Privacy Policy

Edition 2.1 · Last updated: 2026-05-20

011. General Provisions

This Privacy Policy (the "Policy") sets out how personal data of users of the goldjaxe.com website (the "Website") is processed and protected. The Policy is adopted in order to comply with the personal data protection legislation of the Russian Federation.

The Policy is based on the following legal instruments:

the Constitution of the Russian Federation (Articles 23 and 24);
Federal Law No. 152-FZ of 27 July 2006 "On Personal Data" (the "Federal Law No. 152-FZ"), including Articles 6, 9, 10.1, 12, 14, 18, 18.1, 20, 21, 22 and 22.1;
Decree of the Government of the Russian Federation No. 1119 of 1 November 2012 on requirements for the protection of personal data processed in personal data information systems;
Order of the Federal Service for Technical and Export Control (FSTEC) No. 21 of 18 February 2013 on organisational and technical measures for personal data security;
the Tax Code of the Russian Federation (Part One, Article 23, paragraph 1, item 8) — regarding retention periods for primary accounting documents;
the Code of Administrative Offences of the Russian Federation (Article 13.11) — regarding liability for violations of personal data processing rules.

The scope of this Policy is limited to the goldjaxe.com website. Other resources and services operated by the Controller on separate domains are governed by their own privacy policies.

The Controller has filed a notification with Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media) regarding the processing of personal data, in accordance with Article 22 of Federal Law No. 152-FZ.

Use of the Website, submission of the contact form and granting of consent in the cookie banner constitute acceptance of this Policy. If the User does not agree with this Policy, the User shall discontinue use of the Website.

022. Data Controller and Person Responsible for Processing

The controller of personal data is:

Legal form: Individual Entrepreneur (Russian: Индивидуальный предприниматель) Arkhangelskii Sergei Sergeevich;
Tax ID (INN): 773183804968;
State registration number (OGRNIP): 320774600445835;
Contact email for personal data matters: privacy@goldjaxe.com.

The person responsible for organising the processing of personal data, as required by Article 22.1 of Federal Law No. 152-FZ, is Mr Sergei Sergeevich Arkhangelskii personally.

All requests from data subjects, including requests to exercise their rights, to withdraw consent or to submit complaints, shall be sent to privacy@goldjaxe.com. Requests are processed within thirty (30) calendar days from receipt, in accordance with Article 20 of Federal Law No. 152-FZ.

033. Categories of Data Subjects and Personal Data

The Controller processes personal data of the following categories of data subjects:

visitors of the Website using cookies and other web analytics technologies;
users who have submitted an enquiry through the contact form (the "Contact Form");
users who make payments through an integrated payment service, where such functionality is offered on the Website.

The following categories of personal data are processed:

data submitted via the Contact Form: name (or any other identifier chosen by the User), email address, phone number and/or Telegram messenger identifier, and the text of the message;
record of the User’s consent to the processing of personal data (checkbox state) and the timestamp of consent;
technical data automatically collected upon visiting the Website: IP address, user-agent string, country and region inferred from the IP address, interface language, visited pages and timestamps;
behavioural data collected by Yandex.Metrica with Webvisor: cursor movements, clicks, page scrolling and navigation sequences.

The Controller does not process special categories of personal data as defined in Article 10 of Federal Law No. 152-FZ (including data on racial or ethnic origin, political views, religious or philosophical beliefs, health or sexual life). Biometric personal data within the meaning of Article 11 of Federal Law No. 152-FZ are not processed either.

044. Purposes and Legal Bases of Processing

The Controller processes personal data solely for explicitly stated purposes. Each purpose has its own independent legal basis.

Processing of enquiries submitted via the Contact Form and follow-up communication. Legal basis: Article 6(1)(5) of Federal Law No. 152-FZ (performance of a contract or pre-contractual measures initiated by the data subject).
Web analytics, measurement of traffic and behavioural analysis using Yandex.Metrica with Webvisor. Legal basis: Article 6(1)(1) of Federal Law No. 152-FZ (consent of the data subject granted through the cookie banner).
Marketing and informational communications (where separate consent is given). Legal basis: Article 6(1)(1) of Federal Law No. 152-FZ. Consent may be withdrawn at any time.
Compliance with the Controller’s obligations under tax legislation, including retention of accounting records. Legal basis: Article 6(1)(2) of Federal Law No. 152-FZ in conjunction with Article 23(1)(8) of the Tax Code of the Russian Federation.
Ensuring the operation and security of the Website, including protection against attacks, spam-bots and fraudulent activities. Legal basis: Article 6(1)(7) of Federal Law No. 152-FZ (legitimate interests of the Controller, provided that the rights of the data subject are not infringed).

The Controller does not make decisions based solely on automated processing of personal data that produce legal effects for the data subject or otherwise significantly affect the data subject (Article 16 of Federal Law No. 152-FZ).

055. Storage, Retention and Security of Personal Data

Personal data is stored in a database hosted on servers operated by Selectel LLC (Russian Tax ID 7842393933) physically located in Moscow, Russian Federation. This arrangement ensures compliance with the localisation requirement set out in Article 18(5) of Federal Law No. 152-FZ for personal data of Russian citizens.

Retention periods are determined by the purpose of processing:

correspondence and enquiry data of Users — three (3) years from the date of the last interaction;
primary accounting documents related to payments (where applicable) — five (5) years pursuant to Article 23(1)(8) of the Tax Code of the Russian Federation;
Yandex.Metrica cookies (including the _ym_uid and _ym_d identifiers) — between twelve (12) and thirteen (13) months from the last visit;
Webvisor session recordings — fifteen (15) days from creation;
data processed for marketing purposes — until the data subject withdraws consent.

Upon expiry of the retention period, achievement of the processing purpose or withdrawal of consent, the Controller ensures destruction of personal data within thirty (30) calendar days, in accordance with Article 21 of Federal Law No. 152-FZ.

The Controller implements the following organisational and technical measures, as required by Article 18.1 of Federal Law No. 152-FZ, Government Decree No. 1119 and FSTEC Order No. 21:

encryption of data in transit using TLS version 1.2 or higher;
encryption of data at rest at the storage infrastructure level;
role-based access control (RBAC) following the principle of least privilege;
multi-factor authentication (MFA) for administrative access;
regular database backups with integrity verification;
use of firewalls and a Web Application Firewall (WAF);
maintenance of security event logs with access controls;
internal policies and procedures governing the processing and protection of personal data.

066. Recipients of Personal Data

The Controller engages third parties as processors acting on its instructions under Article 6(3) of Federal Law No. 152-FZ. Each such party is bound by a written agreement requiring confidentiality and a level of protection no lower than that maintained by the Controller.

The following processors are engaged:

Selectel LLC (Russian Tax ID 7842393933, Russian Federation) — hosting and database storage; server infrastructure located in Moscow;
Yandex LLC (Russian Tax ID 7736207543, Russian Federation) — provision of the Yandex.Metrica analytics service with Webvisor;
Kommo Inc. (Delaware, United States of America) — provision of the customer relationship management (CRM) platform used to handle enquiries and communications with Users;
Gcore S.A. (Grand Duchy of Luxembourg, operating a global edge network) — content delivery network (CDN) and Web Application Firewall (WAF) services;
Prodamus (Russian Federation) — payment processing through the integrated payment service, where applicable;
n8n workflow automation platform, self-hosted on GOLDJAXE-owned infrastructure — routing of enquiries and integration between internal systems.

The Controller does not sell personal data, does not share data with advertising networks for the purpose of building third-party profiles and does not disclose personal data to any other parties beyond those listed above.

Disclosure of personal data to state authorities is carried out exclusively on the grounds and in the manner provided for by the legislation of the Russian Federation (Article 6(1)(2) of Federal Law No. 152-FZ).

077. Cross-Border Transfers of Personal Data

Cross-border transfers of personal data may occur when Users interact with the Website. Such transfers are governed by Article 12 of Federal Law No. 152-FZ.

Personal data is transferred to the following recipients in foreign jurisdictions:

Gcore S.A. (Grand Duchy of Luxembourg, with processing distributed across a global edge network) — processing of technical data (IP address, HTTP request headers, user-agent) for CDN and security purposes;
Kommo Inc. (United States of America, State of Delaware) — processing of enquiry data within the CRM platform.

The Grand Duchy of Luxembourg is a party to the Council of Europe Convention No. 108 of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data and is included in the list of foreign jurisdictions providing adequate protection of data subjects’ rights established by Roskomnadzor Order No. 128 of 5 August 2022. Transfers of personal data to the Grand Duchy of Luxembourg are carried out under the standard procedure provided for by Article 12(1)–(3) of Federal Law No. 152-FZ.

The United States of America is not included in the above list. Accordingly, cross-border transfers of personal data to the United States are carried out only with the written consent of the data subject under Article 12(4) of Federal Law No. 152-FZ. Such consent is provided by the User through an explicit action in the cookie banner and by acceptance of this Policy upon submission of the Contact Form.

The Controller has filed a notification with Roskomnadzor of its intention to carry out cross-border transfers of personal data, using the form approved by Roskomnadzor Order No. 178 of 27 October 2022.

The data subject is entitled to withdraw consent to cross-border transfers at any time by sending a request to privacy@goldjaxe.com.

088. Cookies and Web Analytics

The Website uses cookies and similar browser storage technologies. Cookies are grouped into the following categories:

Strictly necessary cookies — required for the Website to function and do not require consent. These include cookies storing the User’s choice in the cookie banner, the selected interface language (NEXT_LOCALE), the selected display theme, and technical cookies set by the content delivery network (CDN), where applicable.
Analytics cookies — collect aggregated information about traffic and on-site behaviour. Set only with consent. These include cookies set by Yandex.Metrica (such as _ym_uid, _ym_d, _ym_isad, _ym_visorc).
Functional cookies — enable enhanced features (such as remembering user preferences). Set only with consent.

No marketing cookies or advertising-network cookies are used by the Website.

Webvisor disclosure. Yandex.Metrica with the Webvisor option enabled records user sessions, including cursor movements, clicks, page scrolling and the visual content of rendered pages. Values entered by the User into form fields (text inputs, password inputs, text areas) are masked by default and are not transmitted to the recording. Webvisor recordings are retained for fifteen (15) days, after which they are deleted.

Consent management. On the first visit to the Website the User is shown a cookie banner that allows the User to select categories of data to be processed. The User may change or withdraw consent at any time by using the "Change cookie preferences" link located in the footer of the Website, or by clearing browser storage for the goldjaxe.com domain.

Refusal of analytics and functional cookies does not prevent the User from accessing the core functionality of the Website.

099. Rights of the Data Subject

Data subjects are granted the rights provided for by Chapter 3 of Federal Law No. 152-FZ. In particular, the data subject has the right to:

obtain information relating to the processing of their personal data, in the manner set out in Article 14 of Federal Law No. 152-FZ (right of access);
request rectification, blocking or erasure of personal data that is incomplete, outdated, inaccurate, unlawfully obtained or no longer necessary for the stated purpose (Article 21 of Federal Law No. 152-FZ);
withdraw previously given consent to the processing of personal data, in the manner set out in Article 9(2) of Federal Law No. 152-FZ;
object to processing for purposes other than those declared by the Controller;
lodge a complaint with Roskomnadzor or seek judicial remedy against acts or omissions of the Controller.

Rights are exercised by sending a written request to privacy@goldjaxe.com. The request must include information sufficient to identify the data subject (or their authorised representative).

The Controller will review the request and provide a reasoned response within thirty (30) calendar days from receipt, in accordance with Article 20 of Federal Law No. 152-FZ. If the response cannot be provided within this period, the Controller will notify the data subject of the reasons for the extension.

1010. Changes to the Policy

The Controller may amend this Policy. Versioning follows the MAJOR.MINOR scheme, where an increase in the MAJOR number corresponds to material changes affecting the rights and obligations of data subjects, and the MINOR number reflects technical or editorial corrections.

Material changes will be communicated to Users via an information banner displayed on the Website at least fourteen (14) calendar days prior to the effective date of the new version.

The current version of the Policy is always available at goldjaxe.com/privacy. The date of the latest update and the edition number are displayed at the top of the page.

Continued use of the Website after the effective date of an amended Policy constitutes acceptance of the new version. If the User does not agree with the amended Policy, the User shall discontinue use of the Website and may submit a request to withdraw consent and delete data via privacy@goldjaxe.com.

1111. Contacts and Identification Details

Contact details of the Controller for personal data matters:

Email: privacy@goldjaxe.com;
Legal form: Individual Entrepreneur Arkhangelskii Sergei Sergeevich;
Tax ID (INN): 773183804968;
State registration number (OGRNIP): 320774600445835.

Contact details of the supervisory authority — Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media):

Postal address: 109074, Moscow, Kitaygorodsky Proyezd, 7, building 2, Russian Federation;
Official portal for data subject requests: pd.rkn.gov.ru;
Official website: rkn.gov.ru.

1212. Governing Law and Jurisdiction

This Policy and any relations arising in connection with the processing of personal data are governed by the law of the Russian Federation.

Disputes arising in connection with the processing of personal data shall be resolved in court in accordance with the rules of jurisdiction established by the procedural legislation of the Russian Federation.

A User who qualifies as a consumer may file a claim with the court at the place of the User’s residence or stay, in accordance with Article 17 of the Law of the Russian Federation No. 2300-1 of 7 February 1992 "On the Protection of Consumer Rights".

If any provision of this Policy is held invalid by a court, the remaining provisions shall remain in full force and effect.

GDPR overlay for EU/EEA users. Where the User is located in the European Union or the European Economic Area, the following additional information applies in respect of Regulation (EU) 2016/679 (GDPR). Legal bases under Article 6(1) GDPR: consent (Art. 6(1)(a) GDPR) for analytics, Webvisor and marketing communications; contract or pre-contractual measures (Art. 6(1)(b) GDPR) for processing of Contact Form enquiries; legitimate interests (Art. 6(1)(f) GDPR) for security and abuse prevention. Consent is collected and managed in accordance with Article 7 GDPR and Article 5(3) of the ePrivacy Directive 2002/58/EC. Data subject rights under Articles 15-22 GDPR: right of access, rectification, erasure, restriction of processing, data portability, objection, and the right not to be subject to a decision based solely on automated processing. EU/EEA users may exercise these rights by contacting privacy@goldjaxe.com; requests are answered within thirty (30) days. EU/EEA users have the right to lodge a complaint with the supervisory authority in their Member State of residence, place of work or alleged infringement (Art. 77 GDPR). Disclaimer regarding Article 27 GDPR: GOLDJAXE has not appointed an EU Representative under Article 27 GDPR. Privacy requests are routed through privacy@goldjaxe.com and answered within 30 days. Cross-border transfer notice for EU residents: personal data of EU/EEA residents using this Website may be transferred to the Russian Federation (Yandex LLC for analytics, Selectel LLC for storage). The Russian Federation is not designated as a country with an adequate level of data protection by the European Commission under Article 45 GDPR. By using the Website and providing consent in the cookie banner, the User explicitly consents to this transfer under Article 49(1)(a) GDPR. The User acknowledges the possible risks of such transfer, including the absence of an adequacy decision and of standard contractual clauses under Article 46 GDPR.

↑ Top