1. General Provisions

This Personal Data Processing Policy (hereinafter referred to as the “Policy”) is drafted in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006, “On Personal Data” (hereinafter referred to as the “Personal Data Law”) and defines the procedure for processing personal data and the security measures implemented by Yana Vladimirovna Alaeva (hereinafter referred to as the “Operator”).

1.1. The Operator’s highest priority is ensuring the rights and freedoms of individuals when processing their personal data, including the protection of privacy, personal, and family confidentiality.

1.2. This Policy applies to all information that the Operator may obtain about visitors to the website https://avaiia.com.

2. Key Terms Used in the Policy

2.1. Automated Processing of Personal Data – processing using computer technology.
2.2. Blocking of Personal Data – temporary suspension of processing (unless required for clarification).
2.3. Website – a collection of graphic and informational materials, software, and databases accessible at https://avaiia.com.
2.4. Personal Data Information System – a system containing personal data databases and processing technologies.
2.5. Anonymization of Personal Data – actions making it impossible to identify a specific user without additional information.
2.6. Processing of Personal Data – any operation (or set of operations) performed on personal data, including collection, recording, systematization, storage, updating, retrieval, use, transfer, anonymization, blocking, deletion, or destruction.
2.7. Operator – a state body, legal entity, or individual processing personal data independently or jointly with others.
2.8. Personal Data – any information relating to an identified or identifiable user of https://avaiia.com.
2.9. Personal Data Authorized for Dissemination – data that a subject has consented to share publicly under the Personal Data Law.
2.10. User – any visitor to https://avaiia.com.
2.11. Provision of Personal Data – disclosure to a specific person or group.
2.12. Dissemination of Personal Data – disclosure to an unlimited audience (e.g., media, online platforms).
2.13. Cross-Border Transfer of Personal Data – transfer to a foreign state’s authority, individual, or legal entity.
2.14. Destruction of Personal Data – irreversible deletion making recovery impossible.

3. Operator’s Rights and Obligations

3.1. The Operator has the right to:

• Obtain accurate personal data from the subject.
• Continue processing without consent if grounds under the Personal Data Law exist.
• Determine necessary measures to comply with legal obligations.

3.2. The Operator must:

• Provide subjects with information about their data processing upon request.
• Process data in accordance with Russian law.
• Respond to inquiries from subjects and authorized bodies within 10 days.
• Ensure public access to this Policy.
• Implement legal, organizational, and technical safeguards against unauthorized access, destruction, or alteration of data.
• Cease processing or destroy data as required by law.

4. Rights and Obligations of Personal Data Subjects

4.1. Subjects may:

• Request access to their processed data (unless restricted by law).
• Demand correction, blocking, or deletion of inaccurate or unlawfully obtained data.
• Withdraw consent or demand cessation of processing.
• Appeal unlawful actions to authorized bodies or courts.

4.2. Subjects must:

• Provide accurate data.
• Notify the Operator of updates to their data.

4.3. Individuals providing false data or others’ data without consent bear legal responsibility.

5. Principles of Personal Data Processing

Processing must be:

• Lawful and fair.
• Limited to predefined, legitimate purposes.
• Accurate and relevant.
• Stored no longer than necessary.

6. Purposes of Processing

Purpose: Sending email notifications to Users.
Data Processed: Email address.
Legal Basis: Operator’s charter; agreements with subjects.
Processing Type: Email communications.

7. Conditions for Processing

Processing is permitted with the subject’s consent or when required by law, contract, or public interest.

8. Data Collection, Storage, and Transfer

8.1. The Operator ensures data security and prevents unauthorized access.
8.2. Data is not shared with third parties unless legally required or with the subject’s consent.
8.3. Users may update their data by emailing avaiia@gmail.com with the subject line “Update Personal Data.”
8.4. Processing ceases upon achieving its purpose, withdrawal of consent, or legal requirement.
8.5. Third-party services (e.g., payment systems) process data under their own policies; the Operator is not liable for their actions.

9. Actions Performed by the Operator

The Operator collects, records, stores, updates, uses, transfers, anonymizes, blocks, and deletes personal data, including via automated systems.

10. Cross-Border Data Transfers

10.1. The Operator must notify the authorized body before transferring data abroad.
10.2. Relevant information must be obtained from foreign recipients prior to transfer.

11. Confidentiality

The Operator and authorized parties must not disclose data without consent, unless legally required.

12. Final Provisions

12.1. Users may contact the Operator at avaiia@gmail.com for clarifications.
12.2. This Policy is effective indefinitely; updates will be posted at https://avaiia.com/privacy/.