1. General Provisions
1.1. This Privacy Policy regarding the processing and protection of personal data of visitors to the masterfood.ru website (hereinafter referred to as the Policy) has been developed to comply with the requirements of Clause 2, Part 1, Article 18.1 of the Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006 (hereinafter referred to as the Law on Personal Data). The purpose of this Policy is to ensure the protection of human and civil rights and freedoms when processing personal data, including protection of the right to privacy, as well as the right to respect for private and family life. This Policy also determines the procedure for processing personal data and measures to ensure the security of such data.
1.2. The Policy applies to all relationships in the field of personal data processing that have arisen between the Data Controller and the Users, both before and after the approval and adoption of this Policy.
1.2. The Policy applies to all information that the Data Controller may collect about the Users of the Website.

2. Basic Terms and Definitions
Website is a collection of graphic and informational materials, as well as computer programs and databases, presented in the form of electronic documents (web pages). These web pages are grouped under a single second-level domain name, “masterfood”, and hosted on the Internet information and telecommunications network at the address https://masterfood.ru/eng.
User is any individual (natural person) who visits and/or uses the Website and is a data subject.
Personal data is any information directly or indirectly related to a specific or identifiable User as the data subject, such as information they independently provide about themselves while using the Website, as well as anonymised information and technical details automatically collected by the Website's software and hardware components. This includes cookie data about the User's behaviour, web browser information, geolocation data, IP address, and technical characteristics of their device and software, as well as information about when they visited the Website, addresses of requested web pages, and referral sources.
Data controller (hereinafter referred to as the Data Controller) is MASTERFOOD Limited Liability Company (MASTERFOOD LLC, OGRN (Primary State Registration Number) 1077761217060, INN (Taxpayer Identification Number) 7737524513) that independently organises and/or carries out the processing of personal data, as well as determines the purposes for personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.
Personal data processing is any action (operation) or set of actions (operations) performed with or without the use of automated equipment, involving personal data. This includes collection, recording, systematisation, accumulation, storage, refinement (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymisation, blocking, deletion, destruction of personal data.

3. Basic Rights and Responsibilities of the Data Controller
3.1. The Data Controller shall be entitled to:
▪ obtain reliable information from the User containing personal data;
▪ should the User revoke their consent to the processing of their personal data or request the Data Controller to cease processing of their personal data, the Data Controller may continue processing the personal data without the User's consent only if there are legal grounds specified by the Law on Personal Data;
▪ independently determine the combination and list of measures necessary and sufficient to ensure the fulfilment of obligations stipulated by the Law on Personal Data and other regulatory acts adopted in accordance with it, unless otherwise provided for by the Law on Personal Data or other federal laws.
3.2. The Data Controller shall:
▪ provide the User, upon request, with information regarding the processing of their personal data;
▪ organise the processing of personal data in compliance with the procedures established by the current applicable laws and regulations of the Russian Federation;
▪ inform the individuals processing personal data without the use of automated equipment (employees of the Data Controller) about the fact that they are processing personal data, the processing of which is carried out by the Data Controller without the use of automated equipment, as well as about the categories of personal data being processed, the specific features and regulations for carrying out such processing established by regulatory acts of federal executive bodies, executive bodies of the constituent entities of the Russian Federation, as well as local legal acts of the Data Controller.
▪ respond to requests and inquiries from Users and their legal representatives in accordance with the requirements of the Law on Personal Data;
▪ provide the designated authority responsible for the protection of the rights of data subjects with the necessary information, upon its request, within 10 days of receiving such a request;
▪ make this Policy publicly available or otherwise grant unrestricted access thereto;
▪ take legal, organisational, and technical measures to protect personal data from unauthorised or accidental access, destruction, modification, blocking, copying, provision, and dissemination of personal data, as well as from other illegal actions involving personal data;
▪ stop the transmission (access, dissemination, provision) of personal data, cease any processing thereof, and destroy personal data in accordance with the procedures and circumstances stipulated by the Law on Personal Data;
▪ fulfil other obligations stipulated by the Law on Personal Data.

4. Basic Rights and Responsibilities of the User
4.1. The User shall be entitled to:
▪ receive information regarding the processing of their personal data, unless otherwise provided for by applicable federal laws. The information shall be provided by the Data Controller in an accessible form, and it shall not contain any personal data related to other Users, unless there are legal grounds for disclosing such personal data. The list of types of information and the procedure for obtaining it are stipulated by the Law on Personal Data;
▪ demand that the Data Controller clarify the User’s personal data, block it or destroy it if the personal data is incomplete, outdated, inaccurate, obtained illegally, or is not necessary for the declared purpose of data processing, and also take measures provided by law to protect their rights;
▪ put forward the condition of prior consent when processing personal data for the purpose of promoting goods, works and services on the market;
▪ to revoke their consent to the processing of their personal data and to submit a request to cease its processing;
▪ appeal to the designated authority responsible for the protection of the rights of data subjects or in court against the illegal actions or inaction of the Data Controller when processing their personal data;
▪ exercise other rights provided for by the legislation of the Russian Federation.
4.2. The User shall:
▪ provide the Data Controller with reliable information about themselves;
▪ inform the Data Controller about any changes (updating, modification) in their personal data.
4.3. Users who have provided the Data Controller with false information about themselves or information about another User or data subject without their consent shall be held liable in accordance with the legislation of the Russian Federation.

5. Principles of Personal Data Processing
5.1. Personal data shall be processed in accordance with the principles of legality and equity.
5.1.1. The processing of personal data provided by the User themselves shall be carried out with their consent. This consent shall be expressed by the User by means of an action evidencing a concluded contract via checking a box in an information message confirming their agreement to the data processing, as well as by reading and accepting this Policy when submitting their personal data.
5.1.2. The processing of anonymised personal data, which is automatically processed by the software and hardware components of the Website, shall be undertaken with the User's consent, which shall be expressed in the form of an affirmative response to the relevant information message regarding the use of cookies.
5.2. The processing of personal data shall be limited to the pursuit of specific, predetermined and legitimate purposes. The processing of personal data for purposes other than those for which the data has been collected shall be prohibited.
5.3. It is prohibited to combine databases containing personal data that are processed for incompatible purposes.
5.4. Only personal data that meets the specified purposes of processing shall be subject to processing.
5.5. The content and scope of the personal data processed shall correspond to the declared purposes of data processing. The processed personal data shall not be redundant with respect to the declared purposes of data processing.
5.6. When processing personal data, the accuracy, sufficiency, and, if necessary, relevance of the personal data in relation to the purposes of personal data processing shall be ensured. The Data Controller shall take the necessary measures and/or ensure that incomplete or inaccurate data is removed or updated.

6. Purposes, Types and Time Limits of Personal Data Processing
Purpose of data processing
Providing the User with up-to-date information on services, works, goods, and the terms of commercial cooperation with the Data Controller by means of a telephone message or an email

Personal data
▪ web address of the electronic mailbox (e-mail)
▪ telephone number
▪ first name, last name
▪ place of employment
▪ job position

Legal basis
▪ Federal Law No. 149-FZ “On Information, Information Technologies and Information Protection” dated July 27, 2006
▪ Federal Law No. 152 FZ “On Personal Data” dated July 27, 2006
▪ User’s consent to personal data processing

Types and methods of personal data processing
Automated data processing:
▪ data acquisition, recording, accumulation, and storage are performed by the software and hardware components of the Website;
▪ data transfer is carried out by granting access to an authorised employee of the Data Controller for its further processing.
Non-automated data processing:
▪ extraction, use, storage, refinement (updating, modification), anonymisation, blocking, deletion, destruction of data.

Processing time limit
until the User withdraws their consent for the processing of their personal data or requests to cease processing of their personal data or to block/destroy it.

7. Final Provisions
7.1. The security of personal data processed by the Data Controller is ensured through the implementation of legal, organisational, and technical measures that are necessary to fully comply with current legislation in the field of personal data protection. These measures include, but are not limited to, restricting access to personal data, using an SSL certificate to ensure the encryption of data transmitted from the User's device to the Data Controller's server, and implementing anti-virus software for the protection of the Data Controller's server.
7.2. The User's personal data will never be transferred to any third parties under any circumstances, except in situations related to the application of current legislation, or if the User has explicitly given their consent for the Data Controller to share their data with a third party in order to fulfil obligations arising from a civil law agreement.
7.3. In the event that any inaccuracies are detected in the personal data, the User can update the data independently by sending the Data Controller a notification via email at info@masterfood.ru with the subject “Updating Personal Data”.
7.4. The User may at any time revoke their consent for the processing of personal data by sending the Data Controller a notification via email at info@masterfood.ru with the subject “Revocation of Consent for the Processing of Personal Data”.
7.5. All data collected by third-party services, including payment systems, communication media, and other service providers, is stored and processed by these parties (Data Controllers) in accordance with their User Agreement and/or Privacy Policy. The Data Controller is not responsible for the actions of any third parties, including the service providers mentioned in this clause.
7.6. The restrictions imposed by the User on the transmission (with the exception of granting access), as well as on the processing or terms of processing (with the exception of obtaining access) of personal data permitted for dissemination, do not apply to the processing of personal data in relation to the state or other public interests as defined by the laws of the Russian Federation.
7.7. The conditions for termination of the processing of personal data may also include the fulfilment of the purposes of processing personal data or the receipt of a legal request to cease the data processing submitted by the designated authority responsible for the protection of the rights of data subjects.
7.8. The User can contact the Data Controller via email at info@masterfood.ru to request any clarifications regarding their personal data processing.
7.9. In compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, this Policy has been made publicly available on the Internet information and telecommunications network on the Data Controller’s website at the following web address: https://masterfood.ru/eng/personal-data/.