Cookie Settings
Some cookies are essential for the proper functioning of the site and are always active.
You can choose which optional cookies we may use. We do not set analytics or advertising cookies without your explicit consent
You may withdraw your consent at any time by adjusting your browser settings or by contacting us at: Director@wodabrandmedia.com
You can choose which optional cookies we may use. We do not set analytics or advertising cookies without your explicit consent
You may withdraw your consent at any time by adjusting your browser settings or by contacting us at: Director@wodabrandmedia.com
Document Version: 1.0
Effective Date: June 1, 2025
1. General Provisions
1.1. This Privacy Policy (hereinafter, the "Policy") governs all information that the website https://wodabrandmedia.com (hereinafter, the "Website") and its subdomains, feedback forms, surveys, and other data collection channels may obtain about the user (hereinafter, the "User") during the use of the Website.
1.2. The owner of the Website and data controller (hereinafter, the "Controller") is Marianna Valeryevna Yeremenko, TIN (Taxpayer Identification Number): 352 819 580 982.
1.3. This Policy has been developed in accordance with Federal Law No. 152-FZ "On Personal Data" and other applicable regulations of the Russian Federation.
1.4. By using the Website, the User confirms their consent to this Policy and agrees to the processing of their personal data as outlined herein. If the User does not agree with the terms of the Policy, they must immediately cease using the Website.
1.4.1. Data collected from users is not used for automated decision-making that produces legal or similarly significant effects for the data subject.
1.5. Continued use of the Website, including scrolling pages, clicking buttons, and submitting forms, constitutes explicit consent to the processing of personal data, including the use of cookies and similar technologies.
1.6. This Policy complies with the requirements of:
1.8. The Controller is listed in the register of personal data operators maintained by the Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor).
1.9. The Controller implements comprehensive measures to prevent unauthorized access to personal data, including regular software updates, intrusion detection systems, and internal audits.
1.10. For users from the European Economic Area (EEA), this Policy also complies with the General Data Protection Regulation (GDPR). For residents of California, the rights and procedures described herein are supplemented by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
2. Personal Data We Collect
2.1. When using the Website, we may collect the following categories of personal data:
2.1.1. First and last name;
2.1.2. Email address;
2.1.3. Phone number;
2.1.4. City, region;
2.1.5. Information about housing (floor plan, area, preferences);
2.1.6. IP address, cookies, device type, browser, time of access;
2.1.7. Interaction history, including pages visited and actions taken;
2.1.8. Other data voluntarily provided by the User;
2.1.9. Session data: login date/time, behavioral path, clicks;
2.1.10. Referral source, UTM tags;
2.1.11. Device and browser identifiers (UserAgent, Fingerprint);
2.1.12. Uploaded files, images, documents, photographs, or other content containing personal data.
2.2. Special categories of personal data (such as health data, political or religious beliefs) are not processed unless explicitly required by law.
2.2.1. The Controller does not intentionally collect or process special category data, including health, political, or religious data.
2.2.2. For users under GDPR jurisdiction, no sensitive data as defined under Art. 9 GDPR is collected without explicit consent.
3. Purposes of Personal Data Processing
3.1. Personal data is processed strictly for the following purposes:
3.1.1. Processing user requests and delivering services;
3.1.2. Communicating with users, including notifications, offers, and emails;
3.1.3. Improving Website performance and user experience;
3.1.4. Conducting analytics and market research;
3.1.5. Retargeting and personalized advertising (with user consent);
3.1.6. Complying with applicable laws of the Russian Federation;
3.1.7. Handling claims and protecting legal rights in judicial and administrative proceedings;
3.1.8. Maintaining accounting and tax reporting obligations in accordance with Russian law.
3.2. Under GDPR and CCPA/CPRA, data is processed only for the specified, legitimate purposes and is not further processed in a manner incompatible with those purposes.
4. Legal Basis for Processing
4.1. Personal data processing is carried out on the following legal grounds:
4.1.1. Consent of the data subject;
4.1.2. Performance of a contract with the User;
4.1.3. Legitimate interests of the Controller (e.g., service improvement, legal protection, marketing);
4.1.4. Legal obligations (e.g., accounting record retention);
4.1.5. Consent expressed by affirmative actions on the Website (e.g., form submission, scroll after cookie banner, clicking "Agree" or checking a consent box);
4.1.6. Processing of anonymized data for analytics;
4.1.7. Protection of third-party legal interests if data is submitted by the User on their behalf.
4.2. For residents of the European Union, processing is based on Art. 6(1)(a)-(f) of the GDPR.
4.3. For California residents, processing aligns with the consumer rights under the CCPA/CPRA, including notice at collection and opt-out capabilities.
5. Data Storage and Security
5.1. Personal data is stored on secure servers located in data centers within the territory of the Russian Federation.
5.2. The Controller implements both technical and organizational security measures, including antivirus software, firewalls, regular backups, and access controls.
5.3. Personal data is retained for no longer than five (5) years from the date of the last user interaction, or until the user withdraws consent—whichever comes first.
5.4. The Controller records the fact of consent provided by the data subject by maintaining a technical log of events, including: IP address, timestamp of form submission, URL, referring source, and version of this Policy. This data is used solely for legal compliance and is not subject to distribution.
5.5. Upon reaching the purpose of processing or withdrawal of consent, the Controller ensures the destruction of personal data within thirty (30) calendar days. Destruction is carried out by deleting the data from databases, logs, and backup storage in a manner that makes recovery impossible.
5.6. The Controller maintains a log of processing operations, recording access, transfer, modification, and deletion of personal data.
5.7. Under GDPR, data subjects have the right to request erasure ("right to be forgotten") as per Article 17. Under CCPA/CPRA, users may request deletion of their data, which will be honored within legal limitations.
6. Transfer to Third Parties
6.1. Data may be shared with the following categories of third parties:
6.1.1. Hosting providers, email delivery services, and CRM platforms;
6.1.2. Technical support contractors under Non-Disclosure Agreements (NDAs);
6.1.3. Analytics services (e.g., Google Analytics, Yandex. Metrica);
6.1.4. Governmental or regulatory authorities upon lawful request.
6.2. Data is transferred strictly to the extent necessary for the fulfillment of the stated processing purposes.
6.3. Data transfer outside the territory of the Russian Federation may take place only with the user’s written consent or in compliance with applicable legislation.
6.4. Data is not transferred to third countries that do not provide an adequate level of personal data protection in accordance with the Council of Europe Convention 108 or other international treaties, unless otherwise required by Russian law or with the user’s written consent.
6.5. When using foreign cloud providers or analytical tools, cross-border data transfer occurs solely out of technical necessity, within the minimum required scope, and using legal safeguards such as Standard Contractual Clauses (SCCs) under GDPR or comparable instruments.
6.6. All third parties accessing personal data must uphold confidentiality obligations and implement data protection measures in line with their contractual agreements and legal responsibilities.
6.7. In accordance with GDPR Articles 28−29, any data processor is subject to contractual obligations regarding data confidentiality, sub-processing, and incident notification.
6.8. Under the CCPA/CPRA, third-party service providers may not retain, use, or disclose personal data for purposes other than those specified in the agreement and must provide the same level of privacy protection as required by law.
7. User Rights (Data Subject Rights)
7.1. The User (data subject) has the following rights:
7.1.1. To obtain information about their personal data being processed;
7.1.2. To request rectification or deletion of their data;
7.1.3. To withdraw consent to processing at any time;
7.1.4. To lodge complaints with Roskomnadzor or a competent court.
7.2. The User is solely responsible for the accuracy and legitimacy of the data they provide and confirms that all information is current and correct.
7.3. The User also confirms that they have obtained the necessary consent for providing third-party data (if applicable). The Controller does not verify the presence of such consent.
7.4. Upon receiving a deletion request from the User, the Controller must cease processing and delete the data within 30 calendar days, unless legal obligations (e.g., accounting laws) require continued retention.
7.5. For EU users, these rights include: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21) under GDPR.
7.6. For California users, these rights include: right to know, right to delete, right to correct, and right to opt out of data sharing, in accordance with CPRA.
8. Procedure for Exercising Data Subject Rights
8.1. The data subject may submit a request to exercise their rights under Article 14 of Federal Law No. 152-FZ in writing to the Controller’s registered address, or electronically, signed with a qualified digital signature.
8.2. The Controller shall review any submitted request within ten (10) business days from the date of receipt.
8.3. If corrective actions are required or a copy of personal data must be provided, the Controller shall notify the requester of the result within thirty (30) calendar days.
8.4. When processing a request, the Controller may require proof of identity and, where applicable, proof of authority if the request is submitted by an authorized representative.
8.5. In the case of a request from a legally authorized representative of the data subject, the Controller may require a notarized power of attorney or other document confirming legal authority.
8.6. Under GDPR, the Controller is obliged to respond to user requests without undue delay and at the latest within one (1) month. For complex requests, this period may be extended by two (2) additional months, with prior notification.
8.7. Under CCPA/CPRA, verifiable consumer requests must be processed within forty-five (45) days, extendable by another forty-five (45) days with notice.
9. Use of Cookies and Similar Technologies
9.1. The Website uses cookies for the following purposes:
9.1.1. User authentication;
9.1.2. User interface customization;
9.1.3. Statistical and analytical data collection;
9.1.4. Content and advertisement personalization.
9.2. The User may change their browser settings to manage cookie preferences or block cookies altogether.
9.3. Upon the User’s first visit to the Website, a cookie consent banner is displayed notifying the User about the use of cookies.
9.4. Cookies and similar technologies may also be used for behavioral analytics, A/B testing, and performance optimization of the Website.
9.5. Under GDPR, the use of non-essential cookies requires explicit opt-in consent, and the User must be given the opportunity to select categories of cookies allowed.
9.6. Under CCPA/CPRA, cookies may constitute personal information and must be disclosed at collection. The User has the right to opt out of the sale or sharing of such data.
10. Marketing Communications and Notifications
10.1. The Website may send informational and marketing emails only if the User has provided separate, informed consent.
10.2. The User has the right to unsubscribe at any time via the unsubscribe link included in every email or by contacting: Director@wodabrandmedia.com.
10.3. Under GDPR, email marketing requires freely given, specific, informed, and unambiguous consent (Art. 7 and 13 GDPR).
10.4. Under CCPA/CPRA, Users have the right to request cessation of marketing communications and the deletion of their associated data.
11. Processing of Minors' Data
11.1. The Website is not intended for individuals under the age of 18.
11.2. We do not knowingly collect or process personal data of minors. If such data is detected, it is deleted promptly.
11.3. If we become aware that data has been submitted by a minor without the consent of a parent or legal guardian, the Controller shall immediately delete the data and notify the reporter (if identifiable).
11.4. Under the GDPR, parental consent is required for processing data of children under the age of 16 (or lower, as set by Member State law, not below age 13).
11.5. Under U.S. law (COPPA), we do not knowingly collect information from children under 13.
12. Compliance with the Legislation of the Russian Federation
12.1. This Policy is developed in compliance with Federal Law No. 152-FZ "On Personal Data" and the Guidelines of the Federal Service for Supervision of Communications, IT, and Mass Media dated August 8, 2023. The Controller adheres to the following principles:
12.1.1. Data Minimization — Only the data strictly necessary for the stated purpose is collected (e.g., feedback, emails, analytics).
12.1.2. Data Segregation — Customer data and user activity data are stored in logically isolated databases, linked via pseudonymized identifiers.
12.1.3. No Profiling — No automated decision-making or behavioral profiling is performed.
12.1.4. Timely Deletion — Data is erased upon reaching its purpose or expiry of retention term.
12.1.5. Technical Protection — Secure servers, antivirus software, and access control systems are used.
12.1.6. Incident Notification — In the event of a data breach or unauthorized access, the Controller will notify Roskomnadzor within the time period prescribed by law.
12.1.7. Physical Access Security — Infrastructure is protected against internal and external threats.
12.1.8. Appointment of a Data Protection Officer (DPO) — Responsible for organizing data protection measures.
12.2. To fulfill obligations under Russian law, the Controller:
12.2.1. Appointed a data protection officer;
12.2.2. Adopted internal policies regulating:
12.2.2.1. Processing purposes and categories of data;
12.2.2.2. Data subjects, processing and retention periods;
12.2.2.3. Data deletion procedures;
12.2.2.4. Security measures and protocols;
12.2.3. Carries out internal audits of compliance with legislation;
12.2.4. Informs all personnel with access to personal data about applicable laws and internal policies;
12.2.5. Applies organizational and technical security measures, including antivirus protection, access control, and regular security audits;
12.2.6. Notifies Roskomnadzor in case of any data breach, within the legally established timeframe.
13. Data Protection Officer
13.1. The designated Data Protection Officer (DPO) responsible for organizing the processing of personal data is: Marianna Valeryevna Yeremenko, phone: +7 (931) 22−55−800, email: Director@wodabrandmedia.com
13.2. In accordance with Articles 18.1 and 19 of Federal Law No. 152-FZ, the Controller ensures the following:
13.2.1. Appointment of a person responsible for organizing the processing of personal data;
13.2.2. Issuance of internal policies defining the purposes and legal basis of processing;
13.2.3. Specification of data categories, data subjects, retention periods, and processing methods;
13.2.4. Implementation of data protection measures, including antivirus software and access control systems;
13.2.5. Ongoing internal monitoring of compliance;
13.2.6. Publication of this Privacy Policy on the official Website for public access;
13.2.7. Continuous review and updating of technical and organizational safeguards.
13.3. The Data Protection Officer performs an annual audit of compliance with internal policies, assesses the security of the systems in use, and updates internal documentation accordingly.
13.4. Under Article 37 of the GDPR, the DPO is the contact point for all matters relating to the protection of personal data, including cooperation with supervisory authorities in the EU.
14. Amendments to This Policy
14.1. The Controller reserves the right to modify this Policy without the prior consent of the User.
14.2. The current version is always available at: https://wodabrandmedia.com/en/privacy
14.3. Continued use of the Website after publication of an updated version of the Policy shall constitute acceptance of its terms.
14.4. Where required under GDPR or CCPA/CPRA, material changes to this Policy will be communicated to Users via direct notice or banner, and new consent will be requested if applicable.
15. Contact Information
15.1. If you have any questions regarding this Policy or wish to withdraw your consent, please contact: Director@wodabrandmedia.com, telephone: +7 (931) 22−55−800, DPO: Marianna Valeryevna Yeremenko
16. Liability and Governing Law
16.1. The Controller shall not be held liable for actions of third parties that gain access to personal data due to the User’s negligence or force majeure.
16.2. If the User provides personal data of third parties, they confirm having proper authority and consent for such disclosure. The Controller does not verify such authorization.
16.3. The Controller may refuse to provide services in case of violation of this Policy by the User.
16.4. The Controller reserves the right to block or restrict User access to the Website in cases of misuse, security threats, or breaches of this Policy.
16.5. This Policy constitutes a public offer under Article 435 of the Civil Code of the Russian Federation. All disputes related to the processing of personal data shall be resolved in accordance with the laws of the Russian Federation, in the jurisdiction where the Controller is registered.
16.6. For Users in the European Union or United States, this Policy is governed also by applicable regional data protection regulations (GDPR, CCPA/CPRA), and disputes may be referred to the competent data protection authority in the User’s country of residence.
This version of the Privacy Policy (v1.0) was approved on June 1, 2025 and remains in effect until replaced by a new version.
We encourage Users to regularly review the Policy for updates.
The most up-to-date version is always available at: https://wodabrandmedia.com/en/privacy
Effective Date: June 1, 2025
1. General Provisions
1.1. This Privacy Policy (hereinafter, the "Policy") governs all information that the website https://wodabrandmedia.com (hereinafter, the "Website") and its subdomains, feedback forms, surveys, and other data collection channels may obtain about the user (hereinafter, the "User") during the use of the Website.
1.2. The owner of the Website and data controller (hereinafter, the "Controller") is Marianna Valeryevna Yeremenko, TIN (Taxpayer Identification Number): 352 819 580 982.
1.3. This Policy has been developed in accordance with Federal Law No. 152-FZ "On Personal Data" and other applicable regulations of the Russian Federation.
1.4. By using the Website, the User confirms their consent to this Policy and agrees to the processing of their personal data as outlined herein. If the User does not agree with the terms of the Policy, they must immediately cease using the Website.
1.4.1. Data collected from users is not used for automated decision-making that produces legal or similarly significant effects for the data subject.
1.5. Continued use of the Website, including scrolling pages, clicking buttons, and submitting forms, constitutes explicit consent to the processing of personal data, including the use of cookies and similar technologies.
1.6. This Policy complies with the requirements of:
- 1.6.1. Federal Law No. 152-FZ "On Personal Data";
- 1.6.2. Guidelines of the Federal Service for Supervision in the Sphere of Telecom, Information Technologies, and Mass Communications (Roskomnadzor) dated August 8, 2023.
1.8. The Controller is listed in the register of personal data operators maintained by the Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor).
1.9. The Controller implements comprehensive measures to prevent unauthorized access to personal data, including regular software updates, intrusion detection systems, and internal audits.
1.10. For users from the European Economic Area (EEA), this Policy also complies with the General Data Protection Regulation (GDPR). For residents of California, the rights and procedures described herein are supplemented by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
2. Personal Data We Collect
2.1. When using the Website, we may collect the following categories of personal data:
2.1.1. First and last name;
2.1.2. Email address;
2.1.3. Phone number;
2.1.4. City, region;
2.1.5. Information about housing (floor plan, area, preferences);
2.1.6. IP address, cookies, device type, browser, time of access;
2.1.7. Interaction history, including pages visited and actions taken;
2.1.8. Other data voluntarily provided by the User;
2.1.9. Session data: login date/time, behavioral path, clicks;
2.1.10. Referral source, UTM tags;
2.1.11. Device and browser identifiers (UserAgent, Fingerprint);
2.1.12. Uploaded files, images, documents, photographs, or other content containing personal data.
2.2. Special categories of personal data (such as health data, political or religious beliefs) are not processed unless explicitly required by law.
2.2.1. The Controller does not intentionally collect or process special category data, including health, political, or religious data.
2.2.2. For users under GDPR jurisdiction, no sensitive data as defined under Art. 9 GDPR is collected without explicit consent.
3. Purposes of Personal Data Processing
3.1. Personal data is processed strictly for the following purposes:
3.1.1. Processing user requests and delivering services;
3.1.2. Communicating with users, including notifications, offers, and emails;
3.1.3. Improving Website performance and user experience;
3.1.4. Conducting analytics and market research;
3.1.5. Retargeting and personalized advertising (with user consent);
3.1.6. Complying with applicable laws of the Russian Federation;
3.1.7. Handling claims and protecting legal rights in judicial and administrative proceedings;
3.1.8. Maintaining accounting and tax reporting obligations in accordance with Russian law.
3.2. Under GDPR and CCPA/CPRA, data is processed only for the specified, legitimate purposes and is not further processed in a manner incompatible with those purposes.
4. Legal Basis for Processing
4.1. Personal data processing is carried out on the following legal grounds:
4.1.1. Consent of the data subject;
4.1.2. Performance of a contract with the User;
4.1.3. Legitimate interests of the Controller (e.g., service improvement, legal protection, marketing);
4.1.4. Legal obligations (e.g., accounting record retention);
4.1.5. Consent expressed by affirmative actions on the Website (e.g., form submission, scroll after cookie banner, clicking "Agree" or checking a consent box);
4.1.6. Processing of anonymized data for analytics;
4.1.7. Protection of third-party legal interests if data is submitted by the User on their behalf.
4.2. For residents of the European Union, processing is based on Art. 6(1)(a)-(f) of the GDPR.
4.3. For California residents, processing aligns with the consumer rights under the CCPA/CPRA, including notice at collection and opt-out capabilities.
5. Data Storage and Security
5.1. Personal data is stored on secure servers located in data centers within the territory of the Russian Federation.
5.2. The Controller implements both technical and organizational security measures, including antivirus software, firewalls, regular backups, and access controls.
5.3. Personal data is retained for no longer than five (5) years from the date of the last user interaction, or until the user withdraws consent—whichever comes first.
5.4. The Controller records the fact of consent provided by the data subject by maintaining a technical log of events, including: IP address, timestamp of form submission, URL, referring source, and version of this Policy. This data is used solely for legal compliance and is not subject to distribution.
5.5. Upon reaching the purpose of processing or withdrawal of consent, the Controller ensures the destruction of personal data within thirty (30) calendar days. Destruction is carried out by deleting the data from databases, logs, and backup storage in a manner that makes recovery impossible.
5.6. The Controller maintains a log of processing operations, recording access, transfer, modification, and deletion of personal data.
5.7. Under GDPR, data subjects have the right to request erasure ("right to be forgotten") as per Article 17. Under CCPA/CPRA, users may request deletion of their data, which will be honored within legal limitations.
6. Transfer to Third Parties
6.1. Data may be shared with the following categories of third parties:
6.1.1. Hosting providers, email delivery services, and CRM platforms;
6.1.2. Technical support contractors under Non-Disclosure Agreements (NDAs);
6.1.3. Analytics services (e.g., Google Analytics, Yandex. Metrica);
6.1.4. Governmental or regulatory authorities upon lawful request.
6.2. Data is transferred strictly to the extent necessary for the fulfillment of the stated processing purposes.
6.3. Data transfer outside the territory of the Russian Federation may take place only with the user’s written consent or in compliance with applicable legislation.
6.4. Data is not transferred to third countries that do not provide an adequate level of personal data protection in accordance with the Council of Europe Convention 108 or other international treaties, unless otherwise required by Russian law or with the user’s written consent.
6.5. When using foreign cloud providers or analytical tools, cross-border data transfer occurs solely out of technical necessity, within the minimum required scope, and using legal safeguards such as Standard Contractual Clauses (SCCs) under GDPR or comparable instruments.
6.6. All third parties accessing personal data must uphold confidentiality obligations and implement data protection measures in line with their contractual agreements and legal responsibilities.
6.7. In accordance with GDPR Articles 28−29, any data processor is subject to contractual obligations regarding data confidentiality, sub-processing, and incident notification.
6.8. Under the CCPA/CPRA, third-party service providers may not retain, use, or disclose personal data for purposes other than those specified in the agreement and must provide the same level of privacy protection as required by law.
7. User Rights (Data Subject Rights)
7.1. The User (data subject) has the following rights:
7.1.1. To obtain information about their personal data being processed;
7.1.2. To request rectification or deletion of their data;
7.1.3. To withdraw consent to processing at any time;
7.1.4. To lodge complaints with Roskomnadzor or a competent court.
7.2. The User is solely responsible for the accuracy and legitimacy of the data they provide and confirms that all information is current and correct.
7.3. The User also confirms that they have obtained the necessary consent for providing third-party data (if applicable). The Controller does not verify the presence of such consent.
7.4. Upon receiving a deletion request from the User, the Controller must cease processing and delete the data within 30 calendar days, unless legal obligations (e.g., accounting laws) require continued retention.
7.5. For EU users, these rights include: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21) under GDPR.
7.6. For California users, these rights include: right to know, right to delete, right to correct, and right to opt out of data sharing, in accordance with CPRA.
8. Procedure for Exercising Data Subject Rights
8.1. The data subject may submit a request to exercise their rights under Article 14 of Federal Law No. 152-FZ in writing to the Controller’s registered address, or electronically, signed with a qualified digital signature.
8.2. The Controller shall review any submitted request within ten (10) business days from the date of receipt.
8.3. If corrective actions are required or a copy of personal data must be provided, the Controller shall notify the requester of the result within thirty (30) calendar days.
8.4. When processing a request, the Controller may require proof of identity and, where applicable, proof of authority if the request is submitted by an authorized representative.
8.5. In the case of a request from a legally authorized representative of the data subject, the Controller may require a notarized power of attorney or other document confirming legal authority.
8.6. Under GDPR, the Controller is obliged to respond to user requests without undue delay and at the latest within one (1) month. For complex requests, this period may be extended by two (2) additional months, with prior notification.
8.7. Under CCPA/CPRA, verifiable consumer requests must be processed within forty-five (45) days, extendable by another forty-five (45) days with notice.
9. Use of Cookies and Similar Technologies
9.1. The Website uses cookies for the following purposes:
9.1.1. User authentication;
9.1.2. User interface customization;
9.1.3. Statistical and analytical data collection;
9.1.4. Content and advertisement personalization.
9.2. The User may change their browser settings to manage cookie preferences or block cookies altogether.
9.3. Upon the User’s first visit to the Website, a cookie consent banner is displayed notifying the User about the use of cookies.
9.4. Cookies and similar technologies may also be used for behavioral analytics, A/B testing, and performance optimization of the Website.
9.5. Under GDPR, the use of non-essential cookies requires explicit opt-in consent, and the User must be given the opportunity to select categories of cookies allowed.
9.6. Under CCPA/CPRA, cookies may constitute personal information and must be disclosed at collection. The User has the right to opt out of the sale or sharing of such data.
10. Marketing Communications and Notifications
10.1. The Website may send informational and marketing emails only if the User has provided separate, informed consent.
10.2. The User has the right to unsubscribe at any time via the unsubscribe link included in every email or by contacting: Director@wodabrandmedia.com.
10.3. Under GDPR, email marketing requires freely given, specific, informed, and unambiguous consent (Art. 7 and 13 GDPR).
10.4. Under CCPA/CPRA, Users have the right to request cessation of marketing communications and the deletion of their associated data.
11. Processing of Minors' Data
11.1. The Website is not intended for individuals under the age of 18.
11.2. We do not knowingly collect or process personal data of minors. If such data is detected, it is deleted promptly.
11.3. If we become aware that data has been submitted by a minor without the consent of a parent or legal guardian, the Controller shall immediately delete the data and notify the reporter (if identifiable).
11.4. Under the GDPR, parental consent is required for processing data of children under the age of 16 (or lower, as set by Member State law, not below age 13).
11.5. Under U.S. law (COPPA), we do not knowingly collect information from children under 13.
12. Compliance with the Legislation of the Russian Federation
12.1. This Policy is developed in compliance with Federal Law No. 152-FZ "On Personal Data" and the Guidelines of the Federal Service for Supervision of Communications, IT, and Mass Media dated August 8, 2023. The Controller adheres to the following principles:
12.1.1. Data Minimization — Only the data strictly necessary for the stated purpose is collected (e.g., feedback, emails, analytics).
12.1.2. Data Segregation — Customer data and user activity data are stored in logically isolated databases, linked via pseudonymized identifiers.
12.1.3. No Profiling — No automated decision-making or behavioral profiling is performed.
12.1.4. Timely Deletion — Data is erased upon reaching its purpose or expiry of retention term.
12.1.5. Technical Protection — Secure servers, antivirus software, and access control systems are used.
12.1.6. Incident Notification — In the event of a data breach or unauthorized access, the Controller will notify Roskomnadzor within the time period prescribed by law.
12.1.7. Physical Access Security — Infrastructure is protected against internal and external threats.
12.1.8. Appointment of a Data Protection Officer (DPO) — Responsible for organizing data protection measures.
12.2. To fulfill obligations under Russian law, the Controller:
12.2.1. Appointed a data protection officer;
12.2.2. Adopted internal policies regulating:
12.2.2.1. Processing purposes and categories of data;
12.2.2.2. Data subjects, processing and retention periods;
12.2.2.3. Data deletion procedures;
12.2.2.4. Security measures and protocols;
12.2.3. Carries out internal audits of compliance with legislation;
12.2.4. Informs all personnel with access to personal data about applicable laws and internal policies;
12.2.5. Applies organizational and technical security measures, including antivirus protection, access control, and regular security audits;
12.2.6. Notifies Roskomnadzor in case of any data breach, within the legally established timeframe.
13. Data Protection Officer
13.1. The designated Data Protection Officer (DPO) responsible for organizing the processing of personal data is: Marianna Valeryevna Yeremenko, phone: +7 (931) 22−55−800, email: Director@wodabrandmedia.com
13.2. In accordance with Articles 18.1 and 19 of Federal Law No. 152-FZ, the Controller ensures the following:
13.2.1. Appointment of a person responsible for organizing the processing of personal data;
13.2.2. Issuance of internal policies defining the purposes and legal basis of processing;
13.2.3. Specification of data categories, data subjects, retention periods, and processing methods;
13.2.4. Implementation of data protection measures, including antivirus software and access control systems;
13.2.5. Ongoing internal monitoring of compliance;
13.2.6. Publication of this Privacy Policy on the official Website for public access;
13.2.7. Continuous review and updating of technical and organizational safeguards.
13.3. The Data Protection Officer performs an annual audit of compliance with internal policies, assesses the security of the systems in use, and updates internal documentation accordingly.
13.4. Under Article 37 of the GDPR, the DPO is the contact point for all matters relating to the protection of personal data, including cooperation with supervisory authorities in the EU.
14. Amendments to This Policy
14.1. The Controller reserves the right to modify this Policy without the prior consent of the User.
14.2. The current version is always available at: https://wodabrandmedia.com/en/privacy
14.3. Continued use of the Website after publication of an updated version of the Policy shall constitute acceptance of its terms.
14.4. Where required under GDPR or CCPA/CPRA, material changes to this Policy will be communicated to Users via direct notice or banner, and new consent will be requested if applicable.
15. Contact Information
15.1. If you have any questions regarding this Policy or wish to withdraw your consent, please contact: Director@wodabrandmedia.com, telephone: +7 (931) 22−55−800, DPO: Marianna Valeryevna Yeremenko
16. Liability and Governing Law
16.1. The Controller shall not be held liable for actions of third parties that gain access to personal data due to the User’s negligence or force majeure.
16.2. If the User provides personal data of third parties, they confirm having proper authority and consent for such disclosure. The Controller does not verify such authorization.
16.3. The Controller may refuse to provide services in case of violation of this Policy by the User.
16.4. The Controller reserves the right to block or restrict User access to the Website in cases of misuse, security threats, or breaches of this Policy.
16.5. This Policy constitutes a public offer under Article 435 of the Civil Code of the Russian Federation. All disputes related to the processing of personal data shall be resolved in accordance with the laws of the Russian Federation, in the jurisdiction where the Controller is registered.
16.6. For Users in the European Union or United States, this Policy is governed also by applicable regional data protection regulations (GDPR, CCPA/CPRA), and disputes may be referred to the competent data protection authority in the User’s country of residence.
This version of the Privacy Policy (v1.0) was approved on June 1, 2025 and remains in effect until replaced by a new version.
We encourage Users to regularly review the Policy for updates.
The most up-to-date version is always available at: https://wodabrandmedia.com/en/privacy
Let’s discuss your project