Regulation on the processing and protection of personal data of users in the territory of the European Union (GDPR)
The policy was developed by Life Long Level Up Inc for site users
1. General regulations
1.1. users' personal data processing and protection policy (hereinafter referred to as policy) is developed according to the GDRP rules.
1.2. These Regulations is an official document and defines the order of processing and protection of information of natural persons who use services, information, programs of LifeLongLevelUp, located in domain name (hereinafter referred to as " service users").
1.3. The purpose of the Policy is to protect the privacy and personal data of users; define the order of processing personal data of users; ensure the protection of rights and freedoms of service users while processing their personal data, as well as establish the responsibility of employees and officials with access to personal data of users for failure to meet the requirements and regulations governing the processing and protection of personal data.
1.4 The Regulation defines the rights and obligations of the company's managers and employees, the order of using the specified data for business purposes, as well as the order of interaction regarding the collection, documentation, storage and destruction of personal data of users.
1.5 Procedure for enactment and amendment of the Regulations.
1.5.1 These Regulations shall come into force from the moment of their approval by the founder of the Company and shall remain in force indefinitely, until replaced by a new Regulations.
1.5.2 All amendments to the Regulations shall be communicated to all employees. Bringing to the attention of users the changes of these Regulations shall be made by publishing them on the company website.
1.6 All employees of the company shall be acquainted with these Regulations against signature.
1.7. Personal data of users is confidential information.
2. Basic concepts
2.1 For the purposes of these Regulations, the following basic concepts are used:
- personal data of users - any information pertaining to a certain or defined on the basis of such information to a user, including their surname, name, patronymic, year, month, date and place of birth, address, other information necessary for the Company to provide services using
- processing of personal data - collection, systematization, accumulation, storage, clarification (updating, modification), use, distribution (including transfer), depersonalization, blocking, destruction of personal data of users
- confidentiality of personal data - a mandatory requirement for persons who have access to personal data of users to prevent their dissemination without the consent of users or any other legal basis
- Distribution of personal data - actions aimed at the transfer of personal data of users to a certain circle of people (personal data transfer) or familiarization of personal data to an unlimited number of people, including the disclosure of personal data of users in the media, publishing in information and telecommunications networks or providing access to personal data of users in any other way
- Use of personal data - actions (operations) with personal data performed by a company official in order to make decisions or perform other actions that generate legal consequences in relation to the users of or otherwise affect their rights and freedoms or the rights and freedoms of others
- blocking of personal data - temporary suspension of collection, systematization, accumulation, use, distribution of personal data of users, including their transfer
- destruction of personal data - actions resulting in the impossibility to restore the content of personal data in the information system of personal data of users, or resulting in the destruction of tangible media of personal data
- depersonalization of personal data - actions resulting in impossibility to identify the personal data belonging to a certain user
- publicly accessible personal data - personal data, access to which is granted to the general public with the consent of the user of, or which are not subject to confidentiality requirements under federal laws
- information - information (messages, data) regardless of the form of its presentation
- documented information - information recorded on a tangible medium by means of documentation with requisites allowing to identify such information or its tangible medium
3. Concept and composition of personal data
3.1 Notion of personal data. Personal data of user is the information that is necessary for the Company to provide services when the user uses and that concerns the specific user
3.2 The personal data of user includes the data provided by the user himself/herself by filling in the forms, personal account and other sources on the website of the company, in particular
- surname, first name, patronymic
- Family name, first name and surname; ● Date and place of birth
- family name, given name and surname, date of birth, ● postal addresses (for registration and contacts)
- information on nationality
- basic identification document number, information on the date of issue of the document and issuing authority
- telephone numbers ● fax numbers
- telephone numbers ● fax numbers ● email addresses
- electronic mail addresses (e-mail) ● link to a personal website
- link to a personal website or social media accounts ● payment details
payment information (current and personal account details, details of the bank serving the application)
information on your metric data such as height and weight.
Personal data for the users of also include all user data collected via the website, as well as data that the service itself collects and processes using its computing power, in particular
- user pseudonym (login to a personal account)
- IP address of the user's device from which they access the website
- user search queries, internet addresses of web pages visited by the user, topics of information on the company website
- user identifier converted by means of a hash function or other modifications of
- the geographic address of the user's Internet connection point
- information that does not allow for the precise identification of the user or a specific natural person, but that provides sufficient information to provide advertising information about the user.
3.4 Personal data may also include additional information provided by the user to at the request of the company, in order for the company to fulfill its obligations to the user, arising from the use of
3.5 The Company has the right, in particular, to request from user a copy of an identity document, or other document containing your name, surname, your photo, as well as other additional data, which, at the Company's discretion, will be necessary and sufficient for user identification and will prevent abuse and violation of third parties' rights.
3.6 By using, the user is obliged to keep his personal data and the provided personal information up to date.
4. Receiving, collection, processing and protection of personal data
4.1 Information, containing personal data, is provided by user while filling the form on the website, entering information in personal cabinet, concluding contract or offer agreement, sending a letter to the company on behalf of the user.
4.2. user is obliged to provide true information about himself/herself to the company and timely inform the company about the changes in his/her personal data. The company has the right to check the authenticity of information provided by the user, requesting copies of his/her identification documents.
4.3 The company has no right to receive and process personal data of user about his race, nationality, political views, religious or philosophical beliefs, intimate life, in accordance with the GDRP.
4.4 The processing of personal data of user is carried out in order to ensure the observance of laws and other normative legal acts, to ensure the personal safety of user.
4.5. user gives his or her consent to the processing of personal data when filling in each data entry form on the website or in mobile applications, thus accepting the terms of the User Agreement (available at: ), and thus giving his or her consent to the processing of personal data, in accordance with the rules of GDRP>
4.6 Consent to processing of personal data is not required in the following cases:
- the processing of personal data is carried out for the purpose of executing the service contract concluded by the user with the Company, using
- processing of personal data is carried out for statistical or other scientific purposes under the condition of obligatory depersonalization of personal data>
- the processing of personal data is necessary to protect the life, health or other vital interests of the user, if their consent cannot be obtained
4.7 The procedure for processing, transferring and storing personal data. In order to ensure human and citizen's rights and freedoms, the Company's employees and officials shall observe the following general requirements when processing personal data of user:
4.7.1 In determining the scope and content of the personal data processed, the Company shall be guided by the GDRP regulations.
4.7.2 The protection of personal data of user against its unauthorized use or loss shall be ensured by the company at its own expense in the manner prescribed by federal law.
4.7.3 In all cases, user's waiver of their rights to keep and protect secrets is invalid.
5. Transfer and storage of personal data
5.1.1 Not to communicate the personal data of the user to any third party without the written consent of the user, except in cases where this is necessary to prevent threats to the life and health of the user, in cases established by legislation in EU territory, as well as the cases listed in the Privacy Policy.
5.1.2 To warn the persons who have received the personal data of the user of, that these data can be used only for the purposes for which they have been communicated, and to require from these persons to confirm that this rule has been respected. The persons who have received personal data from the user of are obliged to respect the regime of secrecy (confidentiality). This regulation does not apply to the exchange of personal data of users in accordance with the legislation in the EU
5.1.3 To carry out the transfer of personal data of users within the company in accordance with these Regulations.
5.1.4. Allow access to the personal data of users only to specially authorized persons, whereby the said persons shall have the right to receive only those personal data of users which are necessary for the performance of a specific function.
5.1.5 Reflect the information about the requests and issuance of personal data of users in a logbook of the established form.
5.2 Storage and use of personal data of users.
5.2.1 The personal data of users are processed and stored using automation means on local computers.
The personal data of users are stored on local computers in an information system, which is equipped with anti-virus protection and protection against network threats, both local and global, as well as authorized access by username and password.
5.2.2 The personal data of users can be received, processed and stored both on paper and electronically, via local computer network.
5.2.3. user's personal data in paper form shall be stored in folders and kept in a safe or fireproof cabinet. The personal data of the user is also stored electronically in a local computer network. Access to electronic databases containing personal data of user is secured with a system of passwords. The passwords are set by the Technical Specialist and communicated individually to the employees that have access to the personal data of the user.
Note: Storage of personal data of users in accounting department and other structural subdivisions of the company, whose employees have the right to access personal data, is carried out in order to exclude access to them by third parties.
5.2.4. Company employee, who has access to personal data of users due to his/her work duties (director, technical specialist, programmer, chief editor, technical support department specialists), shall ensure storage of information containing personal data of user, excluding access of third parties.
In the absence of the employee, no documents containing personal data of user shall be kept at their workplace. When the employee goes on holiday, business trip or other cases of prolonged absence at his/her workplace, he/she is obliged to give documents and other media, containing personal data of users, to the person, who will be responsible for the performance of his/her work duties by the local act of the company (order, instruction).
Note: In case such person has not been appointed, documents and other media containing personal data of users are handed over to another employee who has access to personal data of users, by the order of the head of the structural unit. Upon dismissal of the employee who has access to personal data of users, documents and other media containing personal data shall be transferred to another employee who has access to personal data of users, as directed by the head of the structural unit.
6. Access to personal data of service users
6.1 Internal access (company employees).
6.1.1 Access to personal data of users without special permission has employees who hold the following positions in the company and directly use the data for business purposes:
- chief executive officer, technical director
- employees of the technical support and development department
- Managing directors and employees in the business division
6.1.2 Authorized persons have the right to receive only those personal data of users, which are necessary for the performance of specific functions.
6.1.3 Access to personal data of users by other company employees who do not have proper access is prohibited.
6.1.4 The procedure for access to personal data of users includes:
- employee's acquaintance against signature with these Regulations. If there are other regulations (orders, instructions, etc.) regulating the processing and protection of personal data of users, the employee shall also get acquainted with these regulations against his/her signature.
- Demanding from the employee (with the exception of the company manager) a written commitment to respect the confidentiality of personal data of user and to comply with the rules of their processing, prepared according to the form established by the company.
6.1.5 The transfer, exchange, etc. Of personal data between the company's subdivisions shall be carried out only between employees who have access to personal data of users.
6.1.6 Copying and extracting the personal data of users is allowed only for business purposes with the written permission of the head of the relevant structural unit.
6.2 External access (other organisations and citizens).
6.2.2 The transfer of user's personal data to third parties is carried out for the purposes defined in the Privacy Policy with the consent of the user. This consent is given by the user by filling in the data entry form on the website or in mobile applications, which means that the user accepts the terms of the User Agreement (available at: ) and thereby gives their consent to the processing of personal data, in accordance with the GDRP.
6.2.3 The transfer of personal data of user for commercial purposes is not allowed without his written consent, issued according to the scheme established by the company. The processing of personal data of user for the purpose of promoting goods, works, services on the market through direct contact with the potential consumer by means of communication is allowed only with his/her prior consent.
6.2.4 Employees of the company, who transfer personal data of users to third parties, shall transfer them with compulsory drawing up of acceptance-transfer act of documents (other material media) containing personal data of users.
The act is to be drawn up in a prescribed form, and must contain a notice to the person receiving these documents of the obligation to use the confidential information received only for the purpose for which it has been communicated.
The transfer of documents (other tangible media) containing personal data of users is carried out in the presence of the person authorized to receive them:
- an agreement of non-disclosure of confidential information, or the existence of confidentiality clauses in the contract with the third party, including the protection of personal data of users
A letter of request from a third party, which must include the grounds for accessing the requested information containing personal data of users, its list, purpose of use, name and position of the person responsible for receiving the information
Responsibility for compliance with the above-mentioned procedure of providing personal data of user shall be borne by the company's employee, as well as the head of the structural unit, which carries out the transfer of personal data of user to third parties.
6.2.5 Personal data shall be transferred to user's representative (including lawyer) in accordance with the procedure established by applicable law and these Regulations. Information shall be transferred in the presence of one of the documents:
- a notarized power of attorney of user's representative written in the presence of a employee, or a notarized
Powers of attorney and applications shall be kept in the Records Management Unit.
6.2.6. Provision of personal data of users to state authorities is made in accordance with the requirements of current legislation and these Regulations.
6.2.7. The personal data of a user may be made available to relatives or family members only with the written permission of the user, except in cases where the transfer of the personal data of a user without their consent is allowed by the current legislation in the EU
6.2.8 Documents containing personal data of a user may be sent through the federal postal service organization. In this case, their confidentiality must be ensured.
The documents containing personal data are put in an envelope and accompanied by a cover letter. The envelope is labeled with an inscription that the contents of the envelope are confidential information and illegal disclosure is punishable by law. Further, the envelope with the covering letter is put into another envelope with only details required by the postal rules for registered mail.
6.3 The user of has the right
6.3.1 To be fully informed about their personal data and the processing of that data.
6.3.2 To have free access to their personal data, including the right to receive, free of charge, copies of any record containing personal data of the user, except in cases provided for by EU legislation.
6.3.3 To demand from the Company to clarify, exclude or correct incomplete, incorrect, outdated, unreliable, illegally obtained or not necessary for the Company personal data.
6.3.4 Receive from the Company:
- information on persons who have access to personal data or who may be granted such access
- list of personal data processed and the source of their receipt
- terms of processing of personal data, including terms of their storage
Details of legal consequences for the subject of personal data ● processing of his/her personal data
6.3.5. require notification of all persons, to whom incorrect or incomplete personal data have been previously communicated, about any deletions, corrections or additions made to the personal data.
6.3.6 To complain to the authorised body for protection of the rights of subjects of personal data or in court against unlawful acts or omissions of the Company in processing and protection of his personal data.
7. Organisation of user's personal data protection
7.1 The protection of personal data of user against their unauthorized use or loss is ensured by the company.
7.2 The general organization of the protection of personal data of users is carried out by the CEO.
7.3 The CEO ensures:
- acquaint the company's employees with these Regulations against signature.
- requesting a written commitment from employees (with the exception of those specified in clause 6.1.1 of these Regulations) to respect the confidentiality of personal data of users and to comply with the rules of their processing
- general control over the compliance of the Company's employees with the measures to protect the personal data of the user
7.4 The organization and control over protection of personal data of users in structural subdivisions of the Company, whose employees have access to personal data, are carried out by their direct supervisors.
7.5 Personal data of users is subject to protection:
- information about the personal data of a user
- documents containing personal data of the user
- personal data contained on electronic media
7.6 The protection of information stored in the company's electronic databases against unauthorized access, distortion and destruction of information, as well as against other unauthorized actions is ensured by the delimitation of access rights using an account and password system.
7.7 In order to ensure the safety and confidentiality of personal data of users, all operations on registration, formation, maintenance and storage of this information must be performed only by company employees, who perform this work in accordance with their job duties, recorded in their job descriptions.
7.8 Responses to written enquiries from other organizations and institutions within the limits of their competence and granted powers shall be given in writing on company letterhead and to the extent that does not allow disclosure of excessive personal information about users.
When the personal data of users are transferred to third parties, including users' representatives, in the manner established in these Regulations, this information is limited only to those personal data of users that are necessary for the third parties to perform their functions.
7.9 The transfer of information containing personal data of users by phone, fax, e-mail without the written consent of the user is prohibited.
8. Final Provisions
8.1 Persons guilty of violating the rules, regulating receiving, processing and protection of personal data of user shall bear material, disciplinary, administrative, civil or criminal responsibility in the manner prescribed by federal laws.
8.2 Disclosure of personal data of user (disclosure to unauthorized persons, including company employees who do not have access to it), their public disclosure, loss of documents and other media containing personal data of user, as well as other violations of the obligations for their protection and processing established by this Regulation, local normative acts (orders, instructions) of the Company, shall entail the imposition of disciplinary action – reprimand, reprimand, dismissal – on the employee having access to personal data.
8.3 Employees who have access to personal data of user and have committed this disciplinary offence shall bear full material responsibility in case of causing damage to the Company.
8.4 The employees who have access to personal data of user, who are guilty of illegal disclosure or use of personal data of users without their consent out of mercenary or other personal interest, and who have caused major damage, shall be held criminally responsible.