Политика конфиденциальности

Privacy Policy

1. General Provisions

This Privacy Policy defines the procedure for collecting, using, and disclosing personal data of users of the TumanClothing website (hereinafter referred to as the 'Site'). The Policy is developed in accordance with the requirements of applicable data protection legislation, including the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 'On Personal Data', and taking into account the provisions of the EU General Data Protection Regulation (GDPR). We strive to comply with international information protection standards and take necessary measures to ensure the security of your data.

Personal Data Operator. The operator responsible for processing personal data on this Site is the administration of the TumanClothing website (hereinafter referred to as the 'Operator'). You can contact the Operator regarding privacy and data protection matters by email: [email protected].

Acceptance of the Policy. By using our Site and providing your personal data (for example, when placing an order), you confirm your consent to the terms of this Policy. If you do not agree with any provisions, please discontinue using the Site or contact us for clarification. Please note that the Site is not intended for use by persons under 16 years of age without parental or legal guardian consent, in accordance with GDPR requirements.

Processing Principles. The Operator prioritizes the protection of human rights and freedoms when processing their personal data, including the protection of the right to privacy, personal and family secrets. Data processing is carried out on a lawful and fair basis, exclusively to achieve the purposes defined in this Policy, and to the minimum extent necessary for these purposes (data minimization principle). We do not process personal data incompatible with the original collection purposes and ensure the confidentiality of such data.

This Policy applies to all information about users collected on the TumanClothing Site. It describes what data we collect, for what purpose, how we process and protect it, as well as users' rights regarding this data.

2. Data Collection Purposes

We collect and use users' personal data exclusively for specific, predetermined purposes. The main purposes of data processing on the TumanClothing Site include:

Order Processing and Service Provision. Your data is necessary for us to accept and process orders, conclude and execute sales contracts for goods, contact you regarding order status, and organize delivery or pickup of ordered goods.
Product Delivery. We use contact and address data to ship or ensure your receipt of goods through the selected pickup point or delivery service.
Feedback and Support. Your contact data (phone, email) is used to communicate with you: order confirmation, clarifying details, delivery notifications, responding to your support requests, and processing order comments.
Improving Site Operation and Services. Data about your interaction with the Site and aggregated statistics are used to analyze user activity, Site performance, and audience preferences. This helps us improve the structure, content, and functionality of the Site, personalize content, and enhance usability.
Analytics and Statistics. The Site uses third-party analytical tools (Google Analytics 4, Google Search Console) to collect anonymized statistics about traffic and user behavior. This data is used for marketing analysis, measuring advertising campaign effectiveness, and optimizing our offerings according to user interests.
Security and Fraud Prevention. We may process certain data to maintain Site security, your accounts (if registration is provided), and our services, as well as to detect and prevent fraudulent activities or violations of terms of use.
Legal Compliance. When necessary, we process and store data to comply with legal requirements (e.g., tax and accounting records, reporting), execute orders from competent authorities, or court decisions.
Other Purposes with User Consent. If necessary, we may request your separate consent to process personal data for additional purposes not provided above (e.g., for sending newsletters and special offers). In such cases, processing is carried out strictly within the agreed limits, and you always have the option to opt out of such materials.

We do not use collected personal data for purposes incompatible with the originally stated ones. If it becomes necessary to process data for a new purpose in the future, we will request your prior consent for such processing, except in cases expressly permitted by law.

3. List of Collected Data

As part of the Site's operation and service provision, TumanClothing may collect various categories of user data. Personal data that you provide directly when filling out forms on the Site (e.g., when placing an order) includes:

Last Name, First Name, Patronymic (Full Name). Full name is necessary for order processing and addressed delivery, as well as for proper communication with you.
Country, City. Geographic information is needed for delivery calculation, displaying relevant pickup options, and complying with regulatory requirements of specific regions.
Delivery Address and Postal Code. Full postal address (street, house, apartment) and zip code are used for shipping goods by courier service or mail to your door or to the selected pickup point.
Order Pickup Point. If you choose to receive goods through a partner pickup point or parcel lockers, we collect information about this point (its address or identifier) to redirect your order to the specified location.
Contact Phone Number. Phone number is necessary for order confirmation, delivery coordination (e.g., courier may contact you), and prompt communication in case of order-related questions.
Email Address. We use your email to send order confirmations, electronic receipts, delivery status notifications, and for support communication. Email may also be used for newsletter and promotional information, but only with your separate consent to receive marketing materials.
Order Comment. Any additional information you choose to provide when placing an order (e.g., delivery time preferences, product clarifications) is also stored and processed by us to properly fulfill your order.

Automatically Collected Technical and Analytical Information: In addition to data you actively provide, when visiting the Site, certain technical information and data about your user activity are automatically collected. This includes:

Device and Connection Data: information about your browser, device type, operating system, screen resolution, language settings.
IP Address and Geolocation. Your IP address is recorded when visiting the Site and may be used to determine your approximate location (country/city) for statistics and regional content customization. According to Google information, IP addresses are not stored in Google Analytics 4 (they are used only for location determination and then deleted). Additionally, for EU users, IP addresses are anonymized before data is stored on analytics servers.
Cookies and Session Identifiers. The Site uses cookies and similar technologies that automatically collect data about your interaction with our content. These may include unique visitor identifiers, page view history, visit time, referral sources, link clicks, and other aggregated behavior metrics. Such cookies allow us to 'recognize' your browser on return visits, save preferences (e.g., shopping cart contents), and collect analytical information. However, cookies do not contain data allowing direct identification - they serve to collect anonymized Site usage statistics. You can completely disable or delete cookies in your browser settings, but some Site functions may become unavailable after this. (For more about cookies, see Section 7 below.)
Server Log Data. Our web server may automatically log requests sent by your browser. Logs record data such as your IP address, date and time of Site access, requested pages, server HTTP response codes, data volume transferred, referral URL, and information about your browser and operating system. This data is used for Site administration and protection, identifying and fixing technical issues, and may be analyzed in aggregated form to improve our services.

Payment Data. Please note that we do not collect or process your bank card data or other payment instruments, as payment on the Site is made in cryptocurrency. You do not enter bank account information, card numbers, etc. on the Site. When processing cryptocurrency payments, we may receive limited technical details related to the transaction (e.g., blockchain payment identifier, amount and time of operation) necessary to confirm payment receipt. This information does not contain personal information about the payer but may be stored by us in connection with your order for payment record-keeping. We treat such data as confidential and protect it similarly to your other personal data.

The complete list of personal data we collect and process is limited exclusively to information necessary to achieve the purposes stated in the Policy. We do not request or process special categories of personal data, such as racial or ethnic origin, political views, religious beliefs, health status, biometric or other sensitive data - except when required by law or you voluntarily provide us with such information (which happens extremely rarely and only when clearly necessary).

You can always refuse to provide certain information, but in this case, some Site functions or services (e.g., placing a delivery order without an address or contact phone) may become unavailable. We guarantee that no personal data will be collected secretly or without your consent - all data collection forms on the Site are accompanied by your explicit action (filling out a form, clicking a button, etc.) that indicates consent to provide us with the relevant information.

4. Processing Basis and Conditions

Personal data processing on the TumanClothing Site is carried out on lawful grounds. Depending on the situation, we rely on one or more of the following legal bases for processing your data:

User Consent. We process your personal data based on previously obtained consent in cases where required by law or appropriate. For example, your consent is necessary for sending marketing email newsletters, using certain cookies, collecting analytical data in certain jurisdictions, and for data transfer to third parties in cases not provided by law. You have the right to withdraw your consent at any time, which will lead to termination of further processing of the relevant data (but does not affect the legality of processing carried out before withdrawal).
Contract Conclusion and Performance. Many data processing actions are necessary for providing our services and fulfilling contractual obligations. For example, processing your name, address, phone number, and other data when placing an order is based on the sales contract (offer) between you and us: this data is needed so we can accept and fulfill your order, receive payment, deliver goods, etc. Without this data, we cannot conclude or perform the contract with you.
Legal Compliance. Personal data processing may be necessary for our compliance with mandatory legal requirements. For example, within accounting and tax reporting, we are required to store documents containing personal data (invoices, delivery notes with recipient name and address, etc.) for the legally established period. The law may also require us to provide certain data upon lawful request from government authorities (e.g., law enforcement).
Operator's Legitimate Interests. In some cases, we process your data based on our legitimate interests as the Operator, provided such actions do not violate your rights and freedoms. Such interests include, in particular, ensuring Site security and fraud prevention, improving user experience and service quality, analyzing and statistics of Site usage, sending customers important service notifications, and protecting our rights in case of disputes. For example, processing technical logs with IP addresses and Site action data may be based on our legitimate interest in maintaining cybersecurity and resource functionality (Art. 6(1)(f) GDPR). We always carefully assess that our interests do not override your data protection rights.
Other Bases. In rare cases, processing may be carried out on other legal grounds provided by Art. 6 GDPR or national data legislation. For example, in public interest or to protect vital interests of the data subject or other persons (these grounds are generally not applicable to our activities, but we mention them for completeness). If we rely on such a basis, we will notify you additionally if required by law.

In all cases, the Operator complies with the principles of lawfulness, fairness, and transparency of processing. We do not perform any actions with personal data without legal basis and only as long as necessary to achieve the relevant purposes.

Withdrawal of Consent. If data processing is based on your consent, you have the right to withdraw your consent at any time by contacting us using the contacts specified in Section 9. After receiving withdrawal of consent, we will cease processing your data for the purposes that were conditioned by consent, except when further processing is required on other legal grounds (e.g., by law requiring storage of accounting documents).

Consequences of Refusal. You have the right not to provide us with certain data or object to their processing. We always indicate which data is necessary (e.g., by marking mandatory form fields). Failure to provide necessary data or objection to their mandatory processing may result in our inability to provide you with the corresponding service (e.g., accepting an order without name and address is impossible). In cases where data provision is not strictly mandatory, you decide whether to share such information.

5. Data Storage and Protection

Storage Periods. We store users' personal data only for as long as required to achieve the purposes for which they were collected, or for the period provided by legislation. Specific storage duration depends on the type of data and processing purposes. For example:

Data about your orders (name, address, order composition, contact data) will be stored until sales contract performance and goods delivery, and then - in archive, for the period necessary to service warranty obligations, process possible returns and claims. Also, accounting documents with your data are stored for at least 5 years (or other period according to tax legislation requirements).
Contact data for marketing newsletters is stored until you unsubscribe from the newsletter or withdraw consent to receive messages.
Technical log files and analytics data are stored for the period necessary for security and statistical purposes. For example, server logs with IP addresses are usually stored for several months, then automatically deleted or anonymized (unless longer storage is required for security incident investigation). Google Analytics data may be stored on our Google accounts for up to 14 months or another period selected in settings, after which they are deleted or aggregated.
Personal data no longer needed for any purposes is either deleted or anonymized by the Operator. Anonymization means data is transformed so it no longer allows identification of a specific user.

Upon your request, we may also delete your personal data before standard expiration periods if we have no legal grounds to continue their storage. In any case, when data is no longer required for any of the purposes or obligations specified in this Policy, we securely destroy or irreversibly anonymize such information.

Security Measures. We make serious efforts to ensure the security of your personal data. Necessary technical and organizational protection measures are implemented, aimed at preventing unauthorized access, alteration, disclosure, or destruction of data. In particular, we use modern encryption methods and connection protection (e.g., HTTPS protocol for encrypting data transmission between your browser and our server), firewall and intrusion detection tools to protect infrastructure, and implement other cybersecurity measures according to industry standards. Personal data you provide us through web forms is transmitted in encrypted form (SSL/TLS). Databases storing your information are protected from external access and located on servers with restricted access.

Access Limitation. Access to users' personal data is limited to a narrow circle of persons - only those employees, contractors, and authorized persons of the Operator for whom it is necessary within the performance of official duties and provided processing purposes. All such persons are bound by confidentiality obligations. We regularly train staff on data protection rules and check compliance with security policy.

Pseudonymization and Anonymization. When we don't need to store data in personalized form, we may subject it to pseudonymization or complete anonymization. Pseudonymization means storing data in encrypted or depersonalized form, where without an additional key it is impossible to determine the subject's identity. Anonymized information (e.g., aggregated traffic statistics) contains no identifiers and is not considered personal data - we may store such information indefinitely for analytical purposes.

Vulnerability Monitoring. We monitor the relevance of our security systems and promptly update software, apply patches to eliminate discovered vulnerabilities. Periodic security checks of the Site and servers are conducted.

Actions in Case of Incidents. Despite all measures taken, no method of data transmission over the Internet or electronic storage method can be guaranteed 100% secure. We cannot completely exclude the possibility of unauthorized access (e.g., as a result of a sophisticated cyberattack). In case of detecting personal data leakage or compromise, we act in accordance with applicable laws: take urgent measures to eliminate the threat, minimize consequences, and notify affected users and supervisory authorities if required. According to GDPR principles, in case of a serious security breach affecting personal data, we will try to notify the regulator no later than 72 hours from discovery, and users - without undue delay.

Confidentiality and Third Parties. We do not disclose or transfer your personal data to external organizations and persons, except in cases described in this Policy (see Section 8 below) or expressly provided by law. We do not sell or exchange users' personal data for commercial purposes. All data processing by third parties (e.g., our contractors) occurs only based on contracts ensuring confidentiality and security of your data.

6. User Rights

We respect the rights of all personal data subjects and strive to ensure their full implementation. Each Site user who has provided us with their personal data possesses the following rights:

Right to Information. You have the right to receive information about the fact of processing your personal data, as well as information about what specific data is processed, for what purpose, on what basis, and by whom (our Operator or third parties). This Policy is intended to provide you with this information. Upon your request, we will also provide additional clarifications about your data in an understandable form.
Right of Access to Data. You have the right to request confirmation from us whether we process your personal data and receive a copy of all data currently stored by the Operator and relating personally to you. We will provide you with a structured and understandable extract of your data (in electronic or written form). For example, you can request your order history and contact data provided during ordering.
Right to Correction (Rectification). If you discover that any of your personal data processed by us is inaccurate, incomplete, or irrelevant, you have the right to demand changes and corrections. We undertake to correct erroneous information or supplement it without undue delay to ensure its accuracy. For example, you can update your delivery address or last name if they have changed, and we will make corrections in our systems.
Right to Data Deletion ('Right to be Forgotten'). You can at any time request complete deletion of your personal data processed by us. Upon your justified request (e.g., if data is no longer needed for the purposes for which it was collected, or you have withdrawn consent, or processing is carried out unlawfully) we will delete all information about you from our systems, except that which we are obliged to retain by law. When deleting data, we will also send notifications to third-party partners (if data was transferred to them) about the need to delete references to this data. Deletion is performed completely and immediately, no data will remain in our databases.
Right to Restriction of Processing. In certain cases, you have the right to demand temporary suspension of processing your data (except storage). This may be relevant if you dispute data accuracy (during verification), or if processing is unlawful but you object to deletion, or if you are awaiting resolution of the issue of legality of our requirement. When processing is restricted, we will cease performing operations with data (except storage) without your consent, except in cases provided by law.
Right to Object. You have the right to object at any time to the processing of your personal data if such processing is based on our legitimate interests (Art. 6(1)(f) GDPR) or is performed for direct marketing purposes. If you object on legitimate grounds, we are obliged to cease processing your data for these purposes, except when we can prove compelling legitimate grounds that override your interests, rights, and freedoms. In particular, if your data is used for direct advertising mailing, you can object at any time, and we will immediately cease using your data for marketing purposes.
Right to Data Portability. You have the right to receive personal data that you provided to us in a structured, machine-readable format, and (if technically feasible) require direct transfer of this data to another operator (controller) at your direction. This right applies when processing is carried out by automated means based on your consent or contract performance. Practically, this means you can request, for example, a file with all data you provided to transfer it to another service.
Right to Withdraw Consent. If processing of your personal data is based on consent, you have the right to withdraw your consent at any time (see also Section 4 above). Withdrawal of consent does not affect the legality of processing carried out before that moment, but we will cease processing the relevant data after receiving withdrawal. Withdrawal of consent, for example, for newsletter subscription, can be done through the corresponding unsubscribe mechanism in the email or by contacting us.
Right Not to be Subject to Automated Decision-Making. You have the right not to be subject to solely automated decision-making, including profiling, if such decisions significantly affect your rights and legitimate interests. On our Site, under normal conditions, legally significant decisions are not made without human involvement; we do not apply automated user profiling that would generate legal consequences (e.g., automatic service denial). If such automation is applied, we will notify you separately and provide an opportunity to challenge the decision by demanding human review.
Right to Lodge a Complaint with a Supervisory Authority. If you believe your data protection rights have been violated, you can file a complaint with the competent state data protection authority. You have the right to do this in your country of residence, place of work, or in the state where the alleged violation occurred. We hope that before contacting a regulatory authority, you will give us the opportunity to directly resolve your problem - we value user trust and are ready to consider any appeal. Nevertheless, your right to contact a controlling authority is inalienable and can be exercised by you at any time. In the Russian Federation, this authority is Roskomnadzor; in the European Union - relevant national authorities (e.g., Data Protection Authority). We will provide contacts of the necessary regulator upon request or you can find them publicly on official websites.

To exercise your rights, you can send us a corresponding request by email to [email protected] or by other indicated means, confirming your identity if necessary. We will consider your appeal and respond within legally established timeframes. According to GDPR requirements, we usually provide information or perform requested actions within 1 month from receiving the request. In case of complex or numerous requests, this period may be extended by another 2 months, about which we will additionally notify you. Services for providing information and exercising your rights are provided free of charge, except in cases of clearly unfounded or excessive requests, when the law allows charging a reasonable fee or refusing to fulfill the request.

Note that the rights listed above are granted to all users of our Site regardless of their citizenship and country of residence. Even if you are not a resident of the European Union, we voluntarily strive to ensure a high level of data protection and transparency in accordance with best international practices. Your trust is very important to us, and we make maximum efforts to respect and protect your privacy rights.

7. Use of Cookies and Similar Technologies

When visiting and using the TumanClothing Site, cookies - small text files containing data about your visit - may be stored on your device. We use cookies and similar tracking technologies (such as pixels, browser local storage) to ensure correct operation of our Site, improve usability, and collect analytical information.

What cookies are needed for on our Site:

Ensuring Basic Functions. Cookies allow you to remain logged in on the Site (if registration is implemented), save goods in the shopping cart between visits, remember your preferences (e.g., language or region selection). Without such files, Site functionality may be limited.
Personalization and Convenience. We may use cookies to remember your settings and previously entered data so you don't have to enter them again. For example, cookies can store your shopping cart contents even if you closed and reopened the site, or save your selected pickup point so it's not requested again.
Analytics and Statistics. Cookies help us collect data about how users interact with the Site: which pages they visit, how much time they spend, which products they view, what sources they come from. This information does not identify you personally but gives us the opportunity to understand audience preferences and improve content and services. In particular, third-party analytics service cookies are used for these purposes - Google Analytics 4 sets its own cookies that transmit data about Site usage to Google. These cookies allow obtaining generalized information about user behavior (demographics, interests, popular site sections). Google prohibits its clients (us) from sending any information allowing user identification to analytical cookies - therefore, data such as name, phone, or email is never recorded in cookies or transmitted through them.
Marketing and Retargeting. Currently, we do not place third-party advertising on the Site, but in the future we may use cookies to show you relevant ads about our products on third-party platforms (retargeting). In such cases, cookies would allow us to show you ads based on your previous Site visits (e.g., if you viewed a certain product, we might show you a banner with that product on another site). If such marketing functions are introduced, we will update the Policy and obtain your consent if necessary.
Security. Cookies may be used to protect your account from unauthorized access and our platform from malicious activity. For example, session cookies help recognize suspicious login patterns or multiple account hacking attempts.

Types of cookies used:

Session Cookies. These are temporary files stored in your device's memory only during the session (until you leave the Site or close the browser). They allow the Site to recognize you within one visit (e.g., so you don't have to fill out the form again when moving to another page). Session cookies are automatically deleted after closing the browser.
Persistent Cookies. Such files are stored on your device longer - until the set period expires or until you delete them manually. Persistent cookies help 'recognize' you on return visits. For example, they can store your settings (city, language) or allow automatic login to the account without re-entering the password. We try to set reasonable lifetimes for persistent cookies - usually from several days to several months, depending on their purpose.
Third-Party Cookies. In addition to cookies set directly by our domain (tuman.clothing), the Site uses cookies from third-party organizations - primarily, Google services. This happens when we integrate code from Google Analytics 4 and Google Search Console on pages. Such cookies (e.g., _ga, _gid from Google Analytics) allow a third party (Google) to collect information about user activity on our Site and other sites for analytics or improving its services. We guarantee that these third-party cookies are used only for the described analytics purposes and do not give third parties excessive rights to your data. Information collected by Google through cookies (e.g., information about your browser, IP address - which, we remind, is anonymized, and data about actions on the site) is processed by Google in accordance with its own Privacy Policy. We do not provide Google with any personal data about you beyond what is automatically collected through their tools.

Cookie Management. When first visiting the Site, you may see a notification (banner) requesting acceptance of cookies. If you gave consent - cookies will be used as described. If you want to change your decision:

You can at any time disable or delete cookies through your web browser settings. Usually settings are in the 'Privacy' or 'Security' section. There you can delete saved cookies, prohibit acceptance of all cookies or cookies from third-party sites, configure notifications when cookies are sent, etc.
Keep in mind that blocking all cookies may negatively affect Site operation. Some functions (e.g., adding goods to cart, placing an order) require cookies, and without them the Site may not work fully correctly. We recommend disabling only those cookie categories you disagree with (e.g., analytical/marketing), leaving technically necessary cookies allowed.
To opt out of Google analytics, you can also install the official Google Analytics opt-out plugin in your browser. This plugin prohibits the browser from transmitting Google Analytics data on all sites you visit. Note that the plugin is intended for a specific device/browser - when using another browser or device, data may still be collected if there is no similar blocker there.
Some modern browsers allow enabling 'Do Not Track' mode. Our system currently does not process these headers, but you can use them together with other control tools mentioned above.

By continuing to use our Site without changing browser settings, you confirm your consent to cookie use in accordance with this Policy. We place this information so you are informed in advance about cookie use and can make an informed decision. If you disagree with cookie use, you can disable them as described above or refrain from using the Site.

8. Data Transfer to Third Parties

We do not disclose your personal data to third parties, except in cases expressly indicated below, or when such disclosure is required by law. Data transfer is carried out to the minimum necessary extent and with protection measures observed. Below are situations in which user data may be transferred to third-party recipients:

Delivery Services and Logistics Partners. To fulfill your order and deliver goods to the specified address or pickup point, we engage third-party delivery services (e.g., courier companies, postal operators). They are provided only with information necessary for delivery: your name, address (or pickup point code), contact phone number, as well as order details (e.g., dimensions or value of shipment if required for delivery processing). These third parties are not entitled to use received data for any purposes other than performing delivery. We require our partners to maintain confidentiality and security of your data.
Payment Providers. Since order payment occurs in cryptocurrency, traditional payment systems (banks, acquirers) do not receive your personal data through our Site. However, if we use any cryptocurrency payment provider or payment gateway, it may process technical information about the transaction (e.g., your cryptocurrency address or wallet identifier). Such data generally does not directly identify the person, but we still treat it responsibly. When engaging such a provider, we will ensure it complies with security standards and does not disclose transaction data to outsiders.
Information System Providers. We may use services of hosting providers, cloud services, data centers that provide us with infrastructure for Site operation and data storage. Such providers may be, for example, companies providing server rental or cloud storage (AWS, DigitalOcean, etc.), as well as content management system suppliers. Personal data is stored on equipment of these providers, but they act exclusively on our instructions (are data processors in GDPR terms). With each such supplier, we conclude a contract obliging them to observe required data protection measures and confidentiality. The provider has no right to view or use your data other than to ensure the operability of our service (e.g., for backup or recovery after failures). We try to choose verified partners with a high level of information protection.
Analytical Services (Google Analytics 4). To understand how users interact with our Site, we use Google Analytics 4 provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics collects anonymized data about your visit through cookies (see Section 7) and transmits it to Google servers. In particular, Google Analytics may receive your anonymized identifier, information about viewed pages, session duration, device type, approximate location, and other technical data. Personal identifiers (name, contacts) are not collected or transmitted to Google Analytics, and we do not upload any personal data allowing direct identification into the system. Moreover, IP address anonymization function is activated on our Site: this means your IP address is either not recorded at all or automatically shortened by Google to parts hiding your identity before data is saved on analytics servers. According to Google statements, in GA4 user IP addresses are not stored at all - they are used only once to determine geographic region, then immediately deleted. Google acts as a data processor within providing us with analytics service and acts on our instructions. We have concluded a standard data processing agreement with Google and rely on standard contractual clauses for data transfer from the EU to the US, since Google may process information on servers located in various countries (including the US). Google is certified under new cross-border data transfer mechanisms (e.g., Data Privacy Framework between EU and US) - this means that when transferring data to the US, Google undertakes to ensure a protection level equivalent to European. More about how Google processes user data can be found in Google's Privacy Policy. We use aggregate reports received from Google Analytics exclusively for internal research and do not transfer these reports to third parties (except for generalized non-identifiable statistics, e.g., visitor numbers in the reporting period).
Webmaster Tools (Google Search Console). Another Google service we use is Google Search Console. It helps us track how our Site is presented in Google search (e.g., by which search queries users find our Site, how many impressions and clicks there were, whether there are page indexing errors). User personal data is not provided within Search Console. We see only generalized search statistics. Thus, Google Search Console does not collect any new data about you beyond what Google already processes within its search algorithms. Information from Search Console is used by us to improve Site content and structure so you and other users can find us more easily online. It is not transferred to third parties and is stored in the Google interface, access to which is available only to TumanClothing administration.
Other Third-Party Services. If other external services or plugins are integrated on the Site (e.g., online support chat, review service, maps, social widgets, etc.), their providers may also receive some data about you when loading corresponding elements on the page. At the time of preparing this Policy, we do not use such plugins transmitting visitor data to third-party recipients. If they appear in the future, we will update the Policy, indicating specific services and the nature of transmitted data. In any case, we carefully check such tools for compliance with privacy requirements and, if possible, configure them in enhanced privacy mode (e.g., disable third-party cookie transmission until your consent).
Transfer by Law Requirement. We may disclose your personal data to third parties if expressly prescribed by current legislation, upon justified request from government authorities (e.g., within investigation of illegal activity or to protect national security), or to protect our legal rights. In particular, if we receive a court decision or official request to provide certain user data, we will check its legality and, if necessary, comply, providing only the minimally sufficient volume of information.

In any data transfer to a third party, we are guided by the principles of proportionality and confidentiality. This means that 1) only information truly necessary for the third party to perform its functions is transferred; 2) the third party undertakes obligations to ensure data security and use it strictly for the agreed purposes; 3) where possible, data is transferred in anonymized, hashed, or encrypted form to minimize privacy risk.

Cross-Border Data Transfer. Since the internet has no borders, user data may be processed and stored outside your country of residence. For example, our servers may be physically located in another state, or data is transmitted to Google servers in the US. We recognize responsibility when transferring data to other jurisdictions and comply with all applicable requirements. Personal data is transferred to third countries (beyond your country of residence or, if applicable, outside the EEA) only if there are legal grounds and protection guarantees. Such guarantees may be: your explicit consent to such transfer, necessity to perform a contract with you (e.g., for organizing international delivery), or presence of special permission or legal requirement. In case of data transfer from European Economic Area countries to countries that, in the European Commission's opinion, do not provide adequate protection level, we conclude standard contractual clauses (SCC) with recipients or rely on other mechanisms approved by GDPR to protect data. Regarding transfer to the US, we try to cooperate with companies certified under programs like EU-US Data Privacy Framework, or ensure alternative security measures (encryption, storage on European servers, etc.). You can contact us for details on specific countries and protection measures - we will provide information to the extent not violating commercial secrecy.

Third-Party Confidentiality. Please note that third parties to whom we transfer data independently bear responsibility for compliance with confidentiality requirements regarding information received from us. We, for our part, require proper handling of data by contractual and legal means, but cannot fully control all their processes. Nevertheless, when choosing partners, we consider their reputation and experience in data protection. If we become aware that a partner violates personal data processing conditions, we will immediately suspend information transfer to them and take measures to resolve the situation.

In case of our business reorganization, merger, or sale of the Site, user data may be transferred to the successor or new company-operator. In such case, we will ensure preservation of all your rights and fulfillment of obligations provided by this Policy, notifying you of the changes that have occurred.

9. Contact Information

Personal Data Operator: Administration of the TumanClothing website (tuman.clothing).

If you have any questions, complaints, suggestions, or want to exercise your rights regarding personal data, please contact us:

Email: [email protected] (preferred method of communication for privacy matters)

We strive to respond to all user appeals as quickly as possible, usually within 7 business days. If your request requires longer consideration (e.g., implementation of a complex right of access to data), we will inform you of intermediate information about the appeal status.

When contacting us, please indicate your name and contact details, and describe the essence of the question or request. This will help us assist you more quickly and accurately. Before providing you with information on your request, we may need to verify your identity (e.g., by requesting additional information) to protect your data from unauthorized access.

We value your trust and are always open to dialogue. If you notice any potential problems related to your privacy or have suggestions for improving our practices - be sure to inform us.

10. Policy Changes

From time to time, we may make changes to this Privacy Policy. This may happen due to updates to our Site and services, changes in legal requirements, emergence of new technologies, or to reflect user feedback. We reserve the right to adjust Policy provisions at our discretion, while ensuring compliance with your rights and freedoms.

Change Procedure: In case of significant changes (e.g., if we start collecting new data categories or using them for new purposes) we will notify users about such changes. Notification may be made by publishing a noticeable announcement on the Site, through a pop-up when visiting, or (if necessary) via email if you provided us with your email. The current version of the Policy is always available via the link on the Site. Please periodically review this page to be aware of the latest Policy versions.

Agreement with Changes: Continued use of the Site after changes take effect means your agreement with the new version of the Policy. The date of last update is indicated at the beginning of the document (or below). If you do not agree with the changed terms, you must discontinue using the Site and, if desired, contact us to delete your personal data.

We will not limit your rights mentioned in this Policy without your explicit consent. If consent required by law for new terms is not received (in cases where necessary), we will not process your data in any new way.

Date of last Policy update: July 24, 2025

We thank you for reviewing our Privacy Policy. We hope the explanations presented here were useful and understandable to you. Our goal is to provide you with safe and pleasant interaction with TumanClothing, and protection of your personal information is an integral part of this goal. If you have any remaining questions, do not hesitate to contact us. Your trust is our main priority. Thank you for choosing TumanClothing!