1. General provisions

This Personal Data Processing Policy describes how Circus Workshops LLC processes and protects personal data in accordance with Russian Federal Law No. 152-FZ of 27 July 2006 “On Personal Data” and other applicable laws of the Russian Federation.

Data controller: Circus Workshops LLC, INN/KPP 7704345580/770401001, address: premises 1/1/4, 6/2 Arbat Street, Moscow 119019, Russia, email: info@circusmaster.ru.

The controller is listed in the Roskomnadzor Register of Personal Data Controllers under registration number 77-26-542851. The notification was registered on 24 March 2026 under Order No. 141 dated 24 March 2026.

The Policy applies to personal data received through circusmaster.ru, by email, telephone or messenger, and when orders and contracts are arranged or performed.

2. Data subjects and categories of data

The controller processes data relating to prospective and current customers, clients, their representatives and contact persons.

  • full name;
  • contact telephone number;
  • email address, when provided;
  • company name, position and representative authority, where applicable;
  • order or contract details, correspondence, comments and other information voluntarily provided for the request;
  • technical connection data: IP address, request date and time, browser and device information, and cookie identifiers after consent to their use.

The controller does not intentionally process special categories of personal data or biometric personal data.

3. Purposes of processing

  • receiving and handling enquiries and preparing estimates and commercial proposals;
  • arranging, entering into, performing and supporting orders and contracts;
  • contacting the data subject about an enquiry, order, contract, delivery, installation or maintenance;
  • complying with accounting, tax and other obligations under Russian law;
  • maintaining the operation and security of the website and preventing abuse and technical failures;
  • maintaining a client database and making contact about possible future cooperation only where the data subject has given separate prior consent when required by law.

4. Legal grounds

Processing is based on the data subject’s consent, the need to enter into or perform a contract at the data subject’s request, compliance with the controller’s legal obligations, and other grounds provided by Federal Law No. 152-FZ.

Where data is required to answer an enquiry, arrange an order or perform a contract, refusal to provide it may make the relevant request impossible to fulfil.

5. Processing operations and methods

The controller may collect, record, organise, accumulate, store, update, retrieve, use, provide in the cases described by this Policy, anonymise, block, delete and destroy personal data. Processing may be automated or non-automated.

6. Disclosure and processors

The controller does not make personal data publicly available or provide access to an unlimited number of persons.

Data may be provided with the data subject’s consent, where required to perform a contract or request, where required by law, or to providers supporting the controller’s hosting, CRM, communications and other information systems. Such providers act under a contract or the controller’s instructions and must maintain confidentiality and appropriate data protection.

When personal data is collected online, the controller uses databases located in the Russian Federation for its recording, organisation, accumulation, storage, updating and retrieval, except where Russian law expressly provides otherwise.

7. Retention and deletion

Personal data is processed until the relevant purpose is achieved, statutory or contractual retention periods expire, or consent is withdrawn, unless another lawful ground requires continued processing.

When the purpose is achieved or the legal ground ceases to apply, data is deleted or destroyed within the periods and in the manner required by Russian law. Data is blocked until destruction if immediate destruction is not possible.

8. Data security

The controller takes the legal, organisational and technical measures required to protect personal data against unlawful or accidental access, destruction, alteration, blocking, copying, disclosure, distribution and other unlawful acts. Access is limited to persons who require it for their duties.

9. Data subject rights

Data subjects may request information about processing, correction, blocking or deletion of their data, withdraw consent, object where permitted by law, and lodge a complaint with Roskomnadzor or a court.

Requests and consent withdrawals may be sent in free form to info@circusmaster.ru or to the controller’s postal address. The controller may request information needed to verify the applicant’s identity and authority.

10. Website and cookies

A browser transmits technical information required to establish a connection and protect the website. Before the cookie notice is accepted, the website does not store cookies on the user’s device or load deferred third-party components. After consent, technical cookies required for forms and website functions may be used. Users can delete cookies through their browser settings.

11. Final provisions

The controller may update this Policy when laws or processing activities change. A new version applies once published on the website. The current version is permanently available through the website footer.