PRIVACY POLICY

  

                                                           GENERAL PROVISIONS

Individual entrepreneur Karina Andreevna Rybushkina, OGRNIP 316502400053386 INN 502481570625, Russian Federation, 191186, 143422, Moscow Region, Krasnogorsk district, Mechnikovo village, 25, sq. 23 e-mail: hello@kkartschool.com, (hereinafter referred to as the Application Owner or Personal Data Operator / Operator), which is the owner of the "KK Art School" mobile application, hereby defines the processing of User Data collected using the "KK Art School" mobile application (hereinafter referred to as the Application). KK Art School Mobile App shall mean a computer program designed to run on mobile technical devices, including, but not limited to, smartphones, tablets, watches, and developed for a specific platform (iOS, Android). 

Application User Data shall mean the information:

1.2.1.Personal information that the User provides about himself/herself when installing the Application (creating an account in the Application, if necessary) or when using the services of the Application, including the personal data of the User of the Application (hereinafter - the subject of personal data). 

1.2.2.Data that is automatically transmitted to the Application services in the course of their use with the Application installed on the User's mobile technical device, including the IP address, cookie data, information about the User's browser (or other program with which the User accesses the services), technical characteristics of equipment and software used by the User, date and time of access to the services, addresses of requested pages, and other similar information.

Specific types of Application User Data are specified in Section 2 of the Privacy Policy.

The Privacy Policy (the "Policy") is adopted to define the principles, purposes, legal grounds, procedures and conditions for the processing of User Application data, as well as to define the requirements for its protection implemented by the owner of the Application.

The Policy applies only to the Application. 

By downloading, installing and using the Application, the Application User agrees to the terms of this Policy and gives the Application access to their photo/video materials on the mobile technical device on which the Application is downloaded and installed, as well as agrees to the processing of their User Data by the Application Owner. The user of the Application means an individual who uses the Application on his mobile technical device, which he owns by right of ownership or other rights.

2. TYPES OF USER DATA OF APPLICATION USERS, RECEIVED AND PROCESSED BY THE OPERATOR

2.1 Types of Application User Data:

2.1.1 Personal data of Application Users (Subject of personal data):

- last name, first name, patronymic / username;

- gender;

- date of birth (date, month and year);

- age;

- bank account details;

- contact information (e-mail address, phone number, mailing address);

- photo and video images.

2.1.2 Other user data:

- cookies;

- IP - address used by the User's mobile technical devices in the Internet, to which the relevant mobile technical device is connected, as well as the time of this interaction, the name of the User's Internet service provider, the User's search queries, the geographical address of the User's Internet connection point, the name of the Application's User country, information about the amount of network traffic consumed;

- parameters of the technical device for accessing the Application;

- other information of the Application User of technical nature - the Application User ID, the number of Application pages viewed, the duration of Application usage, screen areas most frequently used by the Application User for navigation or selection; information about visits to other sites; token, the time of each token check in relation to systems. Identifier of systems visited by the User; source of advertising traffic, session ID, User alias and other analytical user information;

- information about the location of the User of the Application, transmitted by the geolocation service;

- Other information about the Application User depending on the product and/or work/services performed by the Application Owner.

2.2 In determining the composition of processed personal data, the Annex Owner, which is the operator of personal data, is guided by the minimum necessary list of personal data to achieve the purpose of processing of personal data.

2.3 When processing personal data, no excessive personal data may be collected in relation to the purposes of personal data processing stated in the Policy.

2.4 When using the Application, the User's mobile technical device ID will be sent to the external API of the Application.

3. THE PURPOSE OF PROCESSING USER DATA OF THE APPLICATION USERS

3.1 Processing of personal data and other personal information of Users of the Application (Subject of personal data) is carried out for the following purposes:

- Negotiating deals;

- conclusion, execution, and termination of transactions;

- reporting to state supervisory authorities;

- conducting promotions, advertising campaigns, events, surveys and research;

- providing the Subject of personal data with information about the services provided, the Application Owner's products, the development of new products, the services of the Application Owner's partners, informing about the proposals for the products and services of the Application Owner, the quality assessment of products and the quality of work performed / services provided, informing about events (for which prior consent to receive them is available);

- Processing of appeals, requests of the subjects of personal data;

- providing the User of the Application with access to the personalized resources of the Application, creating an account for the User of the Application;

- identification of the User registered in the Application;

- Providing the User of the Application with effective customer and technical support when problems arise related to the use of the Application;

- consideration, processing of applications, claims, appeals of Personal Data Subjects and sending responses to them on issues of cooperation, quality of products, quality of work performed / services rendered, quality of sales channels;

- The transfer of personal data by the Application Owner or the assignment of its processing to third parties for the purpose of providing services under the contract between the Application Owner and the Application User, or for the provision of advertising materials to the Application User;

- telephone, e-mail and other electronic communication channels in relation to the conclusion, execution and termination of transactions;

- collection of debts under contracts.

3.2 The owner of the Application independently, as well as with the help of online services, processes User Data for the purposes of analyzing the behavior of Application Visitors, as well as to analyze the effectiveness of advertising, optimization and promotion of resources on the "Internet"; tracking the status of the session of the Application Visitor; saving user preferences (language, interface settings Application) and to improve the operation and usability of Applications; improving products and services; to ensure the safety of the Visit Application Visitors are informed of such processing of User Data in advance, and may leave the Application in case of disagreement. In this case, their data is not processed. 

3.3 Processing of special categories of personal data related to race, ethnicity, political views, religious or philosophical beliefs, health, intimate life is not allowed.

4. PRINCIPLES OF PROCESSING USER DATA OF THE APPLICATION USERS

4.1 Processing of Application User Data is based on the following principles:

- the legality and fairness of the grounds for processing personal data, the legitimacy of the purposes and methods of processing personal data;

- Compliance of the purposes of personal data processing with the specific and predetermined goals stated when collecting personal data;

- Compliance of the content and scope of processed personal data, methods of personal data processing with the stated objectives of personal data processing. Processed personal data shall not be redundant in relation to the stated purposes of its processing;

- ensuring the accuracy, reliability, adequacy and, where necessary, relevance of personal data in relation to the stated purposes of their processing;

- Inadmissibility of combining databases containing personal data, which are being processed for purposes incompatible with each other.

3.2 Personal data shall be stored in a form that identifies the subject of personal data, no longer than required by the purposes of personal data processing, unless the period of storage of personal data is established by the contract, to which the subject of personal data is a party, a beneficiary of which is the subject of personal data. Processed personal data shall be destroyed or depersonalized upon achievement of processing purposes or in case of loss of necessity in achievement of such purposes.

5. PROCEDURE AND CONDITIONS OF USER DATA PROCESSING

5.1 Processing of user data means any action (operation) or a set of actions (operations) performed by the Application Owner and/or persons authorized by the Application Owner with or without the use of automation with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.

5.2 The processing of User Data shall be carried out in accordance with the purposes previously defined and stated when collecting personal data and specified in Section 3 of the Policy, and the provisions of the contracts concluded between the Application Owner and Users.

5.3 Processing of personal data is carried out both with and without the use of automated means, that is, with the use of computer technology.

5.4 Personal data received from the User of the Application, including information obtained automatically when the Subject of personal data is running the Application on a mobile technical device, is confidential, except when the Subject of personal data voluntarily provides information about themselves for general access to an unlimited number of people. 

5.5 The period of storage of personal data is stipulated in the consent of the subject of personal data, the terms of the contract concluded with the subject of personal data, but can not exceed the period of need for appropriate processing of personal data.

5.6 Receipt and processing of personal data is carried out with the written consent of the subject of personal data, except in cases where the processing of personal data is possible without the consent of the subject of personal data.

5.7 Consent to the processing of personal data may be given by the Subject of personal data or his representative in any form that allows to confirm the fact of its receipt.

5.8 Equivalent to the written consent of the Subject of personal data on paper, signed by the handwritten signature of the subject of personal data, consent in the form of an electronic document signed by the electronic signature of the subject of personal data is recognized.

5.9 Consent to the processing of personal data may be given by the Subject of personal data, including by performing the following conclusive actions:

- installation of the Application on the mobile technical device. Consent shall be deemed given from the moment of installation (download) on the User's mobile technical device of the Application and the first launch of the Application.

5.10. Personal data of the subject of personal data may be obtained not from the subject of personal data, but from a third party, provided that the consent of the subject of personal data to the processing of his personal data or the existence of grounds, when the processing of personal data without the consent of the subject of personal data is allowed.

5.11. If personal data is received not from the Personal Data Subject, but from third parties, the Application Owner as the Personal Data Operator shall provide the following information to the Personal Data Subject prior to processing of personal data:

1) the name or surname, first name, patronymic and address of the operator or its representative;

2) the purpose of personal data processing and its legal basis;

3) the intended users of personal data;

4) the rights of the Subject of personal data;

5) the source of receipt of personal data.

5.12. The Owner of the Application has the right to transfer to third parties personal data of the Application User in the following cases:

- at the request of law enforcement agencies and courts in connection with their activities within their competence;

- in order to protect the legal rights and interests of the Application Holder, including if the Application User violates the terms of the agreement entered into with the Application Holder;

- transmission of impersonal statistical information for research purposes, including marketing and advertising.

5.13. By installing the Application and viewing the information in the Application, acting freely, willingly and in their own interest, the Application User agrees that the Owner of the Application may independently process other User data specified in paragraph 2.1.2 of this Policy, and may also use a special program (metrics) "AppsFlyer" (hereinafter - Third Party Resource), which collects other User data in sections of the Application. 

5.14. The Application Owner has the right to change the Third Party Resource used by the Application Owner without the User's consent.

5.15. Third-party resource does not perform and has no opportunity to compare their received information with personal data that can be used to identify the subject of personal data.

6. STORAGE OF USER DATA OF THE APPLICATION USERS

6.1 The storage of User Data, including personal data, shall be in a form that allows to identify the Subject of personal data, no longer than required by the purposes of processing of personal data, contracts, a party to which, the beneficiary of which is the Subject of personal data (Annex User). Processed personal data shall be destroyed or depersonalized upon achievement of processing purposes or in case of loss of necessity in achievement of such purposes.

6.2 If the consent of the subject of personal data to the processing of personal data specifies a specific period of storage, the storage of personal data is carried out within the period directly provided by the consent of the subject of personal data.

6.3 In case of the decision of the subject of personal data to withdraw their consent to the processing of their personal data, the Operator shall be sent a corresponding application containing the personal data of the subject of personal data, details of the identity document and the signature of the subject of personal data. If the Subject of personal data does not indicate specific types of personal data and purposes for which consent is withdrawn in withdrawal of his/her consent to processing of personal data, the Operator shall consider that consent is withdrawn for all types of personal data and purposes.

6.4 If the Application Owner receives a request from the Subject of personal data to withdraw their consent to the processing of personal data, the processing of personal data of the Application User shall be terminated within a period not exceeding 10 (ten) working days from the date of receipt. 

Application to withdraw consent to the processing of personal data shall be sent to e-mail: hello@kkartschool.com or by written request to the location of the Annex Owner: 143422, Moscow region, Krasnogorsk district, Mechnikovo, 25, sq. 23.

6.5 The subject of personal data has the right to receive information relating to the processing of his or her personal data, including information containing:

1) confirmation of the fact of personal data processing by the Operator;

2) the legal basis and purpose of personal data processing;

3) the purposes and methods of personal data processing used by the operator;

4) the name and location of the personal data operator, information about persons (other than the operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the operator or on other legal grounds;

5) processed personal data relating to the relevant subject of personal data, the source of their receipt;

6) terms of processing personal data, including the terms of their storage; 

7) how the subject of personal data may exercise his or her rights;

8) information about the cross-border transfer of data that has taken place or is expected to take place;

9) the name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be assigned to such person;

10) other information specified in the request of the Application User.

6.6 The User of the Application, as the subject of personal data, has the right:

6.6.1. independently change or delete their personal data and other information with the available functionality of the Application or by sending a notice of changes in their personal data to e-mail: hello@kkartschool.com or in writing in hard copy to the location of the Owner of the Application: 143422, Moscow region, Krasnogorsk district, Mechnikovo, 25, sq. 23;

6.6.2. disable cookie processing in the browser settings or use the anonymous browser browsing mode (incognito mode) to open and view pages;

6.6.3. require the Application Holder to clarify their personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take appropriate measures to protect their rights;

6.6.4. require the Application Holder to provide information regarding the processing of their personal data on the basis of a written request. In particular, the request for information in must contain:

- series, number of the main document certifying the identity of the subject of personal data (his/her representative), information about the date of issue of the specified document and the authority that issued it;

- Information confirming the participation of the Subject of personal data in the relationship with the Application Holder (contract number, contract conclusion date, conventional word mark and/or other information), or information otherwise confirming the fact of personal data processing by the Operator;

- signature of the subject of personal data (his/her representative).

6.7 The request may be sent in the form of an electronic document signed by the electronic signature of the Subject of personal data.

6.8 The Owner of the Application shall provide information to the subject of personal data or his representative at his request in the form in which the relevant application or request was sent, unless otherwise specified in the application or request.

6.9 The Owner of the Application has the right to refuse to fulfill the request of the Subject of personal data that does not comply with the conditions specified in paragraph 6.6.4 of the Policy. Such refusal shall be motivated. The obligation to provide evidence of the reasonableness of the refusal to comply with the repeated request lies with the Application Holder as the Personal Data Operator.

6.10. Subjects of personal data are responsible for providing the Owner of the Application with accurate information, as well as for the timely update of the data provided in case of any changes.

6.11. Processed personal data is subject to destruction or depersonalization in the following cases, unless otherwise provided by the agreement between the Application Owner and the Subject of personal data, the contract, the beneficiary or guarantor under which is the subject of personal data: 

- when the processing goals have been reached;

- in the event of a loss of the need to achieve the processing goals;

- expiration of consent or withdrawal of consent by the subject of personal data;

- Identification of improper processing of personal data.

6.12. If there is no possibility of destroying personal data, the operator shall block such personal data or ensure its blocking (if the processing of personal data is carried out by another person acting on behalf of the personal data operator) and ensure the destruction of personal data within a period not exceeding six months.

7. MEASURES TAKEN TO PROTECT THE USER DATA OF APPLICATION USERS

7.1 When processing personal data, the Application Owner shall take the necessary legal, technical and organizational measures or ensure their adoption in order to protect personal information of Application Users from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions. 

7.2 The contracts between the Application Owner and the Application User stipulate the obligation of the parties to respect the confidentiality of personal data.

7.3 If documents containing personal data are transmitted by e-mail, the Subject of personal data may encrypt them using one of the possible means of protection agreed with the Application Holder. The refusal of the Subject of personal data to use the means of protection of personal data removes the responsibility of the Owner of the Application, as the Operator of personal data, to ensure confidentiality in the process of their transfer from the Subject of personal data to the Operator of personal data.

8. FINAL PROVISIONS

8.1. In the event of loss or disclosure of confidential information, the Application Holder shall not be liable if such confidential information is lost or disclosed:

8.1.1. has fallen into the public domain before its loss or disclosure.

8.1.2. has been received from a third party prior to its receipt by the Application Holder.

8.1.3. has been disclosed with the consent of the Application User.

8.2 The Application Owner has the right to make changes to the Privacy Policy without the consent of the Application User.

8.3 The new Privacy Policy shall be effective from the date of its posting on the Appendix, unless otherwise provided for in the new Privacy Policy.

8.4 The current Privacy Policy can be found in the Settings - Privacy Policy section of the Application.

8.5. Your app is uploading user's Image information without posting a privacy policy in Play Distributed App.

8.6. The User of the Application expresses his consent to receive from the Owner of the Application newsletters and promotional materials, including, but not limited to, information about special offers and promotions, by mailing to e-mail, sending SMS or messages in messengers WhatsApp, Telegram, Viber or other messengers.

8.6. Appendix #1 "Application User Notification Form with a Pop-Up Window" is an integral part of this Policy.

Appendix 1 

to the Privacy Policy

Notification form

Application users with a popup window

By installing the "KK Art School" Application (hereinafter, the "Application"), you agree to the terms of the Privacy Policy posted in the "Settings" - "Privacy Policy" section of the Application, as well as provide your consent to the processing of personal data and consent to receive promotional materials.