Politics regarding the processing of personal data of customers

IE Pilguyev G.A.

  1. General Provisions

    1. This document was adopted pursuant to clause 2 of Part 1 of Article 18.1 of Federal Law No. 152-FZ of July 27, 2006 “Personal Data” (hereinafter referred to as the Law “Personal Data”) and defines the policy of individual entrepreneur Gleb Avinirovich Pilguyev (hereinafter - the Operator) ) in relation to the processing of personal data of clients during the implementation of entrepreneurial (economic) activities by the Operator, as well as procedures aimed at preventing and detecting violations of the legislation of the Russian Federation in the field of protection of personal data and eliminating the consequences of such violations.
    2. The following individuals are the Clients of the Operator who this Policy is to be applied:
      • visitors to the site on the Internet, owned by the Operator and located on: http://londonexpress-online.com/ (hereinafter referred to as the Operator’s website);
      • individuals who conclude contracts with the Operator of a civil law nature, including providing their personal data and personal data of a minor whose legal representative they are, in connection with the intention to conclude such an agreement or receive information about the services provided by the Operator and other Operator activities;
      • - individuals acting as representatives (including managers) and employees of legal entities and individual entrepreneurs with whom the Operator enters into civil law agreements, including providing their personal data in connection with the intention to conclude such an agreement or receive information about services, provided by the Operator and other activities of the Operator.
    3. All issues related to the processing of personal data that are not regulated by this Policy are resolved in accordance with the current legislation of the Russian Federation in the field of personal data.
    4. The effect of this Policy does not apply to the processing and protection of personal data of the Operator's employees.
  2. Terms and definitions

    1. For the purposes of this Policy, the following basic terms are used:
      • personal data - any information relating directly or indirectly to a specific or determined individual (subject of personal data);
      • processing of personal data - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
      • distribution of personal data - actions aimed at the disclosure of personal data to an indefinite circle of persons;
      • provision of personal data - actions aimed at disclosing personal data to a specific person or a certain circle of persons;
      • information - information (messages, data) regardless of the form of their presentation.
    2. The meaning of other concepts specified in this Policy is determined in accordance with the Law on Personal Data, other regulatory legal acts adopted in the field of personal data protection, as well as other norms of the legislation of the Russian Federation.
  3. Purpose of processing personal data of customers, the procedure of the customer provision and revocation of consent to the processing of personal data

    1. Processing of personal data of customers is carried out in order to:
      • provide customers with information about the services provided by the Operator, the work performed by the Operator, the goods sold by the Operator;
      • consider issues related to the possibility of further cooperation between the Operator and an individual;
      • conclude and follow the provisions of contracts related to the entrepreneurial (economic) activity of the Operator with an individual customer;
      • conclude and execute agreements with a legal entity related to the entrepreneurial (economic) activity of the Operator;
      • carry out an analysis of the quality and volume of the services rendered, the work performed, the goods sold by the Operator.
    2. The operator has the right to process personal data of customers with their consent, unless otherwise provided by law.
    3. Consent to the processing of personal data can be issued by the client in the following ways:
      • in a form of a letter by sending it directly to the address of the Operator's location;
      • by paying the Operator’s bill in order to conclude an agreement on the provision of paid educational services posted on the Operator’s website. In the event of the conclusion of such an agreement, the client confirms that they are familiar with this Policy, and also confirms that the Operator has consented to the processing of their personal data in accordance with this Policy;
      • in electronic form on the Operator’s website by affixing a sign of familiarization with and consent to this Policy on the corresponding page of the Operator’s website;
      • in a different way.
    4. . In the event that the client consents electronically on the Operator’s website, the client, in accordance with Section 9 of the Law “On Personal Data”, gives consent to the individual entrepreneur G. Pilguev (TIN 263203740874, OGRN FE 319265100084137, place of residence: 357560, Stavropolsky Krai, Pyatigorsk, pos. Goryachevodsky, prospekt Sovietskoy Armyi, dom 17, kvartira 109) to process automatically their personal data and/or the minor person’s personal data of which they are the legal representative, namely the performance of actions provided in paragraph 3 of Article 3 of the Law on Personal Data. In this case, the client agrees to the processing of personal data subject to the following conditions:
      • a list of personal data for the processing of which consent is given:
        • full name;
        • gender, age;
        • date and place of birth;
        • data of a passport of a citizen of the Russian Federation;
        • data of a driver’s license;
        • data of the certificate of state registration of the vehicle;
        • address of registration in the place of residence and address of actual residence;
        • phone number (home, mobile);
        • SNILS;
        • TIN.

        If the client does not want to give consent to the processing of any personal data specified in this clause, they have the right, after obtaining consent on the Operator’s website, to send them a corresponding notification by e-mail at school@londonexpress-online.ru.

        • the period during which the consent is valid: the consent to the processing of personal data is valid from the date of its registration on the Operator's website until the day of its withdrawal;
        • method of withdrawal of consent: withdrawal of consent to the processing of personal data can be executed in simple written form with affixing the client’s own handwritten signature and date. It can be sent to the address of the Operator's location, handed to an authorized representative of the Operator against signature, or sent in a scanned form by e-mail to: school@londonexpress-online.ru.

    5. Consent to the processing of personal data on the conditions established in clause 3.4 of this Policy is also considered to be provided by the client upon sending any electronic message to the Operator using the Operator's website.
    6. All methods of obtaining consent provided for by this Policy have the same legal value; the use of one of the methods of obtaining consent is sufficient to express the will of the client.
  4. Customer rights related to the processing of personal data

    1. The client has the right to:
      1. Access and familiarize themselves with their personal data.
      2. Demand from the Operator clarification, exclusion or correction of incomplete, incorrect, outdated, unreliable, illegally obtained or not necessary for the Operator personal data.
      3. Receive from the Operator:
        • information about persons who have access to personal data or who may be granted such access;
        • a list of processed personal data and the source of their receipt;
        • terms for processing personal data, including periods for their storage;
        • information about what legal consequences for the subject of personal data may entail the processing of his personal data.
      4. Require notification from the Operator of all persons who previously reported incorrect or incomplete personal data about all exceptions, corrections or additions made to them.
      5. Appeal to the authorized body for the protection of the rights of subjects of personal data or in court the illegal actions or inaction of the Operator in the processing and protection of his personal data.
      6. To carry out other actions stipulated by the legislation of the Russian Federation in the field of personal data protection.
      7. All requests of the Client on issues related to the processing of their personal data can be sent to the operator by e-mail at school@londonexpress-online.ru.
  5. Access and protection of personal data of clients

    1. The list of persons having access to personal data by the client, including personal data information systems, is established by the head of the Operator.
    2. The right of access to the Operator’s premises where material carriers of personal data are located, as well as the right to access the personal data information systems owned by the Operator, are exclusively reserved for persons indicated in the list approved in accordance with clause 5.1 of this Policy. Access of other persons to such premises and to personal data information systems is provided in the presence and with the consent of persons having access to personal data of clients.
    3. Persons with access to personal data of customers are required to:
      • ensure the safety of material carriers of personal data, including by storing data of material carriers (including paper documents) in the premises at the location of the Operator;
      • comply with the restrictions established by this Policy on access to personal data information systems (including by setting passwords that provide access to the technical means of such an information system);
      • immediately notify the head of the Operator of all facts of unauthorized access to personal data and their unlawful processing.
    4. The Operator appoints an employee who is responsible for organizing the processing of personal data and ensuring the security of personal data of clients in information systems, which ensures:
      • internal control over the observance by the Operator and their employees of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, as well as the Operator's policy regarding the processing of personal data, local acts of the Operator;
      • informing the Operator’s employees of the provisions of the legislation of the Russian Federation on personal data, local acts on the processing of personal data, requirements for the protection of personal data;
      • organization of the reception and processing of customer requests and inquiries or their representatives and (or) control over the reception and processing of such requests and inquiries;
      • accounting machine carriers of personal data by compiling and agreeing with the head of the Operator the corresponding written list of machine carriers;
      • timely detection of unauthorized access to personal data of customers and immediate report of this information to the head of the Operator;
      • prevention of impact on the technical means with which the processing of personal data of customers is carried out, as a result of which their functioning may be disrupted;
      • restoration of personal data of customers modified or destroyed due to unauthorized access to it;
      • continuous monitoring of the level of protection of personal data of customers;
      • compliance with the conditions for the use of information protection tools provided for by operational and technical documentation;
      • if violations of the procedure for the provision of personal data of clients are detected, immediately suspend the provision of personal data to users of the personal data information system until the causes of violations are identified and these reasons are eliminated;
      • investigation and drawing up conclusions on the facts of non-compliance with the storage conditions of tangible media of personal data of clients, the use of information protection tools that could lead to a violation of the confidentiality of personal data of clients or other violations leading to a decrease in the level of protection of personal data of clients, development and adoption of measures to prevent possible dangerous consequences of such violations.
  6. Responsibility for violation of the rules governing personal data processing

    1. Persons guilty of violating the procedure for handling personal data of clients bear disciplinary, administrative, civil or criminal liability in accordance with the requirements of the legislation of the Russian Federation.
  7. Final Provisions

    1. This Policy shall enter into force upon its approval by the Operator.
    2. Amendments to this Policy are carried out by decision of the Operator. The introduced changes take effect from the moment the new version of the Policy is approved by the Operator.
    3. By visiting the Operator’s website, using the information posted on it, the Client confirms that they have got familiar with this Policy and express their agreement with its terms.
    4. This Policy is publicly available. The general accessibility of this Policy is ensured by the publication of its text in electronic form on the Operator's website, as well as on paper at the location of the Operator with the provision of the opportunity to familiarize it with any interested person.
Write to us