This Privacy Policy describes how IP Kravchenko E.M. collects, uses, stores, and protects the personal data of users of the website agency-bongusto.com, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable European legislation.
1. Data Controller
IP Kravchenko E.M.
VAT Number: 314503217400093 · Tax Identification Number: 503212721109
143581, Russia, Moscow Region, Novinki, Pavlovskiy Boulevard, 4-36
Tel.: +7 965 244 20 75 · Email:
info@agency-bongusto.comThe Data Controller has not appointed a Data Protection Officer (DPO), as the scope and nature of the processing activities do not fall within the cases provided for under Article 37 of the GDPR.
2. Representative in the European Union (Article 27 GDPR)
As the Data Controller is not established within the European Union but systematically processes personal data of EU residents, a representative in the European Union has been appointed in accordance with Article 27 GDPR:
Tichinskaya Anastasia
514, Route des Valettes Sud
06140 Tourrettes-sur-Loup, France
Email:
info@agency-bongusto.comData subjects and supervisory authorities may contact the representative regarding any matter related to the processing of personal data, either as an alternative to or in addition to contacting the Data Controller directly.
3. Categories of Personal Data Collected
- Identification data: first name, last name
- Contact data: telephone number, email address
- Technical and browsing data: IP address, browser type, device information, pages visited, session duration, and anonymous behavioral data collected through analytics cookies with the user's consent
The Data Controller does not collect special categories of personal data within the meaning of Article 9 GDPR (e.g., health data, ethnic origin, political opinions).
Personal data are collected directly from the data subject through the website forms or automatically by the system when the user consents to the use of analytics cookies.
4. Purposes of Processing, Legal Bases, and Mandatory Nature of Data Provision
Purpose | Legal Basis (Art. 6 GDPR) | Provision of Data |
Management of requests submitted through contact forms | Art. 6(1)(b) — pre-contractual measures | Optional but necessary: without the required data, it is not possible to respond to the request |
Provision of consultations and preparation of commercial proposals | Art. 6(1)(b) — performance of a contract and/or pre-contractual measures | Necessary for the provision of the requested service |
Communication with the user (responses, project updates, and service-related communications) | Art. 6(1)(f) — legitimate interest of the Data Controller in maintaining continuity in the client relationship and responding promptly to requests | Optional; the user may object at any time |
Website traffic analysis and improvement of the user experience | Art. 6(1)(a) — consent provided through the cookie banner | Optional; the website remains accessible even if consent is not provided |
Compliance with legal obligations | Art. 6(1)(c) — legal obligation | Mandatory under applicable law |
Where the legal basis for processing is the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR), the user has the right to object at any time by submitting a request to
info@agency-bongusto.com. The Data Controller will assess the objection and cease the processing unless compelling legitimate grounds for the processing prevail.
5. Recipients and Categories of Third Parties
Personal data may be disclosed to the following categories of recipients only to the extent strictly necessary for the purposes described above:
- Tilda Publishing (tilda.cc) — Data Processor (Art. 28 GDPR). Platform used to manage contact forms and the technical infrastructure of the website. It receives the data entered into the forms (name, telephone number, and email address) solely for the purpose of transmitting requests to the Data Controller. Processing is carried out under a data processing agreement pursuant to Article 28 GDPR.
- Yandex LLC — Yandex Metrica — Data Processor (Art. 28 GDPR). Web traffic analytics service used to collect pseudonymized technical data (truncated IP addresses and browsing behavior) through analytics cookies. Such cookies are activated exclusively after the user has provided explicit consent via the cookie banner. No data are collected before consent is given.
Please refer to Yandex's Privacy Policy for further information.
The Data Controller does not disclose, sell, or otherwise transfer personal data to third parties for marketing or commercial profiling purposes.
6. International Data Transfers
The Data Controller is established in the Russian Federation, a country outside the European Economic Area (EEA) for which no adequacy decision has been adopted by the European Commission pursuant to Article 45 GDPR.
Transfers of personal data to Russia are carried out on the basis of:
- Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Article 46(2)(c) GDPR, where concluded with data processors;
- The explicit and informed consent of the data subject pursuant to Article 49(1)(a) GDPR, provided when submitting personal data through the website forms.
Users are informed that, in the absence of an adequacy decision, such transfers may involve risks to their fundamental rights and freedoms. A copy of the safeguards adopted may be requested by contacting
info@agency-bongusto.com.
7. Data Retention
Category | Retention Period |
Contact form data (name, telephone number, email address) | 3 years from the date of collection, or until the end of the business relationship |
Technical and behavioral data (Yandex Metrica analytics cookies) | 26 months, unless consent is withdrawn earlier |
Accounting and tax records | In accordance with applicable legal obligations (minimum 5 years) |
Upon expiration of the applicable retention period, personal data are deleted or irreversibly anonymized.
8. Profiling and Automated Decision-Making
The website uses Yandex Metrica to collect aggregated statistical data regarding users' browsing behavior (such as pages visited, session duration, and approximate geographic location). These data are used solely to improve the usability and performance of the website and are not used to create individual user profiles.
The Data Controller does not carry out any automated decision-making, including profiling, that produces legal effects concerning the data subject or similarly significantly affects them, within the meaning of Article 22 GDPR.
9. Rights of the Data Subject (Articles 15–22 and 77–79 GDPR)
Users may exercise the following rights free of charge at any time:
Right of Access (Art. 15)
To obtain confirmation as to whether personal data concerning them are being processed and, where that is the case, to receive a copy of the data together with information regarding the purposes of processing, recipients, and retention periods.
Right to Rectification (Art. 16)
To request the correction of inaccurate personal data and the completion of incomplete personal data.
Right to Erasure ("Right to be Forgotten") (Art. 17)
To request the deletion of personal data where they are no longer necessary for the purposes for which they were collected, where consent has been withdrawn and no other legal basis applies, or where the processing is unlawful.
Right to Restriction of Processing (Art. 18)
To request the restriction of processing in specific circumstances, such as while contesting the accuracy of personal data or during the assessment of an objection.
Right to Data Portability (Art. 20)
To receive personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller, where processing is based on consent or a contract and carried out by automated means.
Right to Object (Art. 21)
To object at any time to processing based on the legitimate interests of the Data Controller on grounds relating to the user's particular situation. Objections to direct marketing communications take effect immediately and unconditionally.
Right to Withdraw Consent (Art. 7(3))
To withdraw consent at any time (for example, for analytics cookies), without affecting the lawfulness of processing carried out before the withdrawal.
Right to Lodge a Complaint with a Supervisory Authority (Art. 77)
To lodge a complaint with the competent data protection authority, including the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) or the supervisory authority of the EU Member State where the user resides or works.
Right to an Effective Judicial Remedy (Art. 79)
To seek a judicial remedy before the competent courts if the user believes that their rights under the GDPR have been infringed as a result of unlawful processing.
To exercise any of the above rights, please contact
info@agency-bongusto.com or the EU Representative at the address indicated in Section 2. The Data Controller will respond within 30 days of receiving the request (Art. 12 GDPR). This period may be extended by an additional 60 days in particularly complex cases, with a reasoned notification provided to the data subject.
10. Cookies
The website uses technical cookies (necessary for the operation of the website and not requiring consent) and analytics cookies (activated exclusively after explicit consent is provided through the cookie banner).
No analytics data are collected before consent is obtained. Users may modify or withdraw their cookie preferences at any time through the Cookie Policy.
11. Data Security
The Data Controller implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, or accidental disclosure, in accordance with Article 32 GDPR.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of data subjects, the Data Controller will notify the competent supervisory authority within 72 hours in accordance with Article 33 GDPR and, where the risk is high, will also inform the affected data subjects pursuant to Article 34 GDPR.
12. Changes to This Privacy Policy
The Data Controller reserves the right to update this Privacy Policy to reflect legal, regulatory, or operational changes.
Any updates will be published on this page together with the date of the latest revision. Where significant changes are made, and where feasible, registered users will be notified directly.
Last updated: May 25, 2026