PERSONAL DATA PROCESSING POLICY
Promakeup LLC
(version dated “07” January 2026)
1. General Provisions
1.1. This Policy defines the procedure and conditions for the processing of personal data and the measures taken to ensure the security of personal data by Promakeup LLC (hereinafter, the Operator).
1.2. This Policy has been developed in accordance with the requirements of Federal Law No. 152-FZ “On Personal Data”. In particular, the Operator ensures the observance of data subject rights, including the right to access, rectify, block and destroy personal data, and also implements the necessary legal, organizational and technical protection measures.
1.3. The Operator publishes this Policy publicly on its website / in its application (if any).
2. Information about the Operator
Operator: Promakeup Limited Liability Company (“Promakeup” LLC)
Taxpayer Identification Number (INN): 9713011844
Registered address: 127247, Moscow, Dmitrovskoe Highway, 107A, Bldg. 4
Contacts for personal data matters:
- e-mail: askme@pmkl.ru
- postal address for requests: 127247, Moscow, Dmitrovskoe Highway, 107A, Bldg. 4
3. Terms
The terms used in this Policy have the meanings set out in Federal Law No. 152-FZ (personal data, processing, operator, dissemination, provision, blocking, destruction, cross-border transfer, etc.).
4. Principles and Legal Grounds for Processing
4.1. Personal data is processed lawfully and fairly and is limited to achieving specific, pre-determined and lawful purposes.
4.2. Legal grounds for processing may include:
- the data subject’s consent;
- the necessity to perform a contract to which the data subject is a party and/or beneficiary;
- compliance with legal obligations.
4.3. Important: consent to the processing of personal data is executed separately from other documents/information signed or confirmed by the data subject.
5. Categories of Data Subjects and Purposes of Processing
The Operator may process personal data of the following categories of data subjects (to the extent necessary for the purposes):
5.1. Website/application visitors:
- providing access to functionality, operation of feedback forms, consultations;
- ensuring security and preventing fraud;
- improving service quality, website analytics;
5.2. Clients (customers) / personal account users:
- registration and account administration;
- order placement, payment, delivery / pickup, returns;
- support, processing requests and claims;
- informing about order status (email / SMS / messengers — where applicable and subject to legal requirements).
5.3. Contractors and representatives of contractors:
- conclusion and performance of contracts, document flow, settlements, claims management.
5.4. Job applicants / employees:
- recruitment, HR records management, compliance with labour legislation.
6. Scope of Personal Data Processed
6.1. The Operator processes personal data provided by the data subject directly, as well as data generated when using the website/service.
6.2. Depending on the purposes, the following personal data may be processed:
- full name;
- contact details (phone number, e-mail);
- delivery address;
- information about orders / requests;
- service identifiers (login, user ID);
- technical data (IP address, cookies, browser/device information) — when using the website.
7. Processing Conditions, Storage, and Destruction
7.1. Processing includes the following actions: collection, recording, systematization, accumulation, storage, updating (rectification), use, transfer (provision/access), blocking, deletion, destruction.
7.2. Retention periods are determined by the purposes of processing, statutory document retention periods and/or the term of the relevant contracts. Upon achievement of the purposes, personal data is destroyed or anonymized unless otherwise required by law.
7.3. Localization: when collecting personal data of citizens of the Russian Federation via the Internet, recording/systematization/accumulation/storage and other actions using databases located outside the Russian Federation are not permitted, except as provided by law.
8. Transfer of Personal Data to Third Parties
8.1. The Operator may entrust the processing of personal data to processors (contractors) and may also transfer personal data to third parties to the extent necessary for the purposes of processing and where there is a legal basis (e.g., for delivery, payment processing, IT support).
8.2. When engaging contractors, the Operator ensures that confidentiality and personal data security obligations are included in the relevant contracts.
8.3. I also agree that Promakeup LLC has the right to transfer to T-Pokupki LLC (OGRN 1237700231449, INN 7743414212, Address: 125212, Moscow, Golovinskoye sh., 5, bld. 1, office 193) all of my personal data that is in the possession/access of Promakeup LLC.
9. Cross-Border Transfer
9.1. Cross-border transfer of personal data is carried out only when necessary and in compliance with legal requirements.
9.2. Before commencing a cross-border transfer, the Operator must submit to the authorized authority a notification of its intention to carry out such transfer, separately from the notification of personal data processing.
10. Cookies and Analytics
10.1. Cookies and similar technologies may be used on the website for the proper operation of the website, security, and analytics.
10.2. The data subject may restrict the use of cookies in the browser settings; however, some website functions may not work correctly.
11. Data Subject Rights and Request Procedure
11.1. The data subject has the rights provided by law, including the right to:
- receive information about the processing, including legal grounds and purposes;
- request rectification / blocking / destruction of personal data on the grounds established by law.
11.2. Requests shall be sent to the e-mail/postal address specified in Section 2.
11.3. The response time is as provided by law (generally, 10 business days with a possible extension of up to 5 business days upon a reasoned notice).
11.4. Withdrawal of consent is carried out by sending a notice to the Operator.
12. Notification to Roskomnadzor
12.1. Before starting personal data processing, the Operator notifies the authorized authority of its intention to process personal data, unless statutory exceptions apply.
13. Personal Data Security Measures
13.1. The Operator implements the necessary legal, organizational and technical measures to protect personal data from unlawful/accidental access, destruction, alteration, blocking, copying, provision, dissemination and other unlawful actions.
13.2. Internal measures may include: access control and segregation, activity logging/control, employee training, internal audits and control, etc.
14. Final Provisions
14.1. This Policy is effective indefinitely until replaced by a new version.
14.2. The Operator may update this Policy; the current version is published on the website.
14.3. Matters not regulated by this Policy are governed by the legislation of the Russian Federation.