Log in to your personal account
 

Log in to your personal account
Company

Log in to your personal account

Company Policy on the Processing of Personal Data


1. GENERAL PROVISIONS
This Personal Data Processing Policy (hereinafter referred to as the “Policy”) has been developed in accordance with the legislation of the United States.
This Policy defines the procedure for processing personal data and the measures taken to ensure the security of personal data at Art & Design Life School (hereinafter referred to as the “Operator”) in order to protect human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal confidentiality, and family privacy.
The following basic terms are used in this Policy:
Automated processing of personal data — processing of personal data using computer equipment;
Blocking of personal data — temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify personal data);
Personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing;
Depersonalization of personal data — actions as a result of which it is impossible to determine, without the use of additional information, the ownership of personal data by a specific personal data subject;
Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data;
Operator — a state authority, municipal authority, legal entity, or individual that independently or jointly with other persons organizes and/or carries out the processing of personal data, and determines the purposes of personal data processing, the composition of personal data subject to processing, and the actions (operations) performed with personal data;
Personal data — any information relating directly or indirectly to an identified or identifiable individual (personal data subject);
Provision of personal data — actions aimed at disclosure of personal data to a specific person or a specific group of persons;
Distribution of personal data — actions aimed at disclosure of personal data to an indefinite group of persons (transfer of personal data) or at familiarization of an unlimited number of persons with personal data, including publication in mass media, placement in information and telecommunications networks, or providing access to personal data by any other means;
Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign state authority, foreign individual, or foreign legal entity;
Destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which material media containing personal data are destroyed.
The Company is obliged to publish or otherwise ensure access to this Personal Data Processing Policy in accordance with the legislation of the United States.

2. PRINCIPLES AND CONDITIONS FOR THE PROCESSING OF PERSONAL DATA
2.1 Principles of Personal Data Processing
The Operator processes personal data in accordance with the following principles:
  • legality and fairness;
  • limitation of personal data processing to the achievement of specific, predetermined, and lawful purposes;
  • prevention of personal data processing incompatible with the purposes of data collection;
  • prevention of combining databases containing personal data processed for purposes incompatible with one another;
  • processing only personal data that correspond to the purposes of their processing;
  • compliance of the content and volume of processed personal data with the stated purposes of processing;
  • prevention of processing personal data excessive in relation to the stated purposes of their processing;
  • ensuring accuracy, sufficiency, and relevance of personal data in relation to the purposes of processing;
  • destruction or depersonalization of personal data upon achievement of the purposes of processing or in case the need to achieve such purposes is lost, if elimination of violations is not possible, unless otherwise provided by the legislation of the United States.
2.2 Conditions for Personal Data Processing
The Operator processes personal data when at least one of the following conditions is met:
  • personal data processing is carried out with the consent of the personal data subject;
  • processing is necessary to achieve purposes stipulated by an international treaty or law, or to perform the functions, powers, and obligations imposed on the Operator by U.S. legislation;
  • processing is necessary for the administration of justice or execution of a court decision or act of another authority or official subject to enforcement under U.S. law;
  • processing is necessary for the performance of a contract to which the personal data subject is a party, beneficiary, or guarantor, or for concluding a contract at the initiative of the personal data subject;
  • processing is necessary for the exercise of the rights and legitimate interests of the Operator or third parties, or for achieving socially significant goals, provided that the rights and freedoms of the personal data subject are not violated;
  • processing of personal data made publicly available by the personal data subject or at their request (publicly available personal data);
  • processing of personal data subject to publication or mandatory disclosure in accordance with U.S. legislation.
2.3 Confidentiality of Personal Data
The Operator and other persons who have access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by U.S. legislation.
2.4 Public Sources of Personal Data
For information purposes, the Operator may create publicly available sources of personal data, including directories and address books. With the written consent of the personal data subject, such sources may include the subject’s last name, first name, middle name, date and place of birth, position, contact phone numbers, email address, and other personal data provided by the subject.
Information about the subject must be excluded from publicly available sources at any time upon the subject’s request, by court decision, or by decision of other authorized government bodies.
2.5 Special Categories of Personal Data
The Operator may process special categories of personal data relating to racial or ethnic origin, political views, religious or philosophical beliefs, health status, or intimate life only if:
  • the personal data subject has given written consent;
  • the personal data have been made publicly available by the subject;
  • processing is carried out in accordance with legislation on social assistance, labor law, and U.S. legislation on pensions and employment benefits;
  • processing is necessary to protect the life, health, or other vital interests of the personal data subject or other individuals, where obtaining consent is not possible.
Processing of special categories of personal data must be immediately terminated once the reasons for such processing have been eliminated, unless otherwise provided by U.S. legislation.
Processing of personal data relating to criminal records may be carried out by the Operator exclusively in cases and in the manner established by U.S. legislation.
2.6 Biometric Personal Data
Information characterizing a person’s physiological and biological features, on the basis of which their identity can be established (biometric personal data), may be processed by the Operator only with the written consent of the personal data subject.
2.7 Entrusting Personal Data Processing to a Third Party
The Operator has the right to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by U.S. legislation, on the basis of a contract concluded with such person.
A person processing personal data on behalf of the Operator must comply with the principles and rules for personal data processing established by U.S. legislation.
2.8 Cross-Border Transfer of Personal Data
Before initiating a cross-border transfer of personal data, the Operator must ensure that the foreign state to whose territory the transfer is intended provides adequate protection of the rights of personal data subjects.
Cross-border transfer of personal data to countries that do not provide adequate protection may be carried out in the following cases:
  • the personal data subject has provided written consent to the cross-border transfer of their personal data;
  • the transfer is necessary for the performance of a contract to which the personal data subject is a party.

3. RIGHTS OF THE PERSONAL DATA SUBJECT
3.1 Consent of the Personal Data Subject to the Processing of Personal Data
The personal data subject makes the decision to provide their personal data and gives consent to its processing freely, of their own will, and in their own interest. Consent to the processing of personal data may be given by the personal data subject or their representative in any form that allows confirmation of its receipt, unless otherwise established by U.S. legislation.
The obligation to provide proof of obtaining the personal data subject’s consent to the processing of their personal data, or proof of the legal grounds specified by U.S. legislation, rests with the Operator.
3.2 Rights of the Personal Data Subject
The personal data subject has the right to receive from the Operator information concerning the processing of their personal data, unless such right is restricted in accordance with U.S. legislation. The personal data subject has the right to require the Operator to clarify, block, or destroy their personal data if such data are incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, as well as to take lawful measures to protect their rights.
Processing of personal data for the purpose of promoting goods, works, or services on the market through direct contact with potential consumers via communication means, as well as for political campaigning, is permitted only with the prior consent of the personal data subject.
Such processing of personal data is considered to be carried out without prior consent if the Company fails to prove that such consent was obtained.
At the request of the personal data subject, the Operator must immediately cease processing their personal data for the above-mentioned purposes.
Decisions producing legal consequences for the personal data subject or otherwise affecting their rights and legitimate interests may not be made solely on the basis of automated personal data processing, except in cases provided for by U.S. legislation or with the written consent of the personal data subject.
If the personal data subject believes that the Operator processes their personal data in violation of U.S. legislation or otherwise infringes upon their rights and freedoms, the subject has the right to appeal the actions or inaction of the Operator to the authorized authority for the protection of personal data subjects’ rights or in court.
The personal data subject has the right to protect their rights and legitimate interests, including compensation for damages and/or moral harm through judicial proceedings.
4. ENSURING THE SECURITY OF PERSONAL DATA
The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary to comply with the requirements of U.S. legislation on personal data protection.
To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
  • appointment of responsible officials, where necessary, for organizing the processing and protection of personal data;
  • restriction of the number of persons with access to personal data;
  • familiarization of subjects with the requirements of U.S. legislation and the Operator’s internal regulations on personal data processing and protection;
  • organization of accounting, storage, and handling of information media;
  • identification of personal data security threats during processing and development of threat models;
  • development of a personal data protection system based on the threat model;
  • verification of readiness and effectiveness of information security tools;
  • differentiation of user access to information resources and software and hardware used for data processing;
  • registration and logging of user actions in personal data information systems;
  • use of antivirus software and system recovery tools;
  • use, where necessary, of firewall systems, intrusion detection tools, vulnerability analysis tools, and cryptographic information protection tools;
  • organization of access control to the Operator’s premises and security of facilities housing technical means for personal data processing.
5. FINAL PROVISIONS
Other rights and obligations of the Operator, as a personal data operator, are determined by U.S. legislation in the field of personal data.
Officials of the Operator found guilty of violating regulations governing the processing and protection of personal data shall bear material, disciplinary, administrative, civil, or criminal liability in accordance with U.S. legislation.
The Company has the right to make changes to this Privacy Policy without the User’s consent.
All suggestions or questions regarding this Privacy Policy should be submitted through the “Contacts” section of the website.
The current Privacy Policy is available on the website at:
https://artdesignlife.school/
Made on
Tilda