1. GENERAL PROVISIONS
1.1 The Pushkin State Russian Language Institute" (hereinafter referred to as "Operator"), founded and operating in compliance with the legislation of the Russian Federation, that administers and owns the website www.pushkininstitute.ru (hereinafter referred to as "Website") rigorously follows the policy of zero tolerance of unauthorized usage of personal data received from each registered individual user of the Website (hereinafter referred to as "Users").
1.2. The procedure for handling the personal data of the Website's Users are defined hereunder.
1.3. Regulation of personal data practices is aimed at providing for the lawful rights and interests of Users, ensuring the protection of their rights and freedoms during the processing of personal data, including the protection of rights to personal and family privacy due to the need for receiving, collecting, arranging, analyzing, storing and, if necessary, transferring (giving access to) within the statements of this Provision of information constituting personal data in order to achieve the lawful goals of the Website.
1.4. A User's personal data is information related to a certain User (subject of personal data), provided by this User voluntarily and required for the Website to operate and\or to provide the services to Users, including:
- User's last name;
- User's first name;
- User's e-mail address.
1.5. Personal data (excluding publicly available information) are considered confidential (constituting the Website's secret, protected by law). Confidentiality of personal data is removed:
- in case of depersonalization;
- after termination of 50 years of storing them;
- in other circumstances provided for in federal laws.
1.6. With Users' personal data, the Operator conducts all the necessary lawful actions, related exclusively to achieving the goal of providing the services that the Website operates for
1.7. The User is hereby notified and gives his or her consent on the objective necessity, which arises out of the Website operation, of granting access, in cases strictly defined by the Operator, to strictly defined personal data to software of third parties - partners and clients of the Operator's Website. This access is provided exclusively in order to increase the Website's effectiveness for higher quality of services provided, for which the User approaches the Website.
1.8. If the User does not agree to these Terms - fully or partly, - usage of the Website and its services must be immediately terminated.
2. GENERAL DEFINITIONS
For the purposes of this Agreement the following general definitions are used:
- personal data - any information directly or indirectly related to a specific or specifiable individual (subject of personal data);
- user - an individual registered on the Website who accesses contents and services of the Website;
- operator - a legal entity or an individual that on its own or collectively with other parties organizes and (or) conducts processing of personal data, and defines the goals of processing, contents of personal data to be processed, and actions (operations) conducted with personal data;
- processing of personal data - any action (operation) or a combination of actions (operations), conducted with or without means of automation with regard to personal data, including collection, recording, arranging, cumulating, storing, refinement (updating, changing), extracting, using, transferring (distribution, submission, access), depersonification, blocking, deletion, and destruction of personal data;
- distribution of personal data - actions aimed at disclosing personal data to the general public;
- submission of personal data - actions aimed at disclosing personal data to a certain person or persons;
- blocking of personal data - ceasing the handling of personal data temporarily (excluding circumstances when processing is required to check personal data);
- destruction of personal data - actions that result in lack of possibility to restore the content of personal data in the informational system of personal data and (or) that result in destruction of the tangible media of personal data;
- depersonification of personal data - actions that result in an inability to identify the affiliation of personal data to a certain subject of personal data without using additional information;
- information — information (messages, data) irrespective of their form of submission;
- documented information — information recorded on a tangible media with details that enable the identification of such information or its tangible media.
3. PROCESSING OF PERSONAL DATA
3.1. The Website's User himself or herself is the source of all the User's personal data by uploading his or her personal data to the Website or publicly available resources.
The User agrees to collection and processing of his or her personal data, including distribution to other Website visitors, to use the Website's services upon: - registration procedure on the Website.
It is presumed that all personal data stated in the User's personal account, profile under his or her user name are provided by the User himself or herself voluntarily. Only a User or a different person contacting the Operator with a claim of unlawful usage of his or her personal data on the Website can overcome this presumption.
3.2. The Operator never requests data about the User's race, nationality, political views, religious and philosophical beliefs, health conditions, or intimate details. If User receives such a request, he or she must contact the Operator at firstname.lastname@example.org. Failing this, the Operator is not responsible for the presence of detailed personal data on the website.
3.3 When processing personal data, the Operator must make the required legal, organizational and technical arrangements in order to protect personal data from unauthorized, illegal or random access, destruction, change, blocking, copying, submission, distribution and other unlawful actions:
- restriction, and regulation of the list of employees who have access to personal data;
- making employees who are directly involved in the processing of personal data familiar with legislation provisions of Russian Federation regarding personal data, and this Provision;
- implementation of users' authorization system to informational resources, hardware-software means of processing and protection of information;
- registration and recording of actions conducted by users of personal data informational systems;
- password protection of users' access to personal data informational system;
- implementation of access control to communication ports, information input/output devices, portable machine media, and external drives for information;
- when necessary, using cryptographic information protection to provide safety of personal data upon transfer through open communication channels and storage on machine-readable media;
- providing anti-virus control, prevention of harmful program infiltration (virus programs) and software bugs;
- detection of corporate network invasions that disrupt or create opportunities for damaging the existing personal data safety requirements;
- centralized management of the personal data protection system.
- backing up the information;
- providing for recovery of personal data, modified or destroyed as a result of unauthorized access;
- placing personal data processing equipment within the secured area;
- arrangement of access control at the facility;
- maintaining security equipment and premises alarms in a constant state of readiness.
3.4. The User shall provide only reliable data about himself or herself to the Website.
3.5. The Operator may process personal data only for the purposes stated in clause 1.6 of this Provision.
3.6. Upon determining the scope and content of personal data to be processed, the Website is guided by the Constitution of the Russian Federation, and Federal Law on Personal Data Protection No. 152-FZ dd. 07/27/2006.
3.7. In case of such a necessity when making decisions affecting the interests of a User, the Website may base its decisions on the User's personal data, obtained exclusively as a result of automated processing or electronic receipt.
3.8. Protection of the User's personal data from unauthorized use is provided by the Website at its own expense according to the procedure established by federal law.
3.9. In all possible situations, the User's waiver of rights to secure and protect the privacy of his/her personal data is invalid.
4. TRANSFER OF PERSONAL DATA
4.1. The Website must comply with the following requirements when communicating the personal data:
4.1.1. The User's personal data cannot be communicated to a third party without the User's consent, excluding circumstances as stipulated in federal law.
4.1.2. The User's personal data may not be reported for commercial ends without the User's consent. Processing of the User's personal data for the purposes of promoting goods, works, or services on the market by directly contacting a prospective consumer through means of communication is only permissible with the User's prior consent.
4.1.3. Individuals who receive the User's personal data shall be warned that this data can only be used for the purposes that they are communicated for and confirmation is required from these individuals that this rule has been observed.
4.1.4. Individuals who receiver the User's personal data must maintain its secrecy (confidentiality).
4.1.5. Users' personal data is only to be transferred in compliance with this Provision's statements.
4.1.6. Users' personal data is processed and stored on a server encrypted with restricted access.
4.3. Users' personal data can be received, processed further and transferred for storage electronically (through a local area network and the Internet).
5. ACCESS TO PERSONAL DATA
5.1. The Operator shall prevent unauthorized and non-targeted access to Website Users' personal data. In so doing, authorized and targeted access to Website Users' personal data is considered to be access by all interested parties in the scope of the activity's purposes and the subject matter of the Operator's Website, stated in clause 1.6 of this Provision.
At the same time the Operator is not liable for unaithorized usage of Users' personal data, which happened due to:
- operating faults in software, equipment and networks beyond the control of the Operator;
- due to intentional or unintentional usage of the Operator's Website not for the purpose as specified by third parties;
- transfer of access passwords, other information from the Website by Users themselves to other individuals who have no access to this information;
- unlawful actions of third parties as regards access to the Website, including personal data.
The Operator guarantees to Users that their personal data shall not be provided to third parties, who have earlier declared that non-targeted use of such personal data is possible.
5.2. User has the right to:
5.2.1. Gain access to their personal data and make themselves familiar with it.
5.2.2. Require that the Website specify, exclude or fix personal data that is not comprehensive, incorrect, outdated, invalid, obtained illegally and not necessary for the Website.
5.2.3. Obtain inofmration regarding the processing of personal data, including the following:
1) confirmation that the Operator has processed personal data;
2) legal basis and purposes of processing personal data;
3) purposes and methods that the Operator uses to process personal data;
4) name and location of the Operator, information about individuals (excluding employees) who have access to personal data or who can have personal data disclosed to them, based on a contract with the Operator or based on federal law;
5) processed personal data related to the relevant personal data subject and its source, unless a different procedure for its submission is stipulated under federal law;
6) duration of personal data processing, including duration of storage.
5.2.4. Appeal to an appropriate authority on protecting the rights of personal data subjects or to a court against unlawful acts or omissions of the Website upon processing and protection of his or her personal data.
6.1. The Website's employees who are culpable for violating the procedure governing the handling of personal data are subject to disciplinary, administrative, civil or criminal sanctions, in accordance with the federal laws of the Russian Federation.