1. General Provisions

This Privacy Policy (hereinafter referred to as the “Policy”) is drafted in compliance with the requirements of Federal Law No. 152-FZ of July 27, 2006, “On Personal Data,” and establishes the procedure for processing personal data and the measures to ensure the security of personal data by the owner of the website https://gemmology.online, Limited Liability Company “Gemstone Certification Center” (INN 7743628359), represented by General Director Alexander Viktorovich Stolyarevich (hereinafter referred to as the “Operator”).

1.1. The Operator considers the protection of the company’s commercial and confidential information, as well as the rights and freedoms of individuals in the processing of their personal data—including the right to privacy, personal, and family secrets—as its highest priority and a fundamental condition of its operations.

1.2. By registering on the Website, placing an Order, requesting a consultation, or using the Website, the User agrees to the terms of this Policy. If the User disagrees with this Policy, they must immediately cease using the Website and its services.

1.3. The Operator does not verify the accuracy of the information collected about Users, except in cases where such verification is necessary to fulfill the Operator’s obligations to the User. The Operator treats the data provided by the User as personal data by default. All data received from the User is subject to personal data processing regulations.

1.4. The collection, storage, dissemination, and protection of information about users of the website https://gemmology.online are governed by this Policy, other official documents of the Website Operator, and the applicable laws of the Russian Federation.

2. Enforcement and Amendments to the Policy

2.1. This Policy comes into effect upon approval by the Operator and remains valid indefinitely until replaced by a new Policy.

2.2. The current version of the Policy, as a public document, is available to any Internet user at the following link: https://gemmology.online/privacy_policy.

2.3. The Operator reserves the right to amend this Policy. In case of changes, the Operator will notify Users by publishing the revised version on the Website at the permanent address. Previous versions are stored in the Operator’s documentation archive.

2.4. Continued use of the Website after the publication of a revised Policy constitutes the User’s full acceptance of its terms.

3. Scope of User Personal Data

3.1. Users’ personal data includes:

3.1.1. Information provided by Users that is minimally required for:

• Event registration,

• Security purposes,

• Authentication and feedback on the Website,

• Use of the Website’s functionality,

• Provision of the Website’s services.

For these purposes, Personal Data includes:

• Full name (surname, given name, patronymic);

• Email address;

• Company name (for legal entities);

• Taxpayer Identification Number (INN) (for legal entities);

• Phone numbers;

• Participant status.

3.2. The Operator may, in particular, request from the User a copy of an identity document or other document containing the User’s name, surname, photograph, contact phone numbers, payment details, or any additional information deemed necessary by the Operator to identify the User and prevent fraud or violations of third-party rights.

3.3. The Operator also processes other User information, including:

3.3.1. Standard data automatically collected by the HTTP server when accessing the Website and subsequent User actions (host IP address, user’s operating system type, pages visited, security tokens);

3.3.2. Purchase data in the Website’s services, service usage data, interaction data with other users, as well as files and content stored on the Website’s systems, including feedback, comments on the Website’s quality, and any data required by the Operator to process complaints and arbitration.

3.3.3. Information automatically collected when accessing the Website using cookies:

• Users may disable cookies in their browser settings. In such cases, the Website will only use strictly necessary cookies for its functionality and services. However, disabling cookies may impair the Website’s performance.

3.3.4. Information obtained from the User’s actions on the Website;

3.3.5. Information obtained from other users’ actions on the Website.

3.3.6. Information required for User identification.

3.4. The Website also uses third-party web analytics tools (Yandex.Metrica and Google Analytics) to collect traffic source data, site visits, and assess the Website’s performance. The types of personal data collected for these purposes include: date and time of access, electronic data (HTTP headers, IP address, cookies, browser and software identifiers).

3.5. The aforementioned data is collectively referred to as “Personal Data” in this Policy.

4. Purposes of Personal Data Processing

4.1. The Website Operator collects and stores only the personal data necessary for providing services (fulfilling agreements and contracts with the User).

4.2. The Operator may use the User’s personal information for the following purposes:

4.2.1. Identifying parties in agreements and contracts with the Operator;

4.2.2. Communicating with the User, including sending notifications, requests, and information related to the use of the Website, sale of goods, provision of services, and processing User inquiries;

4.2.3. Improving service quality, Website usability, and developing new features;

4.2.4. Conducting statistical and other research based on anonymized data.

4.3. The Operator stores Users’ personal information in accordance with internal regulations.

4.4. The confidentiality of the User’s personal information is maintained unless the User voluntarily discloses it for unrestricted public access.

4.5. The Operator may transfer the User’s personal information to third parties in the following cases:

4.5.1. The User has given explicit consent;

4.5.2. The transfer is necessary for the User’s use of the Website;

4.5.3. The transfer is required by Russian or other applicable law under established legal procedures;

4.5.4. The transfer occurs as part of a business sale or transfer (in whole or in part), with the acquirer assuming all obligations under this Policy regarding the received personal data;

4.5.5. Protecting the Operator’s or third parties’ rights and legitimate interests when the User violates Website usage rules.

4.6. The Operator may also send the User notifications about new products, services, special offers, and events. The User may opt out of such communications by sending an email to the Operator via the contact details on the Website, marked “Unsubscribe from notifications about new products, services, and special offers.”

5. Legal Basis for Personal Data Processing

5.1. The Operator processes the User’s personal data only when the User fills out and/or submits such data voluntarily through the forms on https://gemmology.online. By submitting personal data, the User agrees to this Policy.

5.2. The Operator processes anonymized User data if permitted by the User’s browser settings (enabling cookies and JavaScript).

6. Collection, Storage, Transfer, and Other Processing of Personal Data

6.1. The security of processed personal data is ensured through legal, organizational, and technical measures required to fully comply with applicable data protection laws.

6.2. The Operator safeguards personal data and takes all possible measures to prevent unauthorized access.

6.3. The User’s personal data will never be disclosed to third parties, except as required by law.

6.4. If inaccuracies in personal data are identified, the User may update them by notifying the Operator via the Website’s contact details, marked “Update personal data.”

6.5. Personal data processing is unlimited in duration. The User may withdraw consent at any time by notifying the Operator via the Website’s contact details, marked “Withdraw consent to personal data processing.”

7. Cross-Border Transfer of Personal Data

7.1. Before transferring personal data abroad, the Operator must ensure that the foreign country provides adequate protection for personal data subjects’ rights.

7.2. Cross-border transfers to non-compliant jurisdictions are permitted only with the User’s written consent or to fulfill a contract where the User is a party.

8. Final Provisions

8.1. The User may request clarifications regarding their personal data processing by contacting the Operator via the Website’s communication channels.

8.2. User requests must comply with the Operator’s requirements, including:

• Full name of the requester;

• Purpose and reason for the request;

• Account details (if applicable) for identification;

• User or representative’s signature.

The Operator may request additional information to process the request efficiently.

8.3. The Operator will review and respond to User requests within 30 days of receipt.

9. Operator Details