Privacy Policy
Last updated: February 22, 2026
1. General Provisions
This Privacy Policy (hereinafter referred to as the "Policy") defines the procedure for processing and protecting personal data of individuals (hereinafter referred to as "Users") who use the website vitarum.net (hereinafter referred to as the "Website").
The personal data operator is Vitarum (hereinafter referred to as the "Operator", "Company").
The Policy has been developed in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" (hereinafter referred to as the "Personal Data Law"), as well as other regulatory legal acts of the Russian Federation in the field of personal data protection.
By using the Website and/or filling out feedback forms, the User expresses their consent to the terms of this Policy. In case of disagreement with the terms of the Policy, the User must cease using the Website.
2. Key Definitions
The following definitions are used in this Policy:
- Personal Data — any information relating directly or indirectly to an identified or identifiable individual (personal data subject).
- Personal Data Processing — any action (operation) or set of actions performed with personal data, including collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer, anonymization, blocking, deletion, and destruction.
- Automated Processing of Personal Data — processing of personal data using computing technology.
- Operator — a person who independently or jointly with other persons organizes and/or carries out the processing of personal data, as well as determines the purposes of processing.
- Cookies — small text files sent by a web server and stored on the User's device.
3. Purposes of Personal Data Processing
The Operator processes the User's personal data for the following purposes:
- Processing incoming applications and requests from Users for providing services, consulting, and information.
- Communicating with the User to discuss project details, clarify application information, and provide answers to questions.
- Improving the quality of the Website and its content, analyzing user experience.
- Conducting statistical and other research based on anonymized data.
- Compliance with the legislation of the Russian Federation.
4. Categories of Processed Personal Data
The Operator may process the following categories of personal data:
| Data Category | Examples | Legal Basis |
|---|---|---|
| Contact Information | Name, phone number, email address | User consent (Art. 9, 152-FZ) |
| Project Data | Project Description, preferences, comments | User consent (Art. 9, 152-FZ) |
| Technical Data | IP address, browser type, OS, cookies, analytics data | Legitimate interest of the operator (Art. 6, 152-FZ) |
| Usage Data | Pages viewed, visit time, referral source | Legitimate interest of the operator (Art. 6, 152-FZ) |
The Operator does not collect or process special categories of personal data (relating to race, ethnicity, political views, religious or philosophical beliefs, health status, or intimate life).
5. Legal Grounds for Processing
Personal data processing is carried out on the following legal grounds:
- Subject Consent (clause 1, part 1, Art. 6, 152-FZ) — when filling out feedback forms on the Website. Consent is given by checking the "I consent to the processing of personal data" checkbox before submitting the form.
- Contract Performance (clause 5, part 1, Art. 6, 152-FZ) — when fulfilling obligations to the client.
- Legitimate Interest of the Operator (clause 7, part 1, Art. 6, 152-FZ) — for analytics and improving the Website, provided that the rights and freedoms of the subject are not violated.
6. Data Collection and Processing Procedures
6.1. Data Collection
Personal Data are collected in the following ways:
- Filling out feedback forms on the Website (name, phone, project description).
- Automatic collection of technical data when visiting the Website (cookies, analytics system data).
6.2. Data Processing
Personal data processing includes: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), anonymization, blocking, deletion, and destruction.
6.3. Automated Processing
Data obtained through feedback forms is transmitted to the Operator's messenger for prompt processing of requests. Technical data is processed by web analytics systems (Yandex.Metrica, Meta Pixel).
7. Data Processing and Storage Periods
Personal Data are stored for the period necessary to achieve the purposes of processing, but no longer than:
- Application Data — 3 (three) years from the date of receipt or until the subject withdraws consent.
- Technical data (cookies, analytics) — no more than 1 (one) year.
- Contractual Data — 5 (five) years after the completion of contractual obligations (in accordance with legal requirements).
Upon expiration of the storage period or upon achieving the processing purpose, personal data is destroyed within 30 (thirty) days. Destruction is carried out by deleting records from information systems and/or destroying physical media.
8. Transfer of Personal Data to Third Parties
The Operator may transfer personal data to third parties in the following cases:
- With the explicit consent of the User.
- For the provision of services involving contractors and partners (based on agreements ensuring confidentiality).
- As required by the legislation of the Russian Federation (upon request of authorized government bodies).
The Website uses the following third-party services that may receive technical data:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Yandex.Metrica | Web Analytics | yandex.ru/legal/confidential |
| Meta Pixel (Facebook) | Advertising Analytics | facebook.com/privacy/policy |
9. Cross-Border Transfer of Personal Data
Due to the use of analytics services (Yandex.Metrica, Meta Pixel), cross-border transfer of personal data is possible. The Operator ensures that such transfer is carried out in accordance with the requirements of Art. 12 of the Personal Data Law and only to countries that provide adequate protection of personal data subjects' rights.
10. Rights of the Personal Data Subject
The User has the right to:
- Obtain information about the processing of their personal data by the Operator (Art. 14, 152-FZ).
- Request clarification of their personal data, its blocking or destruction (Art. 14, 152-FZ).
- Withdraw consent for the processing of personal data by sending a written request to the email address: info@vitarum.net (Art. 9, 152-FZ).
- Appeal actions of the Operator to the authorized body for the protection of personal data subjects' rights — Roskomnadzor (rkn.gov.ru) or in court (Art. 17, 152-FZ).
- Demand cessation of processing of personal data for the purpose of promoting goods, works, and services (Art. 15, 152-FZ).
11. Personal Data Protection Measures
The Operator takes necessary and sufficient organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as other unlawful actions by third parties. In particular:
- Using the HTTPS protocol for encrypting transmitted data.
- Restricting access to personal data based on the principle of least privilege.
- Regular auditing of data processing procedures.
- Storing data on secure servers.
12. Use of Cookies
The Website uses cookies to ensure proper operation and analyze Website usage.
12.1. Types of Cookies Used
| Type | Purpose | Storage Period |
|---|---|---|
| Essential | Proper website operation, saving consent settings | Up to 1 year |
| Analytical | Collecting traffic statistics (Yandex.Metrica) | Up to 1 year |
| Marketing | Analyzing advertising effectiveness (Meta Pixel) | Up to 90 days |
12.2. Cookie Management
On the first visit to the Website, the User is offered to accept or decline the use of cookies. The User can also manage cookies through their browser settings: block all cookies or delete already installed ones. Please note that disabling cookies may affect the functionality of the Website.
13. Consent Procedure
Consent to Personal Data Processing is provided by the User through the following actions:
- Checking the "I consent to the processing of personal data" checkbox when filling out the feedback form on the Website.
- Clicking the "Accept" button in the cookie banner when visiting the Website.
Consent is specific, informed, and conscious (Art. 9 of the Personal Data Law). The consent checkbox is not pre-checked, ensuring the User's active expression of will.
The User may withdraw consent at any time by sending a request to info@vitarum.net. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
14. Liability
In case of loss or disclosure of personal data, the Operator notifies the User and the authorized body (Roskomnadzor) within the time limits established by law.
The Operator is not liable for the loss or disclosure of personal data if it:
- Became publicly available before the loss or disclosure.
- Was received from a third party before the Operator received it.
- Was disclosed with the User's consent.
15. Final Provisions
The Operator has the right to make changes to this Policy without the User's consent. The new version of the Policy takes effect from the moment it is posted on the Website, unless otherwise provided by the new version.
The current version of the Policy is available at: vitarum.net/privacy_policy.
Please send all questions and suggestions regarding this Policy to: info@vitarum.net.
— Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data"
— Government Decree No. 1119 dated November 1, 2012 "On Approval of Requirements for the Protection of Personal Data During Processing in Personal Data Information Systems"
— Government Decree No. 687 dated September 15, 2008 "On Approval of the Regulation on the Specifics of Personal Data Processing Carried Out Without Automation"