.

11. Procedure for Obtaining Consent to the Processing of Personal Data

11.1. Processing of personal data is carried out by the Operator only with the separate Consent of the subject, drawn up in accordance with the requirements of Art. 9 of Federal Law No. 152-FZ. If the subject acts on behalf of a legal entity, consent is given by them as an individual for the processing of their own personal data.

11.2. The text of the current form of Consent is available at the link: https://yapiar.ru/privacy_consent/.

11.3. By checking the appropriate checkbox during registration, placing an order or subscribing, the subject confirms that they have read the text of the Consent and this Policy, understand their content and give specific, informed and conscious consent to the processing of their personal data on the specified conditions.

11.4. Consent may be withdrawn by the subject at any time by sending a notification in the ways specified in section 9. Upon withdrawal of consent, the Operator is obliged to stop processing or ensure its cessation and, if the preservation of data is no longer required for the stated purposes, destroy the data within a period not exceeding 30 days from the date of receipt of the withdrawal, unless otherwise provided by law.

12. Cross-border Transfer of Personal Data

The Operator stores and processes personal data exclusively on servers located on the territory of the Russian Federation. Cross-border transfer of personal data is not carried out, except in cases expressly provided for by the legislation of the Russian Federation and with the separate consent of the subject.

13. Final Provisions

13.1. This Policy is a publicly available document and is subject to posting on the Operator’s Site.

13.2. The Operator has the right to make changes to this Policy due to changes in legislation or internal processes. The new version of the Policy comes into force from the moment it is posted on the Site, unless otherwise provided by the version itself.

13.3. Control over compliance with the requirements of this Policy is carried out by the person responsible for organizing the processing of personal data.

13.4. Questions, feedback and suggestions regarding this Policy can be sent to the contacts specified in section 1.