1.1 This Policy on the Processing of Personal Data (hereinafter - Policy) of ezcourse.ru is an official document that defines the general principles, purposes and procedure for the processing of personal data of users of the website (ezcourse.ru) (hereinafter - Site), as well as information on the personal data protection measures implemented.
1.2 The Policy is developed in accordance with the personal data legislation of the Russian Federation and the requirements of the General Data Protection Regulation of the European Union (GDPR).
1.3 This Policy applies exclusively to the Website. The Operator does not control and is not responsible for third party websites, to which the User can go via links available on the Site.
1.4 The Operator's processing of personal data of other categories of personal data subjects is regulated by other local acts of the Operator.
1.5 This Policy comes into effect from the moment of its approval and is valid for an indefinite period of time until it is replaced by a new Policy.
2. Key Terms and Definitions
2.1 The following terms are used in this Policy:
2.1.1 Personal Data Information System - a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2.1.2 Processing of personal data - any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.1.3 Personal data operator (operator) - a state authority, municipal authority, legal or natural person, independently or jointly with other persons organizing and (or) carrying out processing of personal data, as well as determining the purposes of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data.
2.1.4 Personal data - any information relating to a directly or indirectly defined or identifiable natural person (subject of personal data);
2.1.5. Website User - any person visiting the site and using information, materials and services of the site.
2.1.6. Website - a set of interconnected web pages located on the Internet at a unique address (URL), as well as its sub-domains.
2.1.7. Cookies - a small piece of data sent by the web server and stored on the User's computer, which the web client or web browser sends to the web server each time in an HTTP request when trying to open a page of the respective website.
2.1.8. IP address - a unique network address of a node in a computer network through which the User accesses the Website.
3. Procedure and conditions of personal data processing
3.1 The basis for processing of personal data of the Website users is consent to processing of personal data. Users of the Site give their consent to the processing of their personal data in the following cases:
- when registering on the Site in the personal account;
- when filling in the feedback form.
3.2 In case the User does not agree with the terms of this Policy, the use of the Site and/or any Services available through the use of the Site should be immediately terminated.
3.3 The personal data of the Website Users shall be processed for the following purposes: - registration and access to a personal account on the - establishing feedback with the Site User, including sending notifications, requests and their processing, as well as processing requests and applications from the User for the purpose of further conclusion and execution of the contract; - keeping statistics and analyzing the Website operation.
3.4 The list of users' personal data processed on the Site using automation tools for the purposes of registration and providing access to the personal account:
- surname, first name, patronymic;
- telephone number;
- e-mail address.
3.5 The list of personal data of users processed on the Website using means of automation for the purposes of establishing feedback with the user of the Website, including sending notifications, requests and their processing, as well as processing requests and applications from the user for the purposes of further conclusion and execution of the contract:
- surname, first name, patronymic;
- telephone number;
- e-mail address.
3.6 In order to keep statistics and analyze the Website operation, the Operator processes using metric services Yandex.Metrica such data as:
- IP address;
- browser information
- data from cookie files;
- access time;
- referrer (address of the previous page).
3.7 When metric services are blocked, some functions of the Site may become unavailable.
3.8 Processing of biometric personal data and special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, state of health, intimate life is not performed on the Site.
3.9 The Operator does not check the reliability of the information provided by the User and assumes that the User provides reliable and sufficient information, controls its relevance.
3.10. The Operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction.
3.11. Storage of personal data is carried out in a form that allows to identify the subject of personal data for no longer than required by the purposes of personal data processing.
3.12. The condition for termination of personal data processing may be the achievement of the purposes of personal data processing, expiration of the term of personal data processing, revocation of the consent of the Website user to the processing of his/her personal data, as well as detection of unlawful processing of personal data.
3.13. The term of storage of personal data of the Site users is 1 year from the moment of the last sending of the data.
4. Measures to ensure security of personal data
4.1 The security of personal data processed by the Operator is ensured by the implementation of legal, organizational, technical and software measures necessary and sufficient to ensure the requirements of the legislation of the Russian Federation.
4.2 The Operator shall take the following measures to ensure personal data security
- appointment of responsible persons for organization of processing and ensuring protection of personal data;
- limiting the number of the Operator's employees having access to personal data;
- determining the level of personal data protection during processing in personal data information systems;
- establishment of rules for differentiating access to personal data processed in personal data information systems and ensuring registration and accounting of all actions performed with personal data;
- restricting access to the premises where the main technical means and systems of personal data information systems are located and where non-automated processing of personal data is performed;
- keeping records of machine carriers of personal data;
- organization of backup and recovery of personal data information systems and personal data modified or destroyed due to unauthorized access to them;
- establishing requirements to the complexity of passwords for access to personal data information systems;
- implementation of anti-virus control, prevention of introduction of malicious programs (virus programs) and program tabs into the corporate network;
- organization of timely updating of software used in personal data information systems and information protection means;
- regular assessment of the effectiveness of measures taken to ensure personal data security;
- detecting the facts of unauthorized access to personal data and taking measures to identify the causes and eliminate possible consequences;
- control over the measures taken to ensure personal data security and security levels of personal data information systems.
5. Rights of the Site users
5.1 The Website User has the right to receive information regarding the processing of his/her personal data, including information containing:
- confirmation of the fact of personal data processing by the Operator;
- legal grounds and purposes of personal data processing;
- the purposes and methods of personal data processing applied by the Operator;
- name and location of the Operator, information about persons (except for the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of federal law;
- personal data being processed relating to the respective personal data subject, the source of their obtaining, unless another procedure for submission of such data is provided for by the federal law;
- the terms of personal data processing, including the terms of their storage;
- the procedure for exercising by the subject of personal data the rights provided for by the Federal Law “On Personal Data”;
- information on the realized or supposed trans-border transfer of personal data;
- name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be entrusted to such a person;
- other information provided for by the Federal Law “On Personal Data” or other federal laws.
5.2 The Website User has the right to demand from the Operator to clarify its personal data, block or destroy them in case the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect its rights.
5.3 The Website User has the right to request in a structured, universal and machine-readable format a list of his/her personal data provided to the Operator for processing, and to instruct the Operator to transfer his/her personal data to a third party if technically possible. In this case, the Operator shall not be liable for the actions of the third party subsequently performed with the personal data.
5.4 The Personal Data is stored by the Operator during the term of the contractual relationship and is deleted after the Operator has fulfilled its obligations in full. The User may delete Personal Data in the Personal Area on his/her own. In addition, the User may revoke his/her consent to the processing of Personal Data by sending a notice to the Operator by postal mail to the address: 121205, Moscow, territory of Skolkovo Innovation Center, Bolshoi Boulevard, 42, building 1, room 1122, р.м. 8, or in electronic form at: support@getcourse.ru.
6. Liability
6.1 The User is fully responsible for compliance with the requirements of the current legislation of the Russian Federation, including but not limited to the laws on advertising, on protection of copyright and related rights, on protection of trademarks and service marks, including full responsibility for the content and form of materials, in case of quoting and other use of information obtained in connection with the use of the Site services.
7. Final provisions
7.1 The Operator has the right to amend this Policy unilaterally in case of changes in the regulatory legal acts of the Russian Federation, as well as at its own discretion.
7.2 Control over the fulfillment of the requirements of this Policy shall be exercised by the person responsible for organization of personal data processing.
7.3 Persons guilty of violating the norms governing the processing and protection of personal data shall bear material, disciplinary, administrative, civil or criminal liability in accordance with the procedure established by the legislation of the Russian Federation.