phone number or email address, also subject to the law

Right
Even 100500 checkboxes where it is written that the user agrees to everything do not save you.
You can do it yourself
Not
If you collect personal data, then you must be a legal entity and must be included in the register of personal data operators. So, store them on the territory of the Russian Federation.
But an individual cannot be a personal data operator and cannot get into the register even if they wish, and it is not clear what to do in this situation.

Is it enough to make a warning in the feedback form for agreeing to the public offer and a link to this offer, in which it is simple to state that the user's data is needed only to contact him?

The checkbox that the user clicks will be an expression of his consent to the processing, if it is clearly written "by checking the box or bw, you agree and blah blah."
I won’t say for sure, try looking at 152 Federal Laws and 21 FSTEC orders.

In what situation is registration required as a PD operator?
If it’s not enough, ask right there, the guys will tell you.

In fact, you are obliged to:
1. Obtain consent from the user for the processing and storage of data, as well as familiarize the user with the privacy policy - how it is planned to use his personal data (checkbox with consent to the processing and storage and privacy policy).
2. Ensure the safety of transmitted data and store them on a Russian hosting.
It is better to read more in the Federal Law - when a person independently studies the legislation and acts within its framework, he is freed from the need to contact lawyers - as a last resort, it is worth contacting complex issues that are in doubt. Legal advice is always worth something, even free. It is worth paying attention to the date of laws, amendments, as well as to the sources where they are posted. It is better to get information from official sources, fresh, or from reputable publications and services, however, the fact that it can be provided free of charge there, in commercial sources, does not mean that you will not be indebted for familiarizing yourself with it, therefore, if you do not want to purchase information bases, Information should be obtained from official sources.

A public offer is a little different. You mean the privacy policy.
It is desirable to have it on the site, especially if it honestly says that you use the data only for the functioning of the services of the site itself that are openly declared to users and do not transfer them to third parties.
In the same case, I suspect that any competent lawyer will prove that the user filling in the fields with his PD in the form on the site cannot mean anything other than the user's consent to the processing of this data by this site. But you can explicitly sign it under the form (with a link to the PC) or even make it a checkbox, if it burns you so much and you really believe that someone will suddenly have it for you, and not for the rest of the Internet, claims precisely for these articles.
But if you still leak user data to spammers or other bastards, then burn in hell, who will help you?! ;)

How not to violate the law on personal data if...

Is it enough to make a warning in the feedback form for agreeing to the public offer and a link to this offer, in which it is simple to state that the user's data is needed only to contact him?

Ideally, make it so that the user cannot send his contact information without checking the box that he agrees to the privacy policy. Naturally, there should be a link by which the user can go and read this very policy
There is no need to notarize, as there is no such form yet. Plain text on the site, nothing more. You should not write yourself - you can not take into account various legal nuances. The simplest option is to copy-paste it from your competitor's website. The main thing is that the field of activity exactly coincides with yours. Well, do not forget to double-check a hundred times whether you put the name of your company everywhere, etc. If this is not possible, it is better to give it to lawyers.
No captcha affects here, only a checkbox.
PS Also, your legal entity (owner of the site) must have an order for the processing of personal data. If my memory serves me, it contains the purpose of data processing, methods and responsible people. But it's better to google examples, I'm sure there are a lot of them