Privacy Policy
of Individual Entrepreneur Oksana Alexandrovna Nagornaya
1. General Provisions
This Privacy Policy (hereinafter referred to as the “Policy”) determines the procedure for processing and protecting personal data of users of the website https://dr-nagornaia.ru (hereinafter referred to as the “Website”), as well as the rights of data subjects and the obligations of Individual Entrepreneur Oksana Alexandrovna Nagornaya as the personal data operator.
This Policy has been prepared in accordance with the legislation of the Russian Federation, including:
- the Constitution of the Russian Federation;
- Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data”;
- Federal Law No. 149-FZ dated July 27, 2006 “On Information, Information Technologies and Information Protection”;
- other applicable regulatory acts of the Russian Federation governing the processing and protection of personal data.
This Policy applies to all personal data received by the Data Controller from Website users when they use the Website, submit requests, fill in feedback forms, request a callback, or book a consultation.
By using the Website, the User confirms that they have read this Policy.
2. Data Controller Information
The personal data operator / Data Controller is:
Individual Entrepreneur Oksana Alexandrovna Nagornaya
OGRNIP: 326246800061879
TIN: 246522706022
Website: https://dr-nagornaia.ru
Email: sayra333m@gmail.com
Phone: +7 (923) 355-33-88
The Data Controller processes personal data in accordance with the requirements of the legislation of the Russian Federation and takes the necessary legal, organizational, and technical measures to protect personal data.
3. Terms and Definitions
For the purposes of this Policy, the following terms are used:
Personal Data means any information relating directly or indirectly to an identified or identifiable individual.
Data Controller / Operator means Individual Entrepreneur Oksana Alexandrovna Nagornaya, who independently organizes and carries out the processing of personal data and determines the purposes of such processing.
Data Subject means an individual to whom personal data relates.
Processing of Personal Data means any action or set of actions performed with personal data, including collection, recording, systematization, accumulation, storage, clarification, updating, modification, retrieval, use, transfer, provision, access, anonymization, blocking, deletion, and destruction.
Automated Processing of Personal Data means processing of personal data using computer technology.
Cookies means small text files placed on the User’s device to ensure the functioning of the Website, analyze its use, and improve the quality of services.
Website means the website available at https://dr-nagornaia.ru.
User means any person who visits or uses the Website.
4. Principles of Personal Data Processing
The Data Controller processes personal data based on the following principles:
- lawfulness and fairness;
- limitation of processing to specific, predetermined, and lawful purposes;
- prevention of personal data processing incompatible with the purposes for which personal data was collected;
- processing only personal data that is necessary to achieve the stated purposes;
- ensuring accuracy, sufficiency, and relevance of personal data;
- storing personal data no longer than required by the purposes of processing or applicable law;
- ensuring confidentiality and security of personal data.
5. Categories of Personal Data Processed
Depending on the purpose of processing, the Data Controller may process the following categories of personal data.
5.1. Data provided by the User
- name;
- phone number;
- content of a message or request submitted through Website forms.
5.2. Technical data
- IP address;
- browser information;
- operating system information;
- device information;
- browser language;
- date and time of Website visit;
- information about User actions on the Website;
- Cookies;
- other technical data automatically transmitted by the User’s device when using the Website.
The Data Controller does not intentionally collect or process special categories of personal data, including health data or biometric data, through the Website forms, unless such processing is directly required by applicable law or is separately consented to by the User.
Users are advised not to submit medical documents, diagnoses, test results, photographs, or other health-related information through general Website forms unless specifically requested through a secure and legally appropriate channel.
6. Purposes of Personal Data Processing
The Data Controller processes personal data only for lawful and predetermined purposes related to the operation of the Website and communication with Users.
Personal data may be processed for the following purposes:
Purpose of Processing Categories of Personal Data
Booking an in-person or online consultation name, phone number, message content
Processing requests submitted through feedback forms name, phone number, message content
Organizing a callback name, phone number
Contacting the User regarding booking, consultation, or information support name, phone number, message content
Ensuring proper operation of the Website IP address, Cookies, device, browser and operating system data
Analyzing Website traffic and improving Website performance Cookies, IP address, User activity data, technical device data
Ensuring Website security and preventing fraudulent or unlawful actions IP address, technical device data, User activity data
Compliance with requirements of the legislation of the Russian Federation personal data to the extent required by applicable law
The Data Controller does not make decisions producing legal consequences for the User solely on the basis of automated processing of personal data.
7. Legal Grounds for Personal Data Processing
The legal grounds for processing personal data include:
- the Constitution of the Russian Federation;
- Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data”;
- Federal Law No. 149-FZ dated July 27, 2006 “On Information, Information Technologies and Information Protection”;
- other regulatory acts of the Russian Federation;
- the voluntary consent of the Data Subject to the processing of personal data;
- actions of the User aimed at using Website functionality, including filling in forms, submitting requests, requesting a callback, and booking a consultation;
- the legitimate interests of the Data Controller in ensuring Website security, technical maintenance, and development, provided that the rights and freedoms of Data Subjects are respected.
8. Procedure and Conditions of Personal Data Processing
Personal data may be processed both with and without the use of automated tools.
When processing personal data, the Data Controller may perform the following actions:
- collection;
- recording;
- systematization;
- accumulation;
- storage;
- clarification, updating, and modification;
- retrieval;
- use;
- transfer, provision, and access in cases provided for by the legislation of the Russian Federation and this Policy;
- anonymization;
- blocking;
- deletion;
- destruction.
Personal data is processed only to the extent necessary to achieve the purposes specified in this Policy.
The Data Controller takes necessary measures to ensure that personal data is accurate and up to date, and terminates processing when the purposes of processing have been achieved or when other grounds provided by applicable law arise.
9. Transfer of Personal Data to Third Parties
The Data Controller ensures confidentiality of Users’ personal data and does not disclose it to third parties except in cases provided for by the legislation of the Russian Federation or this Policy.
For the purposes of operating the Website, providing technical support, hosting, maintaining information systems, processing User requests, analyzing Website traffic, and providing related services, the Data Controller may engage third-party service providers and may grant them access to personal data where necessary.
Such third parties may process personal data only to the extent necessary to perform their functions and must comply with the requirements of the legislation of the Russian Federation on personal data protection, as well as ensure confidentiality and security of the information received.
Personal data may be transferred to public authorities only in cases and in the manner provided for by the legislation of the Russian Federation.
The Data Controller does not make personal data publicly available and does not distribute personal data without obtaining the separate consent of the Data Subject, unless otherwise directly provided by applicable law.
10. Retention Period
Personal data is processed and stored no longer than required for the purposes of processing, unless a different retention period is established by the legislation of the Russian Federation.
Personal data shall be destroyed or anonymized in the following cases:
- the purposes of processing have been achieved;
- the need to achieve the purposes of processing no longer exists;
- the Data Subject requests destruction of personal data where there are legal grounds for such request;
- the Data Subject withdraws consent to personal data processing, unless there are other legal grounds for continued processing;
- in other cases provided for by the legislation of the Russian Federation.
11. Rights of the Data Subject
The User, as a Data Subject, has the right to:
- receive information regarding the processing of their personal data;
- request clarification, blocking, or destruction of personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing;
- withdraw consent to the processing of personal data;
- request cessation of unlawful processing of personal data;
- protect their rights and legitimate interests in accordance with the legislation of the Russian Federation.
To exercise these rights, the User may contact the Data Controller using the contact details specified in this Policy.
12. Obligations of the Data Controller
The Data Controller undertakes to:
- process personal data lawfully and fairly;
- process personal data only for the purposes specified in this Policy;
- take necessary legal, organizational, and technical measures to protect personal data;
- prevent unauthorized access to personal data;
- provide the Data Subject with information regarding the processing of their personal data in cases provided for by law;
- stop processing and destroy personal data where required by applicable law;
- comply with other obligations established by the legislation of the Russian Federation.
13. Personal Data Protection Measures
The Data Controller takes necessary legal, organizational, and technical measures to protect personal data from:
- unauthorized or accidental access;
- destruction;
- modification;
- blocking;
- copying;
- provision;
- distribution;
- other unlawful actions.
- Such measures may include:
- limiting access to personal data;
- using technical means of information protection;
- monitoring access to information systems;
- applying organizational procedures for personal data handling;
- using secure communication and storage methods where applicable;
- engaging only service providers that are required to maintain confidentiality and data security.
14. Cookies and Web Analytics Services
The Website may use Cookies, web analytics tools, and similar technologies to ensure proper operation of the Website, analyze traffic, improve user experience, and enhance security.
The detailed rules for the use of Cookies and web analytics services are set out in the separate Cookie Policy published on the Website.
By using the Website, the User may be asked to provide consent to the use of Cookies where such consent is required.
15. International Visitors
The Website may be available in English for the convenience of international visitors.
Although the Website may be accessed from outside the Russian Federation, the processing of personal data by the Data Controller is carried out in accordance with the legislation of the Russian Federation.
If the User accesses the Website from another jurisdiction, the User understands that the rules of the Russian Federation regarding the processing and protection of personal data apply to the processing described in this Policy.
16. Cross-Border Data Considerations
The Data Controller may use certain third-party services, including communication, analytics, mapping, security, or technical services, some of which may involve the transfer or access to technical data from outside the Russian Federation.
Where applicable, such processing is carried out in accordance with the requirements of the legislation of the Russian Federation.
The Data Controller takes reasonable measures to ensure that any such processing is limited to the purposes specified in this Policy and is carried out with due regard to confidentiality and security requirements.
17. Procedure for Submitting Requests
Users may submit requests related to the processing of their personal data, including requests for access, clarification, blocking, deletion, or withdrawal of consent, by contacting the Data Controller at:
Email: sayra333m@gmail.com
Phone: +7 (923) 355-33-88
Requests are reviewed within the time limits established by the legislation of the Russian Federation.
18. Changes to this Policy
The Data Controller may amend this Policy from time to time in connection with changes in legislation, Website functionality, or personal data processing procedures.
The new version of the Policy becomes effective from the moment it is published on the Website, unless otherwise specified in the updated version.
Users are encouraged to review this Policy periodically.
19. Contact Information
Data Controller:
Individual Entrepreneur Oksana Alexandrovna Nagornaya
OGRNIP: 326246800061879
TIN: 246522706022
Website: https://dr-nagornaia.ru
Email: sayra333m@gmail.com
Phone: +7 (923) 355-33-88
20. Language Disclaimer
This English version is provided for informational purposes only. In the event of any inconsistency or discrepancy between the Russian and English versions, the Russian version shall prevail.