1. General Provisions
This Personal Data Processing Policy (the "Policy") is issued by Self-employed Lobanova Margarita Yu. (TIN 631405036718, email: info@yesday-wedding.ru), acting as the operator of personal data (the "Operator"), in accordance with Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" ("152-FZ").
The Policy applies to all personal data the Operator receives from users of the YesDay service located at yesday-wedding.ru (the "Service") and defines the procedures for their processing and protection.
By using the Service, the User confirms familiarity with and acceptance of this Policy.
2. Definitions
Terms used in this Policy correspond to the definitions in Article 3 of 152-FZ:
- Personal data — any information directly or indirectly relating to an identified or identifiable individual (subject of personal data).
- Operator — Self-employed Lobanova Margarita Yu., organising and/or carrying out the processing of personal data.
- Processing of personal data — any action or set of actions performed with personal data, including collection, recording, systematisation, accumulation, storage, clarification, retrieval, use, transfer, depersonalisation, blocking, deletion, destruction.
- Automated processing — processing using computer technology.
- Distribution, provision, blocking, deletion, depersonalisation — per Article 3 of 152-FZ.
- Cross-border transfer — transfer of personal data to the territory of a foreign state.
- User — an individual who has registered on the Service.
- Guest — an individual who has filled out the RSVP form on the User's wedding website.
- Wedding Website — a web page on the
*.yesday-wedding.rusubdomain created by the User.
3. Processing Principles
Processing is performed on the basis of the following principles (Article 5 of 152-FZ):
- lawfulness and fairness;
- limitation to specific, predetermined and lawful purposes;
- prohibition on combining databases with incompatible purposes;
- limitation to only such personal data as is required for the declared purposes;
- accuracy, sufficiency and — where necessary — relevance of personal data;
- storage in a form that permits identification no longer than necessary;
- destruction or depersonalisation upon achievement of purposes or loss of necessity.
4. Categories of Personal Data Processed
4.1. User data (account and usage):
- email address (mandatory);
- PIN code (one-time, delivered via email for authentication);
- first name (if provided);
- IP address, User-Agent, session cookies (technical data);
- wedding date, venue address, ceremony time (if provided by User).
4.2. User-generated wedding site content:
- groom and bride names;
- photographs uploaded by the User;
- love story text, wishes, schedule items;
- subdomain name chosen for the wedding site.
Important: When the User enters third parties' data (partner's name, guests, relatives) into the Service, the User confirms that they have obtained consent from those individuals to have their personal data processed by the Operator. The User bears sole responsibility for the lawfulness of such transfer in accordance with Part 4, Article 9 of 152-FZ.
4.3. Guest RSVP data:
- guest name (mandatory);
- number of persons attending;
- attendance status (yes / no / maybe);
- optional fields chosen by the User (phone, dietary preferences, song request, etc.).
4.4. Payment data:
The Operator does not process or store payment card data. Payment processing is carried out by YooMoney NKO LLC (YooKassa) in accordance with PCI DSS standards.
5. Purposes of Processing
- User registration and authentication — email, PIN;
- Execution of the service agreement — account and wedding site data;
- Delivery of RSVP notifications to the User — guest data;
- Technical support and communication — email, IP;
- Service analytics and improvement — depersonalised data;
- Fulfilment of legal obligations of the Russian Federation — all categories.
6. Legal Basis
Processing is carried out on the following grounds (Article 6 of 152-FZ):
- Consent of the subject (Clause 1, Part 1) — given by registration and continued use of the Service;
- Performance of a contract (Clause 5, Part 1) — for data related to the wedding site and the provision of services;
- Operator's legitimate interests (Clause 7, Part 1) — for anti-fraud analytics and product improvement, provided they do not violate the subject's rights.
7. Terms of Processing and Storage
- User account data — until account deletion plus 3 years (statute of limitations under Russian Civil Code);
- Wedding site content — until the User deletes the site or the account;
- Guest RSVP data — until deletion of the wedding site or upon the User's request;
- Access logs — up to 6 months;
- Payment data — not stored by the Operator.
8. Data Localisation
In accordance with Part 5, Article 18 of 152-FZ, databases containing personal data of citizens of the Russian Federation are physically located on servers in the Russian Federation (Beget LLC, Saint Petersburg). Recording, systematisation, accumulation, storage, clarification and retrieval of personal data are carried out using these databases.
9. Security Measures
The Operator takes necessary legal, organisational and technical measures to protect personal data from unauthorised or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions, in accordance with Article 19 of 152-FZ and Russian Government Resolution No. 1119 of 01.11.2012 (security level 4 — "UZ-4").
Measures include: HTTPS/TLS encryption, password hashing, access control, backups, and regular security audits.
10. Third Parties
The Operator may engage the following entities (acting on behalf of the Operator under Clause 3, Part 1, Article 6 of 152-FZ):
- Beget LLC (Russia) — hosting and data storage;
- YooMoney NKO LLC (YooKassa) (Russia) — payment processing;
- Yandex LLC (Russia) — website analytics (Yandex Metrica);
- Telegram Messenger Inc. (international) — RSVP notifications, only if the User explicitly connects the Telegram bot integration;
- Google LLC (USA) — RSVP synchronisation via Google Sheets, only if the User explicitly connects the integration.
11. Cross-border Transfer
The Operator may carry out cross-border transfer of personal data only when the User voluntarily connects integrations with foreign services (Google, Telegram). By connecting such integrations, the User gives their consent to the cross-border transfer of their personal data and guest data to the respective foreign jurisdictions, which may not provide an adequate level of protection of the rights of personal data subjects.
The Operator notifies Roskomnadzor about the intention to carry out cross-border transfer in accordance with Article 12 of 152-FZ.
12. Rights of the Data Subject
In accordance with Article 14 of 152-FZ, the subject has the right to:
- receive information regarding the processing of their personal data;
- require clarification, blocking, or deletion of inaccurate/unlawfully processed data;
- withdraw consent to processing;
- protect their rights and lawful interests, including compensation for damages;
- appeal to Roskomnadzor or a court.
Requests may be sent to info@yesday-wedding.ru. Response time: within 10 business days (Part 1, Article 20 of 152-FZ).
14. Changes to the Policy
The Operator may amend this Policy. The new version is published on this page indicating the effective date. Continued use of the Service after publication of the new version means acceptance of the changes.
15. Contacts
Operator: Self-employed Lobanova Margarita Yu.
TIN: 631405036718
Responsible for personal data processing: Lobanova M. Yu.
Email: info@yesday-wedding.ru
Supervisory authority (Roskomnadzor): 109074, Moscow, Kitaygorodsky proezd, 7 bldg 2; pd.rkn.gov.ru.