1. TERMS AND DEFINITIONS
1.1. The following key terms and definitions are used in this Policy:
1.1.1. Personal Data Operator - Golden Rule LLC, which, independently or jointly with other entities, organizes and/or processes personal data, and determines the purposes of processing personal data, the composition of personal data, and the actions performed with it.
1.1.2. Personal data - any information relating directly or indirectly to an identified or identifiable individual.
1.1.3. Personal data processing - any action (operation) or set of actions with personal data, performed with or without the use of automated means, including collection, recording, systematization, accumulation, storage, clarification, retrieval, use, transfer, depersonalization, blocking, deletion, and destruction.
1.1.4. Automated processing of personal data - the processing of personal data using computer technology.
1.1.5. Blocking of personal data means temporarily suspending the processing of personal data, except in cases where processing is necessary to clarify the personal data.
1.1.6. Anonymization of personal data means actions that make it impossible to determine the ownership of personal data by a specific data subject without the use of additional information.
1.1.7. Provision of personal data means actions aimed at disclosing personal data to a specific person or group of persons.
1.1.8. Dissemination of personal data means actions aimed at disclosing personal data to an indefinite group of persons.
1.1.9. Destruction of personal data means actions that make it impossible to restore the contents of personal data in the personal data information system and/or that result in the destruction of tangible media containing personal data.

2. GENERAL PROVISIONS
2.1. This Policy defines the procedure for processing personal data and measures to ensure the security of personal data at Golden Rule LLC.
2.2. This Policy has been developed in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ of July 27, 2006, "On Personal Data," and other applicable laws and regulations of the Russian Federation.
2.3. This Policy applies to all personal data the Operator receives from users of the zolotoe-pravilo.ru website, including when completing application forms, price requests, callbacks, and feedback requests.
2.4. This Policy is a publicly available document and must be posted on the Operator's website.

3. PRINCIPLES OF PERSONAL DATA PROCESSING
3.1. Personal data is processed lawfully and fairly.
3.2. Personal data processing is limited to achieving specific, predetermined, and legitimate purposes.
3.3. Processing of personal data incompatible with the purposes for which it was collected is prohibited.
3.4. The content and volume of personal data processed correspond to the stated processing purposes and are not excessive.
3.5. When processing personal data, the accuracy, sufficiency, and, where necessary, relevance of personal data are ensured.
3.6. Personal data is stored for no longer than required for the purposes of processing the personal data, unless another period is established by federal law or agreement.

4. CATEGORIES OF SUBJECTS AND COMPOSITION OF PROCESSED PERSONAL DATA
4.1. The Operator may process the personal data of the following categories of subjects:
- Website users;
- Persons submitting inquiries and price requests;
- Persons requesting a callback;
- Persons submitting reviews;
- Persons who have given separate consent to receive advertising and informational messages.
4.2. The Operator may process the following personal data:
- Last name, first name, patronymic;
- First name;
- Telephone number;
- Email address;
- Company name;
- Comments, text of the message;
- Files uploaded by the user through website forms.
4.3. Technical data regarding website users may also be processed, including IP addresses, browser and device information, cookies, date and time of visit, addresses of requested pages, and other data obtained using the Yandex.Metrica service.

5. PURPOSES AND LEGAL BASIS FOR PERSONAL DATA PROCESSING
5.1. Personal data is processed for the following purposes:
- reviewing and processing user applications, requests, and inquiries;
- preparing a response to a price request;
- organizing a callback;
- processing and recording reviews, including reviews published on the website at the Operator's discretion;
- receiving and processing files attached by the user to the request;
- ensuring website operation and analyzing its usage;
- sending advertising and informational messages via email, SMS, WhatsApp, Telegram, MAX, and phone calls - with the separate consent of the subject.

6. TERMS AND METHODS OF PERSONAL DATA PROCESSING
6.1. The Operator processes personal data both with and without the use of automated tools.
6.2. The Operator has the right to collect, record, systematize, accumulate, store, clarify (update, modify), extract, use, transfer (provide, access), depersonalize, block, delete, and destroy personal data.
6.3. The Operator has the right to outsource the processing of personal data to third parties under a contract, including those responsible for the operation of the Tilda platform website, the functioning of website forms, CRM, web analytics, technical support, and website maintenance.
6.4. Personal data is transferred to third parties only to the extent necessary to achieve the purposes of personal data processing, and subject to such third parties' compliance with the requirements of Russian Federation legislation on personal data.
6.5. The Operator and other persons who have gained access to personal data are obligated not to disclose or distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.
6.6. When collecting personal data of citizens of the Russian Federation, the Operator shall ensure the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of such personal data using databases located within the Russian Federation.
6.7. Decisions that generate legal consequences for the personal data subject or otherwise affect their rights and legitimate interests, based solely on the automated processing of personal data, are permitted only in cases stipulated by Russian Federation law.

7. PERIODS OF PROCESSING AND STORAGE OF PERSONAL DATA
7.1. Personal data shall be processed until the processing purposes are achieved or until the personal data subject revokes their consent, unless otherwise provided by Russian Federation law.
7.2. Upon achievement of the processing purposes or when the need for achieving them is no longer necessary, personal data shall be destroyed or anonymized, unless otherwise provided by Russian Federation law.

8. RIGHTS OF THE PERSONAL DATA SUBJECT
8.1. The personal data subject decides to provide their personal data voluntarily, of their own free will, and in their own interests.
8.2. The personal data subject has the right to receive information regarding the processing of their personal data, including information on the legal grounds and purposes of processing, the composition of the data being processed, the processing and storage periods, and the persons to whom the personal data may be disclosed.
8.3. The personal data subject has the right to request clarification of their personal data, its blocking, or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated processing purpose.
8.4. The personal data subject has the right to revoke consent to the processing of personal data, as well as separate consent to receive advertising and informational messages.
8.5. The personal data subject has the right to appeal the actions or inactions of the Operator to the authorized body for the protection of the rights of personal data subjects or in court.

9. OPERATOR'S RESPONSIBILITIES
9.1. The Operator is obliged to provide the personal data subject, upon request, with information regarding the processing of their personal data, or, on legitimate grounds, provide a reasoned refusal.
9.2. The Operator is obliged to take measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the legislation of the Russian Federation on personal data.
9.3. At the request of the personal data subject, the Operator is obliged to clarify the personal data being processed, block, or delete it in cases stipulated by the legislation of the Russian Federation.
9.4. If the personal data subject revokes their consent to the processing of personal data, the Operator will cease processing and destroy the personal data, or ensure such processing is terminated and the personal data is destroyed within the timeframes established by Russian Federation law, unless otherwise provided by law.

10. MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA
10.1. The Operator will take the necessary legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, and other illegal actions in relation to the personal data.

10.2. The security of personal data is achieved, in particular, by restricting access to personal data, identifying security threats, using the necessary information security tools, recording information carriers, and monitoring the measures taken.

11. PROCEDURE FOR APPLYING BY A PERSONAL DATA SUBJECT
11.1. A request, demand, notice of consent revocation, or other communication may be sent to the Operator by email at info@zolotoe-pravilo.ru or by mail to: 108815, Moscow, Filimonkovsky District, Maryino Settlement, Building 4, P.O. Box 985.
11.2. It is recommended that the request be formatted in such a way as to clearly identify the applicant, their contact information for feedback, and the nature of the request.

12. FINAL PROVISIONS
12.1. The Operator reserves the right to amend this Policy. The new version of the Policy shall take effect from the moment it is posted on the Operator's website, unless otherwise provided in the new version.
12.2. The current version of the Policy is always available on the Operator's website.