1. General provisions
1.1. Danza ("Operator") respects the privacy rights of its customers and recognizes the importance of protecting the information collected about them.
1.2. The present Danza Privacy and Confidentiality Policy ("Policy"), which constitutes a public document, covers all personal data ("PD") processed by Danza and has been developed in line with the applicable laws ("Law") related to PD.
1.4. The purpose of the Policy is to inform PD owners ("Data Subject/s") and other persons engaged in PD processing of Danza adherence to the fundamental principles of legitimacy, justice, non-redundancy, correlation of the content and scope of the PD processed to the declared processing purposes.
2.1. The following definitions apply to PD protection:
2.1.1. "Personal data": data which relates to a living individual who can be identified a) from that data or, b) from that data and other information in our possession or likely to come into our possession).
2.1.2. "Data subject": an individual who is the subject of PD. Data subjects have legal rights in relation to handling and processing of their PD.
2.1.3."Operator" a person who (either alone or jointly with other persons) determines the purpose for which, and the manner in which, any PD is to be processed. They have a responsibility to establish practices and policies in line with the Law.
2.1.4."Data processors" any person, other than an employee of the Operator) who processes PD on behalf of an Operator, i.e. third parties that process or handle PD on our behalf.
2.1.5."Processing" any activity that involves the use of PD. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying. Processing also includes transferring PD to third parties.
2.1.6. "Sensitive Personal data" includes information about a person's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health, condition, sexual life, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings. Sensitive Personal data can only be processed under strict conditions, and usually requires the express consent of the Data Subject.
3. Objectives of PD processing
3.1. Danza legal obligations and requirements under the Law for the processing of PD are to ensure that all PD processed by Danza in the course of its activities is:
3.1.1. collected, stored and processed for justifiable reasons;
3.1.2. processed by authorized persons with a legitimate reason;
3.1.3. stored safely;
3.1.4. retained only for the defined time period after which it is appropriately destroyed;
3.1.5. not disclosed to unauthorized persons.
3.2. Danza will actively seek to meet its obligations and duties in accordance with the Law and in so doing will not infringe the rights of its employees, customers, third parties or others.
4. Legal grounds for PD processing
4.1. PD are processed by Danza:
4.1.1. upon acquisition of appropriate consent of the Data Subject to the processing of his/her PD;
4.1.2. for the purpose of being compliant with the Law;
4.1.3. for the purpose of performing an agreement of which the Data Subject is a party or beneficiary.
4.2. PD may only be processed for the specific purpose notified to the Data Subject when it was first collected, or for purposes specifically permitted by the Law. PD must not be collected for one purpose and subsequently used for another. If it becomes necessary to change the purpose for which the data is being processed, the Data Subject must be informed of the new purpose before any processing occurs.
5. Purposes of PD processing
5.1. Danza processes PD for the following purposes:
5.1.1. comply with Law requirements, organize its activities and its employees' activities;
5.1.2. verify the identity of customers and their eligibility to register as users on the Danza website;
5.1.3. process users' registrations, providing customers with a sign in ID for the Danza website and maintain and manage such registrations;
5.1.4. process, fulfill and deliver orders and manage customers' accounts;
5.1.5. provide customers with relevant customer care and respond to their queries, feedback, claims or disputes;
5.1.6. perform research or statistical analysis for marketing and promotional purposes in order to improve the content and layout of the Danza website and improve the Danza product offerings and services;
5.1.7. subject to obtaining consent in such form as may be required under the Law, Danza may use PD from its customers to provide them with notices, surveys, product alerts, communications and other marketing materials relating to goods and services offered by Danza sites including its exclusive membership programs, value added services ancillary to the memberships, and other products and services offered by Danza from time to time to its registered users.
5.2. Danza is entitled to disclose PD as may be required for any of the purposes above or as required by the Law, by State bodies or in respect of any claims or potential claims brought against Danza.
5.3. If the customer voluntarily submits any information for publication on the Danza website through the publishing tools, including but not limited to, Company Profile, Product Catalog, Trade Leads, Trust Pass Profile and any discussion forum, then the customer is deemed to have given consent to the publication of such information.
5.4. Danza does not sell PD to third party marketing companies.
5.5. Danza may employ third party business partners to collect and process PD on its behalf. Danza may also share PD with third party business partners to provide the customer with targeted advertising and other services. In such cases, these third parties will be subject to confidentiality agreements as outlined in articles 7.6 and 11 below and accordingly instructed by Danza to comply with the Law and Danza internal regulations.
5.6. Danza may collate information about site traffic, sales, wish lists, and other commercial information which can be transferred to third parties. This information cannot lead to the customer being identified and it is therefore not regarded as PD.
6. Consent and processed PD
6.1. Danza collects PD in several ways when the customer places an order, buys a gift card for a friend or registers for a service. By registering, the customer expresses their consent to the collection of his/her PD.
6.2. In order to process and fulfill a customer's order, Danza needs to collect the following information: name, surname, email address, phone numbers, home address, shipping and credit/debit card billing address(es).
6.3. PD can be accepted from a person other than the Data Subject, provided that the Data Subject has provided their consent to submit their PD to Danza for processing.
6.4. Saved bank card details are never shared with third parties and are only used to process the customer's order using Danza partners' payment systems. Danza may also ask further information as a result of authentication or identity checks.
7. PD processing
7.1. Danza will maintain an inventory of categories of PD it processes relating to its employees and customers, and for the purposes of which each category is used. The inventory shall indicate high-risk categories of PD processed in accordance with the Law, including but not limited to:
7.1.1. sensitive PD;
7.1.2. personal bank accounts, credit/debit cards and other financial information;
7.1.3. national identifiers, i.e. National Insurance or National Identity Numbers;
7.1.4. material relating to meetings, interviews or negotiations which could adversely affect individuals if such information were to be divulged.
7.2. Danza is responsible for ensuring that all PD processed within its systems are adequate, relevant and not excessive and are only collected on the basis of a real and justifiable business reason. Periodic reviews of Danza technology, processes and procedures implemented for PD processing are to be conducted to ensure they continue to be adequate and fit-for-purpose. Any anomalies identified are to be recorded and appropriate action must be taken to address the findings.
7.3. Processed PD must correspond to real and justifiable business reasons, for this purpose:
7.3.1. Danza will only process the minimum amount of PD required to meet its legitimate purposes;
7.3.2. additional information which is not relevant or is excessive for the stated purpose is not processed;
7.3.3. new systems and processes involving PD are to be developed and reviewed to ensure their compliance with the Law and Danza internal regulations.
7.4. Danza implements appropriate technical and organizational measures to prevent unauthorized or unlawful processing, accidental loss, destruction and damage to PD. Such measures align to the basic information security principles of:
7.5.1. Confidentiality - only those persons specifically authorized can access and or use PD;
7.5.2. Integrity - PD shall be accurate and relied upon for the purpose for which it is being processed;
7.5.3. Availability - PD are only provided to authorized persons upon receipt of a validated request;
7.5.4. Security - PD are stored in accordance with technical/security requirements provided by the Law and are not disclosed orally, in writing or in any electronic form to any unauthorized person, either deliberately or accidentally.
8. Storage period and PD retention
8.1. Danza is to ensure that PD is not kept for any longer than necessary and will adhere to any legal, regulatory or specific business reason justifying PD processing.
8.2. PD relating to customers' is only to be retained for as long as a business justification remains. PD relating to employees is normally retained for six years after the individual leaves the company. Some information however will be kept for longer; this could include information necessary in respect of pensions, taxation, potential/current disputes or litigation regarding the employment and information required for job references.
8.3. Appropriate processes and procedures are applied to ensure the regular backup of PD, and backups can be restored when required, irrespective of the period for which relevant PD have been retained.
9. Rights of data subjects
9.1. Everyone has the right to request access to any PD about them that is held or processed by Danza.
9.2. Danza complies with requests for access to PD as established by the Law. The supplied information shall be in an intelligible form that is easily understood by everyone.
9.3. Danza is allowed to require further information to determine whether the person submitting the request is the Data Subject (this is to avoid PD about one individual being send to another, inadvertently, or as a result of deception).
9.4. The Data Subject is entitled to modify their own PD by signing in to their account on the Danza site. The customer is able to delete saved credit/debit card details. If the customer changes their billing or shipping address while an order is still being processed, the order will be re-processed through security validation checks. PD can be also amended by the Danza customer care team by emailing
9.5. At all times the customer has the right to opt-out of subscribing to Danza regular service updates which may be sent to them: (i) email alerts for new products, features, enhancements, special offers, upgrade opportunities, contests, events of interest, and one-off marketing promotions; and (ii) direct mail alerts for new products, features, enhancements, special offers, upgrade opportunities, contests, events of interest, and one-off marketing promotions. Any email sent by Danza to the customer contains an easy automated unsubscribe link. Alternatively the customer can change their email preferences or opt out of all emails by signing in to their account on the Danza site or emailing
9.6. Danza sites and their contents are not targeted to minors (those under the age of 18). However, Danza cannot ascertain the age of individuals who access its site. If a minor has provided Danza with PD without parental or guardian consent, the parent or guardian should contact Danza to have the relevant information removed.
10. Transfer and cross-border transfer ("CBT") of PD
10.1. Danza performs transfer and CBT of PD, i.e. transmission of PD to a recipient located in a foreign jurisdiction, in conformity with the rules established by the Law and exclusively for the purposes of PD processing indicated in par. 5 above.
10.2. PD can be transferred without written consent of the Data Subject to foreign countries that ensure proper protection of Data Subjects' rights in conformity with the Law.
10.3. PD can be transmitted across the borders to the countries that are incapable of ensuring proper protection of PD owner rights:
10.3.1. upon written consent of the Data Subject to CBT of their PD given as established by the Law;
10.3.2. for the purpose of performing an agreement of which both the Data Subject and the Operator are parties;
10.3.3. in other cases established by the Law.
10.4. In case Danza shares PD with any (national or foreign) third party a Confidentiality Agreement ("NDA") shall be stipulated with such subject. In this case: (i) the NDA shall clearly indicate and describe the purposes for which the information may be used by the recipient and any eventual limitation or restriction to the possibility to use the information; and (ii) the recipient must provide an undertaking or other form of evidence of its commitment to process the information in a manner that will not contravene the Law and Danza applicable internal regulations.
11. Information on third parties engaged in PD processing
11.1. Upon consent of the Data Subject, and unless otherwise provided by the Law, Danza is entitled to charge a third party ("Processor") with performing PD processing activities by virtue of a Data Processor Agreement ("DPA") to be mandatorily concluded with this subject.
11.2. The DPA shall define the list of actions (operations) with PD to be conducted by the Processor, the processing purposes, the confidentiality obligations towards the PD assumed by the Processor, as well as the obligations to protect PD as they are processed, and the requirements for the protection of the processed PD.
11.3. The Processor shall not be obliged to obtain consent from the Data Subject for the processing of their PD.
12. Information on applicable requirement to PD protection
12.1. In the course of PD processing, Danza shall take all required legal, organizational and technical measures provided by the Law to protect PD from unlawful or accidental access, destruction, adjustment, blocking, copying, submission, sharing or other unlawful actions.
12.2. Namely, but not exclusively, PD shall be protected by means of the following:
12.2.1. appointment of persons responsible for organizing PD processing and safety;
12.2.2. issuance of internal regulations/procedures on PD processing and protection focused on prevention and tracing violations of the Law, elimination of respective consequences;
12.2.3. make employees engaged in PD processing aware of their participation in personal data processing, as well as the rules for personal data processing and protection set by Danza regulatory acts;
12.2.4. registration and recording of operations with PD;
12.2.5. internal transmission of PD solely among the persons holding positions included in the list of positions that require PD processing of the persons filling such positions;
12.2.6. organization of PD processing procedures within protected areas and with the use of required technology and systems, as well as ensuring physical protection of PD storage media, locations and tools for their processing;
12.2.7. setting access rules to PD, tracing cases of unauthorized access to PD and taking relevant measures;
12.2.8. implement a process for assessing the level of risk to individuals associated with processing PD;
12.2.9. organize periodic internal controls/audits over compliance of the PD protection measures taken in accordance with the Law and internal regulations of Danza.
13. The data protection officer
13.1. Danza is responsible through its Data Protection Officer ("DPO") for the implementation of the present Policy and all operations connected with the processing of PD. In particular, the DPO is responsible for:
13.1.1. ensuring that Danza complies with the Law;
13.1.2. ensuring that appropriate fair processing statements are made when Danza, its agents, contractors or service providers collect or process PD on its behalf, and that these reflect the purposes for which the information may be used and any other parties to whom the information may be revealed;
13.1.3. ensuring that PD is only obtained for specified and lawful business purposes indicated in this Policy and is not subsequently processed in a manner incompatible with those purposes;
13.1.4. ensuring that Data Subjects provide appropriate consent to their PD being held and processed by Danza;
13.1.5. ensuring Danza conducts periodic reviews of computer and hard copy records to verify that PD held is: (i) adequate, relevant, and not excessive for its purpose; (ii) accurate and up to date; and (iii) not kept longer than is necessary;
13.1.6. ensuring that Danza complies with article 9 of the present Policy in case of requests submitted by Data Subjects;
13.1.7. ensuring Danza applies all appropriate technical and organisational measures provided for by the Law to safeguard against unauthorised or unlawful processing of PD and against any accidental loss or destruction of, or damage to PD;
13.1.8. ensuring that training is provided to employees on joining Danza and annually thereafter and that a record of attendance is maintained.
13.2. The DPO is appointed by Danza executive body and receives instructions directly from that body.
14. Responsibility for violation of PD processing rules
14.1. Danza employees engaged in PD processing shall bear disciplinary, civil, administrative or criminal responsibility for violation of PD processing rules in conformity with the Law and internal regulations of Danza.
15. Modification of this policy
15.1. Danza has the right to amend and/or update this Policy in whole or in part in conforming with the Law. Each modification shall be clearly communicated on the Danza website and will be effective immediately upon publication.
16. Contact details
16.1. Name of the Operator: “Danza”, Sole Proprietor David Spitsyn Andreevich, 5 Pikulya str., Yuzhno-Sakhalinsk, Sakhalin region, Russian Federation, 693000.
16.2. To obtain further information on the PD policy, please refer to the Contact Us section of the Danza website and email the relevant department. Alternatively, Danza customer care team is available by emailing