1.1 This Policy regarding personal data processing (hereinafter - the Policy) of the individual entrepreneur Kuzmichev Aleksandr Andreyevich (individual taxpayer number: 781301819740, main state registration number of the individual entrepreneur: 313784702500631) defines the procedure of personal data processing and measures to ensure the security of personal data placed on the website at https://www.29.agency/en (hereinafter - the Site), which the Operator, as well as visitors and Users of the Site (within the limits allowed by the Policy and the complex of services of the Site) can obtain about the User during the use of the Site its services, programmes and products in order to protect the rights and freedoms of a person and citizen during the processing of his/her personal data, including the protection of the rights to privacy, personal and family secrecy. The Policy is developed in compliance with the requirements of paragraph 2, part 1, article 18.1 of the Federal Law dated 27.07.2006 No. 152-FZ ‘On Personal Data’ (hereinafter referred to as the Personal Data Law) in order to ensure the protection of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family secrecy.
1.2 This Policy applies exclusively to the Site. The Operator does not control and is not responsible for third party websites, to which the User can access via links available on the Site.
1.3 The Operator's processing of personal data of other categories of personal data subjects is regulated by separate local regulatory acts of the Operator.
1.4 This Policy comes into force from the moment of its approval and is valid for an indefinite period of time until it is replaced by a new Policy.
1.5 The Operator has the right to make changes to this Policy. The new version of the Policy comes into effect from the moment of its posting on the Site.
1.6 The Policy applies to the relations in the field of personal data processing that have arisen for the Operator both before and after the approval of this Policy.
1.7 Pursuant to the requirements of Article 18.1, paragraph 2 of the Personal Data Law, this Policy is published in free access in the information and telecommunication network Internet on the Operator's website at: https://www.29.agency/en/privacy
1.8 Control over the fulfilment of the requirements of this Policy shall be exercised directly by the Operator.
1.9 Responsibility for violation of requirements in the field of personal data processing and protection is determined in accordance with the legislation of the Russian Federation.
1.20. This Policy (sections 1-13) applies to Users from the Russian Federation. In case of visiting the Site by Users from the European Union, processing of personal data of such Users is carried out in accordance with Section 14 ‘Personal Data Processing Policy under GDPR’.

2.1 The following terms are used in this Policy:
2.1.1 Personal data information system - a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2.1.2 Processing of personal data - any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematisation, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalisation, blocking, deletion, destruction of personal data.
2.1.3 Depersonalisation of personal data - actions as a result of which it is impossible to determine without using additional information whether personal data belong to a particular User or other subject of personal data.
2.1.4. Personal Data Operator (also Operator) - Individual Entrepreneur Aleksandr Andreyevich Kuzmichev (main state taxpayer registration number (OGRNIP) 313784702500631), including authorised employees for the management of the Site, acting on behalf of IE Kuzmichev A.A., who organise and (or) carry out the processing of personal data, as well as determine the purposes of personal data processing, the scope of personal data to be processed, actions (operations) carried out with personal data;
2.1.5 Personal Data - any information relating to a directly or indirectly defined or identifiable natural person (subject of personal data);
2.1.6. Site User (also User) - any legally capable natural person, who has reached the age of consent to enter into a user agreement in accordance with the laws of the Russian Federation, visiting the Site and using information, materials and (or) services of the Site, including, but not limited to, browsing the Site pages, downloading files, registering on the Site, participating in forums, sending messages, etc., in accordance with the terms and conditions of the User Agreement posted on the Site.
2.1.7 Cookies - a small piece of data that the Site requests from the browser used on the Visitor's computer or mobile device. Cookies reflect the Visitor's preferences or his/her actions on the Site, as well as information about his/her equipment, date and time of the session. Cookies are stored locally on the Visitor's computer or mobile device. The Visitor can delete stored cookies in the settings of the respective browser.
2.1.8. IP address - a unique network address of a node in a computer network through which the User accesses the Site.
2.1.9. Website on the Internet - a set of programmes for electronic computers and other information contained in an information system, access to which is provided through the information and telecommunications network ‘Internet’ (hereinafter - the Internet) by domain names and (or) network addresses that allow identification of sites on the Internet;
2.1.10. The owner of the website on the Internet (hereinafter referred to as the Owner) - individual entrepreneur Aleksandr Andreyevich Kuzmichev.

3.1 The legal bases of personal data processing are:
3.1.1.Federal legislation of the Russian Federation regulating relations in the field of personal data, specifically:
● Federal Law dated 27.07.2006 No. 152-FZ ‘On Personal Data’;
● Federal Law dated 27.07.2006 No. 149-FZ ‘On Information, Information Technologies and Information Protection’.
3.1.2 Contractual obligations arising between the individual entrepreneur Kuzmichev A.A. and the subject of personal data.
3.1.3. Consent of the subject of personal data obtained in accordance with the requirements of Article 9 of the Federal Law of 27.07.2006 No. 152-FZ ‘On Personal Data’

4.1 Processing of personal data is carried out with the User's consent to the processing of his/her personal data.
4.1.1 Users of the Site provide their consent to the processing of their personal data voluntarily and knowingly in the following cases:
- when authorising via social networks;
- when filling out the feedback form on the Site;
- when subscribing to the newsletter;
- when sending feedback;
- when registering and identifying on the Site;
- when using the Site in any way.
4.2 If the User does not agree with the terms of this Policy, the use of the Site shall be immediately terminated.
4.3 The Operator performs the following actions with personal data: collection, recording, systematisation, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction.
4.4 Storage of personal data is carried out in a form that allows to identify the subject of personal data no longer than required by the purposes of personal data processing.
4.5 The conditions for termination of personal data processing may be the achievement of the purposes of personal data processing, expiration of the term of personal data processing, withdrawal of the consent of the Site User to the processing of his/her personal data, as well as detection of unlawful processing of personal data.
4.6 The period of storage and processing of personal data is limited by the purposes of personal data processing. The User may withdraw his/her consent to the processing of personal data at any time by sending a notice to the Operator by e-mail to the Operator's e-mail address weare@29.agency marked ‘Withdrawal of consent to the processing of personal data’.
4.7. The User consents to receive from the Operator/Owner sms-messages, as well as other types of mailings and notifications of informational nature (oral and written), using any means of communication, including but not limited to the following: e-mail, telephone, postal mailings. This consent is valid from the date of registration of the User on the Site.
4.8 This consent may be withdrawn by the User at any time by sending a notice by e-mail to weare@29.agency. Taking into account that this consent is necessary for the correct functioning of the Site, in case of withdrawal of consent under this paragraph, the User has the right to restrict access to the Site.
4.9 By providing their personal data, the User confirms that:
- Is a legally capable person in accordance with the legislation of the Russian Federation. In case of incapacity of the person using the Site, the consent to the processing of personal data shall be provided by his/her legal representative who has read and accepted the terms of this Policy.
- The User shall provide accurate and up-to-date information about himself/herself or about the represented incapacitated person. The User is responsible for providing inaccurate information.
- The User realises that the information posted on the Site may be available to other Users and may be copied and distributed by them in accordance with the functionality of the Site and the terms of this Policy.

5.1 Only personal data that corresponds to the purposes of their processing shall be processed.
5.2 The personal data of the Site Users shall be processed for the following purposes:
5.2.1. providing contact with the User of the Site, including sending notifications, requests and their processing, as well as processing of requests and applications from the User for the purpose of further conclusion and execution of the contract;
5.2.2. receiving and publishing feedback;
5.2.3. conclusion of contracts and fulfilment of the Operator/Owner obligations to the User according to them
5.2.4. personnel recruitment
5.2.5. maintaining statistics and analysing the work of the Site.
5.2.6. posting on the Site, in official groups of social networks and other communities of the Operator/Owner on the Internet, other advertising and information sources, for purposes not related to the identification of the User.
5.2.7. improving the quality of the User's service and modernising the Site by processing requests and applications from the User, as well as for the purpose of recording telephone conversations with the Operator/Owner to improve the quality of service and to preserve evidence in the event of disputes between the Operator/Owner and the User.
5.2.8. sending promotional messages, newsletters about the products and services of the Operator/Owner and its partners, special offers, promotions, drawings, contests, surveys to the User's email address via postal mail, SMS messages, push notifications. The User may opt out of receiving information messages by sending a letter to the Operator to the e-mail address weare@29.agency with the notation ‘Cancellation of notifications about new products and services and special offers’ or by unsubscribing from receiving such messages via the functionality of the message itself.

6.1. The Operator processes, using automation tools, including but not limited to, the following personal data:
• last name, first name, patronymic;
• telephone number;
• e-mail address;
• other personal data that the User provides on his/her own.
6.2. To maintain statistics and analyze the operation of the Site, the Operator processes the following data using metric services (Yandex Metrica):
• IP-address;
• information about the browser;
• data from cookies;
• access time;
• referrer (previous page address).
6.3. Anonymized data of Users collected using Internet statistics services, used to collect information about the actions of Users on the Site, improve the quality of the Site and its content.
6.4. The Operator processes anonymized data about the User if this is permitted in the User's browser settings (the storage of cookies and the use of JavaScript technology are enabled).
6.4.1 In case of refusal to process cookies, the User must stop using the Site or disable the use of cookies in the browser settings, in which case some functions of the Site may become unavailable.
6.5. Processing of biometric personal data and special categories of personal data is not carried out on the Site.
6.6. The Operator does not check the accuracy of the information provided by the User and assumes that the User provides accurate and sufficient information, and controls its relevance unless otherwise provided by law.

7.1. The security of personal data processed by the Operator is ensured by the implementation of legal, organizational, technical and software measures necessary and sufficient to meet the requirements of the legislation of the Russian Federation.
7.2. The User's personal data will not be transferred by the Operator to third parties, except in cases related to compliance with applicable law.
7.3. The Operator shall take the following measures to ensure the security of personal data:
• appointment of persons responsible for organizing the processing and ensuring the protection of personal data;
• limiting the number of the Operator's employees who have access to personal data;
• determining the level of security of personal data when processing personal data in information systems;
• establishing rules for restricting access to personal data processed in personal data information systems and ensuring the registration and accounting of all actions performed with personal data;
• restricting access to premises where the main technical means and systems of personal data information systems are located and where non-automated processing of personal data is carried out;
• organizing the backup and restoration of the operability of personal data information systems and personal data modified or destroyed due to unauthorized access to them;
• establishing requirements for the complexity of passwords for access to personal data information systems;
• implementing anti-virus control, preventing the introduction of malicious programs (virus programs) and software back-ups into the corporate network;
• organizing timely updates of software used in personal data information systems and information security tools;
• conducting regular assessments of the effectiveness of measures taken to ensure the security of personal data;
• detecting instances of unauthorized access to personal data and taking measures to establish the causes and eliminate possible consequences;
• monitoring the measures taken to ensure the security of personal data and the levels of protection of personal data information systems.

8.1. The Site User has the right to receive information regarding the processing of his/her personal data, including the following:
- confirmation of the fact of personal data processing by the Operator;
- legal basis and purposes of personal data processing;
- methods of personal data processing used by the Operator;
- name and location of the Operator, information about persons (except for the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;
- processed personal data related to the relevant personal data subject, the source of their receipt, unless another procedure for submitting such data is provided for by federal law;
- terms of personal data processing, including their storage periods;
- the procedure for the exercise by the personal data subject of the rights stipulated by the Federal Law "On Personal Data";
- information on the completed or proposed cross-border transfer of personal data;
- the name or last name, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be entrusted to such person;
- other information provided for by the Federal Law "On Personal Data" or other federal laws.
8.2. The User has the right to demand that the Operator clarify his personal data, block it or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also to take measures provided by law to protect his rights.
8.3. All questions regarding the processing of personal data should be reported to: weare@29.agency.

The User bears full responsibility for compliance with the requirements of the current legislation of the Russian Federation, including laws on advertising, on the protection of copyright and related rights, on the protection of trademarks and service marks, but not limited to the above, including full responsibility for the content and form of materials, in the event of citation and other use.

10.1. The Operator processes personal data based on the following principles:
- legality and fair basis;
- limiting the processing of personal data to achieving specific, predetermined and legitimate purposes;
- preventing the processing of personal data incompatible with the purposes of collecting personal data;
- preventing the merging of databases containing personal data processed for purposes incompatible with each other;
- processing only those personal data that meet the purposes of their processing;
- compliance of the content and volume of the processed personal data with the stated purposes of processing;
- preventing the processing of personal data that is excessive in relation to the stated purposes of their processing;
- ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of processing personal data;
- destruction or depersonalization of personal data upon achieving the purposes of their processing or in the event of loss of need to achieve these purposes, receipt of a request from Users to destroy personal data, receipt of a User's withdrawal of consent to the processing of personal data.
10.2 The Operator processes Users' personal data (recording, systematisation, accumulation, storage, clarification (update, change), extraction) using databases on the territory of the Russian Federation.
10.3 Processing of Users' personal data is performed by the Operator both with and without the use of automated means.
10.4 The Operator and other persons who have obtained access to personal data are obliged not to disclose to third parties and not to disseminate personal data without the consent of the subject of personal data, unless otherwise provided for by federal law.
10.5 Storage of personal data is carried out within the period established by the legislation of the Russian Federation on archiving. Personal data shall be stored (depending on which event occurs first):
- until their destruction by the Operator in case the User withdraws consent to the processing of personal data or requests the destruction of personal data;
- until the consent expires.
10.6 The Operator has the right to transfer personal data in accordance with the requirements of the legislation of the Russian Federation or the consent of the subject of personal data processing to third parties, namely:
10.6.1 Partners, such as website and application owners, advertising networks and other partners that provide the Operator with services related to the placement and display of advertisements on websites, programmes, products or services owned or controlled by such partners;
10.6.2. Partners engaged by the Operator to provide services to Users on the platform at https://www.29.agency/en
10.6.3. Partners to provide Users with specialised offers to conclude contracts.
10.7 The transfer of personal data to third parties specified in clause 10.6 of the Policy is carried out under the following conditions:
- The third party carries out processing of personal data using databases on the territory of the Russian Federation.
- The third party ensures confidentiality of personal data during their processing and use; undertakes not to disclose to other persons, as well as not to distribute personal data of Users without their consent.
- The third party guarantees compliance with the following measures to ensure the security of personal data during their processing: use of information protection means; detection and recording of facts of unauthorised access to personal data and taking measures to restore personal data; restriction of access to personal data; registration and accounting of actions with personal data; control and evaluation of the effectiveness of the applied measures to ensure the security of personal data. The third party is prohibited to transfer and disseminate personal data.

11.1 The User of personal data has the right to demand from the Operator to update his/her personal data, block or delete them, if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take measures provided by law to protect his/her rights.
11.2 If the User of personal data withdraws his/her consent to the processing of his/her personal data, the Operator undertakes to cease processing or ensure the cessation of such processing and, if the preservation of personal data is no longer required for the purposes of personal data processing, to delete the personal data or ensure their destruction within a period not exceeding thirty days from the date of receipt of the said withdrawal.
11.3 If it is not possible to delete personal data within the period specified in subparagraphs 8.4, 8.5, 8.6 of this Policy, the Operator shall block such personal data or ensure their blocking and ensure destruction of personal data within a period not exceeding six months, unless another period is established by federal laws.

12.1 Users have the right to send to the Operator their requests, including requests regarding the use of their personal data, stipulated in clause 11.1 of this Policy, in the form of an electronic document to the email address: weare@29.agency.
12.2 The Operator undertakes to consider and send a response to the received user's request within 30 days from the date of receipt of the request.
12.3 All correspondence received by the Operator from the users (requests in electronic form) is classified as restricted information and shall not be disclosed without the written consent of the User. Personal data and other information about the User who sent the enquiry may not be used without the User's special consent, except for answering the subject of the received request or in cases directly stipulated by the legislation.

13.1 The Operator has the right to amend this Policy unilaterally in case of changes in the regulatory legal acts of the Russian Federation, as well as at its own discretion.
13.2 Control over the fulfilment of the requirements of this Policy shall be exercised by the person responsible for the organisation of personal data processing.
13.3 Persons guilty of violating the norms governing the processing and protection of personal data shall bear material, disciplinary, administrative, civil or criminal liability in accordance with the procedure established by the legislation of the Russian Federation.

14.1. What is this policy about?
• We strive to provide you with the most accessible and at the same time full information about the personal data that we collect and the ways we process it.
• We will use the personal data and other information you provide for the purposes described in our Policy, including delivery of the services you have requested and the products you ordered to you, and enhancing your experience with us. We process only the required minimum of  the personal data.
• We will also use this information to help us better understand you and your needs so that the products we offer are best suited to your interests.
• If you tell us that you do not want to receive promotional messages, we will not send them to you. It goes without saying that refusal to receive promotional/advertising messages does not deprive you of the opportunity to receive important messages about the ordered product or the services provided, you will continue to receive such messages.
• The personal data you provide are protected and we are taking all necessary measures to protect it. But if a breach happens, and your personal data is compromised, we will inform you about the breach and the counter measures taken to repair it.
• If you find that your personal data is not accurate – you can write to us, and we will correct it.
• If you no longer want us to process your personal data and let us know, we will stop doing this. But if the law obliges us to continue processing and/or storing your data, we will comply with the law and will inform you about our obligations.
• We respect your rights to exercise control over your personal data.
Below is the full text of the Policy where we explain in more detail the types of personal information (personal data) we collect, how we collect it, what we can use it for and with whom we can share it, how you can influence it, and other important issues.
We tried to make the text of the Policy as clear and simple as possible, but we could not avoid some legal language necessary for  the most accurate description of terms.
If after reading our Privacy Policy you still have questions, you can write to us at the e-mail address: weare@29.agency.
14.2. Who processes your personal data.
This Personal Data Privacy Policy (hereinafter – the Privacy Policy) is established in accordance with the General Data Protection Regulation (GDPR) in order to regulate  personal data processing and describes the measures taken to ensure the security of personal data collected by the Owner identified in Section 15. For the purposes of the definition of duties under the GDPR, the aforementioned person is considered the “Data Controller”.
14.3. What do we mean by personal data?
Personal data – data that identifies you or can be used to identify you, for example, your name and contact information. There may also be other information about how you use our Site.
We do not verify the accuracy of the data you provide, we trust you and assume that you are telling the truth about yourself.
14.4. When and how does this Privacy Policy apply?
14.4.1. This Privacy Policy applies to personal data about you that we collect, use and otherwise process, not only when you are our client (Customer), but also when you are exploring our site (as a User).
Let's explain that:
Site – a set of graphic and information materials, as well as computer programs and databases, ensuring their availability on the site on the Internet at the address: www.29.agency and on all subdomains created on its basis.
User – a person to whom the relevant personal data relates, viewing the content of the Site and/or using the functionality of the Site.
Customer – any capable person who has made the order by using Site.
14.4.2. The current version of the Privacy Policy is posted on the Site at: https://www.29.agency/en/privacy. Before using our Site, you should read the Privacy Policy, and if its conditions are unacceptable to you, refrain from transferring personal data to us.
If you transfer your personal data, it means unconditional acceptance of the terms of this Privacy Policy and the conditions for processing personal data and the purposes of processing specified in it. But you have the right to withdraw consent, more on that below.
14.4.3. The privacy policy (including any of its parts) can be changed by the Data Controller, and we will immediately publish it on the Site for public review. The new edition of the Privacy Policy comes into force from the moment it is posted on the Site. If you do not agree with the new terms of the Privacy Policy, refrain from transferring personal data.
14.4.4. We are committed to protecting and respecting your privacy and will continue to do so with any changes we make to this Privacy Policy.
14.4.5. Using the Site and its services, applying a web browser that accepts data from cookies means your consent to the fact that the Data Controller can collect and process data from cookies in order to improve the Site, its content, and its functionality. Disabling and/or blocking your web browser option for receiving data from cookies means that your use of the Site may be limited, in particular, in terms of some of its functions.
Let's explain that:
Cookies are a small piece of data sent by a web service and stored on your computer, which the browser sends to the web server each time in an HTTP request when trying to open the page of the corresponding site.
14.5. When do we collect your personal data?
We collect personal data about you whenever you use our services in any form. Most often these cases are: when you make an order, when you contact our specialists and when you use our Site, specifically:
- when authorising via social networks;
- when filling out the feedback form on the Site;
- when subscribing to the newsletter;
- when sending feedback;
- when registering and identifying on the Site;
- when using the Site in any way.
14.6. Do we collect ‘sensitive personal data’?
Some types of personal data, for example, about race, ethnicity, health, are special categories of data that require additional protection in accordance with the legislation of the European Union. Processing of biometric personal data and special categories of personal data is not carried out on the Site.
14.7. Purposes of processing and types of personal data about Users/Customers that the Data Controller receives and processes.
14.7.1. Types of personal data:
14.7.1.1. Personal data posted by Users. These may include, in particular:
- last name, first name, patronymic;
- telephone number;
- email address;
- other personal data that the User provides on his/her own.
It is forbidden for the User to provide personal data of third parties without the consent received from them for such a transfer, or if such personal data of third parties were not obtained by the User himself from publicly available sources of information.
14.7.1.2. Data automatically transmitted to the Site in the process of this data using the software installed on the User's device, incl. IP-address, data from cookies, information about the browser, operating system, access time, search requests of the User, referrer (previous page address).
Let's explain that:
IP-address is a unique network address of a node in a computer network through which you get access to the Site.
14.7.2. We collect and process only that information about Users, incl. their personal data, which is related to the achievement of the following goals:
- providing contact with the User of the Site, including sending notifications, requests and their processing, as well as processing of requests and applications from the User for the purpose of further conclusion and execution of the contract;
- receiving and publishing feedback;
- conclusion of contracts and fulfilment of the Controller's obligations to the User according to them
- personnel recruitment
- maintaining statistics and analysing the work of the Site.
- posting on the Site, in official groups of social networks and other communities of the Controller on the Internet, other advertising and information sources, for purposes not related to the identification of the User.
- improving the quality of the User's service and modernising the Site by processing requests and applications from the User, as well as for the purpose of recording telephone conversations with the Controller to improve the quality of service and to preserve evidence in the event of disputes between the Controller and the User.
- sending promotional messages, newsletters about the products and services of the Controller and its partners, special offers, promotions, drawings, contests, surveys to the User's email address via postal mail, SMS messages, push notifications. The User may opt out of receiving information messages by sending a letter to the Controller to the e-mail address weare@29.agency with the notation ‘Cancellation of notifications about new products and services and special offers’ or by unsubscribing from receiving such messages via the functionality of the message itself.
If it is necessary to use personal information about Users for purposes not provided for by the Privacy Policy, we request the User's consent to such actions.
14.8. When do we send you promotional (advertising) messages?
If you give your consent, we will occasionally send you promotional messages about our products and services.
We respect your right to opt out of receiving promotional messages as set out above.
14.9. Legal basis for data processing.
14.9.1. We process your personal data only if we have a legal basis to do it. This basis will depend on the reasons for which we collect and process your personal data.
14.9.2. Most often, the basis for data processing will be:
- contracts concluded between us and you, that is, we will process your personal data in order to fulfil our obligations to you (for example, to deliver goods);
- consent to the processing of personal data that you have given us (implies a certain list of such data and certain purposes).
14.9.3. Also, the law allows us to process personal data in the following cases:
- if it is necessary to use your personal data in accordance with a legal obligation to which we are subject;
- to protect the vital interests of you or another person.
14.9.4. We process personal information, including personal data, only if:
- processing is necessary to fulfil our contractual obligations to you.
- processing is necessary to comply with statutory obligations.
- you consent to us using your personal data for purposes of provision of promotional material or other specific purposes
- when provided by applicable law, the processing is necessary to ensure our legitimate interests in the event that such processing does not significantly affect your interests, fundamental rights and freedoms. When processing personal information on this basis, we will always strive to maintain a balance between our legitimate interests and the protection of your privacy.
14.10. How long do we keep personal data?
We will keep your information for as long as we need it for the purpose for which it is processed. For example, we store your data to fulfil the obligations under the contract, and after fulfilling it, we store the data in order to be able to respond to any of your requests, complaints or claims. Information may also be stored so that we can continue to improve our experience and to reward you for your loyalty. We constantly check the relevance of the need to process personal data, and in the event that there is no legal, business or customer need for keeping this information, we will safely delete it.
14.11. Who has access to your personal data?
In most cases, personal data is processed automatically without employees having access to it. If such access is available, then it can be provided to those persons who need it to perform their tasks. For the security of internal data, all persons must comply with the rules and procedures regarding data processing. They must also follow all technical and organizational security measures in place to protect personal data.
Consent to this Privacy Policy implies consent that we may receive statistical anonymized (without reference to the Personal Data Subject) data on the actions of the Personal Data Subject when using the Site.
14.12. How do we protect your personal data?
We have implemented sufficient technical and organizational measures to protect personal data from unauthorized, accidental or illegal destruction, loss, alteration, unscrupulous use, disclosure or access, as well as other illegal forms of processing. These security measures were implemented taking into account the current state of the technics, the cost of implementation, the risks associated with the processing and the nature of personal data, including the following measures:
- anti-virus protection with updated databases;
- information backup;
- limiting the circle of persons with access to personal data;
- appointment of those responsible for organisation of processing and protection of personal data;
- assessing whether personal data is protected, whether the measures taken are effective, whether they are implemented;
- establishment of rules of access differentiation to personal data, registration and accounting of all actions performed with personal data;
- limitation of access to the premises where personal data carriers are placed and processing is carried out;
- establishment of requirements to the complexity of passwords for access to the systems where personal data are stored;
- timely updating of software;
- detection of unauthorized access to personal data and taking measures to identify the causes and possible consequences;
14.13. Who do we share personal data with?
14.13.1. We may transfer your personal data to the following subjects:
- Partners, such as website and application owners, advertising networks and other partners that provide the Controller with services related to the placement and display of advertisements on websites, programmes, products or services owned or controlled by such partners;
- Partners engaged by the Controller to provide services to Users on the platform at https://www.29.agency/en
- Partners to provide Users with specialised offers to conclude contracts.
We only share personal data with partners who adhere to high standards of personal data protection (GDPR or similar applicable standards) on their side and ensure that we process personal data in accordance with GDPR or similar applicable principles and standards.
14.13.2. We may transfer your personal data to other third parties in the case that you have submitted such actions or we are required by law (the transfer is provided by applicable law).
14.13.3. If our company takes part in a merger, acquisition or any other form of sale of part or all of its assets, then a data array is transferred along with them. In this case, all obligations to comply with the terms of the Privacy Policy are transferred to the acquirer of the assets.
14.13.4. We will also share your information in response to a valid request from law enforcement or other government agencies, or when contacting government agencies such as police and regulatory agencies to protect our rights, property or the safety of our customers, personnel and assets.
14.13.5. We may be forced to transfer your personal data because we must comply with legal or regulatory obligations in any jurisdiction, including when this obligation arises from our voluntary action or decision (for example, our decision to operate in a country or related to solutions).
14.13.6. We do not sell personal information, including personal data, to third parties.
14.14. Cross-border transfer
The Controller processes personal data using databases in the Russian Federation, therefore your personal data may be sent and stored by us and/or third parties in countries outside the country in which you are located and outside the European Economic Area.
This may involve sending your data to countries where, according to their local laws, you may have fewer legal rights.
We will take precautions to ensure that your data is still protected in accordance with the standards set out in this Privacy Policy.
14.15. What are your legal rights in relation to the personal data we process?
14.15.1. The personal data protection laws give you a number of rights. To implement them, most often you just need to contact us in writing (by mail or email), it's free. We will reply to you within 30 days, but we will do our best to make it much faster.
Sometimes we will have to deny your request (in whole or in part), because we are obliged to comply with the applicable law. In such cases we will definitely explain in our answer to you why we cannot fulfil your request.
14.15.2. You have the following rights:
A) You can ask us to stop sending you promotional materials. For information on how to do this please refer to the section "When we send you advertising messages". Refusal from advertising mailing will not deprive you of the opportunity to receive messages about the progress of the provision of services and our performance of the contract.
B) You can ask us to stop processing your personal information for marketing purposes, including analytics for targeted marketing purposes, including online advertising.
C) You can ask for information regarding the processing of your personal data, including confirmation of the fact of processing, place and purpose of processing, types of data, to which third parties this data is disclosed, storage period and source of receiving.
D) You can ask us to correct the personal data that you have provided to us if this information is inaccurate or out of date.
E) You can ask to delete your personal data.
But we must warn you that some of the data will be archived to meet our obligations to law enforcement, national authorities and legal proceedings. We will give you a full answer which information will remain saved. When the storage period expires in accordance with the applicable law that obliges us to store this data, we will delete the data.
F) Ask us to provide a free electronic copy of personal data to another company.
G) Submit a complaint
14.16. Request forms and what we will check upon receiving your request.
14.16.1. You can send your request in writing or electronically.
14.16.2. Written requests include any of your written requests sent to us, including requests sent through post offices.
14.16.3. Electronic requests include inquiries sent by email which were used by you while registering with our service. We do not process requests related to the personal data received by phone or fax due to the inability to identify the person of the requestor.
14.16.4. The procedure for considering requests is as follows:
14.16.4.1. A written request is sent to us regardless of the form of the request (written or electronic). The preparation of answers is carried out by our responsible specialist.
14.16.4.2. Requests and appeals are checked for the presence of:
- surname, name of the applicant;
- last name, first name of the person whose personal data are processed (Personal data subject);
14.16.5. If necessary, we will ask you for additional information.14.17. What to refer to in the request?
14.17.1.  Data subject has the right at any time to revoke any given consents and permissions to the processing of personal data by sending a message to email weare@29.agency.
14.17.2. Data subject has the right to demand to delete, correct, update personal data, demand to restrict the processing of personal data or object to the processing of personal data, when it is provided for by applicable law. The Data Controller responds to these requests in accordance with applicable law.
14.17.3. In case of confirmation of the fact of the inaccuracy of personal data or the unlawfulness of personal data processing, the personal data must be updated by the Data Controller, and the processing of the illegally obtained data must be stopped.
14.17.4. Upon achievement of the goals of personal data processing, as well as in case of withdrawal of consent to personal data processing, personal data should be deleted if:
- otherwise is not provided for by the contract, the party to which, the beneficiary or the guarantor of which is the data subject;
- The Data Controller is not entitled to carry out processing without the consent of the data subject provided in accordance with applicable law or otherwise by another agreement between the Data Controller and the data subject.

Individual Entrepreneur Aleksandr Andreyevich Kuzmichev
- registration number: 313784702500631
- Taxpayer Number: 781301819740
- weare@29.agency