Politics protection and processing of personal data

1. General Provisions
1.1. Present Politics Society with Limited Responsibility "GLOBAL EDUCATION" in relation to the processing of personal data (hereinafter referred to as the "Policy") was developed in pursuance of the requirements of paragraph 2 of part 1 of article 18.1 of the Federal Law of 27.07.2006No 152-FZ "On Personal Data" with all amendments to it of 2022 (hereinafter referred to as the "Law No 152-FZ") in order to ensure the protection of human and civil rights and freedoms in the processing of their personal data, including the protection of rights to privacy, personal and family secrets.
1.2. This Policy applies to all personal data processed by GLOBAL EDUCATION LLC OGRN 1197746076747, TIN 9718127352, located at: Russian Federation, 115419, Moscow, 2nd Roshchinsky proezd, 8, building 6, office 102, (hereinafter referred to as the "Operator" or GLOBAL EDUCATION LLC).
1.3. This Policy applies to the relationship in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
1.4. In pursuance of the requirements of Part 2 of Article 18.1 of Law No 152-FZ, this Policy is published in free access on the Internet on the official website of the Operator.


2.Terms and Abbreviations
Personal data (PD) is any information relating to a directly or indirectly identified or identifiable individual (personal data subject).
Personal data Allowed Subject Personal Data for distribution is personal data, access to which is granted to an unlimited number of persons by the personal data subject by giving consent to the processing of personal data allowed by the personal data subject for distribution.
Personal data operator (operator) – a legal entity that independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data.
Processing of personal data is any action or set of actions with personal data, performed with or without the use of automation tools.

The processing of personal data includes, but is not limited to:
  • gathering;
  • systematization;
  • storage;
  • clarification (updating, changing);
  • extract;
  • use;
  • transfer (provision);
  • depersonalization;
  • blocking;
  • removal;
  • destruction.
Automated processing of personal data – the processing of personal data using computer technology.
Provision of personal data – actions aimed at disclosing personal data to a certain person or a certain group of persons. Distribution of personal data – actions aimed at disclosing personal data to an indefinite number of persons.
Blocking of personal data – temporary suspension of the processing of personal data (except for Destruction of personal data is actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which tangible media of personal data are destroyed.
Personal data information system is a set of information technologies and technical means contained in personal data databases and ensuring their processing.


3. Procedure and conditions for processing and storage of personal data
3.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
3.2. The processing of personal data is carried out by the Operator with the consent of the personal data subjects to the processing of their personal data, as well as without it in the cases provided for by the legislation of the Russian Federation.
3.3. Consent to the processing of personal data allowed by the personal data subject for distribution is issued separately from other consents of the personal data subject to the processing of his personal data.
3.4. Consent to the processing of personal data permitted by the personal data subject for distribution may be provided to the Operator:
  • directly;
  • using the information system of the authorized body for the protection of the rights of personal data subjects.
  • 3.5. The Operator carries out both automated and non-automated processing of personal data.
  • 3.6. Employees of the Operator whose job duties include the processing of personal data are allowed to process personal data.
  • 3.7. Processing of personal data is carried out by:
  • receipt of personal data in oral and written form directly with the consent of the personal data subject to the processing or dissemination of his personal data;
  • entering personal data into the journals, registers and information systems of the Operator;
  • use of other methods of personal data processing.
  • 3.8. It is not allowed to disclose to third parties and distribute personal data without the consent of the personal data subject, unless otherwise provided for by federal law.
  • 3.9. Transfer of personal data to bodies of inquiry and investigation, to the Federal Tax Service and other authorized executive bodies and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
  • 3.10. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:
  • identifies threats to the security of personal data during their processing;
  • adopts local regulations and other documents regulating relations in the field of processing and protection of personal data;
  • appoints persons responsible for ensuring the security of personal data in the Operator's structural divisions and information systems;
  • creates the necessary conditions for working with personal data;
  • organizes the accounting of documents containing personal data;
  • organizes work with information systems in which personal data are processed;
  • stores personal data in conditions under which their safety is ensured and unauthorized access to them is excluded;
  • Organizes teaching Workers Operator carrying out Processing personal data.
  • 3.11. The Operator shall store personal data in a form that makes it possible to identify the subject of personal data for no longer than required by the purposes of personal data processing, unless the period of storage of personal data is established by a federal law, contract or agreement.
  • 3.12. When collecting personal data, including through the Internet, the Operator shall ensure the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located in the Russian Federation, except for the cases specified in the Law on Personal Data.
3.13. Purposes of personal data processing:
3.13.1. Only personal data that meet the purposes of their processing are subject to
processing.
3.13.2. The Operator shall process personal data for the following purposes:
  • ensuring compliance with the Constitution, federal laws and other regulatory legal acts of the Russian Federation;
  • carrying out its activities in accordance with the Charter of the Company;
  • implementation of civil law relations,
  • Conducting personnel records, assisting employees in employment, education and promotion, ensuring the personal safety of employees, controlling the quantity and quality of work performed, ensuring the safety of property;
  • attracting and selecting candidates for employment with the Operator;
  • organization Productions on individual (personalized) accounting employees in the system of compulsory pension insurance;
  • accounting.
  • 3.14. The processing of personal data of employees may be carried out solely in order to ensure compliance with laws and other regulatory legal acts.
  • 3.15. Categories of personal data subjects. PD of the following PD subjects are processed:
  • individuals who are in civil law relations with the Company;
  • individuals who are in contractual business relations with the Company;
  • individuals who are in labor relations with the Company and have resigned from the Company;
  • natural persons who are candidates for work.
  • 3.16. PD processed by the Operator:
  • data obtained in the course of civil law relations,
  • data obtained in the course of the employment relationship;
  • data obtained for the selection of candidates for work.
  • 3.17. Storage of PD.
  • 3.17.1. PD of subjects can be obtained, undergo further processing and be transferred for storage both on paper and in electronic form.
  • 3.17.2. PD recorded on paper shall be stored in locked cabinets or lockable rooms with limited access rights.
  • 3.17.3. PD of subjects processed using automation tools for different purposes shall be stored in different folders.
  • 3.17.4. It is not allowed to store and place documents containing PD in open electronic directories (file sharing sites) in the ISPD.
  • 3.17.5. Storage of PD in a form that allows to identify the subject of PD is carried out no longer than required by the purposes of their processing, and they are subject to destruction upon achievement of the purposes of processing or in case of loss of the need to achieve them.
  • 3.18. Destruction of PD.
  • 3.18.1. Destruction of documents (media) containing PD is carried out by burning, crushing (grinding), chemical decomposition, transformation into a shapeless mass or powder. For the destruction of paper documents, the use of a shredder is allowed.
  • 3.18.2. PD on electronic media shall be destroyed by erasing or formatting the media.
  • 3.18.3. The fact of PD destruction shall be documented by the act of destruction of carriers.

4. Protection of personal data
4.1. In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (PDS), consisting of subsystems of legal, organizational and technical protection.
4.2. The subsystem of legal protection is a set of legal, organizational, administrative and regulatory documents that ensure the creation, functioning and improvement of the NWPD.
4.3. The organizational protection subsystem includes the organization of the management structure of the NWPD, the permitting system, and the protection of information when working with employees, partners and third parties.
4.4. The technical protection subsystem includes a set of technical, software, software and hardware that ensure the protection of PD.
4.4. The main personal data protection measures used by the Operator are:
4.4.1. Appointment of a person responsible for PD processing, who organizes PD processing, training and instruction, internal control over compliance by institutions and their employees with the requirements for PD protection.
4.4.2. Identification of current threats to the security of personal data during their processing in the ISPD and development of measures and measures to protect personal data.
4.4.3. Development of a policy regarding the processing of personal data.
4.4.4. Establishment of rules for access to PD processed in the PDPD, as well as ensuring registration and accounting of all actions performed with PD in the PDPD.
4.4.5. Establishment of individual passwords for employee access to the information system in accordance with their work duties.
4.4.6. Use of information security tools that have passed the conformity assessment procedure in accordance with the established procedure.7
4.4.7. Certified Antivirus Software provision with regularly updated databases.
4.4.8. Compliance Conditions Providing safety PD and Excluding unauthorized access to them.
4.4.9. Detection of unauthorized access to personal data and taking measures.
4.4.10. Restoration PD Modified or Destroyed in consequence of unauthorized access to them.
4.4.11. Training of the Operator's employees directly involved in the processing of personal data in the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on the processing of personal data.


5. Basic rights of the PD subject and obligations of the Operator
5.1. Basic rights of the PD subject.
The subject has the right to access his personal data and the following information:
  • confirmation of the fact of PD processing by the Operator;
  • legal grounds and purposes of PD processing;
  • the purposes and methods of PD processing used by the Operator;
  • name and location of the Operator, information about persons (except for the Operator's employees) who have access to PD or to whom PD may be disclosed on the basis of an agreement with the Operator or on the basis of a federal law;
  • the terms of personal data processing, including the terms of their storage;
  • the procedure for the exercise by the PD subject of the rights provided for by this Federal Law;
  • contacting the Operator and sending him requests;
  • appeal against the actions or inaction of the Operator.
  • 5.2. Obligations of the Operator.
The Operator is obliged to:
  • when collecting PD, provide information about the processing of PD;
  • in cases where PD was not received from the PD subject, notify the subject;
  • in case of refusal to provide PD, the consequences of such refusal are explained to the subject;
  • publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of personal data, to information about the realizable requirements for the protection of personal data;
  • take the necessary legal, organizational and technical measures or ensure that they are taken to protect PD from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions in relation to PD;
  • respond to requests and appeals of PD subjects, their representatives and the authorized body for the protection of the rights of PD subjects.


6.Updating, correction, deletion and destruction of personal data, responses to requests from subjects for access to personal data
6.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, shall be provided by the Operator to the personal data subject or his representative upon application or upon receipt of a request from the personal data subject or his representative.
The information provided does not include personal data relating to other personal data subjects, unless there are legitimate grounds for disclosing such personal data.
The request must contain:
  • number of the main identity document of the personal data subject or his/her representative, information on the date of issue of the said document and the issuing authority;
  • information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation (or) other information), or information otherwise confirming the fact of personal data processing by the
Operator;
  • signature of the personal data subject or his/her representative.The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.If the application (request) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data or the subject does not have the rights to access the requested information, then a reasoned refusal is sent to him/her. access to his/her personal data may be restricted in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the personal data subject's access to his/her personal data violates the rights and legitimate interests of third parties.
  • 6.2. If inaccurate personal data is detected at the request of the personal data subject or his/her representative, or at their request or at the request of Roskomnadzor, the Operator shall block personal data relating to this personal data subject from the moment of such request or receipt of the said request for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
In case of confirmation of the fact of inaccuracy of personal data, the Operator, on the basis of information provided by the personal data subject or his representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven business days from the date of submission of such information and removes the blocking of personal data.
6.3. In case of detection of unlawful processing of personal data upon application (request) of the personal data subject or his/her representative or Roskomnadzor, the Operator shall block the illegally processed personal data related to this personal data subject from the moment of such request or receipt of the request.
6.4. Upon achievement of the purposes of personal data processing, as well as if the personal data subject withdraws consent to their processing, personal data shall be subject to destruction, if:
  • otherwise, is not provided for by the agreement to which the personal data subject is a party, beneficiary or guarantor.
  • the operator is not entitled to process without the consent of the personal data subject on the grounds provided for by the Law on Personal Data or other federal laws.
  • otherwise, is not provided for by another agreement between the Operator and the personal data subject.


7.Final Provisions
7.1. Liability for violation of the requirements of the legislation of the Russian Federation and the Company's regulatory documents in the field of personal data is determined in accordance with the current legislation of the Russian Federation.
7.2. This Policy comes into force from the moment of its approval by the General Director of the Company and is valid indefinitely until the adoption of a new version of this Policy.
7.3. All changes and additions to this Policy must be approved by the General Director of the Company.