1. General Provisions

1.1. This Personal Data Processing Policy has been developed in accordance with the requirements of Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ "On Personal Data", with the aim of ensuring the protection of human and civil rights and freedoms in the course of personal data processing.

1.2. This Policy establishes the fundamental principles, purposes, conditions, and methods of personal data processing, defines the categories of data subjects and personal data processed by the Operator, the Operator's functions, the rights of data subjects, and the personal data protection requirements implemented by the Operator.

1.3. This Policy applies to personal data processing relationships arising both before and after its approval.

1.4. Key definitions:

• Personal Data — any information relating to a directly or indirectly identified or identifiable natural person (data subject);
• Operator — a state authority, municipal authority, legal entity, or natural person that organizes and/or carries out personal data processing and determines its purposes, categories, and operations;
• Personal Data Processing — any action or set of actions performed with personal data, including collection, recording, systematization, accumulation, storage, updating, retrieval, use, transfer, anonymization, blocking, deletion, and destruction;
• Automated Processing — processing using computer technology;
• Non-Automated Processing — actions performed without computer technology;
• Data Subject — a natural person to whom the personal data relates;
• Destruction of Personal Data — actions making it impossible to restore personal data content and/or destroying physical data carriers.

2. Operator Details

3. Legal Grounds for Processing

• Processing is carried out on the basis of the data subject's consent;
• Processing is necessary to provide extended access to the retailchina.pro website;
• Processing is carried out to ensure compliance with Russian Federation legislation.

4. Principles and Purposes of Processing

4.1. Principles: lawfulness and fairness; purpose limitation; prevention of incompatible processing; prevention of merging incompatible databases.

4.2–4.5. Data must be accurate, sufficient, and relevant. Retained no longer than necessary. Destroyed or anonymized upon achieving the purpose.

4.6. Excessive or incompatible data is not processed.

4.7. Purposes: extended website access; market promotion; consulting services; distribution of marketing information.

5. Operations

Collection · Recording · Systematization · Accumulation · Storage · Updating · Use · Deletion · Destruction

6. Data Subject Categories

• Website visitors
• Registered users
• Newsletter subscribers

7. Personal Data Categories

• Full name
• Email address
• Mobile phone number
• Cookie data

8. Special categories of personal data

Special categories of personal data are not processed.

9. Biometric personal data

Biometric personal data are not processed.

10. Processing Methods and Conditions

Processing is carried out using a combined method. Only the Operator has access to personal data.

11. Data Retention Period

Data is retained until the purpose is achieved or consent is withdrawn, but no longer than 3 years from last user activity.

12. Disclosure to Third Parties

Data is not transferred to third parties, except as required by law or for contract performance (e.g., delivery services).

13. Data Subject Rights

13.1. Data subjects have the right to:

• Obtain information on processing;
• Request data updates;
• Request blocking or destruction of inaccurate/unnecessary data;
• Take protective measures;
• Withdraw consent.

13.2. Procedure for exercising rights:

• Requests via Section 2 contacts;
• Response within 10 business days.

14. Protection Measures

• SSL certificates
• Secure channels
• Device passwords
• Antivirus protection
• Appointed responsible person (the Operator)

15. Cookies

Used in anonymized form for statistics and UX improvement only.