Privacy Policy 


General provisions 

Individual Entrepreneur Karina Rybushkina, Primary State Registration Number of the Entrepreneur  316502400053386, Individual Taxpayer Number 502481570625, Russian Federation, 191186, 143422, Moscow Region, Krasnogorsk district, Mechnikovo village, 25, sq. 23 e-mail: hello@kkartschool.com, (hereinafter referred to as the Application Owner or Personal Data Operator / Operator), which is the owner of the "KK Art School" mobile application, hereby defines the processing of User Data collected using the "KK Art School" mobile application (hereinafter referred to as the Application). The mobile application "KK Art School" means a computer program designed to run on mobile technical devices, including, but not limited to, smartphones, tablets, watches, and developed for a particular platform (iOS, Android). 


Application User Data shall mean the information:
1.2.1.Personal information that the User provides about himself/herself when installing the Application (creating an account in the Application if necessary) or when using the services of the Application, including the personal data of the User of the Application (hereinafter - the Subject of personal data). 
1.2.2 The data that are automatically transmitted to the Application services during their use with the Application installed on the User's mobile technical device, including the IP address, cookie data, information about the User's browser (or other program that is used to access the services), technical characteristics of the equipment and software used by the User, date and time of access to the services, requested page addresses, and other similar information.
Specific types of Application Users' User Data are specified in Section 2 of the Privacy Policy.

The Privacy Policy (hereinafter - the Policy) is adopted to define the principles, goals, legal bases, procedures and conditions for the processing of Application User data, as well as to determine the requirements for their protection implemented by the owner of the Application.
The Policy applies only to the Application. 


By using or accessing the Application, Application User agrees to the terms of this Policy. User of the Application means an individual who uses the Application on his or her mobile technical device and who owns the Application by right of ownership or other rights.


2. TYPES OF USER DATA OF APPLICATION USERS, RECEIVED AND PROCESSED BY THE OPERATOR
2.1 Types of User Data of Application Users:
2.1.1 Personal data of Application Users (Personal Data Subject):
- surname, first name, patronymic / first name of the user;
- gender;
- date of birth (date, month and year);
- age;
- bank account details;
- contact information (e-mail address, phone number, mailing address);
- photo and video images.

Other user data:
- cookies;
- IP-address used by the User's mobile technical devices in the Internet, to which the respective mobile technical device is connected, as well as the time of this interaction, the name of the User's Internet service provider, the User's search queries, the geographic address of the User's Internet connection point, the name of the country of the Application User, information about the volume of the consumed network traffic;
- parameters of the technical device for access to the Application;
- other information of the Application User of technical nature - the identity of the Application User, the number of viewed pages of the Application, the duration of using the Application, screen areas most frequently used by the Application User to navigate or select; information on visiting other sites; token, the time of each token check in relation to the systems. Identifier of systems visited by the User; source of advertising traffic, session identifier, User alias and other analytical user information;
- information about the location of the User of the Application, transmitted by the geolocation service;
- other information about the User of the Application depending on the product and / or performed works / services provided by the Owner of the Application.
2.2 When determining the composition of the personal data processed, the Application Owner, which is the operator of personal data, shall be guided by the minimum necessary list of personal data to achieve the purposes of processing of personal data.
2.3 When processing personal data, no excessive personal data may be collected in relation to the purposes of personal data processing stated in the Policy.


3. PURPOSES OF PROCESSING OF USER DATA OF APPLICATION USERS
3.1 Processing of personal data and other personal information of Users of the Application (Subject of personal data) is carried out for the following purposes:
- negotiation of transactions;
- conclusion, execution, termination of transactions;
- submission of reports to state supervisory authorities;
- conducting promotions, advertising campaigns, events, surveys, studies;
- Providing the Subject of personal data information about the services provided, the App Owner's products, the development of new products, the services of partners of the App Owner, informing about proposals for products and services of the App Owner, the quality assessment of products and quality of work / services rendered, informing about events (for which prior consent to receive them);
- Processing of appeals, requests of the Subjects of personal data;
- providing the User of the Application with access to personalized resources of the Application, creation of an account of the User of the Application;
- identification of the User registered in the Application;
- providing the User of the Application with effective customer and technical support in case of problems related to the use of the Application;
- reviewing, processing applications, claims, appeals of Personal Data Subjects and sending responses to them regarding cooperation, quality of products, quality of work performed / services rendered, quality of sales channels;
- Transferring by the Application Owner of the personal data or entrusting their processing to third parties for the purpose of providing services under the contract between the Application Owner and the User of the Application, or to provide the User of the Application with promotional materials;
- Telephone, email and other electronic communication channels regarding the conclusion, execution, termination of transactions;
- collection of debts under the contracts.
3.2 The owner of the Application independently, as well as with the help of online services performs processing of User Data for the purposes of behavior analysis of Application Visitors, as well as to analyze the effectiveness of advertising, optimization and promotion of resources on the "Internet"; tracking the status of the session of the Application Visitor; saving the user preferences (language, interface settings, Applications) and to improve the operation and usability of Applications; improving products and services; to ensure the safety of Application Visitors. Application Visitors are informed of such processing of User Data in advance, and may leave the Application in case of disagreement. In this case, their data are not processed. 
3.3 The processing of special categories of personal data related to race, ethnicity, political views, religious or philosophical beliefs, health, intimate life is not allowed.


4. PRINCIPLES OF USER DATA PROCESSING OF APPLICATION USERS
4.1 Processing of Application Users' User Data is based on the following principles:
- The legality and fairness of the grounds for processing personal data, the legality of the purposes and methods of processing personal data;
- Compliance of the purposes of personal data processing with the purposes, specified and predetermined, stated when collecting personal data;
- Compliance of the content and scope of processed personal data, methods of personal data processing with the stated objectives of personal data processing. Processed personal data shall not be excessive in relation to stated objectives of its processing;
- Ensuring accuracy, reliability, adequacy and, where necessary, relevance of personal data in relation to the stated objectives of its processing;
- Inadmissibility of combining databases containing personal data, which are being processed for purposes incompatible with each other.
4.2 Personal data shall be stored in a form that allows identification of the personal data subject, no longer than required by the purposes of personal data processing, unless the storage period of personal data is established by the contract, to which the personal data subject is a party, a beneficiary under which the personal data subject is a beneficiary. Processed personal data shall be destroyed or depersonalized upon achievement of processing purposes or in case of loss of necessity in achievement of such purposes.


5. ORDER AND CONDITIONS OF PROCESSING OF USER DATA
5.1 Processing of User Data means any action (operation) or set of actions (operations) performed by the Application Owner and/or persons authorized by the Application Owner with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
5.2 The processing of User Data shall be carried out in accordance with the purposes previously defined and stated when collecting personal data and specified in Section 3 of this Policy, and the provisions of the contracts concluded between the Application Owner and Users.
5.3 The processing of personal data shall be carried out both with and without the use of automated means, i.e. by means of computer technology.
5.4 Personal data received from the User of the Application, including the information received in automatic mode when the Subject of personal data is running the Application on a mobile technical device, is confidential, except when the Subject of personal data voluntarily provides information about themselves for general access to an unlimited number of persons. 
5.5 The period of storage of personal data is stipulated in the consent of the Subject of personal data, the terms of the agreement concluded with the Subject of personal data, but can not exceed the period of necessity of relevant processing of personal data.
5.6 Receipt and processing of personal data is carried out with the written consent of the subject of personal data, except in cases when the processing of personal data is possible without the consent of the subject of personal data.
5.7 Consent to processing of personal data can be given by the Subject of personal data or his/her representative in any form, allowing to confirm the fact of its receipt.
5.8 Consent in the form of an electronic document signed by electronic signature of the Personal Data Subject shall be deemed equivalent to the written consent of the Personal Data Subject on paper, signed by handwritten signature of the Personal Data Subject.
5.9 Consent to the processing of personal data may be given by the Subject of personal data, including by performing the following conclusive actions:
- installation of the Application on a mobile technical device. Consent is considered to be given at the moment of installation (downloading) on the User's mobile technical device of the Application and the first launch of the Application.
5.10. Personal data of the subject of personal data may be obtained not from the subject of personal data, but from a third party, subject to the provision of confirmation of the consent of the subject of personal data for the processing of his personal data or the existence of grounds, when the processing of personal data without the consent of the subject of personal data is allowed.
5.11. If personal data is received not from the Personal Data Subject, but from third parties, the App Owner as the Personal Data Operator shall provide the following information to the Personal Data Subject prior to processing of personal data
1) the name or surname, first name, patronymic and address of the operator or its representative;
2) the purpose of personal data processing and its legal basis;
3) the intended users of personal data;
4) the rights of the personal data subject;
5) the source of obtaining personal data.
5.12. The owner of the Application has the right to transfer to third parties personal data of the Application User in the following cases:
- at the request of law enforcement agencies and courts in connection with their activities within their competence;
- In order to ensure the protection of the legal rights and interests of the Application Owner, including in case of violation by the Application User of the terms of the contract concluded with the Application Owner;
- transfer of impersonal statistical information for research purposes, including marketing and advertising.
5.13. By installing the Application and viewing the information in the Application, acting freely, willingly and in their own interest, the Application User agrees that the Owner of the Application is entitled to independently process other User data specified in paragraph 2.1.2 of this Policy, and is also entitled to use a special program (metrics) "AppsFlyer" (hereinafter - the Third Party resource), which collects other User data in sections of the Application. 
5.14. Application Owner has the right to change the Third Party Resource used by the Application Owner without the consent of the User.
5.15. Third-party resource does not perform and has no ability to compare the information they receive with personal data that can be used to identify the subject of personal data.


6. STORAGE OF USER DATA OF APPLICATION USERS
6.1 The storage of User Data, including personal data, is carried out in a form that allows the identification of the Subject of personal data, not longer than required by the purposes of processing of personal data, contracts, a party, a beneficiary of which is the Subject of personal data (Application User). Processed Personal Data shall be destroyed or depersonalized upon achievement of the purposes of processing or if it is no longer necessary to achieve those purposes.
6.2 If the consent of the Personal Data Subject to the processing of personal data specifies a specific retention period, personal data shall be stored within the period specified directly in the consent of the Personal Data Subject.
6.3 If the subject of personal data decides to withdraw their consent to the processing of their personal data, the operator is sent a corresponding statement containing the personal data of the subject of personal data, details of the identity document and the signature of the subject of personal data. If the Subject of personal data does not indicate specific types of personal data and purposes for which the consent is withdrawn in withdrawal of his Consent to personal data processing, the Operator considers that the consent is withdrawn for all types of personal data and purposes.
6.4 If the Application Owner receives an application from the Personal Data Subject to withdraw consent to the processing of personal data, the processing of personal data of the Application User shall be terminated within a period not exceeding ten (10) working days from the date of receipt. 
Application to withdraw consent to the processing of personal data shall be sent to e-mail: hello@kkartschool.com or by written request to the address of the owner of the Application: 143422, Moscow region, Krasnogorsk district, Krasnogorsk district, Mechnikovo, 25, apartment 23.
6.5 The subject of personal data has the right to receive information regarding the processing of his personal data, including containing:
1) confirmation of the fact of personal data processing by the Operator;
2) legal grounds and purposes of personal data processing;
3) the purposes and methods of personal data processing used by the Operator;
4) The name and location of the personal data Operator, information about persons (excluding the operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on other legal grounds;
5) Processed personal data relating to the relevant personal data subject, the source of its obtaining;
6) the terms of personal data processing, including the terms of their storage; 
7) the procedure of exercising by the personal data subject of his/her rights;
8) information on the performed or expected transborder transfer of data
9) The name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be assigned to such person;
10) Other information specified in the request of the Application User.
6.6 The User of the Application, as a subject of personal data, has the right:
6.6.1 Independently change or delete their personal data and other information taking into account the available functionality of the Application or by sending a notice of changes in their personal data to the e-mail address: hello@kkartschool.com or in writing in hard copy to the location address of the Owner of the Application: 143422, Moscow region, Krasnogorsk district, Mechnikovo, 25, sq. 23;
6.6.2. disable cookie processing in the browser settings or use anonymous browser browsing mode (incognito mode) to open and view pages;
6.6.3. require the Application Owner to clarify their personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take the provided measures to protect their rights;
6.6.4 Demand that the Application Owner provide information relating to the processing of its personal data on the basis of a written request. In particular, the request for information shall contain:
- series, number of the main identity document of the Personal Data Subject (his/her representative), information on the date of issue of the said document and the authority that issued it;
- Information confirming the participation of the Personal Data Subject in relations with the Application Owner (contract number, contract conclusion date, conventional word mark and/or other information), or information otherwise confirming the fact of personal data processing by the Operator;
- The signature of the Personal Data Subject (his/her representative).
6.7 The request may be sent in the form of an electronic document signed by the electronic signature of the Subject of personal data.
6.8 The Owner of the Application shall provide information to the Personal Data Subject or his/her representative upon his/her request in the form in which the relevant application or request was sent, unless otherwise specified in the application or request.
6.9 The Application Owner shall have the right to refuse to fulfill the request of the Subject of Personal Data that does not comply with the conditions specified in paragraph 6.6.4 of the Policy. Such refusal shall be reasoned. The obligation to provide evidence of the reasonableness of the refusal to comply with the repeated request lies with the Application Owner as the Personal Data Operator.
6.10. Subjects of personal data are responsible for providing the Owner of the Application with accurate information, as well as for the timely update of the data provided in case of any changes.
6.11. Processed Personal Data shall be destroyed or depersonalized in the following cases, unless otherwise provided by the agreement between the Application Owner and the Personal Data Subject, the contract, the beneficiary or guarantor under which the Personal Data Subject is: 
- Upon attainment of the purposes of processing;
- If there is no longer a need to achieve the purposes of processing;
- Expiration of consent or withdrawal of consent by the subject of personal data;
- identification of unlawful processing of personal data.
6.12. If there is no possibility of destruction of personal data, the operator shall block such personal data or ensure its blocking (if processing of personal data is performed by another person acting on behalf of the Personal Data Operator) and ensure destruction of personal data within a period not exceeding six months.


7. MEASURES TAKEN TO PROTECT APPLICATION USERS' PERSONAL DATA
7.1 When processing personal data, the Application Owner shall take or ensure that the necessary legal, technical and organizational measures are taken to protect personal information of Application Users from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions. 
7.2 The contracts between the Application Owner and the Application User shall stipulate the obligation of the parties to comply with the confidentiality of personal data.
7.3 If documents containing personal data are transmitted by e-mail, the Subject of personal data may encrypt them using one of the possible methods of protection agreed with the Application Owner. Refusal by the Data Subject to use the means of protection of personal data removes the responsibility of the Owner of the Application, as the Operator of personal data, to ensure confidentiality in the process of their transfer from the Data Subject to the Operator of personal data.


8. FINAL PROVISIONS
8.1. In case of loss or disclosure of confidential information, the Owner of the Application shall not be liable if such confidential information:
8.1.1. Became in the public domain prior to its loss or disclosure.
8.1.2 Was received from a third party prior to its receipt by the Application Owner.
8.1.3. was disclosed with the consent of the Application User.
8.2 The Application Owner has the right to make changes to the Privacy Policy without the consent of the Application User.
8.3 The new Privacy Policy comes into force from the moment of its posting on the Application, unless otherwise provided by the new version of the Privacy Policy.
8.4 The current Privacy Policy is posted in App.
8.5 The Application User expresses his consent to receive newsletters and promotional materials from the Application Owner, including, but not limited to, information about special offers and promotions, by e-mailing, sending SMS or messages in messengers WhatsApp, Telegram, Viber or other messengers.
8.6. Appendix No. 1 "Form of notification of Application users by means of a pop-up window" is an integral part of the Policy.


Addendum 1 
to Privacy Policy
Notification Form
Application users by means of a pop-up window
By installing the "KK Art School" Application (hereinafter - the Application), you agree to the terms of the Privacy Policy posted in the "Settings" - "Privacy Policy" section of the Application, as well as provide your consent to the processing of personal data.