Limited Liability Company "University of Educational Medicine" (hereinafter referred to as the Company) takes all necessary measures to maintain the confidentiality of the User's personal data in accordance with the Federal Law of 27.07.2006 N 152-ФЗ "On Personal Data".
This Policy for the processing and protection of personal data (hereinafter referred to as the Policy) applies to all information that the User posts about himself on the website https://uem.education/
, located on the domain name https://uem.education/
(hereinafter — the Site), in the sections that can be posted on the site and requiring the provision of the User's personal data (hereinafter — the Sections). 1. DEFINITION OF TERMS
1.1. The following terms are used in this Policy:
1.1.1. Site Administration / Operator — authorized employees for site management, acting on behalf of the Company, who organize and (or) process personal data, and also determine the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data. data.
1.1.2. Personal data — any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).
1.1.3. Within the framework of this Policy, "personal user information" means:
— personal information that the user provides about himself independently when leaving an application / request in the feedback forms available on the site, in the "ask a question" sections or in any other process of using the site;
— data that is automatically transmitted by the site during its use using the software installed on the user's device (including the IP address, information from the cookie, information about the user's browser (or other program with which the site is accessed), time access, the address of the requested page.
1.1.4. Processing of personal data — any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
1.1.5. Dissemination of personal data — actions aimed at disclosing personal data to an indefinite circle of persons.
1.1.6. Provision of personal data — actions aimed at disclosing personal data to a certain person or a certain circle of persons.
1.1.7. Blocking of personal data is a temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).
1.1.8. Destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
1.1.9. Depersonalization of personal data — actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without using additional information.
1.1.10. Personal data information system — a set of personal data contained in databases and information technologies and technical means that ensure their processing.
1.1.11. The term for processing personal data is until the goals of processing personal data are achieved.
1.1.12. "Confidentiality of personal data" is a requirement that the Company or other person who has gained access to personal data must comply with the requirement to prevent their dissemination without the consent of the subject of personal data or other legal grounds.
1.1.13. "Site user (hereinafter referred to as the User)" - a person who has access to the Site via the Internet and uses the Site to obtain the necessary information about the services of the Company.
1.1.14. "IP-address" is a unique network address of a node in a computer network built using the IP protocol. 2. GENERAL PROVISIONS
2.1. This Policy applies only to the site https://uem.education/
and does not control and is not responsible for third-party sites to which the user can follow the links available on the site https://uem.education/
. On such sites, other personal information may be collected or requested from users, as well as other actions may be performed.
2.2. The site administration, in general, does not verify the accuracy of personal information provided by users, and does not exercise control over their legal capacity. However, the administration assumes that the user provides reliable and sufficient information on the issues proposed in the forms of this resource, and keeps this information up to date.
2.3. The operator receives and starts processing the user's personal data from the moment his consent is received. Consent to the processing of personal data can be given by the subject of personal data in any form that allows confirming the fact of obtaining consent, unless otherwise provided by federal law: in written, oral or other form provided for by the current legislation, including through the performance of the subject of personal data of conclusive actions, in particular, by placing the "V" sign when filling out the forms specified in clause 1.1.3. of this Policy.
2.4. By joining this Policy and leaving your data on the Site, by filling in the fields of online forms, the User:
— confirms that the personal data specified by him belongs to him personally;
— acknowledges and confirms that he carefully and fully familiarized himself with this Policy and the conditions for processing his personal data contained in it, indicated in the form on the website;
— acknowledges and confirms that all the provisions of this Policy and the conditions for the processing of his personal data are clear to him;
— agrees with the terms of personal data processing without any reservations and restrictions.
2.2. In case of disagreement with the terms of the Policy, the User must stop using the Site in terms of the Sections specified in clause 1.1.3. of this Policy. 3. SUBJECT OF THE PROCESSING POLICY
3.1. This Policy establishes the obligations of the Site Administration for non-disclosure and provision of a regime for protecting the confidentiality of personal data that the User provides at the request of the Site Administration upon receipt of the necessary information about the services provided by the Company.
3.2. With regard to the user's personal information, its confidentiality is maintained, except in cases of voluntary provision by the user of information about himself for general access to an unlimited number of persons.
3.2. Personal data permitted for processing under this Policy is provided by the User by filling out forms on the Site in Sections and includes the following information:
— Full Name;
— contact number;
— e-mail address (e-mail);
— information about education;
— region of residence;
— place of residence;
— other information about the student, customer or candidate received by the Company in the course of its activities.
3.3. The Society collects statistics on the IP addresses of its visitors. This information is used to identify and solve technical problems.
3.4. Any other personal information not specified above is subject to reliable storage and non-proliferation, with the exception of cases provided for in paragraphs. 5.2., 5.3. of this Policy.
3.5. The site administration organizes the storage of personal information of users in accordance with the internal regulations of specific services. 4. PURPOSES OF COLLECTING PERSONAL USER INFORMATION
4.1. The User's personal data may be used by the Site Administration for the following purposes:
4.1.1. Identification of the User who has left his personal data to enroll in courses, for employment, to obtain information and information about the Company.
4.1.2. Establishing feedback with the User, including sending notifications, requests regarding the use of the Site, the provision of services, processing requests from the User.
4.1.3. Determining the location of the User to ensure security, prevent fraud.
4.1.4. Confirmation of the accuracy and completeness of personal data provided by the User.
4.1.5. Providing the User with effective customer and technical support in case of problems related to the use of the Site.
4.1.6. Improving the quality of the site, ease of use, development of new products and services.
4.1.7. Targeting advertising materials.
4.1.8. Conducting statistical and other research based on the data provided. 5. METHODS AND TERMS OF PERSONAL DATA PROCESSING
5.1. The processing of the User's personal data is carried out without any time limit, in any legal way, including in personal data information systems using automation tools or without using such tools.
5.2. The User's personal data can be transferred to the authorized bodies of state power of the Russian Federation only on the grounds and in the manner established by the legislation of the Russian Federation.
5.3. The site administration has the right to transfer the user's personal information to third parties in the following cases:
5.3.1. The user has expressed his consent to such actions by consent expressed in the provision of such data;
5.3.2. The transfer is necessary as part of the user's use of the site or to provide services to the user.
5.3.3. The transfer is provided for by Russian or other applicable law within the framework of the procedures established by law.
5.4. In case of loss or disclosure of personal data, the Site Administration informs the User about the loss or disclosure of personal data.
5.5. The site administration takes the necessary organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
5.6. The site administration, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data. 6. RIGHTS AND OBLIGATIONS OF THE PARTIES
6.1. The user is obliged:
6.1.1. Provide information about personal data necessary to receive services or information in the Sections via the information and telecommunications network Internet.
6.2. The site administration is obliged to:
6.2.1. Use the information received solely for the purposes specified in section 4 of this Policy.
6.2.2. Ensure that confidential information is kept secret, not disclosed without the prior written permission of the User, and also not sell, exchange, publish, or disclose in other possible ways the transferred personal data of the User, with the exception of cl. 5.2., 5.3. of this Policy.
6.2.3. Take precautions to protect the confidentiality of the User's personal data in accordance with the procedure usually used to protect this kind of information in the existing business turnover.
6.2.4. Block personal data related to the relevant User from the moment the User or his legal representative or the authorized body for the protection of the rights of personal data subjects apply or request for the verification period, in case of revealing inaccurate personal data or illegal actions.
6.3. The user has the right to:
6.3.1. At any time, change (update, supplement) the personal information provided by him or part of it, as well as the parameters of its confidentiality, by leaving a statement to the site administration in the following way: Email: firstname.lastname@example.org
6.3.2. At any time, withdraw your consent to the processing of personal data by leaving a statement to the site administration in the following way: Email: email@example.com 7. MEASURES TAKEN TO PROTECT PERSONAL INFORMATION OF USERS
7.1. The site administration takes the necessary and sufficient organizational and technical measures to protect the user's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as other illegal actions with it by third parties.
7.2. Personal data protection measures are implemented by the Operator in the following areas:
1) prevention of leakage of information containing personal data through technical communication channels and in other ways;
2) prevention of unauthorized access to information containing personal data, special influences on such information (information carriers) in order to obtain, destroy, distort and block access to it;
3) protection against malware;
4) ensuring secure interconnection;
5) analysis of the security of personal data information systems;
6) ensuring the protection of information using encryption (cryptographic) means when transferring personal data via communication channels;
7) detection of intrusions and computer attacks;
8) exercising control over the implementation of the personal data protection system.
7.3. Measures to ensure the security of personal data include:
1) implementation of the permitting system for access of employees to information resources of information systems and related work, documents;
2) differentiation of access of users of information systems of personal data and serving information systems of personal data of employees to information resources, software for processing (transfer) and protection of information;
3) registration of actions of users and employees serving information systems of personal data, control of unauthorized access and actions of users and service employees, as well as third parties;
4) use of information protection means that have passed the conformity assessment procedure in accordance with the established procedure;
5) prevention of the introduction of malicious programs and software bookmarks into information systems, analysis of information received via information and telecommunication networks (public communication networks), including for the presence of computer viruses;
6) restricting access to the premises where the technical means are located that allow the processing of personal data, as well as storage media containing personal data;
7) placement of technical means allowing the processing of personal data within the protected area;
8) the organization of physical protection of premises and technical means that allow the processing of personal data;
9) accounting and storage of removable media and their circulation, excluding theft, substitution and destruction;
10) implementation of requirements for secure interconnection of information systems;
11) use of secure communication channels, protection of information during its transmission through communication channels;
12) detection of intrusions into information systems that violate or create preconditions for violation of the established requirements for ensuring the security of personal data;
13) active security audit of information systems for real-time detection of unauthorized network activity;
14) centralized management of the personal data protection system in information systems.
7.4. In order to maintain the state of personal data protection at an appropriate level, the Operator exercises internal control over the effectiveness of the personal data protection system and the compliance of the procedure and conditions for processing and protecting personal data with the established requirements.
7.5. Internal control includes:
1) monitoring the state of hardware and software that are part of personal data protection means;
2) monitoring compliance with the requirements for ensuring the security of personal data (requirements of regulatory legal acts and local regulatory acts in the field of processing and protection of personal data, contractual requirements). 8. LIABILITY OF THE PARTIES
8.1. The site administration, which has not fulfilled its obligations, is liable for losses incurred by the User in connection with the unlawful use of personal data, in accordance with the legislation of the Russian Federation, with the exception of cases provided for in cl. 5.2., 5.3. and 8.2. of this Policy.
8.2. In case of loss or disclosure of confidential information, the Site Administration is not responsible if this confidential information:
8.2.1. Became public domain before its loss or disclosure.
8.2.2. Was received from a third party before it was received by the Site Administration.
8.2.3. Was disclosed with the consent of the User. 9. DISPUTE RESOLUTION
9.1. Before going to court with a claim for disputes arising from the relationship between the Site User and the Site Administration, it is mandatory to submit a claim (a written proposal for a voluntary settlement of the dispute).
9.2. The recipient of the claim within 30 calendar days from the date of receipt of the claim shall notify the applicant of the claim in writing about the results of the consideration of the claim.
9.3. If an agreement is not reached, the dispute will be referred to a judicial authority in accordance with the current legislation of the Russian Federation.
9.4. The current legislation of the Russian Federation applies to this Processing Policy and the relationship between the User and the Site Administration. 10. ADDITIONAL TERMS
10.1. The site has the right to make changes to this Policy. When making changes in the current edition, the date of the last update is indicated. The new version of the Policy comes into force from the moment it is posted, unless otherwise provided by the new version of the Policy.
10.3. This Regulation comes into force from the date of its approval by the sole executive body of the Operator.
10.4. All employees of the Operator who are allowed to work with personal data must be familiar with this Regulation before starting to work with personal data.
10.5. The user can receive any clarifications on issues of interest regarding the processing of his personal data by contacting the Operator via e-mail firstname.lastname@example.org
or by phone 8−800−200−68−19