Effective date: May 1, 2026

1. General Provisions

This Privacy Policy defines the procedure for collecting, storing, using, and protecting personal data, as well as the measures taken to ensure data security by the organization providing services on the website https://timetalisman.com (hereinafter referred to as the “Controller”).

1.1. The Controller considers its highest priority to be ensuring the rights and freedoms of individuals when processing their personal data, including protecting the right to privacy and confidentiality.

1.2. This Policy applies to all information that the Controller may receive about visitors and users of the Website.

2. Basic Terms Used in the Policy

2.1. Automated processing of personal data — processing using computing equipment.

2.2. Blocking of personal data — temporary suspension of the processing of personal data, except where processing is necessary to clarify the data.

2.3. Website — the website and its related content and functionality available on the Internet at https://timetalisman.com.

2.4. Personal data information system — a collection of databases, technologies, and technical means used for personal data processing.

2.5. Anonymization of personal data — actions as a result of which it becomes impossible to associate data with a specific individual without additional information.

2.6. Processing of personal data — any action or set of actions performed with personal data, including collection, systematization, storage, use, transfer, blocking, deletion, and destruction.

2.7. Controller — a legal or natural person independently or jointly determining the purposes and methods of processing personal data.

2.8. Personal data — any information relating to an identified or identifiable individual.

2.9. Personal data permitted for dissemination — data made available to an unlimited number of persons with the subject’s consent.

2.10. User — any visitor to the Website.

2.11. Provision of personal data — disclosure of information to a specific person or specific group of persons.

2.12. Dissemination of personal data — disclosure of information to an indefinite number of persons, including publication.

2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state, to a foreign organization, or to a foreign individual.

2.14. Destruction of personal data — actions resulting in permanent deletion of data without possibility of recovery.

3. Basic Rights and Obligations of the Controller

3.1. The Controller has the right to:

receive reliable information and, where necessary, documents containing personal data from the subject;

continue processing personal data without the subject’s consent in cases permitted by law;

determine the measures necessary to comply with its obligations regarding data protection.

3.2. The Controller is obliged to:

provide the subject with information regarding the processing of their personal data;

organize data processing in accordance with applicable law;

respond to inquiries from data subjects;

take legal, organizational, and technical measures to protect personal data from unauthorized access, alteration, destruction, or dissemination;

ensure that this Policy remains accessible to Users;

cease processing and destroy data in cases provided by law.

4. Basic Rights and Obligations of Data Subjects

4.1. Data subjects have the right to:

receive information on how their personal data is processed;

request correction, blocking, or deletion of data if such data is inaccurate, outdated, incomplete, or excessive;

withdraw consent to data processing;

appeal the actions or inaction of the Controller to the competent authorities;

exercise other rights provided by law.

4.2. Data subjects are obliged to:

provide the Controller with reliable data;

notify the Controller about changes in their personal data.

4.3. Individuals who provide false data or information about third parties without consent bear responsibility in accordance with applicable law.

5. Principles of Personal Data Processing

5.1. Processing is carried out on a lawful and fair basis.

5.2. Processing is limited to achieving specific lawful purposes.

5.3. Combining incompatible databases is prohibited.

5.4. Only data relevant to the declared purposes is processed.

5.5. The scope of personal data processed must not exceed what is necessary to achieve the stated processing purposes.

5.6. The Controller shall take reasonable steps to ensure the accuracy, relevance, and completeness of personal data.

5.7. Data is stored no longer than necessary for processing purposes unless otherwise prescribed by law.

6. Purposes of Personal Data Processing

Purpose of Processing

Personal Data

Legal Grounds

Types of Processing

Providing access to the Website’s services and materials

Full name, email address

Consent of the data subject / performance of a contract / compliance with legal obligations, where applicable

Collection, storage, organization, updating, use, and, where applicable, sending service-related or informational emails

Informing the User via electronic messages regarding the Website, its services, or other relevant communications from the Controller

Full name, email address

Consent of the data subject / performance of a contract / compliance with legal obligations, where applicable

Collection, storage, organization, updating, use, and, where applicable, sending service-related or informational emails

7. Conditions for Processing Personal Data

7.1. Processing is carried out with the consent of the data subject.

7.2. Processing is necessary for the performance of the Controller’s legal or contractual obligations.

7.3. Processing may be necessary to protect the lawful rights and interests of the Controller or third parties, provided that such processing does not violate or disproportionately affect the rights and freedoms of the data subject.

7.4. Publicly available personal data may be processed where it has been made available by the data subject on their own initiative.

7.5. Processing may be required for publication pursuant to mandatory legal requirements.

8. Procedure for Collecting, Storing, Transferring, and Other Types of Processing of Personal Data

8.1. The Controller takes reasonable legal, organizational, and technical measures to ensure data security and protection against unauthorized access.

8.2. Use of Cookies and Similar Technologies

The Website may use cookies and similar technologies to ensure proper operation of the Website, improve user experience, analyze traffic, and support security and technical functionality. Users may control cookies through their browser settings, subject to the limitations of such settings.

8.3. Personal data is not transferred to third parties without the data subject’s consent, except in cases required or permitted by law, or where such transfer is necessary to engage third-party service providers for the operation of the Website and provision of services.

8.4. The User may update their data by sending a notification to the Controller at the following email address: duvalantique@gmail.com.

8.5. Personal data shall be stored for no longer than is necessary to achieve the purposes of processing, unless a longer retention period is required by law or contract. The User may withdraw consent at any time by sending a notification by email to duvalantique@gmail.com.

8.6. The Controller may disclose personal data to third-party service providers, including hosting providers, payment processors, email service providers, analytics services, technical support providers, and other contractors, to the extent reasonably necessary for the operation of the Website and the provision of services.

8.7. Restrictions on the processing or transfer of personal data may not apply where such processing is required or permitted by applicable law in the public interest.

8.8. The Controller takes all reasonable steps to maintain the confidentiality of personal data.

8.9. Personal data is stored for as long as necessary for the stated purposes, unless a different retention period is established by contract or law. Upon expiration of the applicable retention period, such data shall be deleted or otherwise destroyed, unless further storage is required by applicable law.

8.10. Processing ceases upon achievement of the purposes of processing, withdrawal of consent, expiration of the applicable retention period, or detection of violations.

9. Actions Performed in Relation to Personal Data

The Controller carries out the following actions: collection, recording, systematization, accumulation, storage, clarification, extraction, use, dissemination, anonymization, blocking, deletion, and destruction of data. Processing may be carried out with or without the use of automation tools.

10. Cross-Border Transfer of Personal Data

10.1. Before carrying out any cross-border transfer of personal data, the Controller shall ensure that such transfer is permitted under applicable law and that appropriate safeguards and legal grounds, where required, are in place.

11. Confidentiality of Personal Data

The Controller and persons authorized to access personal data are obliged not to disclose such data to third parties without the consent of the data subject, except in cases required or permitted by law.

12. Final Provisions

12.1. The User may receive clarification on issues related to the processing of personal data by contacting the Controller at the following email address: duvalantique@gmail.com.

12.2. This Policy remains in effect until replaced by a new version; all changes shall be published on the Website.

12.3. The current version of the Policy is available at: https://timetalisman.com/privacy.