POLICY OF EDUSEEKER.NET
1. General Provisions
- 1.1.The personal data processing policy (hereinafter the “Policy”) has been developed in accordance with Personal Data Protection Act, 2019 dated May 27, 2019 (PDPA).
- 1.2.This Policy establishes the procedure for personal data processing and security measures in EduSeeker.net (hereinafter the “Operator”, “Company”) in order to protect human and civil rights and freedoms when processing personal data, including to protect rights to privacy, personal and family secret.
1.3.The following basic terms are used in the Policy:
- a) Automated personal data processing means personal data processing by means of computing equipment;
- b) Blocking of personal data means suspension of personal data processing (except when processing is necessary to specify personal data);
- c) Personal data information system means an aggregate of personal data kept in databases and information technologies and technical facilities providing for processing thereof;
- d) Depersonalization of personal data means actions as a result of which a specific personal data owner cannot be determined without additional information;
- e) Processing of personal data means any action (transaction) or an aggregate of actions (transactions) taken (carried out) with personal data with or without automated equipment, including collection, recording, systematization, accumulation, storage, specification (update, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
- f) Personal data means any information directly or indirectly related to a specific or designated individual (personal data owner);
- g) Provision of personal data means actions aimed at disclosure of personal data to a specific person or group of persons;
- h) Distribution of personal data means actions aimed at disclosure of personal data to the general public (transfer of personal data) or familiarization with personal data by the general public, including publication of personal data in mass media, information and telecommunication networks, or provision of access to personal data in any other manner;
- i) Transborder transfer of personal data means transfer of personal data to the territory of another country to the foreign authority, individual or legal entity.
- j) Destruction of personal data means actions as a result of which contents of personal data in the personal data information system cannot be recovered, and (or) as a result of which physical storage media with personal data are destroyed.
2. Personal Data Processing Principles and Conditions
2.1.Personal Data Processing Principles Personal data are processed by the Operator on the basis of the following principles:
- a) legality and fairness;
- b) restriction of personal data protection to achievement of specific, pre-set and legal purposes;
- c) prevention of personal data protection incompatible with the purposes of personal data processing;
- d) prevention of consolidation of databases containing personal data processed for the purposes incompatible with each other;
- e) processing only the personal data conforming to the processing purposes;
- f) conformity of contents and scope of processed personal data to the claimed processing purposes;
- g) processing of personal data excessive with regard to the claimed processing purposes;
- h) provision for accuracy, sufficiency and actuality of personal data with regard to the purposes of personal data protection;
2.2.Personal Data Processing Conditions
The Operator processes personal data provided that there is at least one of the following
- a) personal data are processed by consent of the personal data owner to processing of his/herpersonal data;
- b) personal data need to be processed to achieve the purposes stipulated in an international treaty of the PDPA law, to discharge. exercise and fulfill functions, powers and obligations imposed on the Operator by the laws of PDPA;
- c) personal data need to be processed to administer justice, enforce a judicial act, act of another authority or official to be enforced in accordance with the laws of PDPA on enforcement proceedings;
- d) personal data need to be processed to perform the agreement a party to or beneficiary under which is the personal data owner, and to enter into an agreement at the initiative of the personal data owner, or the agreement under which the personal data owner will be a beneficiary or guarantor;
- e) personal data need to be processed to exercise rights and legal interests of the Operator or third parties, or in order to achieve socially significant purposes, provided that rights and freedoms of the personal data owner are not breached in this case;
- f) personal data access to which is granted to the general public by the personal data owner or by his/her request (hereinafter the “publicly available personal data”) are processed;
- g) personal data subject to publication or mandatory disclosure pursuant to the PDPA law areprocessed.
2.3.Confidentiality of Personal Data
The Operator and other persons having access to personal data may not disclose to third parties or distribute personal data without consent of the personal data owner unless otherwise provided for by the PDPA law.
2.4.Publicly Available Sources of Personal Data
For the purposes of informational support, the Operator may establish generally accessible sources of personal data, including reference books and address directories. Publicly available sources of personal data may include, by the owner's consent, his/her full name, birth date and place, position, contact telephone numbers, e-mail address and other personal data disclosed by the personal data owner. Data on the owner shall be removed from publicly available sources of personal data any time by request of their owner or by court judgment or by request of other competent government authorities.
2.5.Special Categories of Personal Data
Special categories of personal data related to race, ethnic origin, political views, religious and philosophical beliefs, health, intimacy may be processed by the Operator in case:
- a) the personal data owner has granted written consent to processing of his/her personal data;
- b) personal data have been made publicly available by the personal data owner;
- c) personal data processing is necessary to protect life, health or other vital interests of the personal data owner, or life, health or other vital interests of other persons, and consent of the personal data owner cannot be obtained;
- d) personal data processing is necessary to establish and exercise rights of the personal data owner or third parties as well as in connection with administration of justice; Processing of special categories of personal data shall be terminated immediately if the reasons for processing thereof have been remedied unless otherwise established by the PDPA law. Personal data on criminal record may be processed by the Operator only in the cases and in accordance with the procedure that are established by PDPA laws.
2.6.Delegation of Personal Data Processing to Another Person
The Operator may delegate personal data processing to another person by consent of the personal data owner unless otherwise provided for by the PDPA law, on the basis of the agreement executed with this person. The person processing personal data under the Operator's instruction shall comply with the personal data processing principles and rules established by PDPA Law.
2.7.Transborder Transfer of Personal Data
The Operator shall ensure that another country where personal data are supposed to be transferred provides for adequate protection of rights of personal data owners before such transfer is commenced. Transborder transfer of personal data to other states that do not provide for adequate protection of rights of personal data owners may be carried out in case of:
- a) written consent of the personal data owner to transborder transfer of his/her personal data;
- b) performance of the agreement a party to which a personal data owner is.
3. Data Protection
3.1.Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which is automatically transferred to us by your browser. These are:
- a) browser type and version
- b) operating system used
- c) referrer’s URL
- d) host name of the accessing computer
- e) time of server access
These data cannot be assigned to specific persons. These data will not be merged with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete evidences of illegal use.
If you send us inquiries by using the contact form, your details from the enquiry form, including the contact details provided by you there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent. We will delete these data on your demand.
4. Rights of the Personal Data Owner
4.1.Consent of the Personal Data Owner to Processing His/Her Personal Data
A personal data owner takes a decision on provision of his/her personal data and grants consent to processing thereof at his/her free will and for his/her own benefit. Consent to personal data processing may be granted by the personal data owner or his/her representative in any form allowing to confirm that it has been granted unless otherwise prescribed by the PDPA law. The obligation to furnish evidence of obtaining consent of the personal data owner to processing of his/her personal data or evidence of the basis indicated in the PDPA law is imposed on the Operator.
4.2.Rights of the Personal Data Owner
A personal data owner has the right to receive from the Operator information related to processing of his/her personal data unless this right is restricted by PDPA laws. A personal data owner may demand from the Operator to specify his/her personal data, block or destroy them in case his/her personal data are incomplete, obsolete, inaccurate, illegally obtained, or are not necessary for the claimed processing purpose, and may also take legal measures to protect his/her rights. Personal data processing in order to promote commodities, works, services on the market by direct contacts with a potential consumers by communication means as well as for the purposes of election campaigns is allowed only by prior consent of the personal data owner. This personal data processing is deemed carried out without prior consent of the personal data processing unless the Company proves that consent has been obtained. The Operator shall immediately cease to process personal data for the abovementioned purpose by request of the personal data owner. Decisions entailing legal consequences with regard to the personal data owner or otherwise related to his/her rights and legal interests may not be accepted on the basis of automated personal data processing only, unless otherwise provided for by PDPA law, or there is written consent of the personal data owner. If a personal data owner supposes that the Operator processes his/her personal data in breach of PDPA Law or otherwise infringes on his/her rights and freedoms, the personal data owner may appeal from actions or omission of the Operator to the Designated Authority for Protection of Rights of Personal Data Owners or to court. A personal data owner has the right to protection of his/her rights and legal interests, including to be compensated for losses and (or) moral damages judicially.
5. Provision of Personal Data Security
Security of personal data processed by the Operator is provided for by taking legal, organizational and technical measures in pursuance of PDPA law on personal data protection. In order to prevent unauthorized access to personal data, the Operator takes the following organizational and technical measures:
- a) appointment of officials in charge of organization of personal data processing and protection;
- b) restriction of the group of persons having access to personal data;
- c) familiarization of owners with requirements of PDPA law and regulations of the Operator to personal data processing and protection;
- d) organization of accounting, storage and treatment of data media;
- e) identification of personal data security threats in the course of processing thereof, formation of threat models on the basis thereof;
- f) development of the personal data protection system on the basis of the threat model;
- g) check of readiness and efficiency of use of information protection means;
- h) control of user access to information resources and information processing software and hardware;
- i) registration and accounting of actions of users of personal data information systems;
- j) use of anti-virus and recovery tools of the personal data protection system;
- k) where necessary, application of firewalling, intrusion detection, security analysis and cryptographic information protection tools;
- l) organization of access control within the Operator's territory, security of premises containing technical personal data processing tools.
6. Final Provisions
Other rights and obligations of the Operator as a personal data operator are established by the laws of PDPA on personal data. The Operator's employees guilty of breach of the provisions governing personal data processing and protection are financially, disciplinarily, administratively, civilly and criminally liable in accordance with the laws of the PDPA.