1. General provisions
1.1. The Personal Data Processing Policy (hereinafter referred to as the Policy) is aimed at protecting the rights and freedoms of individuals, whose personal data are processed by BUSINESS SCHOOL ROST (hereinafter referred to as the Operator).
1.2. The policy is developed in accordance with clause 2 of Part 1 of Art. 18.1 of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006 (hereinafter the Federal Law)
1.3. The policy contains information to be disclosed in accordance with Part 1 of Art. 14 of the Federal Law, and is a public document.
2. Information about the Operator
2.1. The Operator is located at Primorsky Territory, Vladivostok, st. Nizhny portovaya, house 6 G, apt. 11
2.2. BUSINESS SCHOOL ROST. (phone +7 (423) 272−3076) was appointed responsible for organizing the personal data processing.
2.3. The database of information containing personal data of citizens of the Russian Federation.
3. Information on Personal Data Processing
3.1. The Operator processes personal data on a legal and fair basis for the performance of the functions, powers and duties entrusted to him by law, the implementation of the rights and legal interests of the Operator, employees of the Operator and third parties.
3.2. The Operator obtains personal data directly from data subjects.
3.3. The Operator processes personal data either with application of automation technologies or without them (mixed personal data processing).
3.4. Personal data processing activities include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, deletion and destruction.
3.5. Databases of information containing personal data of citizens of the Russian Federation are located on the territory of the Russian Federation.
4. Clients Personal Data Processing
4.1. The Operator processes the personal data of clients within the framework of legal relations with the Operator, settled by the Civil Code of the Russian Federation Part 2 No. 14-FZ of January 26, 1996 (hereinafter referred to as the Clients).
4.2. The Operator processes Personal Data of the Clients in compliance with the principles and rules stipulated by the Federal law for the following purposes:
— ensuring the conclusion and subsequent execution of a contractual obligation with the Clients;
— carrying out the types of activities stipulated by the constituent documents BUSINESS SCHOOL ROST;
— informing about new products, special promotions and offers;
— analyzing of the actions of an individual on the website and the functioning of the website;
— sending notices about updates on the blog.
4.3. The Operator processes the Personal Data of the Clients with their consent within the framework of the contracts concluded with them. In cases stipulated by the Federal Law "On Personal Data", consent is provided in writing. In other cases, consent is deemed to be obtained at the ensuring the conclusion of a contractual obligation or when performing implicative actions.
4.4. The Operator processes the Personal Data of the Clients within the framework of the contracts concluded with them. The Operator can processes the personal data of the Clients after the expiration of the contractual relationship within the period stipulated by p. 5 Part 3 Art. 24 of Part I of the Tax Code, and Part 1 Art. 29 of the Federal Law "On Accounting" and other regulatory legal acts.
4.5. The Operator processes the following personal data of the Clients:
— Full Name;
— Type, series and number of the principal identification document;
— Date of issue of the identification document and the body which issued it;
— Year of birth;
— Month of birth;
— Date of Birth;
— Place of Birth;
— Address;
— Contact phone number;
— E-mail address;
— INN (taxpayer identification number);
— SNILS (personal pension account number);
— The photo;
— Profession;
— Position;
— Information about the purchased goods;
— Information about the services provided.
5. Subscribers Personal Data Processing
5.1. The Operator processes the personal data of "subscribers" within the framework of legal relations with the Operator, settled by the Civil Code of the Russian Federation Part 2 No. 14-FZ of January 26, 1996 (hereinafter referred to as the Subscribers).
5.2. The Operator processes the personal data of the Subscribers for the following purposes:
— ensuring the conclusion and subsequent execution of a contractual obligation between the Operator and the Subscribers;
— carrying out the types of activities stipulated by the constituent documents BUSINESS SCHOOL ROST;
— informing about new products, special promotions and offers;
— analyzing of the actions of an individual on the website and the functioning of the website;
— sending notices about updates on the blog;
5.3. The Operator processes the personal data of the Subscribers with their consent, provided for the duration of the contracts concluded with them. In cases stipulated by the Federal Law "On Personal Data", consent is provided in writing. In other cases, consent is deemed to be obtained at the ensuring the conclusion of a contractual obligation or when performing implicative actions.
5.4. The Operator processes the personal data of the Subscribers within the framework of the contracts concluded with them. The Operator can processes the personal data of the Subscribers after the expiration of the contractual relationship within the period stipulated by p. 5 Part 3 Art. 24 of Part I of the Tax Code, and Part 1 Art. 29 of the Federal Law "On Accounting" and other regulatory legal acts.
5.5. The Operator processes the following personal data of the Subscribers:
— Full Name;
— Type, series and number of the principal identification document;
— Date of issue of the identification document and the body which issued it;
— Year of birth;
— Month of birth;
— Date of Birth;
— Place of Birth;
— Address;
— Contact phone number;
— E-mail address;
— INN (taxpayer identification number);
— SNILS (personal pension account number);
— The photo;
— Profession;
— Position;
— Information about the purchased goods;
— Information about the services provided.
6. Event Participants Personal Data Processing
6.1. The Operator processes the personal data of "event participants" within the framework of legal relations with the Operator, settled by the Civil Code of the Russian Federation Part 2 No. 14-FZ of January 26, 1996 (hereinafter referred to as the Event Participants).
6.2. The Operator processes the personal data of the Event Participants for the following purposes:
— ensuring the conclusion and subsequent execution of a contractual obligation between the Operator and the Event Participants;
— carrying out the types of activities stipulated by the constituent documents BUSINESS SCHOOL ROST;
— informing about new products, special promotions and offers;
— analyzing of the actions of an individual on the website and the functioning of the website;
— sending notices about updates on the blog;
— registration for the event and ticketing.
6.3. The Operator processes the personal data of the Event Participants with their consent, provided for the duration of the contracts concluded with them. In cases stipulated by the Federal Law "On Personal Data", consent is provided in writing. In other cases, consent is deemed to be obtained at the ensuring the conclusion of a contractual obligation or when performing implicative actions.
6.4. The Operator processes the personal data of the Event Participants within the framework of the contracts concluded with them. The Operator can processes the personal data of the Event Participants after the expiration of the contractual relationship within the period stipulated by p. 5 Part 3 Art. 24 of Part I of the Tax Code, and Part 1 Art. 29 of the Federal Law "On Accounting" and other regulatory legal acts.
6.5. The Operator processes the following personal data of the Event Participants:
— Full Name;
— Type, series and number of the principal identification document;
— Date of issue of the identification document and the body which issued it;
— Year of birth;
— Month of birth;
— Date of Birth;
— Place of Birth;
— Address;
— Contact phone number;
— E-mail address;
— INN (taxpayer identification number);
— SNILS (personal pension account number);
— The photo;
— Profession;
— Position;
— Information about the purchased goods;
— Information about the services provided.
7. The security of personal data
7.1. The operator appoints a person responsible for organizing the processing of personal data to ensure the fulfillment of the obligations laid down in thу Federal Law and normative legal acts adopted in accordance with it
7.2. The operator applies a set of legal, organizational and technical measures as are necessary to ensure the security and to protect personal data against unlawful actions:
—provides unlimited access to the Policy, which copy is located at the address of the location of the Operator, and can be published on the Operator's website (if available);
—in the purpose of the Policy approves and enforces the document "Regulation on the processing of personal data" (hereinafter - the Regulation) and other local acts;
— makes employees involved in the processing of personal data aware of the provisions of the legislation of the Russian Federation as well as of the Policy and the Regulation;
—allows the access to personal data processed in the personal data filing system of the Operator, as well as to personal data recorded in tangible medium, only to the employees involved in the personal data processing;
—establishes the rules for access to personal data processed in personal data filing system of the Operator, and provides for the registration and recording of all actions performed on personal data;
— evaluates damage which may be caused to data subjects in the event of the violation of the Federal Law;
—identifies threats to the security of personal data when they are processed in the personal data filing system of the Operator;
—applies organizational and technical measures and means of data protection as are necessary to meet the established levels of protection of personal data;
— detects instances of unauthorized access to personal data and takes measures for restoring personal data which have been modified or destroyed as a result of unauthorized access;
— assesses the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data filing system of the Operator;
— carries out an internal control of the conformity of the processing of personal data to the Federal Law and normative legal acts adopted in accordance with it, requirements relating to the protection of personal data, the Policy, the Regulation and the Operator's by-laws, included monitoring measures taken to ensure the security of personal data and the level of protection of personal data filing system of the Operator.
8. Rights of personal data subjects
8.1. Personal data subject has the right to:
— receive information concerning this data subject and processing of his personal data;
— request an operator to rectify, block or destroy his personal data in the event that the personal data are incomplete, out-of-date, inaccurate or unlawfully obtained or are not needed for the stated purpose of the processing;
— withdraw of consent given by him for the processing of personal data;
— protect his rights and legitimate interests, including the right to reimbursement for losses and compensation for moral injury through the courts;
— appeal against the actions or inaction of the operator to the authorized body for the protection of the personal data subjects' rights or through the courts.
8.2. In order to safeguard their rights and legitimate interests, personal data subject has the right to ask the Operator to provide him or his representative upon application or upon receipt of a request from the personal data subject or his representative. The request shall contain the information specified in Part 3 Art.14 of the Federal Law "On Personal Data".