This Privacy Policy (hereinafter referred to as the Policy) governs all information that Individual Entrepreneur Malyshok Maria Yuryevna (OGRN 324774600108098, INN 773316204680) (hereinafter referred to as the Operator, we, us), may obtain about the user (hereinafter referred to as the Personal Data Subject, you) during their use of the website https://businessinworld.ru, services, tools, programs, and products of the Operator.

We process your personal data in strict compliance with Federal Law No. 152-FZ "On Personal Data" and the requirements of FSTEC of Russia Order No. 117 of 2026. By using our website and services, you express your full consent to the terms of this Policy.

1. Basic Concepts and Scope

1.1. Personal Data – any information relating directly or indirectly to a specific or identifiable individual (citizen of the Russian Federation). Personal data may include: full name, address, phone number, email address, cookies, IP address, purchase history, payment information, location data, health information (applicable to employees or when providing medical services), and other data enabling personal identification. 

1.2. Processing of Personal Data – any action (operation) or set of actions performed with or without the use of automation tools. It includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, and destruction.

1.3. Operator – Individual Entrepreneur Malyshok Maria Yuryevna, which organizes and carries out the processing of personal data, and also determines the purposes of processing, the composition of personal data to be processed, and the actions (operations) performed with the personal data.

1.4. This Policy has been developed in compliance with the requirements of Part 2 of Art. 18.1 of Federal Law No. 152-FZ and is a public document certifying the fact of personal data processing by the Operator.

2. Legal Basis for Data Processing

2.1. We process your data only when there are legal grounds, which include:

· The Constitution of the Russian Federation.

· The Civil Code of the Russian Federation.

· Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (as amended in 2025–2026).

· Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and Information Protection".

· The Operator's founding documents.

· Contracts concluded between the Operator and the Personal Data Subject (the data processing is necessary for the performance of a contract with you (e.g., to provide a service you requested)

· The Personal Data Subject's consent to the processing of their data.

3. Purposes of Personal Data Collection

3.1. We collect and process only the data necessary to achieve specific, predetermined purposes:

3.2. We do not process biometric data (facial images, fingerprints) or special categories of data (racial, political, philosophical affiliation) without obtaining your separate explicit consent, executed in the manner prescribed by law.

4. Principles and Conditions of Personal Data Processing

4.1. Principle of Minimization. We collect only the data necessary for the stated purpose. We do not collect data "just in case." We regularly audit the collected data and delete unnecessary information.

4.2. Data Localization. We record and systematize your personal data using databases located exclusively on the territory of the Russian Federation. Storage and processing of data outside the Russian Federation is not permitted in accordance with legal requirements.

4.3. Confidentiality. Access to your data is granted only to those employees and contractors who require this information to perform their duties. All persons with access have signed non-disclosure agreements for commercial and legally protected secrets.

4.4. Cross-Border Transfer. We do not carry out cross-border transfer of personal data. Should such a need arise, the transfer will only be made to countries that ensure adequate protection of the rights of personal data subjects, and with your separate consent.

5. Consent to Processing and Its Withdrawal

5.1. By providing your data through the forms on the Website or via Program Participant Questionnaire, you confirm your separate, informed, and conscious consent to the processing of your personal data in accordance with this Policy.

5.2. You have the right to withdraw your consent to the processing of personal data at any time. To withdraw consent for the processing of personal data or for receiving advertising information, you must send a written notice to the Operator's postal address or an email to info@businessinworld.ru with the note "Withdrawal of consent".

5.3. After receiving the withdrawal request, we are obliged to stop processing your data (unless the law requires its further retention, e.g., accounting data) and destroy it within a period not exceeding 30 days.

6. Cookies and Depersonalized Information

6.1. The Website collects statistics on visitors' IP addresses, cookies (including those from third-party analytics services — Yandex.Metrica, Google Analytics), and behavior data on the Website in order to improve the quality of work.

6.2. Considering the position of regulators in 2025–2026, IP addresses and cookies may be considered personal data in the context of a specific user. By using the site, you consent to their collection and processing.

6.3. You can disable cookies in your browser settings, but this may lead to incorrect operation of some site functions.

7. Personal Data Protection Measures

7.1. We take all necessary legal, organizational, and technical measures to protect your information from unlawful or accidental access, destruction, modification, blocking, copying, dissemination, as well as from other unlawful actions.

Your personal information is processed only by those employees who require such information to perform their tasks and job duties.

To protect and ensure the confidentiality of data, all employees must comply with internal rules and procedures regarding the processing of personal information. They must also follow all technical and organizational security measures in place to protect your personal information.

We have also implemented adequate technical and organizational measures to protect personal information from unauthorized, accidental, or unlawful copying, destruction, loss, alteration, misuse, disclosure, or access, as well as other unlawful forms of processing. These security measures have been implemented taking into account the state of the art, the costs of implementation, the risks associated with the processing, and the nature of the personal information.

We perform the recording, systematization, accumulation, storage, updating (refreshing, modification), and retrieval of personal data of citizens of the Russian Federation using databases located exclusively within the territory of the Russian Federation.

8. Transfer of Data to Third Parties

8.1. The Operator has the right to transfer personal data to third parties only in the following cases:

· With your explicit consent.

· For the purpose of executing a contract.

· Upon request of a court, law enforcement agencies, or in other cases provided for by law.

8.2. When transferring data to partners (contractors), we include in contracts with them conditions ensuring the confidentiality of personal data at the same level that we provide ourselves, and on the inadmissibility of using foreign solutions without certification.

9. Your Rights as a Personal Data Subject

You have the right to:

· Receive information regarding the processing of your personal data.

· Demand the clarification of your personal data, their blocking or destruction if they are incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing.

· Withdraw consent to the processing of personal data.

· Demand the elimination of the Operator's unlawful actions concerning his personal data.

· Appeal the actions or inaction of the Operator to the authorized body for the protection of the rights of personal data subjects (Roskomnadzor) or in court.

.

10. Final Provisions

10.1. This Policy is publicly available and is subject to posting on the Operator's official website. The current version of the Policy is stored at [link to policy page].

10.2. The Policy is drawn up in Russian and English. In case of discrepancies, the version of the Policy drawn up in Russian shall prevail.

10.3. The Operator has the right to make changes to this Policy. The new version of the Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy.

10.4. Control over the implementation of the requirements of this Policy is carried out by the Operator.