Policy of personal data processing

“Approve”
DIVA SCHOOL LLP
London

The revision is valid from February 26, 2025.

Personal Data Processing Policy

This Policy defines the procedure for processing and application of personal data by DIVA SCHOOL LLP, Company number OC455632, Legal address: Stoney Works, 8 Stoney Lane, London, United Kingdom, SE19 3BD, (hereinafter referred to as the Operator) measures to ensure the security of personal data of individuals registered independently on the website https://iksschool.com/courses, or in favor of whom an individual registered on the website https://iksschool.com/courses has entered into a contract with DIVA SCHOOL LLP in favor of such individual, in order to protect the rights and freedoms of a person and citizen in the processing of his personal data, including the protection of the right to privacy, personal and family secrecy.

By signing this Policy, the recipient of Operator's services or the visitor of the Website as a subject of personal data confirms that he/she is notified and gives his/her consent to the objective necessity to allow access to his/her personal data for Operator's software and third parties (partners or providers of Operator's services) arising in the course of the Website operation and receiving Operator's services. This access is provided solely for the purposes defined by this Policy.

BASIC CONCEPTS AND TERMS

1.1.The following basic concepts are used in the Policy:
1.1.2 Personal data - any information related to a certain or determined on the basis of such information individual (subject of personal data), including his/her surname, name, patronymic, year, month, date of birth, residence address, e-mail address, telephone number, education, profession, pseudonym (nickname) and other information related to personal data by the current legislation of the United Kingdom
1.1.3 Processing of personal data - any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
1.1.4. Confidentiality of personal data - a mandatory requirement to be observed by the designated responsible person who has access to personal data, not to allow their dissemination without the consent of the subject of personal data, unless otherwise provided for by applicable law.
1.1.5 Dissemination of personal data - actions aimed at transferring personal data to a certain number of persons (transfer of personal data) or at familiarization with personal data of an unlimited number of persons, including disclosure of personal data in mass media, placement in information and telecommunication networks or providing access to personal data in any other way;
1.1.6. Use of personal data - actions (operations) with personal data performed in order to make decisions or perform other actions that give rise to legal consequences in respect of personal data subjects or otherwise affect their rights and freedoms or the rights and freedoms of other persons.
1.1.7 Blocking of personal data - temporary cessation of personal data processing (except for cases when processing is necessary for clarification of personal data)
1.1.8 Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
1.1.9. Personal data de-identification - actions, as a result of which it becomes impossible to determine the belonging of personal data to a particular subject of personal data without using additional information;
1.1.10. Publicly available personal data - personal data to which an unlimited number of persons have access with the subject's consent or which, in accordance with federal laws, are not subject to confidentiality requirements.
1.1.11. Information - information (messages, data) regardless of the form of its presentation.
1.1.12. User (subject of personal data) - a consumer of services of DIVA SCHOOL LLP.
1.1.13. Operator - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out processing of personal data, as well as determining the purposes of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data. Within the framework of this Policy, the Operator is recognized as DIVA SCHOOL LLP.

1.2 The Operator is obliged to publish or otherwise provide unrestricted access to this Personal Data Processing Policy.

1.3 The Operator processes the personal data of Users who registered on the Website for the Project training course (or other gratuitous service), as well as subscribed to e-mail, Telegram bot, VK bot.

1.4 The list of personal data processed by the Operator:
first name, surname, patronymic; electronic mail (e-mail) address;
cell phone number;
residential address;
ID in social networks and messengers.

1.5 The Operator's website uses cookies and data about visitors from visitor statistics services (IP address; information from cookies, browser information, time of access to the site, address of the page where the advertising block is located, referrer (address of the previous page) and other data). With the help of this data, information is collected about the actions of visitors on the site in order to improve its content, improve the functionality of the site and, as a consequence, to create quality content and services for visitors. The user can at any time change the settings of his browser so that all cookies are blocked or a notification of their sending is carried out. In doing so, the subject should be aware that certain features and services of the Project will not be able to function properly.

2. PURPOSES OF COLLECTION AND PROCESSING OF PERSONAL DATA

2.1 The Site collects and stores only that personal information, data that are necessary for rendering services and/or providing other values for the Users of the Site, including for sending informational and marketing mailings with the consent of the User.

2.2 The Operator has the right to use the User's personal information for the following purposes: 2.2. use it for the following purposes:
2.2.1 Identification of a party within the framework of agreements and contracts with the Website and the Operator, including those concluded by a legal entity in favor of a natural person, by a legal representative (parent, adoptive parent or guardian) in favor of a minor natural person aged 14 to 18.

2.2.2 Providing the User with personalized services and services, digital products and other values.

2.2.3 Communication with the User, including sending notifications, requests, advertising and other information (including automatic), making advertising calls (including autodialing) regarding the use of the Website, provision of services, as well as processing requests and applications from the User, including those received from a legal entity or legal representative who has concluded a contract in favor of a natural person or a minor respectively (direct User of the Operator's services).

2.2.4.Improvement of the Website quality, convenience of its use, development of new offers and services.

2.2.5 Targeting and mailing (including automatic) of information and advertising materials.

2.2.6. Carrying out statistical and other research based on the provided data.

2.2.7. Conclusion, execution and termination of civil law contracts with individuals, in cases stipulated by the current legislation.

2.2.8. Detection, prevention, mitigation and investigation of fraudulent or other illegal actions against the Operator.

3. CONDITIONS OF PROCESSING OF THE USER'S PERSONAL INFORMATION AND ITS TRANSFER TO THIRD PARTIES

3.1 The Site generally does not verify the reliability of personal information provided by Users and does not exercise control over their legal capacity. The Operator assumes that the User provides true and sufficient personal information on the matters offered in the online resource forms and keeps this information up to date. In addition, in case of acting on behalf of third parties, the User guarantees to the Operator that he/she has obtained consents from the third parties whose personal data he/she transfers to the Operator.

3.2 The User's personal information is kept confidential, except for cases when the User voluntarily provides information about himself/herself for public access to an unlimited number of persons.

3.3 The Site has the right to transfer the User's personal information to third parties in the following cases:
3.3.1. The User has expressed his/her consent to such actions by providing personal data.
3.3.2 The transfer is necessary within the framework of the User's use of certain Sites, or for the provision of services to the User or other person in favor of whom the User has concluded a contract with the Operator.
3.3.3. Transmission is provided for by the UK or other applicable legislation within the procedure established by the legislation.
3.3.4. In order to ensure the possibility to protect the rights and legitimate interests of the Website Operator or third parties in cases when the User violates the provisions of the contract concluded between the User and the Operator and the legislation of the UK .

3.4 The Operator does not disclose to third parties and does not distribute personal data without the User's consent, except as expressly provided for by the current legislation of the UK and this Policy. In particular, the Operator may transfer personal data of the User or any other person in favor of whom the User has concluded a contract with the Operator to third parties in order to provide services to the latter (receiving mailings through a special program, access to the platform for the provision of services, etc.), while complying with the provisions of this Policy and taking measures for their safety.

3.5 The processing of personal data is organized by the Operator on the principles of:
3.5.1 Legality of the purposes and methods of personal data processing, integrity and fairness in the Operator's activities.
3.5.2 Reliability of personal data, their sufficiency for the purposes of processing, inadmissibility of collection of personal data redundant in relation to the purposes stated at the time of collection.
3.5.3 Processing only personal data that meet the purposes of their processing.
3.5.4 Compliance of the content and scope of processed personal data with the stated purposes of processing.
3.5.5 Inadmissibility of merging databases containing personal data processed for incompatible purposes.
3.5.6 Ensuring the accuracy of personal data, their reliability and, where necessary, relevance to the purposes of personal data processing. The Operator shall take the necessary measures or ensure that they are taken to remove or clarify incomplete or inaccurate data.
3.5.7 Storing personal data in a form that allows to identify the User for no longer than required by the purposes of personal data processing.

3.6 Processing of personal data is carried out by the Operator during the period necessary to fulfill the purposes for which they were collected, by any lawful means, including in information systems of personal data with or without the use of means of automation (mixed processing) via the Internet. In any case, the personal data of the User and other persons in favor of whom the User has concluded a contract shall be stored and processed for no longer than 5 (five) years from the date of obtaining the User's consent to their processing.

3.7 All personal data is provided (collected) directly from the User as a subject of personal data. The subject of personal data independently decides whether or not to provide his/her personal data and consents to their processing by the Operator freely, of his/her own free will and in his/her own interest.

3.8 The consent specified in clause 3.7 of this Policy means the consent of the User and the person in favor of whom the User has concluded a contract with the Operator to transfer the aforementioned personal data to third parties, to assign the processing of personal data to third parties, as well as the consent to trans-border transfer of such data via the Internet (when such transfer is necessary for the effective provision of services by the Operator or is necessary to achieve other goals established by this Policy). At the same time, trans-border transfer means transfer to third parties both in countries with an adequate level of personal data protection and in countries that are not such countries. In any case, the required level of personal data protection is ensured by the Operator by complying with the conditions specified in Section 5 of this Policy.

3.9. The User also gives consent to the Operator to receive e-mail and sms- mailings, mailings to electronic messengers (WhatsApp, Telegram, Viber, VKontakte, etc.), mailings of voice messages to the User's phone number, within the framework of the agreement concluded with the User for free of charge provision of services or to receive advertising and marketing materials.

3.10. The consent provided for by this Policy shall be provided by the User when executing special subscription forms on the Operator's website, when making an application for a free service from the Operator, when concluding a relevant agreement with the Operator for free services (public offer) by ticking the “checkbox” confirming the consent to the processing of personal data and/or clicking the “Register” button. In this case, this action has the legal force of written consent.

3.11. In some cases, specifically specified in the local acts of the Operator, the User provides personal data in another way, when filling out applications for the provision of certain types of services, the User transmits personal data by sending a letter to the e-mail address: diva@iksschool.ru., in this case, in the case of transferring personal data other than those listed in the previously issued consent to the processing of personal data, the User expresses consent to the processing of additional data by such e-mail.

4.CHANGE OF PERSONAL INFORMATION BY THE USER.
4.1 The User may at any time change (update, supplement) the provided personal information or its part, as well as the parameters of its confidentiality, by sending an application to the Operator of the Website at the e-mail address: diva@iksschool.ru.

4.2 The User may revoke his/her consent to the processing of personal data at any time by sending an application to the Operator at the e-mail address: diva@iksschool.ru. In case of withdrawal of this Consent, the Operator shall immediately stop processing of personal data of the User and the person in favor of whom the User has concluded a contract with the Operator, and within 30 (thirty) calendar days from the date of receipt of such withdrawal, delete all personal data of the User and the person in favor of whom the User has concluded a contract with the Operator, and stop providing any services, sending any messages and materials to the User. The Consent shall be terminated from the date specified in the User's application for withdrawal of the Consent to process personal data, but not earlier than the date following the date of actual receipt by the Operator of the withdrawal of the Consent.

5. MEASURES APPLIED FOR PROTECTION OF USERS' PERSONAL INFORMATION

5.1 When processing personal data, the Operator applies legal, organizational and technical measures to ensure the security of personal data. Ensuring the security of personal data is achieved, in particular:
5.1.1 Assessing the effectiveness of measures to ensure the security of personal data prior to the use of such measures.
5.1.2 Detecting the facts of unauthorized access to personal data and taking measures to eliminate them and prevent their repetition.
5.1.3 Restoration of personal data modified or destroyed due to unauthorized access to it.
5.1.4 Establishing the rules of access to personal data processed in the information system of personal data, as well as ensuring the registration and recording of all actions performed with personal data in the information system of personal data.
5.1.5. Checking whether there are clauses on personal data confidentiality in the contracts concluded by the Operator with third parties and including them into the contracts, if necessary.
5.1.6 Control over the measures taken to ensure personal data security and the level of protection of personal data information systems.

5.2 Third parties who have access to personal data on behalf of the Operator undertake to take the necessary organizational and technical measures to ensure confidentiality of such information on their personal device from which they process personal data.

5.3 Interaction with federal executive authorities on the issues of processing and protection of personal data of Users and persons in favor of whom the User has concluded a contract with the Operator, whose personal data are processed by the Operator, is carried out within the framework of the current legislation of the UK.

5.4 The Operator is obliged to immediately stop processing of personal data of the User and persons in favor of whom the User has concluded a contract with the Operator, specified in clause 1.2 of this Policy.

6. RESPONSIBLE FOR PERSONAL DATA PROCESSING

6.1 The responsible person for processing of personal data of the User and persons in favor of whom the User has concluded a contract with the Operator is the Operator personally.

6.2 In his/her activity the responsible person shall:
6.2.1 Exercise internal control over compliance by the Operator, its employees and contractors with the legislation on the protection of personal data to which they have access from the Operator, including requirements and measures for the protection of personal data.
6.2.2 Control the receipt and processing of requests and inquiries of the Website Users.
6.2.3. Takes measures to detect the facts of unauthorized access to personal data and immediately take measures to protect personal data.
6.2.4. Exercises constant control over ensuring the level of protection of personal data. 6.2.5.
6.2.5 Familiarize, against signature, the Operator's employees who have access to personal data, with the provisions of the current legislation on personal data protection, as well as with the Operator's local acts determining the procedure of personal data processing.
6.2.6 Performs internal control and/or audit of compliance of personal data processing with the requirements of legislation on personal data protection and regulations adopted in accordance with it, this Policy and local acts of the Operator.

7. USER RESPONSIBILITY
7.1 Users of the Website are obliged to provide the Operator only reliable personal data and timely report about their changes. In this case the Operator does not check the reliability of personal data and does not control the capacity of Users. The risk of providing unreliable personal data is borne by the User.

7.2 The Operator does not intentionally process personal data of minors without the consent of their legal representatives. The Operator recommends using the Website to persons who have reached the age of 18. Responsibility for the actions of minors, including their purchase of the Operator's services on the Website, lies with their legal representatives. If the Operator becomes aware that it has received personal information about a minor without the consent of his/her legal representatives, such information will be deleted immediately.

7.3 The Operator is not responsible for the processing of personal data of third parties, which the User of the Operator's services provided as his/her own. The risk of liability in this case is borne by the User who provided such information to the Operator.
7.4 In case the User does not agree with the terms of this Policy in full or in part, his/her use of the Website and its services shall be immediately terminated.

8. STORAGE OF PERSONAL DATA
8.1 Storage of personal data shall be carried out in electronic form in the relevant information systems of personal data placed.

8.2 The personal data shall be stored in a form that allows to identify the subject of personal data within the timeframe that ensures compliance with and achievement of the objectives of personal data processing set forth in this Policy.

8.3 Personal data shall be stored with restricted access, including by creating appropriate access levels.

8.4. Personal data contained in different electronic databases and processed for different purposes shall be stored separately.

9. TERMINATION OF PROCESSING AND DESTRUCTION OF PERSONAL DATA.
9.1 In case of detection of inaccurate personal data at the User's request, the Operator is obliged to block the personal data of such User from the moment of such request, for the period of verification, if such blocking of personal data does not violate the rights and legitimate interests of the User or third parties.

9.2 If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information provided by the User, is obliged to clarify and amend the personal data within 7 (seven) working days from the date of submission of such information and remove the blocking of personal data.

9.3 In case of detection of unlawful processing of personal data by the Operator, the latter shall cease unlawful processing of personal data within a period not exceeding 3 (three) business days from the date of detection. If it is impossible to ensure lawfulness of personal data processing, the Operator shall destroy such personal data within a period not exceeding 10 (ten) calendar days from the date of detection of unlawful processing of personal data. The Operator shall notify the User or his/her legal representative about the elimination of violations or destruction of personal data.

9.4 If the User revokes his/her consent to the processing of his/her personal data and personal data of persons in favor of whom the User has concluded a contract with the Operator, the Operator is obliged to stop their processing and, if preservation of personal data is no longer required for the purposes of personal data processing, destroy personal data within a period not exceeding 30 (thirty) calendar days from the date of receipt of such revocation.

9.5 The Operator has the right to continue using personal data of the User and persons in favor of whom the User has concluded a contract with the Operator, after consideration of the revocation of consent to their processing, ensuring depersonalization of such information.

9.6 The Operator shall send notification of the results of consideration of requests and appeals of Users specified in this section by sending messages to the User's e-mail address specified in the request (appeal).

10. DISPUTE RESOLUTION.

10.1 Before applying to court with a claim and disputes arising from the relations between the Operator and the User, it is obligatory to submit a claim (a written offer of voluntary dispute settlement).

10.2 Within 30 (thirty) calendar days from the date of receipt of the claim, the recipient of the claim shall notify the claimant of the results of its consideration in writing.

10.3 In case of failure to reach an agreement, the dispute shall be submitted for consideration to the judicial body at the Operator's place of registration in accordance with the current legislation.

11. ADDITIONAL TERMS AND CONDITIONS.
11.1 The Operator has the right to make changes and amendments to this Personal Data Processing Policy without the User's consent.

11.2 The new version of the Policy of personal data processing comes into force from the moment of its posting on the Website, unless otherwise provided by the new version of the Policy. At the same time, the User shall independently monitor changes to the Policy on the Website.

11.3 Proposals and comments for amendments to the Personal Data Processing Policy should be sent to the Operator by e-mail.

11.4 The invalidity of individual provisions of this Policy, if such invalidity is recognized by a court or other state body decision, does not entail its invalidity as a whole.

11.5 When processing personal data, the Operator does not perform special verification of the existence of a special regime of personal data processing established by the legislation of the countries to whose jurisdiction individual Users or persons who provided their data through the subscription form on the Site belong.

12.DETAILS OF THE OPERATOR.
DIVA SCHOOL LLP
OC455632
Legal (postal) address: Stoney Works, 8 Stoney Lane, London, United Kingdom, SE19 3BD
Email: diva@iksschool.ru
“___"____________202__ г.
_______________________________/__________________________________________/
signature full name