The QARP Privacy Policy
1. Introduction
1.1. The Privacy Policy (hereinafter referred to as the “Policy”) has been developed and is applied by The QARP Academy SL NIF B19913078 (hereinafter referred to as the “Operator”) in accordance with the General Data Protection Regulation (GDPR) (hereinafter referred to as the “Regulation”), which came into force on May 25, 2018.
1.2.This Policy defines the procedure and methods for collecting, using, disclosing and managing personal information about users.
1.3.Personal information is any information about a user (hereinafter referred to as “User”) collected by the Company, which includes (1) any information that can be used to identify or trace an individual, such as full name, date and place of birth, mother's maiden name or biometric records, country of residence; and (2) any other information that is associated with or directly links to an individual, such as medical, educational, financial and employment information (hereinafter referred to as “Information”).
1.4. All issues related to the processing of Information not regulated by this Policy shall be resolved in accordance with current national and international legislation in the field of Information protection.
2. Basic Provisions
2.1. The purpose of processing the Information is:
●Providing access to online courses for the purpose of knowledge and skills acquiring by User;
●Providing audit services or information and consulting services
●Providing access to webinars;
●Providing services, processing requests and applications from the User;
●Establishing feedback with the User, including sending notifications and requests;
●Confirming the completeness of the personal data provided by the User;
●Concluding contracts with the User, their execution and implementation of mutual settlements;
●Collecting statistics for data analysis;
●Conducting marketing (advertising) events, sending offers, promoting services on the market by implementing direct contacts with a potential consumer;
●Automatic inclusion in the mailing list;
●Providing the User with the opportunity to interact with the site;
●Assistance to the User in finding a job.
2.2. The Processing of Information is organized by the Operator based on the following principles:
●Lawfulness, fairness and transparency: personal data must be obtained by lawful and fair means with the consent of the User.
●Purpose limitation: the purpose of data collection must be specified at the time of collection, and the data must not be used for anything other than the original intention.
●Data minimization: the collected data must correspond to the initially specified purpose.
●Accuracy: personal information must be accurate, complete and up-to-date to the extent necessary for the specified purposes.
●Storage limitation: data is stored in a form that allows identification of the user for no longer than is necessary to fulfill the purposes of information processing.
●Integrity and confidentiality: personal data must be protected by security guarantees against risks such as loss or unauthorized access, destruction, use, modification or disclosure of data.
●Accountability: the Operator is responsible and must be able to demonstrate compliance with the measures specified above.
2.3. The Operator processes the following information about the User:
●first name, last name, second name;
●phone number;
●e-mail;
●country and city of residence;
●social status;
●work experience and other information related to professional activity.
2.4. In this Policy, processing of Information means any action (operation) or set of actions (operations) performed with or without the use of automation tools with Information, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (including cross-border, distribution, provision, access), depersonalization, blocking, deletion, destruction of Information.
2.5. When processing Information, the Operator applies legal, organizational and technical measures to ensure the security of Information in accordance with the Regulations.
2.6. The operator provides services through its website https://en.theqarp.com/. The site uses the HTTPS extension to the HTTP protocol to improve security and protect information.
2.7. The operator accepts the terms of the concept of designed privacy by default, the so-called privacy by default.
2.8. The Operator does not disclose to third parties or distribute Information without the consent of the User, except in cases provided for by applicable national and international legislation and this Policy.
2.9. The assessment of the damage that may be caused to the User in the event of the Operator’s violation of the requirements of national and international legislation in the field of Information protection is determined in accordance with the Regulations.
2.9.1. The ratio of the specified damage and the measures taken by the Operator aimed at preventing, preventing and/or eliminating its consequences is determined in accordance with the current national and international legislation in the field of Information protection.
2.10. The storage of personal data of users is carried out in a form that allows the identification of the User.
2.11. Information has to be destructed upon achievement of the processing purposes. Information is deleted by deleting the account, after which such record cannot be restored.
3. Third parties involved in the processing of Information
3.1. Tilda Platform Cloud Services Co. LLC, license 1110180,
postal address: P.O. Box #450767, Dubai, UAE.
3.2. Hosting services and dedicated server services are provided by Selectel LLC https://selectel.ru/about/detail.
3.3. Google LLC 1600 Amphitheatre Parkway, Mountain View, California, 94043, USA
4. Responsible for processing Information
4.1. The Operator or his legal representative is responsible for processing the Information.
4.2. The person responsible for processing the Information is obliged to:
4.2.1. Carry out internal control over compliance with national and international legislation on personal data, including requirements for the protection of personal data;
4.2.2. Monitor the receipt and processing of requests and inquiries from Subjects or their representatives;
4.2.3. Take measures to detect facts of unauthorized access to the Information;
4.2.4. Carry out ongoing control over ensuring the level of security of the Information;
4.2.5. Carry out internal control and (or) audit of compliance of the processing of Information with national and international legislation in the field of Information protection.
5. The procedure for ensuring the rights of the User by the Operator
5.1. The subject has the rights provided for by the Regulation and national and international legislation in the field of Information protection.
5.2. The Operator ensures the rights of personal data subjects in the manner established by the Regulations.
5.3. The User has the right to:
●request confirmation of the fact of processing of Information, the place and purpose of processing, the categories of Information being processed, to which third parties the Information is disclosed, the period during which the Information will be processed, as well as to clarify the source of receipt of the Information by the Operator and demand its correction;
●demand termination of the processing of Information;
●demand deletion of Information upon request in order to avoid its dissemination or transfer to third parties (the right to be forgotten).
5.4. In case of violations in the processing and protection of Information that have caused significant harm to the User, the Operator is obliged to notify the regulator and the User itself within 72 hours from the moment of discovery of the fact of violations.
5.5. The representative’s authority to represent the interests of each Subject is confirmed by the relevant power of attorney.
5.6. The User's right to access his Information may be limited in accordance with local and international legislation.
5.7. The Operator is obliged, upon request from the User of Information or his representative, or within ten working days from the date of receipt of the request from the User or his representative, to provide the User or his representative, free of charge, with the opportunity to become familiar with the Information related to this User.
5.8. Information is stored from the moment it is received until the moment the purpose of its processing is achieved, after which no later than 30 days the Information is destroyed due to the achievement of the purpose of processing.
5.9. Information may not be used for purposes that contradict the requirements of national and international legislation, the protection of the foundations of the constitutional order, morality, health, rights and legitimate interests of others, ensuring the defense of the country and state security.
1.1. The Privacy Policy (hereinafter referred to as the “Policy”) has been developed and is applied by The QARP Academy SL NIF B19913078 (hereinafter referred to as the “Operator”) in accordance with the General Data Protection Regulation (GDPR) (hereinafter referred to as the “Regulation”), which came into force on May 25, 2018.
1.2.This Policy defines the procedure and methods for collecting, using, disclosing and managing personal information about users.
1.3.Personal information is any information about a user (hereinafter referred to as “User”) collected by the Company, which includes (1) any information that can be used to identify or trace an individual, such as full name, date and place of birth, mother's maiden name or biometric records, country of residence; and (2) any other information that is associated with or directly links to an individual, such as medical, educational, financial and employment information (hereinafter referred to as “Information”).
1.4. All issues related to the processing of Information not regulated by this Policy shall be resolved in accordance with current national and international legislation in the field of Information protection.
2. Basic Provisions
2.1. The purpose of processing the Information is:
●Providing access to online courses for the purpose of knowledge and skills acquiring by User;
●Providing audit services or information and consulting services
●Providing access to webinars;
●Providing services, processing requests and applications from the User;
●Establishing feedback with the User, including sending notifications and requests;
●Confirming the completeness of the personal data provided by the User;
●Concluding contracts with the User, their execution and implementation of mutual settlements;
●Collecting statistics for data analysis;
●Conducting marketing (advertising) events, sending offers, promoting services on the market by implementing direct contacts with a potential consumer;
●Automatic inclusion in the mailing list;
●Providing the User with the opportunity to interact with the site;
●Assistance to the User in finding a job.
2.2. The Processing of Information is organized by the Operator based on the following principles:
●Lawfulness, fairness and transparency: personal data must be obtained by lawful and fair means with the consent of the User.
●Purpose limitation: the purpose of data collection must be specified at the time of collection, and the data must not be used for anything other than the original intention.
●Data minimization: the collected data must correspond to the initially specified purpose.
●Accuracy: personal information must be accurate, complete and up-to-date to the extent necessary for the specified purposes.
●Storage limitation: data is stored in a form that allows identification of the user for no longer than is necessary to fulfill the purposes of information processing.
●Integrity and confidentiality: personal data must be protected by security guarantees against risks such as loss or unauthorized access, destruction, use, modification or disclosure of data.
●Accountability: the Operator is responsible and must be able to demonstrate compliance with the measures specified above.
2.3. The Operator processes the following information about the User:
●first name, last name, second name;
●phone number;
●e-mail;
●country and city of residence;
●social status;
●work experience and other information related to professional activity.
2.4. In this Policy, processing of Information means any action (operation) or set of actions (operations) performed with or without the use of automation tools with Information, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (including cross-border, distribution, provision, access), depersonalization, blocking, deletion, destruction of Information.
2.5. When processing Information, the Operator applies legal, organizational and technical measures to ensure the security of Information in accordance with the Regulations.
2.6. The operator provides services through its website https://en.theqarp.com/. The site uses the HTTPS extension to the HTTP protocol to improve security and protect information.
2.7. The operator accepts the terms of the concept of designed privacy by default, the so-called privacy by default.
2.8. The Operator does not disclose to third parties or distribute Information without the consent of the User, except in cases provided for by applicable national and international legislation and this Policy.
2.9. The assessment of the damage that may be caused to the User in the event of the Operator’s violation of the requirements of national and international legislation in the field of Information protection is determined in accordance with the Regulations.
2.9.1. The ratio of the specified damage and the measures taken by the Operator aimed at preventing, preventing and/or eliminating its consequences is determined in accordance with the current national and international legislation in the field of Information protection.
2.10. The storage of personal data of users is carried out in a form that allows the identification of the User.
2.11. Information has to be destructed upon achievement of the processing purposes. Information is deleted by deleting the account, after which such record cannot be restored.
3. Third parties involved in the processing of Information
3.1. Tilda Platform Cloud Services Co. LLC, license 1110180,
postal address: P.O. Box #450767, Dubai, UAE.
3.2. Hosting services and dedicated server services are provided by Selectel LLC https://selectel.ru/about/detail.
3.3. Google LLC 1600 Amphitheatre Parkway, Mountain View, California, 94043, USA
4. Responsible for processing Information
4.1. The Operator or his legal representative is responsible for processing the Information.
4.2. The person responsible for processing the Information is obliged to:
4.2.1. Carry out internal control over compliance with national and international legislation on personal data, including requirements for the protection of personal data;
4.2.2. Monitor the receipt and processing of requests and inquiries from Subjects or their representatives;
4.2.3. Take measures to detect facts of unauthorized access to the Information;
4.2.4. Carry out ongoing control over ensuring the level of security of the Information;
4.2.5. Carry out internal control and (or) audit of compliance of the processing of Information with national and international legislation in the field of Information protection.
5. The procedure for ensuring the rights of the User by the Operator
5.1. The subject has the rights provided for by the Regulation and national and international legislation in the field of Information protection.
5.2. The Operator ensures the rights of personal data subjects in the manner established by the Regulations.
5.3. The User has the right to:
●request confirmation of the fact of processing of Information, the place and purpose of processing, the categories of Information being processed, to which third parties the Information is disclosed, the period during which the Information will be processed, as well as to clarify the source of receipt of the Information by the Operator and demand its correction;
●demand termination of the processing of Information;
●demand deletion of Information upon request in order to avoid its dissemination or transfer to third parties (the right to be forgotten).
5.4. In case of violations in the processing and protection of Information that have caused significant harm to the User, the Operator is obliged to notify the regulator and the User itself within 72 hours from the moment of discovery of the fact of violations.
5.5. The representative’s authority to represent the interests of each Subject is confirmed by the relevant power of attorney.
5.6. The User's right to access his Information may be limited in accordance with local and international legislation.
5.7. The Operator is obliged, upon request from the User of Information or his representative, or within ten working days from the date of receipt of the request from the User or his representative, to provide the User or his representative, free of charge, with the opportunity to become familiar with the Information related to this User.
5.8. Information is stored from the moment it is received until the moment the purpose of its processing is achieved, after which no later than 30 days the Information is destroyed due to the achievement of the purpose of processing.
5.9. Information may not be used for purposes that contradict the requirements of national and international legislation, the protection of the foundations of the constitutional order, morality, health, rights and legitimate interests of others, ensuring the defense of the country and state security.