Privacy Policy

Data Controller

This Privacy Policy (hereinafter the "Policy") of Sole Proprietor Olga A. Glock, TIN 233302929381, PSRNSP 326237500160230, Krasnodar, Russia (hereinafter the "Operator") has been drawn up in accordance with the requirements of the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data" and defines the procedure for processing personal data carried out by the Operator.

This Policy applies to all information that the Operator may obtain about visitors to the website https://shirokov.gallery and its subdomains.

What Data We Collect

When using the website and placing orders, we may collect the following data: name, email address, shipping address, phone number, order details, and the fact and time when privacy consent was submitted through website forms.

Payment details (card number, billing information, CVV/CVC, and similar data) are processed exclusively on the hosted pages of the enabled payment providers. We do not store or have access to full payment data.

Purposes of Processing

Personal data is processed for the following purposes: placing and fulfilling orders, arranging delivery, sending newsletters and notifications (with your consent), handling inquiries and requests, managing user accounts.

Legal Basis

Personal data is processed on the basis of the data subject's consent, as well as for the performance of a contract to which the data subject is a party.

Third Parties

To ensure the operation of the service, we engage the following third parties and share only the minimum data required for their role:

-- YooKassa -- payment processing in Russia -- PayPal -- international payment processing -- Unisender Go (Russian Federation) -- sending transactional and informational emails -- Vercel -- website hosting and maintenance

Security Measures

The website uses authenticated user access, server-side consent validation, rate limiting on public forms, payment-provider webhook verification, automatic release of unpaid reservations, and order-state logging. Access to personal data is restricted on a least-privilege basis.

Cross-Border Data Transfer

Personal data may be processed outside of the Russian Federation to the extent necessary for the functioning of the service, order fulfillment, and provision of services.

Data Retention

Personal data is retained until the purpose of processing has been achieved or until consent is withdrawn by the data subject. Once the purpose of processing is fulfilled, data is deleted within a reasonable timeframe.

Your Rights

You have the right to: access your personal data, correct inaccurate or incomplete data, delete your personal data, withdraw consent to data processing.

If your rights are violated, you may file a complaint with the relevant data protection authority.

Cookies

The website uses functional cookies necessary for authentication and proper operation of the service. These cookies are not used for tracking or advertising purposes.

Contact

For questions related to personal data processing, you may reach out via the contact form on the website or write to the official email address listed in the contacts section.