Personal Data Processing Policy

1. General provisions
This Personal data processing policy has been compiled in accordance with the requirements of the Federal Law of 27.07.2006. No.152-FZ "On Personal Data" (hereinafter referred to as;— The Law on Personal Data) and defines the procedure for processing personal data and measures to ensure the security of personal data data taken by Expat Online School (hereinafter— Operator).
1.1. The operator sets its most important goal and condition for the implementation of compliance with the rights and freedoms of a person and a citizen in their activities when processing his personal data, including the protection of rights on privacy, personal and family secrets.
1.2. This Operator's policy regarding the processing of personal data the Data Policy (hereinafter referred to as the Policy) applies to all information, which the Operator can get about website visitors https://expat-school.com .
2. Basic concepts used in the Policy
2.1. Automated processing of personal data data processing— processing of personal data by means of computer technology.
2.2. Blocking of personal data — temporary termination processing of personal data (with the exception of cases when processing necessary to clarify personal data).
2.3. Website — a set of graphic and informational materials, as well as computer programs and databases that provide their availability on the Internet at the network address https://expat-school.com .
2.4. Personal data information system — a set of contained in personal data databases and providing their processing of information technologies and technical means.
2.5. Depersonalization of personal data— actions, in the result of which it is impossible to determine without using additional information belonging of personal data to a specific To the user or other subject of personal data.
2.6. Processing of personal data — any action (operation) or a set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Operator — state body, municipal body, a legal entity or an individual, independently or jointly with others persons organizing and/or processing personal data, a also defining the purposes of personal data processing, the composition personal data to be processed, actions (operations) performed with personal data.
2.8. Personal data— any information, related directly or indirectly to a certain or defined To the website user https://expat-school.com .
2.9. Personal data authorized by the personal data subject for distribution, — personal data, unlimited access the circle of persons to whom the subject of personal data is provided by consent to the processing of personal data authorized by the subject personal data for distribution in accordance with the procedure provided for The Law on Personal Data (hereinafter — personal data, allowed for distribution).
2.10. User— any visitor to the website https://expat-school.com .
2.11. Provision of personal data — actions aimed at on disclosure of personal data to a certain person or a certain a circle of people .
2.12. Distribution of personal data — any actions, aimed at the disclosure of personal data to an indefinite circle of persons (transfer of personal data) or familiarization with personal data data of an unlimited number of persons, including disclosure personal data in the mass media, placement in information and telecommunication networks or providing access to personal data in any other way.
2.13. Cross—border transfer of personal data - transfer personal data on the territory of a foreign state to the authority the authorities of a foreign state, a foreign individual or a foreign to a legal entity.
2.14. Destruction of personal data — any actions, as a result of which personal data is permanently destroyed with the impossibility of further restoration of the content of personal data in the personal data information system and/or are destroyed material carriers of personal data.
3. Basic rights and obligations of the Operator
3.1. The Operator has the right:
—receive reliable data from the subject of personal data information and/or documents containing personal data;
—in case of withdrawal of consent by the subject of personal data on the processing of personal data, and also on the direction of the request with the requirement to terminate the processing of personal data, The operator has the right to continue processing personal data without consent the subject of personal data in the presence of the grounds specified in the Law about personal data;
—independently determine the composition and list of measures, necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law on Personal Data and accepted in accordance with the relevant regulatory legal acts, unless otherwise not provided for by the Law on Personal Data or other federal laws.
3.2. The operator must:
—to provide the subject of personal data at his request with information concerning the processing of his personal data;
—organize the processing of personal data in the order, established by the current legislation of the Russian Federation;
—respond to requests and requests from subjects personal data and their legal representatives in accordance with the requirements of the Law on Personal Data;
—report to the authorized body for the protection of rights subjects of personal data at the request of this body the necessary information within 10 days from the date of receipt of such request;
—publish or otherwise provide unrestricted access to this Policy regarding the processing of personal data;
— take legal, organizational and technical measures to protection of personal data from unauthorized or accidental access to nim, destruction, modification, blocking, copying, provision, dissemination of personal data, and also from other illegal actions in relation to personal data;
—stop transmission (distribution, provision, access) personal data, stop processing and destroy personal data data in the manner and in the cases provided for by Law about personal data;
— perform other duties stipulated by law about personal data.
4. Basic rights and obligations of personal data subjects
4.1. Personal data subjects have the right:
—receive information regarding the processing of his personal data data, with the exception of cases provided for by federal laws. The information is provided to the subject of personal data by the Operator in an accessible form, and they should not contain personal data related to other personal data subjects data, except in cases where there are legitimate grounds for disclosure of such personal data. List of information and order her receipt is established by the Law on Personal Data;
—require the operator to clarify his personal data, their blocking or destruction in the event that personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, and also take legal measures to protect their rights;
—to put forward a condition of prior consent during processing personal data for the purposes of promotion on the market of goods, works and services;
—withdrawal of consent to the processing of personal data, a  also, on the direction of the request for termination of processing personal data;
—appeal to the authorized body for the protection of rights of the subjects of personal data or in a court of law unlawful actions or inaction of the Operator when processing his personal data;
—to exercise other rights provided for by the legislation of the Russian Federation.
4.2. Personal data subjects are obliged to:
—provide the Operator with reliable data about himself;
—inform the Operator about the clarification (updating, modification) of their personal data.
4.3. Persons who have given the Operator false information about themselves, or information about another subject of personal data without the consent of the latter, they are responsible in accordance with the legislation of the Russian Federation.
5. Principles of personal data processing
5.1. Personal data processing is carried out on a legal basis and on a fair basis.
5.2. Processing of personal data is limited to achieving specific, pre-defined and legitimate goals. Processing is not allowed personal data incompatible with the purposes of collecting personal data.
5.3. It is not allowed to merge databases containing personal data data processed for purposes incompatible with by myself.
5.4. Only personal data that meet the purposes are subject to processing their processing.
5.5. Content and volume of personal data processed correspond to the stated processing purposes. Redundancy is not allowed processed personal data in relation to the stated purposes their processing.
5.6. When processing personal data, the accuracy of personal data is ensured data, their sufficiency, and in the necessary cases and relevance in relation to the purposes of personal data processing data. The operator takes the necessary measures and/or ensures their acceptance by removing or clarifying incomplete or inaccurate data.
5.7. Personal data is stored in a form that allows identify the subject of personal data, no longer than required purposes of personal data processing, if the period of personal data storage it is not established by federal law, an agreement to which a party, the beneficiary or guarantor of the  which is the subject personal data. The processed personal data is destroyed or are depersonalized upon achievement of processing goals or in case of loss the need to achieve these goals, unless otherwise provided federal law.
6. Purposes of personal data processing
Purpose of processing informing the User by sending emails
Personal data
  • surname, first name, patronymic
  • email address
  • phone numbers
Legal grounds
Types of personal data processing
  • Collection, recording, systematization, accumulation, storage, destruction and depersonalization of personal data
  • Sending informational letters to the email address
7. Personal data processing conditions
7.1. Personal data processing is carried out with the consent of the subject personal data on the processing of his personal data.
7.2. Processing of personal data is necessary to achieve the goals, provided for by an international treaty of the Russian Federation or by law, for the implementation of the obligations imposed by the legislation of the Russian Federation on the operator of functions, powers and responsibilities.
7.3. Processing of personal data is necessary for the administration of justice, execution of a judicial act, an act of another body or official, subject to execution in accordance with the legislation Of the Russian Federation on enforcement proceedings.
7.4. Processing of personal data is necessary for the performance of the contract, which party or beneficiary or guarantor under which is the subject of personal data, and also for the conclusion of the contract on the initiative of the subject of personal data or the contract, according to which the subject of personal data will be beneficiary or guarantor.
7.5. Processing of personal data is necessary for the exercise of rights and the legitimate interests of the operator or third parties or to achieve socially significant goals, provided that at the same time they are not violated rights and freedoms of the subject of personal data.
7.6. Personal data is processed, access is unlimited the circle of persons to whom the subject of personal data is provided or at his request (hereinafter referred to as publicly available personal data).
7.7. Personal data subject to publication is processed or mandatory disclosure in accordance with federal law.
8. The procedure for collecting, storing, transferring and other types of personal data processing data
Security of personal data processed by the Operator, It is provided through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of the current legislation. legislation in the field of personal data protection.
8.1. The operator ensures the safety of personal data and accepts all possible measures excluding access to personal data unauthorized persons.
8.2. The User's personal data is never, under any conditions will not be transferred to third parties, except in cases related to with the implementation of the current legislation or in the event that the subject of personal data has given consent to the Operator to transfer data to a third party for the performance of obligations according to a civil contract.
8.3. In case of inaccuracies in personal data, The user can update them independently by sending Notification to the Operator at the Operator's email address onlineschoolexpat@gmail.com marked "Updating of personal data".
8.4. The term of personal data processing is determined by the achievement of the goals for which personal data has been collected, unless otherwise specified not stipulated by the contract or the current legislation.
The user can withdraw his consent at any time on the processing of personal data by sending a notification to the Operator by email to the Operator's email address onlineschoolexpat@gmail.com marked "Withdrawal of consent to the processing of personal data data".
8.5. All information collected by third-party services in the volume including payment systems, means of communication and other suppliers services stored and processed by the specified persons (Operators) in accordance with their User Agreement and Privacy Policy. The subject of personal data and/or with the specified documents. The operator does not bear responsibility for the actions of third parties, including those specified in this paragraph of the service providers.
8.6. Prohibitions on transfer established by the subject of personal data (other than granting access), and also on processing or conditions processing (other than obtaining access) of personal data authorized for distribution, do not apply in cases of personal data processing data in the state, public and other public interests, defined by the legislation of the Russian Federation.
8.7. When processing personal data, the Operator ensures confidentiality of personal data.
8.8. The Operator stores personal data in the form, allowing to determine the subject of personal data, no longer than this is required by the purposes of processing personal data, if the retention period personal data is not established by federal law, contract, which party, beneficiary or guarantor for which is the subject of personal data.
8.9. The condition for termination of personal data processing may be achievement of personal data processing goals, expiration consent of the subject of personal data, withdrawal of consent by the subject of personal data data processing or a request to terminate the processing of personal data, a also the detection of improper processing of personal data.
9. List of actions performed by the Operator with the received personal data data
9.1. The operator collects, records, systematizes, accumulates, storage, refinement (update, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction of personal data.
9.2. The Operator performs automated processing of personal data with the receipt and/or transmission of the received information on or without information and telecommunication networks.
10. Cross-border transfer of personal data
10.1. Operator before the start of the activity for the cross-border transfer of personal data, I am obliged to notify authorized body for the protection of the rights of personal data subjects about its intention to carry out cross-border transfer of personal data data (such notification is sent separately from the notification about the intention to process personal data).
10.2. Before submitting the above notification, the Operator is obliged to receive from the authorities of a foreign state, foreign individuals, foreign legal entities to whom a cross-border transfer is planned personal data, relevant information.
11. Confidentiality of personal data
The operator and other persons who have gained access to personal data are obliged to do not disclose to third parties and do not distribute personal data without the consent of the personal data subject, unless otherwise not provided for by federal law.
12. Final provisions
12.1. The user can get any clarifications on the questions concerning the processing of his personal data by contacting to the operator with an email onlineschoolexpat@gmail.com .
12.2. Any policy changes will be reflected in this document processing of personal data by the Operator. The policy is valid indefinitely before replacing it with a new version.
12.3. The current version of the Policy is freely available. on the Internet at https://expat-school.com/privacy /.