1. INTRODUCTION

1.1 Non-State Educational Private Institution of Additional Professional Education «International Psychotherapy School» (hereinafter NEPI APE IPS or School, or Operator) pays great attention to protecting the privacy of its customers and seeks to protect their personal data when they are using its services.

1.2 This Privacy Policy (Personal Data Processing Policy) (hereinafter referred to as the "Policy") has been prepared in accordance with paragraph 2 of Part 1 of Art. 18.1 of the Federal Law of the Russian Federation "On Personal Data" N 152-FL dated July 27, 2006 (hereinafter - "152-FL") and determines the procedure for the collection, storage, transfer and other types of processing of personal data in the NEPI APE IPS, as well as information on implemented requirements for the protection of personal data.

2. PERSONAL DATA DEFINITION

2.1. Personal data is any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).

2.2. We can receive your personal data in a variety of ways:

• through our websites, when you sign up for our newsletter, indicating this in the appropriate box, or fill out the registration form for a program;

• from you personally when you contact our customer service department and leave your data for feedback or for concluding a service contract.

A detailed list of personal data is recorded in the local regulatory documentation of NEPI APE IPS.

2.3. All processed personal data is confidential and strictly protected in accordance with the legislation of the Russian Federation.

3. THE GOALS OF PERSONAL DATA PROCESSING

3.1. NEPI APE IPS processes data for the following purposes:

• for registration of labor and other contractual relations, personnel, accounting, tax accounting, for reasons stipulated by Article 22 of the Federal Law of June 27, 2006 No. 152-FL, 85-90 of the Labor Code of the Russian Federation;
• for organizing and conducting loyalty programs, marketing and/or promotions, research, surveys and other events by the NEPI API IPS (including with the involvement of third parties);
• for fulfillment of obligations under a service agreement by the NEPI API IPS;
• for promotion of services of the NEPI API IPS and/or its partners in the market through direct contacts with customers using various means of communication, including, but not limited to, telephone, email, mailing list, the Internet, etc .;
• to analyze data received by browsers or your device, for statistics purposes, as well as to make sure that the Sites are functioning properly;
• to analyze and manage our activities, market research, auditing, developing new products, expanding our Sites, improving our services and products, identifying trends in use, determining the effectiveness of our promotions, improving the interface and content of the Sites based on your actions on the Sites, assessment of user satisfaction and the provision of consumer services (including troubleshooting for the user);
• for other purposes, if the actions do not contradict the current legislation;

3.2. For the proper performance of its duties, the Operator processes the following personal data:

• personal data of the Operator's employees who maintain labor relations with the Operator
• data of other individuals, including, but not limited to those who maintain contractual, civil law relations with the Operator

4. ORDER OF COLLECTION, STORAGE, TRANSFER AND OTHER TYPES OF PERSONAL DATA PROCESSING

4.1. The processing of personal data, carried out without the use of automation, is carried out in such a way so that, in relation to each category of personal data, it was possible to determine the storage location of personal data (material carriers). The Operator has established a list of persons who process personal data or have access to it. Separate storage of personal data (material carriers) is provided, the processing of which is carried out for various purposes. The operator ensures the safety of personal data and takes measures to prevent unauthorized access to personal data.

4.2. Processing of personal data carried out using automation means is subject to the following actions: the Operator carries out technical measures aimed at preventing unauthorized access to personal data and (or) transferring it to persons who do not have access to such information; protective tools are configured for timely detection of unauthorized access to personal data; technical means of automated processing of personal data are isolated in order to prevent exposure to them, as a result of which their functioning may be disrupted; The Operator backs up the data in order to be able to immediately restore personal data modified or destroyed due to unauthorized access to it; It constantly monitors the level of security of personal data.

5. INFORMATION ABOUT THE REALIZED REQUIREMENTS FOR PERSONAL DATA PROTECTION

5.1. The School conducts the following activities:

• identifies threats to the security of personal data during its processing;
• carries out the development of a personal data protection system that ensures the neutralization of alleged threats using the methods and techniques of protecting personal data provided for the corresponding class of information systems;
• conducts training for people using information protection tools used in information systems, and educates them on the rules of working with them;
• keeps records of people authorized to work with personal data in the information system;
• monitors compliance with the terms of use of information protection means and has the right to initiate proceedings and draw conclusions on the facts of non-compliance with the storage conditions of personal data carriers, use of information protection means that may violate the confidentiality of personal data or other violations, leading to a decrease in the level of protection of personal data, development and adoption of measures to prevent the possible dangerous consequences of such violations.

5.2. To develop and implement specific measures to ensure the security of personal data during their processing, the Operator compiles a list of persons who have access to personal data for the performance of their official (labor) duties. Requests by users of the information system to receive personal data, as well as the facts of the provision of personal data on these requests, are recorded in a special reference journal. The contents of the reference journal are periodically checked by the relevant officials (employees) of the Operator or authorized person. If violations of the procedure for the provision of personal data are detected, the Operator or an authorized person shall immediately suspend the provision of personal data to users of the information system until the causes of violations are identified and these reasons are eliminated.

6. RIGHTS AND OBLIGATIONS OF THE OPERATOR

6.1. As a personal data Operator, NEPI API IPS has the right to:

• defend its interests in court;
• provide personal data of the subjects to third parties, if this is provided for by applicable law (tax, law enforcement agencies, etc.);
• refuse to provide personal data in cases stipulated by law;
• use the personal data of the subject without their consent, in cases provided by law.

7. RIGHTS AND OBLIGATIONS OF THE SUBJECT OF PERSONAL DATA

7.1. The Subject of personal data has the right:

• demand clarification of their personal data, its blocking or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also take measures prescribed by law to protect their rights;
• require a list of their personal data processed by the Operator and the source of their acquisition;
• receive information on the processing time of their personal data, including the periods of their storage;
• require notification of all persons to whom incorrect or incomplete personal data were previously reported about all eliminations, corrections or additions made to it;
• appeal to the authorized body for the protection of the rights of subjects of personal data or in a judicial proceeding of unlawful acts or inaction in the processing of their personal data.

8. FINAL PROVISIONS

8.1. This Policy is subject to change, addition in the event of the appearance of new legislative acts and special regulatory documents on the processing and protection of personal data.

8.2. This Policy is an internal document of the NEPI API IPS, and is subject to posting on the official website of the NEPI API IPS (www.ipsyonline.com)

8.3. Monitoring the implementation of the requirements of this Policy is carried out by the person responsible for ensuring the security of personal data NEPI API IPS.