REGULATION on processing and protection of personal data (privacy policy) (as at 25.07.2022)

1. General provisions

1.1. The present Regulation on the Processing and Protection of Personal Data in the Project of Individual Entrepreneur Gutsaliuk Ilya Vladimirovich, TIN 662333568415, OGRN 30966233334200094, (hereinafter - Regulations) was developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, Federal Law of July 27, 2006   149-FZ «On Information, Information Technologies and on Information Protection», Federal Law of July 27, 2006   152-FZ «On Personal Data» (hereinafter - Federal Law «On Personal Data») and normative legal acts of the Russian Federation adopted in accordance with them.

1.2. The purpose of the elaboration of this Regulation is to determine the order of collection, recording, systematization, stockpiling, storage, clarification (updates, changes), extraction, use, transfer (distribution, granting, access), depersonalization, blocking, Deletion, destruction of personal data processed by PE Kiseleva Elena Vladimirovna (hereinafter - Project, Operator) in the provision of services.

1.3. This Regulation applies to all Project sites that contain links to this Regulation, regardless of how they are used or accessed, including access from mobile devices, including: https:///gutuksali.online
including all subdomains (hereinafter referred to as the Site).

1.4. By this Regulation, the recipient of the Operator’s services or a visitor to the Site as a subject of personal data is notified and gives its consent to the objective need arising in the course of the operation of the Site and the services of the Operator to allow access to their personal data for software tools Operator and third parties (partners or service providers of the Operator). This access shall be provided only for the purposes specified in this Regulation (para. 3.1.1.).

1.5. In case of disagreement of the subject of personal data in full or in part with the terms of this Regulation - the use of the Site and its services should be immediately terminated.


2. Composition of personal data

2.1. The Project processes the personal data of individuals who have acquired the Project training course (or other reimbursable service), as well as subscribed to e-mail mailing, SMS mailing, sending to social networks through the appropriate forms of subscription on the Project Site.

2.2. List of personal data processed in the Project: - name, surname; - e-mail address (e-mail); - telephone.

2.3. The Project website uses cookies (cookies) and visitor data from visitor statistics services (IP address; information from cookies, browser information, time of access to the site, page address where the advertising block is located, referrer (previous page address)user-agent data for spam detection and other data). With the help of these data information is collected about the actions of visitors on the site in order to improve its content, improve the functionality of the site and, as a result, create quality content and services for visitors. The subject of personal data may change the settings of his browser at any time so that all cookies are blocked or notified when they are sent. In this case, the subject must understand that some functions and services of the Project will not work properly.

2.4. The operator does not intentionally process the personal data of minors. The Perpetrator recommends the use of the site by persons who have reached the age of 18. Responsibility for the actions of minors, including their purchase of services on the Site, lies with the legal representatives of minors. All visitors under the age of 18 must obtain permission from their legal representatives before providing any personal information about themselves. If the Operator becomes aware that he has obtained personal information about a minor without the consent of legal representatives, such information will be deleted as soon as possible.

3.1. General requirements for the processing of personal data

3.1.1. The processing of personal data in the Project is carried out for the following purposes: a) for the proper execution of the contract of reimbursable rendering of services under the training program purchased by the Project customer (according to the selected package of services), or other reimbursable services of the Operator, including by email and sms-mailing to email and phone, as well as sending to social networks specified by the relevant subject of personal data when paying for services of the Operator; b) for identification of the subject of personal data; c) to improve and personalize the services of the Project; r) to provide promotional and marketing materials of the Project, including through email and SMS mailing to the contacts specified by the respective subject of personal data when completing subscription forms (purchase) on the Operator’s website; d) to detect, prevent, mitigate and investigate fraudulent or illegal actions against the Operator.

3.1.2 Only those personal data that meet the purpose of their processing shall be processed (paragraph 3.1.1.). Personal data may not be used for the purpose of causing property and moral harm to subjects of personal data.

3.2. Obtaining personal data

3.2.1. The processing of personal data in the Project is carried out for the period necessary to fulfill the purposes for which they were collected in any lawful way, including in personal data information systems using or without means of automation (mixed processing) via the Internet.

3.2.2. All personal data is provided (collected) directly from the subject of personal data. The subject decides independently on the provision of his personal data and gives consent to their processing by the Project freely, by his will and in his interest.

3.2.3. Consent specified in para. 3.2.2 of this Regulation also means the consent of the subject to transfer to third parties, to order the processing of his personal data by third parties, consent of the subject to cross-border transmission of data via the Internet (when such transfer is necessary for the effective provision of services by the Project or is necessary for the achievement of other purposes established by this Regulation), as well as for receiving an email-sms-mailings, mailings to social networks within the framework of the contract concluded with the Operator for the reimbursable provision of services or for receiving advertising and marketing materials of the Project. At the same time, the Parties understand the transmission of data across borders to third parties, both in countries with an adequate level of data protection and outside such countries. In any case, the Operator shall ensure the necessary level of protection of personal data by complying with the conditions specified in para. 3.4 of this Regulation.

3.2.4. Consent to the processing of personal data is given when filling out special forms of subscription on the website of the Operator, when making an application for the conclusion of the relevant contract for the provision of services (acceptance of the public offer) either directly when making payment for services under the said contract (acceptance of public offer) by putting a "tick" in a special "checkbox" "I agree to the processing of my personal data" or with another notification of the same meaning. Separate written consent is not required.

3.2.5. For the convenience of using the Site or receiving services of the Operator, personal data can be obtained automatically using special software, including from third parties (for example, social networks) with notification of the subject of personal data before sending a request to receive them in such a way and for what purposes.

3.2.6. Consent to the processing of personal data may be withdrawn by the subject of personal data at any time by contacting the support service of the https://gutsaliuk.online Project. In case of withdrawal of consent to the processing of personal data: - The Project does not give a guarantee that in case of such an application, the Project services, which were not yet rendered at the time of receiving said revocation, will be properly provided. - Deleted data can be stored in third-party systems: cache, search engines, interconnected proxy servers, etc. etc.

3.3. Rights and obligations of the parties in the processing of personal data

3.3.1. Subjects of personal data are obliged to provide the Project with only valid personal data and to promptly report changes of their personal data. In this case, the Operator does not verify the authenticity of personal data, and does not monitor the legal capacity of subjects of personal data, and proceeds from the assumption that the subject provides reliable and sufficient personal information on the issues offered in the form of registration (subscriptions, payments) and keeps this information up to date. The risk of providing unreliable personal data is borne by the subject of personal data.

3.3.2. Every subject of personal data has the right: - to receive full information about his or her personal data and to have free access to his or her personal data, except in cases provided for by law; - to receive information, concerning the processing of his personal data - to require the Operator to clarify his personal data, to block or to destroy them if personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take legal measures to protect their rights; - Other rights stipulated by the legislation of the Russian Federation.

3.3.3. The Subject of Personal Data has the right to make the necessary changes to the personal data provided upon registration on the Site by submitting an appropriate application to the Project Support Service https:///gutsaliuk.online
or independently in a personal account in a closed section of the Site (corresponding service) used by the Operator for data processing.

3.3.4. The project is obliged to provide free of charge the subject of personal data with the opportunity to familiarize with personal data pertaining to this subject, as well as to make the necessary changes in them when the subject of personal data provides information, confirming that personal data is incomplete, outdated, inaccurate or illegally obtained. The Operator is obliged to notify the entity or its representative of the changes made and the measures taken and to take reasonable measures to notify the third parties to whom the personal data of this entity have been transmitted.

3.3.5. Consideration of the request of the subject regarding his personal data shall be carried out by the Operator within 30 (thirty) calendar days from the date of such an application, unless another period is established by this Regulation. In this case, all correspondence on such requests is carried out through the support service of the Project by sending messages to the email of the subject of personal data specified at the address.

3.4. Transmission of personal data

3.4.1. For the purpose of efficient processing of personal data, proper execution of the contract concluded between the Operator and the subject of personal data, the Project has the right to entrust processing of personal data to other legal or natural persons on the basis of the contract (next - the assignment of the Project), including through cross-border data transmission via the Internet. The individual consent of the subject of personal data is not required. The person performing the processing of personal data on behalf of the Project is obliged to comply with the principles and rules of processing of personal data, stipulated by the legislation of the Russian Federation on personal data, and is responsible for violation of confidentiality of such data, what happened to him.

3.4.2. The transfer of personal data of the entities with which the Project interacts is carried out only for the proper performance of obligations under the contracts (agreements) concluded, within the framework of which the Project and said entities cooperate.

3.4.3. When transferring personal data of a subject, the Operator is obliged to warn persons receiving personal data of subjects that these data can be used only for the purposes for which they are communicated, and require these persons to protect the confidentiality of personal data received.

3.5. Personal data retention

3.5.1. Personal data are stored electronically in the relevant information systems of personal data stored in databases in the Russian Federation.

3.5.2. Personal data shall be stored in a form that allows the identification of the subject of personal data within a period of time that ensures compliance with and achievement of the purposes for processing personal data established by this Regulation.

3.5.3. Personal data shall be stored with restricted access, including by establishing appropriate levels of access.

3.5.4. Personal data contained in different electronic databases and processed for different purposes shall be kept separately.

3.6. Termination of processing and destruction of personal data

3.6.1. In case of detection of inaccurate personal data when the subject of personal data is being treated, the Project is obliged to carry out the blocking of personal data related to this subject of personal data from the moment of such communication for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the subject of personal data or third parties.

3.6.2. If the Operator confirms the inaccuracy of personal data on the basis of the information provided by the subject of personal data, it is obliged to clarify personal data within 7 (seven) working days from the date of submission of such information and to remove the blocking of personal data.

3.6.3. In the event of detection of improper processing of personal data carried out by the Project, the latter, within a period not exceeding 3 (three) working days from the date of identification, is obliged to stop the inappropriate processing of personal data. If it is not possible to ensure the lawfulness of the processing of personal data, the Project shall, within a period not exceeding 10 (10) working days from the date of detection of the improper processing of personal data, destroy such personal data. The Project is obliged to notify the subject of personal data about the elimination of violations or the destruction of personal data.

3.6.4. In case the subject withdraws consent to processing of personal data, the Project is obliged to terminate processing thereof and, if the preservation of personal data is no longer required for the purposes of processing personal data, to destroy personal data within a period not exceeding 30 (thirty) working days from the date of receipt of the said revocation.

3.6.5. The Project has the right to continue using personal data about the subject on the outcome of the review of the withdrawal of consent to their processing, ensuring the anonymization of such information.

3.6.6. The Operator shall send notification of the results of the processing of requests of subjects of personal data specified in this section through the support service gutsaliuk.i@mail.ru by sending messages to the email of the subject of personal data specified in the request.

4. Protection of personal data

4.1. When processing personal data, the project shall take the necessary legal, organizational and technical measures against unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions in relation to personal data.

4.2. Ensuring the security of personal data is achieved, inter alia: - Evaluating the effectiveness of measures to ensure the security of personal data before such measures are used; Detection of unauthorized access to personal data and measures to eliminate and prevent repetition; Restoration of personal data modified or destroyed by unauthorized access; - establishing rules for access to personal data processed in the information system of personal data, as well as ensuring the registration and recording of all actions performed with personal data in the information system of personal data; - checking the presence of contracts, entered into in the Project and inclusion of clauses on ensuring the confidentiality of personal data, if necessary; - monitoring of the measures taken to ensure the security of personal data and the level of security of information systems of personal data.

4.3. Third parties who have obtained access to personal data on behalf of the Operator shall undertake to take the necessary organizational and technical measures to ensure the confidentiality of such information on their personal device, with which it processes personal data.

5. Liability for disclosure of confidential information containing personal data

5.1. Third parties who have gained access to the personal data of the subjects of the Project personal data and are guilty of violating their confidentiality shall be liable in accordance with the procedure established by the legislation of the Russian Federation, including the contracts concluded with the Operator, where such access was granted.

5.2. The operator shall not be liable for any possible misuse of personal data and any damage to the subject of personal data that has occurred as a result of: - technical problems in the software and in technical means and networks, out of the Operator’s control; - due to intentional or unintentional use of the Operator’s Site by unauthorized third parties; - not to ensure the confidentiality of access passwords or intentional transfer of access passwords, Other information from the Site by the subject of personal data when receiving the services of the Operator (use of the Site) to other persons who do not have access to this information; - Unlawful actions of third parties in accessing the data of the Site, incl. personal data.

5.3. The Operator is not responsible for the processing of personal data of third parties, which the recipient of services of the Operator reported as their own. The risk of liability in this case shall be borne by the recipient of services of the Operator who has provided incorrect data.

5.4. The Operator does not control and is not responsible for the processing of information by third-party websites to which the subject of personal data may refer to the links available on the Operator’s Website.

6. Settlement of disputes

6.1. Before filing a lawsuit on disputes arising from the relationship between the subject of personal data and the Operator, it is mandatory to submit a claim (a written proposal on voluntary settlement of the dispute).

6.2 Within 30 (30) calendar days of receipt of the claim, the recipient shall notify the claimant in writing of the outcome of the claim review.

6.3. If the agreement is not reached, the dispute will be submitted for consideration to the judicial body at the place of registration of the Operator in accordance with the current legislation of the Russian Federation.

6.4. The current legislation of the Russian Federation shall apply to this Privacy Policy and the relations between the subject of personal data and the Operator.

7. Additional conditions

7.1. The Operator has the right to amend this Privacy Policy without the consent of the subjects of personal data.

7.2. The new Privacy Policy will take effect from the moment it is posted on the site, unless otherwise provided by the new version of the Privacy Policy.

7.3. Suggestions and comments for changes to the Privacy Policy should be sent to gutsaliuk.i@mail.ru.

7.4. The invalidity of certain provisions of this Regulation, if deemed to be invalid by a decision of a court or other authorized State body, shall not entail its invalidity as a whole.

7.5. When using the processing of personal data, the Operator does not specifically verify the existence of a special regime for processing personal data, established by the legislation of the countries, the jurisdiction of which includes individual recipients of Operator’s services or persons, who provided their data by subscription form on the Site. If the subject of personal data is a resident of a state with a special regime of personal data protection, for example, in the European Economic Area (EEA), and has access to the Site from European countries, The operator shall take all reasonable measures to ensure compliance with such requirements of the personal data protection legislation established by the State concerned. For this purpose, the subject of personal data must notify the Operator of the existence of a special regime for the protection of his personal data by contacting the support service at gutsaliuk.i@mail.ru.

8. Operator’s details

IP Gutsaliuk Ilya Vladimirovich

INN 662333568415

Company Legal Address: Yagodnaya Street, No. 29, Sverdlovsk Region, Nizhny Tagil, Russia

Support service gutsaliuk.i@mail.ru