Effective date: «_
» ________ 2025 Seller: « _____________________________ » LLC, OGRN/INN ______________, legal address: _________________________ (“World Pantry Club”, “we”, “Seller”). Website: https://______________.com (“
Site”).
By clicking “
Place Order / Оплатить”, paying an invoice, or otherwise purchasing Products on the Site, the
Buyer (any natural or legal person placing an order)
fully accepts this Public Offer Agreement (“
Agreement”) and enters into a legally binding sales contract with the Seller on the terms below.
Privacy Policy
Effective date: «_
» ________ 2025 Entity: « __________________________ » LLC (OGRN/INN ______________), legal address: __________________________________ (“HomeTaste”, “we”, “our”, “Seller”). Website: https://______________.com (“
Site”).
This Privacy Policy explains how we collect, use, disclose, store and protect the personal data you (“
User”, “
you”, “
Buyer”) provide when visiting or purchasing through the Site, mobile applications, or related services (together, the “
Service”). It fulfils the requirements of:
- Federal Law No 152-FZ “On Personal Data” (Russia).
- Federal Law No 38-FZ “On Advertising.”
- EU General Data Protection Regulation 2016/679 (“GDPR”) for users located in the EEA/UK.
- Applicable provisions of U.S. state privacy laws (e.g., CCPA) for U.S. visitors.
If you do not agree with this Policy, please refrain from using the Service.
Term | Meaning |
Personal data | Any information relating to an identified or identifiable individual. |
Processing | Any operation (collection, storage, transfer, deletion, etc.) on personal data. |
Controller / Operator | « ___________ » LLC, which determines purposes and means of processing. |
Processor | A third party that processes data on our behalf (e.g., payment gateway, 3PL courier). |
Category | Examples | Collected when |
Account & order data | Name, phone number, e-mail, delivery address, order history, membership tier | You create an account, join the wait-list, place an order |
Payment data | Cardholder name, masked PAN, payment tokens (processed by certified PSP) | You pay for an order or membership |
Identity documents (rare) | Passport scan or residence permit (for wholesale or age-restricted goods) | We request KYC to comply with law |
Technical & usage data | IP address, device type, browser, referral URL, time-zone, pages visited, Yandex Metrica or Google Analytics IDs | You browse or interact with the Site or app |
Marketing preferences | Opt-in/opt-out status for newsletters, push notifications, referral codes | You subscribe, participate in promos |
Support records | Chat transcripts, e-mails, phone call notes, refund requests | You contact customer support |
Cookies & similar tech | Session cookies, authentication tokens, cart ID, marketing pixels | Automatically via your device |
We do
not knowingly collect data from children under 16.
Purpose | Legal basis (GDPR Art. 6) / Russian law |
Concluding & executing the sales contract (order confirmation, delivery, returns) | Contract performance (Art. 6 (1)(b)) |
Membership management, wait-list aggregation & volume threshold notifications | Contract performance / legitimate interest |
Payment processing & fraud prevention | Contract performance; legitimate interest |
Customer support & dispute resolution | Legitimate interest |
Marketing e-mails, push messages, referral programmes | Consent (Art. 6 (1)(a)) or legitimate interest where B2C rules allow |
Analytics, service improvement, UI personalisation | Legitimate interest (Art. 6 (1)(f)) |
Compliance with tax, customs, consumer-protection & accounting laws | Legal obligation (Art. 6 (1)(c)) |
You can withdraw consent at any time via your account settings or by e-mailing
privacy@_____________.com.
4. How we share dataWe disclose personal data
only as necessary:
- Processors:
- PCI-DSS certified payment provider (card data never hits our servers).
- 3PL warehouses & couriers to fulfil delivery.
- Cloud hosting, CRM, analytics and customer-support platforms.
- Affiliates & advisors: auditors, accountants, legal counsel (bound by NDAs).
- Authorities: customs, tax or law-enforcement bodies when lawfully requested.
- Corporate transactions: In a merger, acquisition or asset sale, data transfers under confidentiality safeguards.
We never sell personal data to third-party marketers.
5. International transfersOur primary servers are in the Russian Federation. Some processors (e.g., CDN, cloud email) may be in the EEA, US or Singapore. Where GDPR applies, we rely on Art. 46 appropriate safeguards (standard contractual clauses, ISO 27001 hosting) to protect your data.
Data type | Retention period |
Order & accounting records | 6 years (tax law) |
Membership & wait-list data | While account is active + 12 months |
Support tickets | 3 years after closure |
Marketing consent logs | 5 years (advertising compliance) |
Cookies | 1 day – 24 months (see Cookie Table) |
When the period expires, data are deleted or irrevocably anonymised.
- 7. Security measuresTLS 1.3 encryption on all pages.
- Tokenised card payments via certified PSP (we store only masked PAN & token).
- Role-based access; 2-factor authentication for staff.
- Nightly encrypted backups; separate disaster-recovery region.
- Quarterly penetration tests; annual ISO 27001 audit (in progress).
8. Your rightsSubject to law, you may:
- Access a copy of your personal data.
- Rectify inaccurate or incomplete data.
- Erase data (“right to be forgotten”) when legal grounds permit.
- Restrict or object to processing.
- Data portability (structured, machine-readable file).
- Withdraw consent without affecting prior lawful processing.
- Lodge a complaint with Roskomnadzor (Russia) or your local data-protection authority.
Submit requests via
privacy@_____________.com or in your Personal Account. We respond within 30 days.
9. Cookies & trackersWe use:
Cookie / tracker | Purpose | Lifespan |
Session ID | Keep you logged in, maintain cart state | Session |
Yandex Metrica _ym_uid | Site analytics, heat-maps | 24 months |
Google Analytics _ga | Traffic statistics | 24 months |
Referral code cookie | Attribute rewards | 30 days |
Consent cookie | Store cookie preferences | 12 months |
Manage preferences in the Site’s Cookie Banner or through your browser.
10. Changes to this PolicyWe may update this Policy; the revised version will be posted with a new “Effective date”. For material changes, we will notify you by e-mail or prominent banner at least 10 days in advance.
11. Contact usPrivacy Officer: _________________________
E-mail:
privacy@_____________.comTel.: +7 ___ ___ ____
Postal: (legal address above)
Thank you for trusting HomeTaste. We are committed to safeguarding your privacy while delivering the authentic foods you love.ed all terms of this Public Offer Agreement.