Personal Data Processing Policy for eliaphan.ru 1. General Provisions1.1. This Personal Data Processing Policy (hereinafter — the Policy) is developed in accordance with Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” (hereinafter — 152-FZ) and defines the procedure for processing personal data and measures to ensure the security of personal data undertaken by the Operator.
1.2. This Policy applies to all personal data that the Operator may obtain about personal data subjects when using the website eliaphan.ru (hereinafter — the Site), mobile application (hereinafter — the Application), as well as when interacting with the Operator through feedback forms, email, and other communication channels.
1.3. By using the Site and/or Application, the user consents to the processing of their personal data in accordance with this Policy.
2. Operator InformationFull Name and TIN:Tarazi I.R. / TIN: 100002049004
Contacts:eliaphan@mail.ruType of Person:Self-employed
3. Legal Basis for Personal Data Processing3.1. The Operator processes personal data on the following legal grounds:
- Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”;
- User Agreement (public offer);
- Consent of the personal data subject to the processing of personal data;
- Execution of a contract to which the personal data subject is a party.
4. Categories of Subjects and Processed Personal Data4.1. The Operator processes personal data of the following categories of subjects:
Category of Subjects | Processed Personal Data |
Site Users | Last name, first name, phone number, email address (when filling out feedback forms) |
Application Users | Last name, first name, phone number, email address |
Partners (partner stores) | Last name, first name, patronymic, organization name (if any), phone number, email address |
4.2. The Operator
does not process special categories of personal data (passport data, biometric data, health data, racial and national origin, political views, religious and philosophical beliefs). In case of concluding a contract, an additional new consent is provided, specifying which data may be collected.
5. Purposes of Personal Data Processing5.1. The Operator processes personal data for the following purposes:
Purpose | Category |
Identification of users of the mobile application and website | Users |
Registration and authorization in the information system | Users |
Ensuring the functioning of the QR code scanning service | Users |
Formation and processing of the shopping cart | Users |
Transfer of data to the YooKassa payment system for payment processing | Users |
Sending electronic receipts and notifications about order status | Users |
Processing of requests received through the feedback form on the site | Users, Partners |
Maintaining statistics on service usage (in anonymized form) | Users |
Ensuring the security of data processing and preventing unauthorized access | All Subjects |
Compliance with the requirements of the legislation of the Russian Federation (including 54-FZ) | All Subjects |
6.1. Processing Methods:
- Using automation tools (computer equipment);
- Transmission over the Internet (via secure communication channels).
6.2. List of Actions with Personal Data:
- Collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction.
6.3. Transfer of Personal Data to Third Parties:
Third Party | Purpose | Legal Basis |
YooKassa LLC (TIN: 7703354480) | Payment processing, transaction processing | Necessary for contract execution |
Hosting Provider (Tilda Publishing / Reg.ru) | Ensuring the functioning of the site and application | Contract with hosting provider |
6.4. Other third parties do not have access to personal data without the consent of the subject, except in cases provided for by the legislation of the Russian Federation.
6.5. Cross-border Transfer of Personal Data:
The Operator does not carry out cross-border transfer of personal data. All data is stored on servers located on the territory of the Russian Federation.
Database #1 |
Country: Russia |
Region: Moscow |
City: Moscow |
Street: Petrovskie Linii St. |
Building: 2 |
Apt./Office: Premises 4/1 |
Organization providing storage: TILDA PUBLISHING JSC (OGRN: 1247700830354, TIN: 9707041449) |
8.1. The Operator takes the following measures to protect personal data:
Measure | Implementation |
Encryption of transmission channels | HTTPS protocol (TLS 1.2/1.3) is used |
Antivirus protection | Windows Defender is installed on the Operator’s devices |
Access control | Only the Operator has access to personal data |
Strong passwords | Passwords are at least 10 characters long, containing uppercase and lowercase letters, numbers, and special characters |
Two-factor authentication | Enabled for access to critical services (email, hosting, YooKassa) |
Password hashing | User passwords are stored in encrypted form (bcrypt algorithm) |
Backup | Daily backup of databases is performed |
8.2. In case of detection of a personal data leak, the Operator undertakes to:
- Notify personal data subjects within 72 hours.
9. Terms of Personal Data Processing and Storage9.1. Personal data is processed for the entire duration of the User Agreement, but not more than 5 years from the date of the last interaction with the user.
9.2. Processing of personal data is terminated upon the occurrence of one of the following conditions:
- Withdrawal of the personal data subject’s consent;
- Deletion of the user account by the user;
- Achievement of the purposes of personal data processing;
- Termination of the Operator’s activities.
- 9.3. After the termination of processing, personal data is destroyed within 30 days, unless otherwise provided by the legislation of the Russian Federation.
10. Rights of Personal Data Subjects10.1. The personal data subject has the right to:
Right | Implementation |
Obtain information about the processing of their data | Send a request to eliaphan@mail.ru |
Request clarification, blocking, or destruction of data | Send a request to email |
Withdraw consent to the processing of personal data | Send a notice of withdrawal of consent |
10.2. All requests are considered within 10 business days from the date of receipt. In some cases, more time may be required.
11. Consent to the Processing of Personal Data11.1. By continuing to use the Site and/or Application, as well as by filling out feedback forms, the user confirms that:
- They are familiar with this Policy;
- They understand what personal data is processed and for what purposes;
- They consent to the processing of their personal data under the terms set out in this Policy.
- 11.2. Consent may be withdrawn by sending a written notice to the Operator’s email address: eliaphan@mail.ru
12. Final Provisions12.1. This Policy is a publicly available document and is posted on the Site at:
https://eliaphan.ru/policy12.2. The Operator has the right to make changes to this Policy. The new version of the Policy comes into force from the moment of its posting on the Site.
12.3. Compliance with the requirements of this Policy is monitored by the Operator independently.
13. Contact InformationPlease contact
eliaphan@mail.ru to resolve any issues.
