Personal data processing policy

1.1. This Policy governs the Controller's processing of personal data of any User who visits the Site and/or submits a request via the contact form.

1.2. The Site is an informational resource and a portfolio of the Controller. The Site does not sell goods or render services online. Materials published on the Site are for informational purposes only and do not constitute a public offer within the meaning of Article 437 of the Russian Civil Code.

1.3. Controller's details:

Self-employed (NPD taxpayer) Anton V. Maragaev, INN 519052901556, address: Murmansk, Russia (correspondence via email), contact e-mail: anton.maragaev@yandex.ru.

1.4. Use of the Site constitutes the User's unconditional acceptance of this Policy and of the terms under which their personal data is processed. A User who disagrees with the Policy must refrain from using the Site.

2.1. Data that the User submits via the contact form:

name or preferred salutation;

selected contact channel (Telegram, WhatsApp, Max, VK, phone, e-mail) and the contact itself on that channel;

request type (business project, investment proposal, other);

message content (at the User's discretion).

2.2. Technical data collected automatically when visiting the Site:

visitor IP address — stored exclusively as a SHA-256 cryptographic hash; the raw IP address is not retained;

browser and device information (user-agent);

referrer (HTTP referrer) and UTM campaign parameters.

2.3. Behavioural and analytics data (only with the User's prior consent to cookies):

pages visited, scroll depth, clicks on links and buttons;

Yandex.Metrica identifiers required for aggregated traffic statistics.

2.4. The Controller does not request or process special categories of personal data: racial or ethnic origin, political, religious or philosophical beliefs, health data, intimate life, or biometric data.

3.1. To contact the User via the channel they selected, in response to a submitted request.

3.2. To conduct preliminary negotiations regarding a potential services agreement for the development of digital products.

3.3. To prepare and send a commercial proposal, a cost estimate, and a framework project description.

3.4. To protect the Site from automated spam, fraudulent inquiries, and attacks (use of IP hashing, honeypot fields).

3.5. To evaluate Site performance and ad-campaign effectiveness — traffic sources, form conversion — based on anonymised aggregated statistics.

3.6. To meet Russian statutory requirements for retention of primary accounting documents in the event a contract is later signed.

4.1. Processing of personal data submitted via the contact form is based on the User's explicit consent, expressed by actively ticking the 'I agree to personal data processing' checkbox when submitting the form (152-FZ Art. 6(1)(1); GDPR Art. 6(1)(a)).

4.2. Processing of technical data collected during a Site visit (including the IP hash) is based on the Controller's legitimate interests — ensuring the security and operability of the Site (152-FZ Art. 6(1)(7); GDPR Art. 6(1)(f)).

4.3. Processing of analytics cookies is performed exclusively on the basis of a separate consent given by the User via the cookie banner. Third-party analytics scripts are not loaded on the Site until that consent is given.

5.1. The Controller does not sell personal data and does not pass it to advertising networks for targeting purposes.

5.2. The Controller engages the following processors (third parties) solely for the purposes set out in section 3 of this Policy:

Telegram (Telegram FZ-LLC) — for delivering new-request notifications to the Controller via a private channel. Telegram acts as an independent data controller under its own privacy policy;

Yandex LLC — for collecting anonymised traffic statistics via Yandex.Metrica (only after the User's consent to cookies);

infrastructure hosting provider (a VPS in a data centre located in the Russian Federation) — for technical storage of data and operation of the Site.

5.3. The Controller may transfer personal data without the User's consent at the request of authorised state authorities (court, prosecutor's office, other agencies) in the cases and the manner expressly provided for by Russian law.

5.4. The Controller warrants that any third parties it engages are bound to observe confidentiality and to comply with 152-FZ.

6.1. Contact data from form submissions (name, contact, message) is retained for three (3) years from the date of the most recent communication between the Controller and the User, after which it is automatically deleted.

6.2. Technical logs and IP hashes are retained for no more than ninety (90) days from the date of collection.

6.3. Data whose processing is mandatory by tax or other Russian law (e.g. once a contract has been signed) is retained for the periods set by the applicable Russian legislation.

6.4. The User may at any time request early deletion of their data by writing to anton.maragaev@yandex.ru. The Controller deletes the data within thirty (30) days of receiving such a request, except for data that must be retained by law.

The User has the right to:

request full information on the personal data the Controller holds about them and on the purposes for which it is processed;

request rectification, correction, or blocking of incomplete, outdated, inaccurate, or excessive data;

request erasure of their personal data (right to be forgotten), except for data whose retention is required by law;

withdraw a previously granted consent to data processing at any time;

lodge a complaint with Roskomnadzor or, for EU citizens, with their national data protection authority.

How to exercise these rights: send a written request to anton.maragaev@yandex.ru marked 'Personal data'. A response will be sent to the User no later than thirty (30) days from the date the request is received.

8.1. The Controller applies the following safeguards:

data in transit on the Site is protected by TLS 1.3 (channel encryption);

data is stored in a database with at-rest encryption and regular backups;

data access is restricted — only the Controller and the technical specialists it engages have access, and only to the extent required to perform their duties;

visitor IP addresses are stored only as a cryptographic hash (the raw IP is not retained);

honeypot fields and request-origin validation protect the contact form from automated spam.

8.2. In the event of a personal data breach, the Controller will notify Roskomnadzor and the affected Users (where the breach poses a real risk to their rights) within twenty-four (24) hours, as required by Article 21.1 of 152-FZ.

9.1. The Site uses cookies to remember the selected interface language (NEXT_LOCALE) and to persist the User's cookie-banner choice (dnk_consent). These cookies are classified as necessary and are set without separate consent.

9.2. Analytics cookies (Yandex.Metrica: _ym_uid, _ym_d) are set only after the User has given explicit consent via the cookie banner. Analytics scripts are not loaded on the Site before consent is given.

9.3. The User may disable cookies in their browser settings. In that case some Site features may not work as expected (e.g. the language choice will not persist).

9.4. A detailed description of the cookies we use is provided in a separate document — the Cookie Policy.

10.1. The Controller reserves the right to update this Policy. The current revision is always available at dnkchain.com/privacy.

10.2. The date of the most recent revision is shown at the top of the page.

10.3. Material changes affecting User rights (e.g. the engagement of new processors) will be announced via a banner on the Site, or by e-mail for Users who have previously provided one, no later than ten (10) days before the changes take effect.