PERSONAL DATA PROCESSING POLICY

 Moscow

 August 1, 2019

GENERAL REGULATIONS

1.1. This Personal data processing Policy (hereinafter – the Policy) is developed in accordance with the Constitution, the Civil Code of the Russian Federation, the Federal law of July 27, 2006 Nr. 149-FL “On information, information technologies and information protection”, Federal law dated 27 July 2006 No. 152-FL “On personal data” (hereinafter - the Law “On personal data”) and normative Russian Federation legal acts accepted in accordance with them.

1.2. Terms related to the personal data processing are used in the meaning in which they are given in article 3 of the law "On personal data", unless otherwise stated in the text of the Policy.

1.3. The purpose of this Policy is to determine the order of collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction of personal data processed by an individual entrepreneur Sevostyanov Sergey Vyacheslavovich.

1.4. Current Policy:

       1.4.1 Establishes for Individual entrepreneur Sevostyanov Sergey Vyacheslavovich (hereinafter – the operator) the rules of processing personal data provided by customers who use the site https://givinschool.org  and its separate services for receiving services (hereinafter - Users and Site respectively);

       1.4.2. Defines the purposes, legal grounds, procedure and scope of personal data processed;

       1.4.3. Contains information about the requirements for the protection of the personal data;

       1.4.4. Determines the order of interaction with the subjects of personal data when they send requests.

1.5. The text of the Policy is available for Users on the internet at https://givinschool.org. In case of disagreement with the terms of the Policy, the User must immediately stop any use of the Site.

TERMS AND CONDITIONS

2.1. Personal data - any information relating directly or indirectly to a particular or identifiable individual (subject of personal data).

2.2. Personal data processing - any action or a set of actions performed using automation or without the use of such means with personal data, including the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.3. Automated personal data processing - processing of personal data using computer technology.

2.4. Personal data provision - actions aimed at disclosing personal data to a specific person or a particular circle of persons.

2.5. Blocking of personal data - temporary termination of personal data processing (unless it is necessary to process personal data).

2.6. Personal data use - actions (operations) with personal data that are performed by the Operator in order to make decisions or perform other actions generating legal consequences in relation to the subject of personal data or other persons or otherwise affecting the rights and freedoms of the subject of personal data or other persons.

2.7. Personal data depersonalization – actions as a result of which it becomes impossible to assign personal data to a particular subject without additional information.

2.8. Personal data destruction – actions as a result of which the recovery of personal data content in the personal data information system becomes impossible and/or a result of which physical media of personal data are destroyed.

2.9. Platform - software used by the Operator, which is a set of interconnected web services and modules that make up a single space for providing services on the internet.

2.10. User agreement - an agreement posted on the internet at: https://givinschool.org, which is the Operator's offer to enter into an agreement with any third party using the Site on the terms provided by the User agreement.

2.11. Site - a set of information, texts, graphical elements, designs, images, photos and videos and other results of intellectual activity, as well as computer programs contained in the information system that ensures the availability of such information on the internet at the network address (including subdomains): https://givinschool.org.

2.12. Cookies are data that are automatically transmitted to the Operator during the use of the Site by means of the software installed on the User's device, including IP address, geographic location, information about the browser and the type of operating system of the User's device, technical characteristics of the equipment and software used by the User, date and time of access to the Site.

USER CONSENT TO PROCESS PERSONAL DATA

3.1. The user accepts the terms of the Policy and gives the Operator informed and conscious consent to the processing of his personal data on the conditions stipulated by the Policy and the Law:

       3.1.1. Upon registration on the Site - for personal data that the User provides to the Operator by filling out the registration form located on the Site. The user is considered to have granted consent to the processing of his personal data with a tick in the box “I accept the terms of the User Agreement and consent to the processing of my personal data” at the time of pressing the registration button; 
By clicking the specified button, the User agrees to transfer all personal data that was made publicly available to the Operator by indicating in the profile the corresponding social network or electronic service.

       3.1.2. When subscribing to receive information and news materials from the Operator, by filling out a subscription form for the newsletter located on the Site. The subscription form becomes available after completing the registration process. The user is considered to have granted consent to the processing of his personal data by ticking the box “I accept the terms of the User Agreement and consent to the processing of my personal data” at the time of pressing the subscription button.

       3.1.3. For any use of the Site - for personal data that is automatically transmitted to the Operator in the process of using the Site using the software installed on the User’s device. The user is considered to have granted consent to the processing of his personal data when he started to use the Site.

3.2. The User’s consent to the processing of his personal data by the Operator is valid from the day the consent to their processing is provided (section 3.1. of the Policy), and for the period necessary to achieve the goals of processing personal data.

3.3. The user has the right to withdraw consent to the processing of personal data in the form and manner provided for in section 11 of the Policy.

CONDITIONS OF USER’S PROVISION OF PERSONAL DATA

4.1. The Site in general does not verify the accuracy of personal information provided by users, and does not monitor their legal capacity.

4.2. The Operator assumes that:

       4.2.1. The user provides correct and sufficient personal information asked in the forms of these resources, and maintains this information up to date.

       4.2.2. In case of uploading his image through the personal account of the Site - the User gratuitously agrees to the processing of this image (Article 152.1 of the Civil Code) for purposes not related to the identification of the User. The User agrees not to provide photographs of third parties as an image of the User.

4.3. The User is aware that the information on the Site posted by the User about himself may become available to other users of the Site, may be copied and distributed by such Users in cases and on the conditions specified in the section 8.6. of the Policy.

4.4. The user is acquainted with this Policy, and expresses his informed and conscious consent with it.

ACCESS TO PERSONAL DATA

The User’s personal data processed by the Operator include: 
5.1. Name, surname;
5.2. Mobile phone number;
5.3. City of residence;
5.4. Email address;
5.5. Information where the User learned about the event;
5.6. Cookies.

LEGAL GROUNDS FOR PROCESSING PERSONAL DATA 

The Users’ personal data processing is carried out on the following legal grounds:

6.1. Russian Constitution;

6.2. Civil code of the Russian Federation;

6.3. Federal law No. 152-FL of 27.07.2006 "On personal data»;

6.4. Federal law No. 149-FL of 27 July 2006 "On information, information technologies and information protection»;

6.5. User’s agreement and other agreements located on the Site: https://givinschool.org/.

PURPOSES OF PERSONAL DATA PROCESSING

The operator processes personal data of Users exclusively for the following purposes:

7.1. Registration of the User by the Operator on the Site, providing the User with the opportunity to fully use the services of the Site.

7.2. Establishing and maintaining communication between the User and the Operator, advising on the provision of services..

7.3. Fulfillment of obligations by the Operator to the User, who accepted the Public offer for the conclusion of the service Agreement dated August 01, 2019.

7.4. Fulfillment of obligations by the Operator to the User, who accepted the Public offer for the conclusion of the User Agreement dated August 01, 2019.

7.5. Sending advertising messages by the Operator to the User's email address, targeting of advertising materials.

7.6. Improving the quality of User service and modernization of the Operator's Website by processing requests from the User.

7.7. Statistical and other research based on impersonal information provided by the User.

PERSONAL DATA PROCESSING

8.1. Processing of User personal data is performed by the Operator using databases on the territory of the Russian Federation.

8.2. Personal data is processed by means of automated systems.

8.3. Processing of User personal data includes the following actions by the Operator: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, depersonalization, blocking, deletion, destruction.

8.4. The User's personal data is collected in the cases specified in section 3.1 of the Policy.

8.5. Personal data is stored (depending on what event comes first):

       8.5.1. Until the moment of their destruction by the Operator - in case of receiving the User’s withdrawal of consent to the personal data processing or the requirement for the personal data destruction;

       8.5.2. Until the expiry of the consent or the achievement of the purposes of personal data processing.

8.6. Distribution of personal data may be carried out by the Operator in the following cases:

       8.6.1. In order to place reviews about the services provided by the Operator, left by Users, in various sources of information.

       8.6.2. In order to place video and photo materials obtained in the process of providing services in various sources of information.

8.7. The Operator has the right to transfer personal data to third parties.

       8.7.1. Execution of the terms of the contract with the Users of the Site by involving third parties.

8.8. The list of permitted methods of personal data processing: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, depersonalization, blocking, deletion, destruction. A third party is prohibited from transferring and distributing personal data.

8.9. Destruction of personal data is carried out by the Operator in the following cases:

8.9.1. Deletion of the User’s personal data in the relevant section of the personal account;

8.9.2. Reception of the User's withdrawal of consent to the personal data processing;

8.9.3. Reception of the User’s request for the destruction of personal data;

8.9.4. Expiration of the consent;

8.9.5. Expiration of the period of personal data storage in accordance with the agreements of the Operator and the User.

MEASURES TAKEN BY THE OPERATOR TO PROTECT PERSONAL DATA

The operator takes necessary and sufficient legal, organizational and technical measures to protect the information provided by Users from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as other illegal actions with the data by third parties.

9.1. The main organizational measures for the personal data protection are:

       9.1.1. Regulation of third parties which services the Operator uses in order to process personal data;

       9.1.2. Strict, selective and reasoned distribution of confidential information made available;

       9.1.3. Proper organization of the destruction process of confidential information;

       9.1.4. Development and improvement Operator’s internal regulations that controls the processes of personal data processing;

       9.1.5. Appointment of the person responsible for the personal data processing;

       9.1.6. Control over unauthorized access to personal data and taking measures to prevent such incidents in the future;

       9.1.7. Control over the measures taken to ensure the security of personal data and the level of protection of information systems that keep personal data.

9.2. The Operator applies the following technical measures to protect personal data: anti-virus protection, specialized solutions that protect the information from unauthorized access, and software used by the Operator in the provision of its services.

USER RIGHTS

The user has the right:

10.1. At his discretion, to provide the Operator with personal data for their processing on the terms specified in the Policy;

10.2. Independently make changes and corrections to his personal data in the relevant section of his personal account, provided that such changes and corrections contain current and reliable information;

10.3. To delete personal data by editing the relevant section in his personal account;

10.4. To contact the Operator with the requirements, including clarification of personal data; blocking or destruction of personal data if such data are incomplete, outdated, unreliable, illegally received or are not necessary for the declared purpose of processing. The claim shall be made in accordance with the procedure provided for in section 11 of the Policy;

10.5. Receive the information from the Operator on request basis that relates to the processing of his personal data according to paragraph 7 of article 14 of the Law.

10.6. Other rights provided by the Legislation of the Russian Federation.

USER REQUESTS

11.1. The user has the right to send his requests and demands (hereinafter - the Request) to the Operator, including regarding his personal data use, as well as withdrawal of consent to the personal data processing. The Request can be sent in the following ways.

       11.1.1. In written form to the Operator’s address (section 13 of the Policy);

       11.1.2. In electronic document form (scan, copy of the document). The document must be sent from the User’s email address specified by him during the registration on the Site or in the contract as an authorized email address, to the Operator’s e-mail address: moscow@givinschool.org.

11.2. The request and requirements sent by the User must contain the following information:

       11.2.1. First and Last name of the User;

       11.2.2. Information confirming the User's participation in relations with the Operator (in particular, the user's login and password on the Site);

       11.2.3. The reason of the Request;

       11.2.4. Signature of the User or his legal representative.

11.3. The Operator addresses the User's Request in the following order:

       11.3.1. The Request is registered in the User Request database;

       11.3.2. Availability of all obligatory requisites of the Request is checked;

       11.3.3. The Request is checked for its validity;

       11.3.4. A response to the Request is provided. Depending on the reason of the Request the answer to it should contain:

       11.3.5. The information requested by the User about the processed personal data;

       11.3.6. Motivated refusal to provide the requested information about the processed personal data;

       11.3.7. Notification of actions performed with the User's personal data upon his Request;

11.4. The response to the Request is sent in the form corresponding to the form of the User's request (section 11.1 of the Policy).

CHANGE OF POLICY

12.1. The Operator has the right to make changes to the Policy. The User is obliged to read the text of the Policy every time he uses the Site.

12.2. The new edition of the Policy takes effect from the moment of its placement in the relevant section of the Operator's Site. Continued use of the Site or its services after the publication of a new version of the Policy means acceptance of the Policy and its terms by the User. In case of disagreement with the terms of the Policy, the User must immediately stop using the Site and its services.

INFORMATION ABOUT THE OPERATOR

IE Sevostyanov Sergey Vyacheslavovich 
TIN 772648413950 
OGRNIP 318774600136482
Address: 119034, Russia, Moscow, Dmitrievsky street 23 k.1 - 124 
Working hours: Mon-Fri 10:00-17:00
Phone: +79852273615
Email: moscow@givinschool.org

© Givin School | IE Sevostianov S.V.