1. General Provisions
1.1. This Privacy Policy (hereinafter referred to as the “Policy”) is prepared in accordance with Paragraph 2, Part 1, Article 18.1 of the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ dated July 27, 2006 (hereinafter referred to as the “Law”) and defines the position of the Arabirus School and specifically self-employed Elena Nikolaevna Demeshova (TIN 504813797369) (hereinafter referred to as the “Project”) regarding the processing and protection of personal data (hereinafter referred to as the “Data”), ensuring the rights and freedoms of every person, and especially the right to privacy, personal, and family secrets.
2. Scope of Application
2.1. This Policy applies to Data received both before and after the enactment of this Policy.
2.2. Understanding the importance and value of Data, as well as caring for the protection of the constitutional rights of citizens of the Russian Federation and other countries, the Project ensures reliable protection of Data.
3. Definitions
3.1. Data refers to any information related to an identified or identifiable individual (citizen), including but not limited to: surname, first name, patronymic, phone number, email address, IP address, cookies.
3.2. Processing of Data means any action (operation) or set of actions (operations) with Data, performed using automation tools and/or without such tools. These actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (updating, modification), transfer (distribution, provision, access), extraction, use, anonymization, blocking, deletion, destruction of Data.
3.3. Data Security means the protection of Data from unauthorized and/or unlawful access, destruction, alteration, blocking, copying, provision, distribution, and other unlawful actions regarding Data.
4. Legal Grounds and Purposes of Data Processing
4.1. Data processing and security in the Project are carried out in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, subordinate acts, and other federal laws defining cases and features of Data processing, as well as guidelines and methodological documents of the FSTEC of Russia and the FSB of Russia.
4.2. Data subjects processed by the Company include:
- Website visitors – internet users who visited the websites https://arabirus.com, https://arabirus.ru, https://arabirus.getcourse.ru/ (hereinafter referred to as the “Websites”) belonging to the Project;
- Potential clients – internet users who visited the Websites, filled out forms, registered, or performed other interactive actions on the website;
- Buyers – consumers, including visitors of the Project’s Websites who placed orders on these websites for subsequent receipt of the ordered informational products.
4.3. The Project processes Data for the following purposes:
- Website visitors – to improve the Project’s website and evaluate the quality of the Project’s advertising campaigns;
- Potential clients – to create a personalized product offer from the Project’s product range;
- Buyers – to provide purchased electronic products and services of the Project.
5. Principles and Conditions of Data Processing
5.1. When processing Data, the Project adheres to the following principles:
- Data processing is carried out lawfully and fairly;
- Data is not disclosed to third parties or distributed without the consent of the Data subject, except in cases requiring disclosure of Data at the request of authorized state bodies or court proceedings;
- Specific legal purposes are defined before starting the processing (including collection) of Data;
- Only Data necessary and sufficient for the stated purpose of processing is collected;
- Merging databases containing Data processed for incompatible purposes is not permitted;
- Data processing is limited to achieving specific, predetermined, and lawful purposes;
- Processed Data is subject to destruction or anonymization upon achieving the processing purposes or if there is no further need to achieve these purposes, unless otherwise provided by federal law.
5.2. The Project processes Data:
- Automatically – through data collection forms on the Websites, through questionnaire forms, when placing orders;
- Manually – when processing Data subject requests received directly via email, chats, or phone.
5.3. The Project may include Data in publicly available Data sources, anonymizing them, with the Data subject’s written consent for processing their Data, either through a website form (checkbox) or by electronic signature as per the Russian Federation’s legislation.
5.4. The Project does not process Data related to racial or ethnic origin, political views, religious, philosophical or other beliefs, intimate life, or membership in public associations, including trade unions.
5.5. The Project does not carry out cross-border Data transfers.
5.6. In cases established by Russian Federation legislation, the Project may transfer Data to third parties (Federal Tax Service, state pension fund, and other state bodies) in cases provided for by Russian Federation legislation.
5.7. The Project may delegate the processing of Data to third parties with the Data subject’s consent, based on a contract with these parties, including agreeing to the user agreement and privacy policy posted on the Websites.
5.8. Parties processing Data on behalf of the Project must comply with the principles and rules of Data processing and protection established by the Law. For each third party, the contract specifies the list of actions (operations) with Data, processing purposes, and obligations to maintain confidentiality and ensure Data security.
5.9. To comply with the requirements of Russian Federation legislation and contractual obligations, Data processing in the Project is carried out both with and without the use of automation tools. The processing operations include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), anonymization, blocking, deletion, destruction of Data.
5.10. The Project prohibits making decisions based solely on automated Data processing that produce legal effects or otherwise affect the Data subject’s rights and legal interests, except in cases provided by Russian Federation legislation.
6. Rights and Obligations of Data Subjects and the Project Regarding Data Processing
6.1. The Data subject has the right to:
- Change their Data previously provided to the Project;
- Obtain from the Project:
- Confirmation of the Data processing and information on the presence of Data related to the Data subject;
- Information on the legal grounds and purposes of Data processing;
- Information on the methods of Data processing used by the Project;
- Information on the Project’s name and location;
- Information on persons (excluding Project employees) who have access to Data or to whom Data may be disclosed under a contract with the Project or federal law;
- List of Data processed related to the Data subject and information on the source of their receipt, if not otherwise provided by federal law;
- Information on the Data processing period, including storage period;
- Information on the procedure for exercising the Data subject’s rights under the Law;
- Name (full name) and address of the person processing Data on behalf of the Project;
- Other information as provided by the Law or other regulatory acts of the Russian Federation;
- Request from the Project:
- Modification, blocking, or destruction of their Data if the Data is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated purpose of processing;
- Withdrawal of consent for Data processing at any time;
- Correction of unlawful actions by the Project concerning their Data;
- Appeal against the Project’s actions or inactions to the Federal Service for Supervision in the Sphere of Communications, Information Technology, and Mass Communications (Roskomnadzor) or in court if the Data subject believes the Project is processing their Data in violation of the Law or otherwise infringing on their rights and freedoms;
- Protection of their rights and legal interests, including compensation for damages and/or moral harm in court.
6.2. The Project has the right to:
- Process Data received from the Data subject to achieve the stated purposes of collecting Data.
6.3. During Data processing, the Project must:
- Provide the Data subject with information on Data processing upon request or refuse within thirty days from the date of receipt of the request, if legally justified;
- Explain the legal consequences of refusing to provide Data if Data provision is mandatory under federal law;
- Before starting Data processing (if Data is obtained not from the Data subject), provide the Data subject with the following information, except in cases provided by Part 4, Article 18 of the Law:
- Name or surname, first name, patronymic, and address of the Project or its representative;
- Purpose of Data processing and its legal basis;
- Intended Data users;
- Rights of Data subjects established by the Law;
- Source of Data receipt.
- Take necessary legal, organizational, and technical measures or ensure their adoption to protect Data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, distribution, and other unlawful actions concerning Data;
- Publish on the Internet and ensure unlimited access to the document defining its Data processing policy and the requirements for Data protection;
- Provide Data subjects and/or their representatives free access to Data upon request within 30 days from the date of such request;
- Block unlawfully processed Data related to the Data subject or ensure its blocking (if Data processing is done by another person acting on behalf of the Project) from the moment of the request or receipt of the request for verification, in case of identifying unlawful Data processing upon request by the Data subject or their representative or authorized body for Data protection;
- Correct Data or ensure its correction (if Data processing is done by another person acting on behalf of the Project) within 7 working days from the date of providing the information and remove the blocking of Data if the inaccuracy is confirmed based on