1. Mwanzo
  2. Taarifa za kisheria

Taarifa za Kisheria

Introduction. This Privacy Policy is issued by LilTreasure LLC (“Company”), a limited liability company organized under the laws of the Russian Federation (Primary State Registration Number (OGRN) 1226900004407; Taxpayer Identification Number (INN) 6910024942; registered address: 171506, Tver Region, Kimrsky District, Kimry, Volodarskogo str., 17, unit 3; e-mail: liltreasurecompany@yandex.ru; phone: +7 981 146-62-18), which acts as an operator of personal data as defined by Federal Law No. 152-FZ “On Personal Data” and other applicable Russian regulations[1]. This Policy describes how the Company collects, uses, discloses, and protects information about users of the Deliver-2.com website (“Site”), and explains the rights of Users in relation to their personal data.

Note: This document is originally drafted in the Russian language. An English translation is provided for convenience. In case of any discrepancies between the Russian version of this Policy and its translation, the Russian version shall prevail.

1. General Provisions

Key Terms:

  • Company – LilTreasure LLC, the operator of personal data processing, registered in the official register of personal data operators under No. 69-25-021170. In certain contexts, “Company” may also refer to an affiliated entity of LilTreasure LLC that is explicitly indicated by the Company as representing it in other countries.
  • Company Address – 171506, Tver Region, Kimrsky District, Kimry, Volodarskogo str., 17, unit 3 (official mailing address of the Company).
  • Site – the website located at https://deliver-2.com, including all of its subdomains and separate pages, administered by the Company.
  • User – any individual who interacts with the Site, whether by visiting pages, utilizing services, or otherwise accessing content on the Site.
  • User Agreement – the Terms of Service (agreement of adhesion) between the User and the Company governing the use of the Site, as published under the “User Agreement” section of the Site.
  • User Information – any information that is transmitted to the Company by the User’s use of the Site, including personal data. Such information may be provided directly by the User, collected automatically by the Company, or received from other users of the Site.
  • Privacy Policy – this document, publicly available on the Site, which sets forth the Company’s rules and conditions for handling User Information.
  • Partners and Affiliates – parties listed in the “Partners and Affiliates” section of the Site that may receive Users’ personal data pursuant to this Policy and/or under the terms of the User’s consent (e.g., service providers, contractors, or affiliated companies involved in delivering the Site’s services).

1.1. Scope of Policy.

This Privacy Policy governs the relationship between the Company and Users in the realm of processing User Information obtained by the Company as a result of use of the Site. The Policy is a public document, and the current version is always available to Users at https://ru.deliver-2.com/privacy/ (for the Russian version) and other relevant sections of the Site.

1.2. Legal Framework.

The Company processes personal data of Users in accordance with Federal Law No. 152-FZ “On Personal Data” and other applicable laws of the Russian Federation. This Policy has been developed to ensure the required level of protection of User Information from unauthorized access and disclosure, as mandated by Russian law. In preparing this Policy, the Company followed the official “Recommendations on drafting a document defining the operator’s policy regarding personal data processing” issued by Roskomnadzor (the Russian data protection authority).

1.3. Acceptance of Policy.

By accessing or using the Site, the User agrees to the terms of this Privacy Policy, as well as to the terms of other documents governing the use of specific services provided by the Company (such as the User Agreement, terms of specific service offerings, etc.), in the versions that are in effect at the time of use. If the User does not agree with any provision of this Policy or other relevant documents, the User should immediately stop using the Site.

1.4. Special Categories of Data.

The Company does not process special categories of personal data that relate to race or ethnic origin, political opinions, religious or philosophical beliefs, health or medical information, sexual life or orientation, as well as biometric personal data (e.g., fingerprints, facial templates). Users are requested not to provide such data when using the Site. Any information revealing these categories of data will not be intentionally collected or used by the Company.

1.5. Territorial Aspect and Applicable Law.

The Site and services are oriented primarily towards users from BRICS countries (Brazil, Russia, India, China, South Africa), but the Company’s data processing activities are principally governed by the laws of the Russian Federation. If a User is not a citizen of the Russian Federation, the Company will take into account the applicable personal data laws of the User’s country to the extent that they do not conflict with the legislation of the Russian Federation.

1.6. User Eligibility.

By registering on the Site or by otherwise accessing and using the Site, the User confirms that he or she meets all the legal requirements to use the Site, including the attainment of the minimum age required to enter into the User Agreement and to provide consent for personal data processing under the applicable law. The Company does not knowingly process personal data of individuals under such minimum age and may require age verification if necessary.

2. Purposes of Personal Data Processing

The Company processes Users’ personal data for the following purposes:

  • Providing Site Services and Functionality: To allow Users to access and utilize the Site’s features and services, including creating and managing a user account, posting content (such as listings or advertisements), entering into transactions, processing orders and payments, and performing any other operations or interactions available through the Site’s platform. This includes any actions necessary for the performance of contracts between the User and the Company (e.g. the User Agreement) or transactions initiated by the User.
  • User Support and Communication: To respond to User inquiries, requests, and support tickets, provide customer service and technical support, and send notifications or information related to the use of the Site and the Company’s services. This includes alerting Users about changes to services, security updates, or other service-related communications.
  • User Identification and Authentication: To verify the identity of the User when accessing the Site (especially for registered Users logging into their personal account), and to ensure that only authorized Users gain access to their personal accounts (dashboards) and the personalized features therein.
  • Contract Execution and Payment Processing: To facilitate the conclusion and execution of agreements with the User, including the User Agreement and any purchase or service contracts made through the Site. This encompasses processing payments for licenses, products or services offered on the Site, subscription management, and related billing operations.
  • Service Improvement and Analytics: To conduct statistical analyses and monitor usage of the Site in order to understand how Users interact with the services, identify trends and preferences, diagnose technical issues, test and improve the Site’s performance and functionality, and enhance the quality of content and services provided. Personal data may be anonymized or aggregated for these purposes to the extent possible.
  • Marketing and Advertising: To carry out marketing activities, which may include personalizing the content and advertisements displayed to Users, forming the Company’s marketing strategy, informing Users about new products, services, promotions or special offers, and sending newsletters or promotional communications to Users who have consented to receive such communications. The Company may also process data as necessary for participation in affiliate or partner programs (for example, to credit referrals or track rewards) and to measure the effectiveness of advertising campaigns.
  • Security and Fraud Prevention: To ensure the security and integrity of the Site, its services, and Users’ data. This includes using personal data to detect and prevent fraudulent activities, unauthorized access, attacks or other malicious activities, to enforce the Site’s terms and conditions, and to protect the rights, property, or safety of Users, the Company, or third parties as allowed by law.
  • Legal Compliance: To comply with applicable legal obligations to which the Company is subject, such as maintaining records for tax and accounting purposes, responding to legally binding requests from law enforcement or regulatory authorities, fulfilling data retention requirements, and other obligations mandated by laws of the Russian Federation.

The Company will not process personal data in ways that are incompatible with the above purposes. Any new purpose for processing that is not covered by this Policy will be communicated to the User (and consent obtained, if required by law) before such processing begins. The Company adheres to the principle of data minimization, meaning it collects and processes only the personal data that is adequate and relevant for the stated purposes.

3. Legal Bases for Processing

The Company processes Users’ personal data only when there are lawful grounds to do so. In accordance with Russian law, the legal bases for processing personal data by the Company include:

  • User’s Consent: The User has given clear and informed consent to the processing of their personal data for one or more specific purposes. Consent may be obtained electronically (for example, when the User accepts this Privacy Policy, the User Agreement, or opts in to certain services) and can be withdrawn by the User at any time (see Section 7 for details).
  • Performance of a Contract: Processing is necessary for the conclusion or performance of a contract to which the User is a party. This includes processing needed to provide services and functionality under the User Agreement or other agreements with the User (e.g., fulfilling an order, delivering a digital product, or providing a paid service requested by the User).
  • Legitimate Interests: Processing is necessary for the purposes of legitimate interests pursued by the Company or by a third party, provided that such processing does not override the rights and freedoms of the User. For example, the Company may rely on its legitimate interests to improve its services, ensure IT and network security, prevent fraud, or send direct marketing communications to existing customers about similar services (as allowed by law). In all cases, the Company carefully assesses its legitimate interests against the User’s rights.
  • Legal Obligation: Processing is necessary to comply with a legal obligation to which the Company is subject. For instance, the Company may process certain data to satisfy record-keeping obligations, respond to government requests, or fulfill mandatory data retention requirements under Russian law.
  • Other Bases Permitted by Law: In certain cases, other legal grounds may apply, such as when processing is necessary to protect the vital interests of the User or another individual, or when the personal data have been made public by the User. The Company will ensure any such processing is conducted in accordance with the provisions of Article 6 of Federal Law 152-FZ or other applicable legal standards.

Where required by applicable law, the Company will separately inform the User of the specific legal basis applicable to particular processing activities. If processing is based on the User’s consent and that consent is withdrawn, the Company will cease processing the data for the relevant purpose, unless another legal basis applies.

4. Personal Data We Collect

Categories of personal data processed by the Company include:

  • Account Data Provided by the User: Information that the User provides when registering an account on the Site or filling out or updating profile details. This includes the User’s contact information such as phone number and email address (required at registration). It also includes additional profile information that the User may voluntarily provide or update in their account, such as full name, surname, middle name, Tax Identification Number (INN), individual entrepreneur registration details (for Users who are sole proprietors), postal address and city, and any other personal details the User chooses to provide. In certain cases, the Company may request additional verification information from the User (for example, to comply with Know-Your-Customer or anti-fraud procedures), such as passport or national ID details, driver’s license information, photographs or video images of the User, or other documentation to confirm the User’s identity or the information provided. The User may decline to provide optional data; however, this might limit the availability of certain features or services (for instance, failure to provide verification data when requested could result in inability to conduct certain transactions on the Site).
  • Technical and Device Information: Data automatically collected about the User’s device and how the User connects to the Site. This data may include the IP address used to connect the User’s device to the Internet, the type and version of the User’s web browser, the operating system and device model, approximate geolocation (e.g., city or country inferred from IP or device settings), the User’s Internet service provider or mobile network, and other device identifiers or technical information provided by the User’s browser or device configuration. This information is typically collected through server logs, cookies, and similar technologies (see Section 6 on Cookies) and is used for technical support, security, and optimization of the Site.
  • Cookies and Online Activity Data: The Company uses cookies and similar tracking technologies to automatically collect data about the User’s interactions with the Site. Cookies are small data files that the Site requests to store on the User’s device via the web browser. Through cookies, the Company may gather information on how the User navigates and uses the Site, such as timestamps of visits, pages viewed, features used, referring web pages, and other usage statistics. More details on the types of cookies and their uses are provided in Section 6 of this Policy. This category may also include information about the User’s actions on the Site, for example if the User posts content or enters information on the Site, clicks on links, or conducts searches.
  • Aggregated Data and Analytics: The Company may compile aggregate or de-identified data derived from the User’s personal data and activity, such as generalized statistics about how users use the Site, traffic patterns, demand for certain services, or demographic insights. Such aggregated data does not identify individual users and is not considered personal data under this Policy. However, if any such data can be linked back to an identifiable User, the Company will treat it as personal data and ensure it is processed in accordance with this Policy.

The Company does not intentionally collect any sensitive personal data (such as information about health, religious or political beliefs, etc.) from Users, and Users are requested not to submit such data on the Site (see Section 1.4). If a User nonetheless chooses to provide or make public any sensitive or additional personal information (for instance, by posting it in a public area of the Site), the User acknowledges that such information may be available to others and assumes responsibility for any consequences of sharing it. The Company does not purposefully process any such information and will handle any inadvertently collected sensitive data in accordance with applicable law (including obtaining consent if required).

Some features of the Site allow Users to publish information that can be viewed by others. For example, if the Site offers a marketplace or community forum, information in a User’s profile or postings (such as a business contact, username, photo, or any content the User chooses to share publicly) could be visible to other Users or visitors. By providing information in these public areas, the User understands that it will be accessible to an indefinite number of internet users. The Company will display the User’s information in their public profile or listings as per the functionality of the Site and the settings chosen by the User. The Company also enables Users to view their own profile information as it appears to others, and to adjust privacy settings where applicable (if such features are provided).

Please note that any personal data that the User voluntarily makes public on the Site (for example, by posting it in a public-facing section) is provided by the User without any expectation of privacy and without requiring separate consent for making it public. In other words, if a User clearly intends for certain data to be publicly accessible (e.g., including a contact phone number in a public advertisement), the Company will treat that action as the User’s consent to disseminate that data to an unlimited audience. The Company will only publicly disclose or disseminate a User’s personal data to the extent that such dissemination is clearly intended by the User’s actions and is consistent with the User’s consent or instructions (for example, publishing a profile in a public directory when the User has opted to do so).

All personal data that the Company collects is processed in accordance with the principles and rules described in this Policy. If any of the data the Company collects is not strictly necessary to identify an individual or to fulfill the stated purposes, the Company will either not collect it, or will store it in an anonymized format. Personal data collected will not be used for any purposes other than those for which it was collected, unless the Company obtains the User’s consent or is otherwise legally permitted to do so.

5. Sharing of Personal Data with Third Parties

5.1. No Unauthorized Disclosure:

The Company treats Users’ personal data as confidential and, except as described in this Policy or allowed by law, does not disclose it to third parties without proper authorization. The Company does not sell Users’ personal data. Personal data will be shared only in the circumstances and with the categories of recipients outlined below, or as otherwise permitted under applicable law.

5.2. Instances of Data Sharing:

The Company may transfer or disclose personal data to third parties in the following cases and for the purposes defined:

  • Service Providers and Partners: The Company may share personal data with trusted third-party service providers and partners who assist in operating the Site, providing core services to Users, or otherwise fulfilling the purposes of processing described in this Policy. These third parties may include, for example, payment processing providers (to handle credit card transactions or other payments), email or SMS providers (to send verification codes or notifications), hosting providers, data storage services, customer support tools, or contractors participating in the delivery of marketplace services (such as other users or vendors engaged in a transaction with the User). The Company only shares data that is necessary for the third parties to perform their functions, and where applicable, such parties are contractually obligated to process personal data only for the purposes specified by the Company and to protect it in accordance with this Policy and the law. If the User explicitly consents to or requests data sharing with certain third parties (for example, by using a feature that involves a third-party facilitator), the Company will share data as needed to carry out that request.
  • Legal Requirements and Authorities: The Company may disclose personal data to third parties when it is required to do so by law or a legally binding order. This includes responding to lawful requests by public authorities, such as law enforcement or regulatory agencies, to meet national security or law enforcement requirements. For instance, the Company may provide personal data to competent governmental or supervisory authorities if a proper legal request or subpoena is received, or if disclosure is needed to comply with applicable laws (such as to report certain activities or to cooperate with regulators). Users’ personal data may also be disclosed in connection with legal proceedings when the Company is legally compelled to do so.
  • Exercise of Legal Rights and Protection: The Company may share limited personal data with third parties (such as legal advisors, courts, or collection agencies) when necessary to establish, exercise or defend the Company’s legal rights. For example, if a User violates the User Agreement or engages in unlawful activity, the Company may disclose data as needed to address the violation or pursue remedies. The Company may also disclose data to third parties (including victims of misuse, relevant authorities, or intermediaries) to prevent harm or financial loss, or in connection with an investigation of suspected or actual illegal activity related to the Site.

5.3. User’s Agreement to Data Actions:

By using the Site and its services, the User agrees that the Company may perform the following actions with their personal data in accordance with this Policy:

  • Processing Operations: The Company may perform any necessary operations on the User’s personal data to achieve the stated purposes, including collection, recording, organizing, accumulating, storage, updating or modification, retrieval, usage, anonymization, blocking, deletion, and destruction of personal data. These operations can be carried out with or without the use of automated means, as required by the context of processing and allowed by law.
  • Transfers to Partners/Affiliates: The Company may transfer the User’s personal data to its partners and affiliated entities (as defined in Section 1) for processing on behalf of the Company, or for joint processing in collaboration with those entities. In all such cases, the Company ensures that any partner or affiliate receiving personal data is contractually bound to protect it to a standard equivalent to the protection provided by the Company. These partners/affiliates will process the data only for the purposes set out in this Policy or those to which the User has consented. For example, an affiliate in another country might assist in providing customer support to Users in that region, under the Company’s supervision and in compliance with this Policy.
  • Data from Third Parties: The Company may also receive personal data about Users from partners or affiliates and combine it with data the Company already possesses[45]. For instance, if a partner runs a joint promotion with the Company or refers a User to the Site, that partner might provide certain information (like a referral identifier or aggregate usage statistics) which the Company can use alongside its own data to enhance services. Any such combined data that relates to an identified or identifiable User will be handled as personal data under this Policy.
  • Subprocessors: In the context of engaging third-party service providers (subprocessors), the Company may grant them access to certain personal data as described above under “Service Providers and Partners”. All subprocessors are carefully vetted for their data security practices and are bound by confidentiality and data protection obligations. They will only use the data for the specific tasks assigned by the Company.

5.4. Third-Party Services and External Links:

The Site may incorporate or link to third-party services that are not operated by the Company, such as external payment gateways, embedded content or widgets, or social media platforms. If the User chooses to use these services (for example, by clicking an external link or logging in via a third-party platform), any personal data provided by the User in the process may go directly to those third parties. This Privacy Policy does not apply to third-party websites or services, and the Company is not responsible for the practices of such third parties regarding personal data. The User should review the privacy policies of any third-party services they access. The Company will, where reasonably possible, notify Users when a particular feature or service is provided by a third party (so that Users understand who will receive their data)[46]. Notably, if a portion of the Site’s functionality (such as a marketplace listing or a chat widget) is operated independently by a partner, the User may need to agree to that partner’s terms and privacy policy before using the feature. The Company is not responsible for personal data processing by third parties who operate independently of the Company.

5.5. International Data Transfers:

The Company is based in the Russian Federation, and by default, personal data of Users (especially data of Russian citizens) is processed and stored on servers located within Russia (see Section 6.1)[48]. If it becomes necessary to transfer personal data to a foreign country (for example, to an affiliate or service provider in another jurisdiction)[47], the Company will ensure that such a transfer complies with the requirements of Russian law regarding cross-border data transfers. In particular, personal data of Russian citizens will only be transferred to countries that are recognized by Roskomnadzor as providing adequate protection for personal data, or otherwise if appropriate safeguards are in place or the User’s written consent has been obtained[48]. The Company will take all steps necessary to ensure that Users’ personal data is treated securely and in accordance with this Policy and applicable law in the course of any international transfer. For example, this may include using EU Standard Contractual Clauses or similar agreements where relevant, or ensuring the foreign recipient is bound by contractual obligations to provide a high level of data protection. The User’s use of the Site or submission of information to the Company may result in the transfer of personal data across international borders, including to jurisdictions that may have data protection rules different from those in the User’s country. However, the Company will not transfer personal data to an overseas recipient if such transfer would violate the data localization requirements of Russian law or other applicable restrictions. In cases where the User’s consent is required for a cross-border transfer (such as transferring to a country that does not ensure adequate protection), the Company will obtain such consent separately.

5.6. No Unauthorized Commercial Use:

The Company does not permit third parties to access or use Users’ personal data for their own commercial purposes without the User’s consent. Any third party who has received User data from the Company is prohibited from using it for purposes outside the scope of the Company’s instructions. Additionally, scraping or harvesting personal data from the Site (for example, email addresses from user profiles) for marketing or other purposes is strictly forbidden. The Company monitors and employs technical measures to guard against unauthorized extraction of data. Users are also requested to refrain from sharing or publishing other individuals’ personal data obtained from the Site, unless they have that individual’s consent.

6. Cookies and Similar Technologies

6.1. Use of Cookies:

Like many websites, Deliver-2.com uses cookies and similar tracking technologies to enhance User experience and gather information about how the Site is used. Cookies are small text files placed on the User’s computer or device by web browsers at the request of a site[31]. Cookies are stored on the User’s device and allow the Company to recognize the User’s browser or device and remember certain information. By using the Site, the User consents to the use of cookies as described in this Policy. The Company processes cookies data in relation to Users who visit the Site for the purposes outlined in this Policy.

6.2. Types of Cookies Used:

The Site utilizes the following categories of cookies to support functionality and collect analytical data:

  • Strictly Necessary Cookies (Technical Cookies): These cookies are essential for the operation of the Site. They enable basic functions like page navigation, access to secure areas (e.g., user account login), and overall usage of the Site’s features. Without these cookies, certain services on the Site cannot be provided properly. Strictly necessary cookies can also identify the User’s hardware and software (for example, remembering the type of browser) to ensure compatibility and security. These cookies do not gather information for marketing or analytics purposes.
  • Statistical/Analytical Cookies: These cookies collect information about how Users interact with the Site, such as which pages are visited, the time spent on each page, and any error messages encountered. They help the Company recognize returning visitors, count the number of Users, and understand how Users navigate through the Site. For instance, analytical cookies might log the actions a User takes on the website (clicks, scrolls) or track conversion metrics. The data obtained is used to improve how the Site works, ensure Users find what they are looking for easily, and to gather aggregate usage statistics.
  • Performance/Technical Cookies: These cookies gather information specifically about the performance of the Site and how Users use it, in order to identify and fix errors and to test new features. They are similar to analytical cookies and sometimes considered a subset of them. By monitoring technical parameters (such as load times, response to user actions, etc.), these cookies enable the Company to maintain and enhance the Site’s performance and reliability. For example, a technical cookie might track if a page failed to load or if a feature malfunctioned, helping the Company to debug and improve those aspects.
  • Functional Cookies: These cookies allow the Site to remember choices Users make and provide enhanced, more personalized features. They may be set by the Company or by third-party providers whose services have been added to the Site. Functional cookies might remember the User’s preferences (such as language selection, region, or other customizations) so that the User does not have to re-enter this information on subsequent visits[70]. They can also provide advanced features, like remembering login details (if the User opts for this) or maintaining session information as the User navigates between pages.
  • Advertising and Tracking Cookies (Third-Party Cookies): These cookies collect data about the User’s browsing habits and interactions with the Site’s content and advertising. They may be placed by the Company or by third-party advertising partners. The information gathered may include the websites that referred the User to the Site, pages visited, links and ads viewed or clicked, and other browsing behavior. The purpose is to deliver advertisements that are more relevant to the User’s interests on the Site or across other websites. For example, these cookies enable the Company or its advertising partners to show ads that might interest the User based on analysis of the collected information. They also help measure the effectiveness of ad campaigns. Third-party tracking cookies might track Users across multiple websites and combine information to create a profile of the User’s interests.

6.3. How We Use Cookie Information:

The information collected by cookies on the User’s device may be transmitted to and accessed by the Company and/or by third parties as described in Section 5 (such as the Company’s partners and affiliates). Specifically, the Company uses cookie data to:

  • Recognize a User on subsequent visits (so, for example, the User stays logged in or the Site remembers the User’s preferences);
  • Personalize content and features for the User (such as greeting the User by name or suggesting relevant content);
  • Conduct analytics and research to improve the Site’s content, layout, and services (using aggregated data to understand usage patterns);
  • Maintain security (for instance, to authenticate Users, prevent fraudulent use of login credentials, and protect User data); and
  • Tailor advertising, if any, to the User’s interests (both on the Site and potentially on third-party sites, through retargeting).

In particular, based on data collected through cookies, the Company may refine and enhance Site features to make them more accessible, perform statistical analyses, correct errors and bugs, test new functionalities of the Site, personalize the Site’s content, and display the most relevant materials and advertisements to the User. For any use of cookie data that involves making it available outside the Company’s own services (for example, sharing it with third-party advertising networks for targeting ads on other platforms), such usage will be subject to separate user agreements or consent, as required. The Company, and/or relevant third parties, will provide Users with the ability to opt out of personalized advertising that uses cookie data (for instance, via a provided opt-out link or through the Site’s cookie management tool) if such personalized advertising is implemented.

6.4. Third-Party Cookies and Analytics Services:

The Site integrates certain third-party analytics and advertising services which set their own cookies on the User’s device. For example, the Company uses web analytics services such as Mail.ru Rating, Yandex.Metrica, and Google Analytics to collect statistical information about Site usage. These services may set cookies and process User data under their own privacy policies. The Company only works with reputable providers and shares cookie data with them as needed for analytics or advertising functions. Users can learn more about how those providers handle data by reviewing their privacy policies (e.g., Google’s Privacy Policy or Yandex’s Privacy Policy). The Company may also partner with third-party advertisers or ad networks that utilize tracking cookies to deliver and measure advertisements outside of the Company’s services. Any use of cookie-derived data by such external parties for advertising purposes is governed by separate agreements or consents, and the User may be given the opportunity to manage preferences or opt out of such usage as required by those third parties’ policies.

6.5. User Control and Consent for Cookies:

Upon the User’s first visit to the Site (and periodically thereafter, as required), the Site may present a cookie notice or banner to inform the User about the use of cookies and to obtain the User’s consent for non-essential cookies. In accordance with evolving legal requirements, as of May 30, 2025, the collection of data about Users’ behavior on the Site for personalized analytics or advertising (for example, via analytical or advertising cookies) requires the prior explicit consent of the User. The Company will implement appropriate mechanisms (such as a cookie consent banner or settings dashboard) to ensure that Users can provide or withhold consent for different categories of cookies. By default, the Site will not utilize analytical or advertising cookies unless the User has granted consent, except for those cookies that are strictly necessary for the Site’s basic operation. Users can at any time adjust their browser settings to refuse or delete cookies. Most web browsers allow control of cookies through their settings preferences (for example, Users can typically set the browser to notify them when a cookie is being set or to block cookies altogether).

  • Refusing Cookies: If a User does not wish to have cookies stored on their device, they can configure their browser to decline cookies from the Site. Users may also delete cookies that have already been set using the browser’s tools. Additionally, the Site’s interface may offer an option to opt out of certain types of cookies (for instance, via a “Cookie Settings” link).
  • Consequences of Disabling Cookies: It is important to note that if the User disables or refuses cookies, some parts of the Site may become inaccessible or not function properly. For example, without cookies, the Site might not remember login information or other preferences, and certain features (like keeping items in a shopping cart, if applicable) may not work. The Company’s services will in that case use only the cookies that are strictly necessary for the service to function, and the User might need to manually adjust preferences each time they visit the Site.

6.6. Additional Tracking Technologies:

In addition to cookies, the Company may use other technologies such as web beacons (also known as pixel tags), tracking URLs, or local storage objects for similar purposes. Web beacons are tiny graphics embedded on a webpage or email that signal that a page or email has been viewed. They often work in conjunction with cookies to compile statistics. The usage and purpose of these technologies are similar to those of cookies as described above.

For more detailed information about our use of cookies and how you can manage them, please refer to the Site’s cookie notice (if available) or contact us using the information in Section 10.4. By continuing to use the Site without disabling cookies via your browser or through the provided mechanisms, you consent to our use of cookies and similar technologies as described in this Policy.

7. User Rights

Users (data subjects) have the following rights regarding their personal data processed by the Company, in accordance with applicable data protection laws and as outlined below:

7.1. Right to Access Information:

The User has the right to request confirmation of whether the Company is processing personal data relating to them, and if so, to access that personal data and receive information about it. This includes the right to request information on: (i) the categories of personal data being processed; (ii) the purposes of processing; (iii) the sources from which personal data was obtained (if not provided by the User directly); (iv) the recipients or categories of recipients to whom personal data has been or may be disclosed (especially if they are in other countries or are government institutions); (v) the processing period (or criteria used to determine that period); and (vi) the User’s rights under the personal data law. The User can exercise this right by submitting a written request to the Company (see Section 10.4 for contact information). The request should contain sufficient information to identify the User and the information sought. For security and identification purposes, the Company may require the User to provide a copy of an identification document or to verify certain account details. The Company will provide the requested data or an appropriate response within the timeframe established by law (usually within 30 days, unless an extension is justified and permitted).

7.2. Right to Withdraw Consent:

Where processing is based on the User’s consent, the User has the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal, but once withdrawn, the Company will cease processing the personal data for the purposes that were based on consent (unless another legal basis applies). For example, the User may opt out of marketing emails by withdrawing consent to direct marketing – the Company will stop sending such emails thereafter. To withdraw consent, the User should send a written notice or contact the Company via the contact details provided. In cases of email marketing or similar, the User can use the “unsubscribe” link provided in the communications. If the User withdraws consent for processing that is essential to provide a service (e.g., consent for processing of certain account data), the Company may have to limit or terminate the provision of that service to the User. The Company will inform the User if such a situation arises.

7.3. Right to Rectification:

The User has the right to request correction of any inaccurate or outdated personal data, and to have incomplete personal data completed. Users are encouraged to correct or update their own data through their account settings when possible. In cases where the User cannot self-update the information (or the data is not directly editable by the User), the User may send the Company a request specifying which data is incorrect or incomplete and providing the correct or updated information. The Company may verify the accuracy of the new data before making the correction.

7.4. Right to Erasure (“Right to be Forgotten”):

The User has the right to request deletion of their personal data in certain circumstances. This right is not absolute and applies, for example, if: (i) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) the User withdraws consent on which the processing is based, and there is no other legal ground for processing; (iii) the User objects to processing (see below) and there are no overriding legitimate grounds for processing; (iv) the personal data has been processed unlawfully; or (v) the personal data must be erased to comply with a legal obligation. To request erasure, the User should contact the Company with a clear request for deletion. Upon a valid request, the Company will take reasonable steps to erase the personal data, unless an exception applies (for example, if the Company is legally required to retain certain data, or if the data is necessary to establish or defend legal claims). The User should be aware that due to technical reasons, residual copies might not be immediately removed from all backup systems, but the Company will ensure that the data is no longer actively processed and will be deleted from backups as soon as feasible.

7.5. Right to Restrict Processing:

The User has the right to request the restriction of processing of their personal data in certain cases. This means the Company will continue to store the data but will temporarily limit its processing. The User can request restriction if: (i) the User contests the accuracy of the personal data (for a period allowing the Company to verify it); (ii) the processing is unlawful but the User prefers restriction over deletion; (iii) the Company no longer needs the personal data for the original purposes, but the User needs it for the establishment, exercise or defense of legal claims; or (iv) the User has objected to processing (see below), pending verification of whether the Company’s legitimate grounds override those of the User. When processing is restricted, such personal data will be marked and processed only for certain purposes, such as with the User’s consent or for legal claims, or to protect the rights of another person, or for important public interest reasons.

7.6. Right to Object to Processing:

(Applicable under certain jurisdictions or contexts.) If the Company processes personal data based on its legitimate interests (see Section 3) or for tasks in the public interest, the User has the right to object to that processing on grounds relating to their particular situation. If the User raises an objection, the Company will cease processing the data unless it can demonstrate compelling legitimate grounds for the processing that override the User’s interests, rights, and freedoms, or unless the data is needed for the establishment, exercise, or defense of legal claims. Where personal data is processed for direct marketing purposes, the User has an unconditional right to object at any time to processing of their personal data for such marketing (including any related profiling). If the User exercises this right, the Company will stop processing the data for direct marketing purposes immediately.

7.7. Right to Data Portability:

(Applicable in some jurisdictions, e.g. EU, but not explicitly provided under current Russian law.) The User may have the right to request a copy of certain personal data in a structured, commonly used, and machine-readable format, and to request that this data be transmitted to another data controller where technically feasible. This right typically applies to data processed by automated means that the User initially provided under consent or contract. If a User wishes to exercise this right, the Company will assess the applicability and provide the data if possible.

7.8. Right to Lodge a Complaint:

If a User believes that the Company has infringed their rights or not complied with data protection laws, the User has the right to lodge a complaint with the relevant supervisory authority. For Users in Russia, the supervisory authority is the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor). Contact details for Roskomnadzor can be found on its official website. Users in other jurisdictions may have the right to file a complaint with their local data protection authority. We kindly ask that Users attempt to resolve any concerns by contacting us first, but the User is entitled to approach the authority directly.

Exercising Your Rights: To exercise any of the rights described above, Users may contact the Company using the contact information provided in Section 10.4. The Company may need to verify the identity of the User making the request to prevent unauthorized access to personal data (for example, we may ask for verification information or use an existing authentication procedure). The Company will respond to requests within the period established by applicable law (generally within 30 days). Please note that some rights may not be absolute; certain requests might be refused if allowing them would undermine other legal obligations or the rights of other individuals. In such cases, the Company will inform the User of the reasons for refusal, subject to legal restrictions.

Fees: The Company will not charge a fee for the initial request to exercise rights. However, if a User’s requests are manifestly unfounded or excessive (for example, repetitive requests), the Company reserves the right as permitted by law to either charge a reasonable fee based on the administrative cost of providing the information or taking the action requested, or to refuse to act on the request.

8. Data Security and Protection Measures

8.1. Confidentiality Obligations:

The Company recognizes personal data as confidential and is committed to protecting the privacy of Users. The Company maintains the confidentiality of personal data and ensures that its employees and partners who have access to personal data are bound by appropriate confidentiality obligations[59]. Personal data will not be disclosed to any third party except as described in this Policy or as otherwise permitted by law or with the User’s prior consent. The Company also refrains from disseminating personal data without a valid legal basis or the User’s consent, as required by Russian law.

8.2. Organizational and Legal Measures:

The Company has implemented internal policies and procedures designed to protect personal data in its possession. These include appointing a person responsible for organizing personal data processing and security, conducting regular training for staff on data protection requirements, and establishing procedures for handling personal data incidents or inquiries. The Company’s internal documents (orders, policies, regulations) regulate the processing of personal data and define the measures for protecting it, in accordance with Russian regulations. Employees who handle personal data are authorized on a need-to-know basis and are trained in their responsibilities to maintain confidentiality and security. The Company also evaluates its data processing activities for compliance with applicable laws, including conducting required legal assessments or audits of personal data security measures.

8.3. Technical Security Measures:

The Company employs a variety of technical measures to ensure the security of personal data and to prevent unauthorized access, alteration, disclosure, or destruction of data. These measures include, but are not limited to:

  • Access Control: Restricting access to personal data to authorized personnel only, using role-based access controls and authentication mechanisms (passwords, two-factor authentication, etc.).
  • Encryption: Utilizing encryption protocols to protect data during transmission (for example, the Site is secured via HTTPS/SSL encryption for data exchanged between the User’s browser and the Site’s servers) and, where appropriate, encrypting sensitive data at rest.
  • Firewalls and Network Security: Implementing firewall systems and intrusion detection/prevention systems to guard the Company’s internal networks and servers against unauthorized access and cyber attacks.
  • Anti-Virus and Malware Protection: Regularly updating and running anti-virus, anti-malware, and anti-spyware programs on Company systems to detect and remove malicious software.
  • Security Monitoring: Monitoring systems for unusual activities or potential threats, and maintaining logs of access to personal data where feasible to facilitate auditing and incident response.
  • Data Minimization and Pseudonymization: Storing only the personal data that is necessary for the purposes identified, and, when possible, replacing identifying information with pseudonyms or unique codes such that individuals cannot be readily identified without additional information stored separately.
  • Backups and Recovery: Regularly backing up data and having disaster recovery plans in place to ensure availability of personal data in case of physical or technical incidents (while still maintaining security of backups).
  • Physical Security: Ensuring that physical access to IT systems and data storage media is controlled and secure (e.g., server rooms are locked and monitored, and hardcopies of personal data, if any, are kept in secure cabinets).

These measures are implemented in accordance with Article 19 of Federal Law 152-FZ and relevant regulations, which outline the obligation of operators to take necessary and sufficient measures to protect personal data.

8.4. Security Incident Response:

Despite all measures taken, no information system can be guaranteed to be 100% secure. In the event of a personal data breach (an incident leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data), the Company has procedures to promptly identify and address the breach. The Company will take steps to contain and mitigate the incident, assess the risk to Users’ rights, and determine whether notification to the supervisory authority or the affected Users is required by law. If required, the Company will notify the relevant data protection authority and affected Users without undue delay, within the timeframes established by law, and provide information on the nature of the breach, likely consequences, and measures taken or proposed to address it.

8.5. User Responsibilities for Security:

Users also play an important role in safeguarding their personal data. The Company urges Users to maintain the security of their account credentials (login and password), to use unique and strong passwords, and to change passwords periodically. The User should notify the Company immediately if they suspect any unauthorized access to or use of their account or personal data. The Company will never ask Users to disclose their passwords, and any such request should be considered fraudulent. Additionally, Users should be cautious when sharing information in public areas of the Site (such as forums or comments) as that information may be viewed by others.

By implementing and maintaining the above measures, the Company strives to create a secure environment for personal data. However, Users acknowledge that no method of transmitting or storing data is completely secure, and while the Company is dedicated to protecting personal data, it cannot guarantee absolute security. Users proceed with the understanding of these risks and are encouraged to take protective measures on their end (such as using updated antivirus software and being mindful of phishing attempts).

9. Liability and Disclaimers

9.1. Company’s Liability:

The Company is responsible for ensuring that personal data is processed in accordance with this Policy and applicable law. If the Company fails to meet its obligations or processes personal data unlawfully, it may be subject to legal liability, including penalties under Russian law. However, the Company shall not be liable for any loss or damage arising from circumstances in which the Company has not breached its legal duties, including but not limited to:

  • Inaccurate Data Provided by User: Any consequences of the User providing false, incorrect, or incomplete personal data, or the User’s failure to update their personal data. The User is responsible for the accuracy of the data they provide, and the Company will not be liable for issues or damages resulting from the processing of data that the User submitted erroneously[61].
  • User’s Disclosure of Data: Any unauthorized access to or use of personal data that results from the User’s own actions or omissions. For instance, if a User shares their account login credentials with others, fails to secure their device, or otherwise divulges personal data to third parties, the Company is not responsible for the disclosure or any damages that occur as a result[61].
  • Password Confidentiality: Actions performed by third parties using a User’s account (with or without the User’s knowledge) due to the User’s failure to maintain the confidentiality of their login information. The User is solely responsible for keeping their username and password confidential and for any activities that occur under their account. If someone gains access to the User’s account through the User’s negligence (e.g., using an easy-to-guess password or not logging out on a public computer), the Company is not liable for any data breaches or changes made to the account in such cases.
  • Public Information Sharing: Any use or misuse of personal data that the User has made public via the Site. If a User posts personal data in a public section of the Site (e.g., in a public profile, forum, or listing) and as a result third parties use that information for any purpose, the User understands that the Company cannot control those third-party actions. The Company will not be responsible for any third-party collection, reproduction, or distribution of personal data that the User has intentionally made public on the Site.
  • Third-Party Breaches: Security breaches or unauthorized actions attributable to third-party service providers or platforms integrated with the Site, which occur despite the Company’s contractual measures and security requirements. While the Company binds its partners to adequate protections, it is not liable for their independent misconduct or security failures, unless proven to be caused by the Company’s own negligence.
  • Force Majeure: Any failure or delay in performance of obligations (including data security obligations) due to events outside the Company’s reasonable control, such as natural disasters, wars, acts of terrorism, civil disturbances, strikes, network outages, major technical failures, or governmental actions.

9.2. User’s Liability:

By using the Site, the User agrees to comply with the terms of this Policy and the User Agreement, and confirms that they have all necessary rights to provide any information they submit to the Site. The User is responsible for the legality, accuracy, and integrity of the data they provide or post on the Site. If the User provides data concerning third parties (for example, providing someone else’s contact information for referrals), the User must ensure they have obtained all necessary permissions from those third parties. The User shall indemnify and hold the Company harmless from any losses or claims arising out of the User’s violation of this Policy or misuse of personal data (for instance, if the User collects or uses other Users’ data in violation of the law or this Policy). In the event that the User violates data protection or privacy laws while using the Site (for example, by improperly collecting personal data about others or using the Site to distribute spam or unlawful content), the User may be personally liable for such actions under the law.

9.3. Third-Party Websites and Services:

The Site may contain links to external websites or integrate services that are not operated by the Company. The Company is not responsible for the privacy practices, security, or content of such third-party websites or services. If the User follows a link to any external site, they do so at their own risk and should review the privacy policy of that site. This Privacy Policy applies solely to data processed by the Company within the Site’s domain and services. Additionally, if the User chooses to engage with third-party services (for example, logging in through a social network or making a payment via a third-party payment gateway), any data provided to those third parties is subject to their respective privacy policies, and the Company shall not be liable for their handling of the data. The Company disclaims any responsibility for data processing by third-party controllers, even if the Site provides an interface to them (e.g., an embedded map or a social media share button).

9.4. Disclaimers:

While the Company strives to maintain a high standard of security and privacy, it makes no warranty that the Site will be absolutely secure or error-free at all times, or that personal data incidents will never occur. The Company provides the Site and its services “as is” and, to the extent permitted by law, disclaims any implied warranties regarding security or freedom from unauthorized interception of data. The Company also cannot guarantee that information transmitted via the internet (including emails or communications through the Site) is completely secure, and the User should take appropriate precautions in transmitting sensitive data. Any material or information downloaded or otherwise obtained through the use of the Site is accessed at the User’s own discretion and risk, and the User is solely responsible for any potential damage to their computer system or loss of data that results from use of the Site.

The provisions of this Section 9 do not intend to limit any rights of the User that cannot be lawfully limited, nor to exclude liability in cases where applicable law (such as consumer protection laws) imposes it and does not allow contractual waiver. Rather, this Section aims to clarify the allocation of responsibilities between the Company and Users, and to highlight that Users also have a role in safeguarding their personal data and using the Site in a responsible manner.

10. Changes to Policy and Contact Information

10.1. Updates to the Policy:

The Company may amend or update this Privacy Policy from time to time to reflect changes in legal requirements, Company practices, or the introduction of new features on the Site. When changes are made, the Company will post the new Policy on the Site and update the “Effective date” at the top. If the changes are significant (for example, altering how personal data is used or shared in a way that the User might not expect), the Company will provide a more prominent notice, which may include notification on the Site’s homepage or sending an email notification to Users (if appropriate and if the User’s email is on record). Any changes to the Policy will become effective on the date indicated in the notice or the updated Policy itself. By continuing to use the Site after the effective date of a revised Policy, the User is considered to have accepted the changes[78]. If a User does not agree with the new Policy, they should cease using the Site and may request the Company to delete their personal data (as per Section 7). The Company encourages Users to periodically review this page for the latest information on our privacy practices. It is the User’s responsibility to stay informed of any updates to this Policy.

10.2. Governing Law and Dispute Resolution:

This Privacy Policy is governed by and interpreted in accordance with the laws of the Russian Federation. Any issues or disputes arising from this Policy or related to personal data processing that are not regulated by this Policy will be resolved in accordance with the applicable laws of the Russian Federation. Users from other jurisdictions who use the Site do so on their own initiative and are responsible for compliance with local laws to the extent those laws are applicable. By using the Site, Users consent that any dispute regarding privacy or the terms of this Policy, to the extent allowed by law, shall be subject to the exclusive jurisdiction of the competent courts at the Company’s registered location (unless otherwise provided by consumer protection laws or international agreements).

10.3. Relationship to Other Documents:

This Policy is an integral part of the Site’s terms and conditions, including the User Agreement. In the event of any conflict between this Policy and other contractual terms agreed with the User (such as a separate consent form, data processing agreement, or specific service terms), the terms that are more specific to data protection and privacy will take precedence for the matter at hand. However, this Policy does not override any rights the User may have under mandatory law. If any provision of this Policy is found to be unenforceable under applicable law, it shall be interpreted as closely as possible to reflect the intent of the provision, and all other provisions will remain in effect.

10.4. Contact Information:

If Users have any questions, concerns, or requests regarding this Privacy Policy or the processing of their personal data, they may contact the Company via the following means:

  • Email: liltreasurecompany@yandex.ru
  • Postal Mail: LilTreasure LLC, 171506, Tver Region, Kimrsky District, Kimry, Volodarskogo 17-3 (Attn: Privacy Officer)

When contacting us, please include contact information and a detailed description of the issue or request. The Company will do its best to respond promptly and address any concerns. For security and privacy reasons, the Company may need to verify the identity of the person making the inquiry or request before executing it (especially for requests involving personal data access, correction, or deletion).

Thank you for reading our Privacy Policy. The Company values your privacy and will continuously work to protect and handle your personal data with care and transparency.

Effective: November 1, 2025