Policy

**PERSONAL DATA PROCESSING POLICY**

## **1. General Provisions**

This personal data processing policy has been prepared in accordance with the requirements of the Personal Data Law (hereinafter referred to as the “Personal Data Law”) and determines the procedure for processing personal data and measures to ensure the security of personal data undertaken by **Fertik Vadim** (hereinafter referred to as the “Operator”).

### **1.1.**
The Operator considers compliance with human and civil rights and freedoms in the processing of personal data to be its highest priority, including the protection of the right to privacy, personal and family secrets.

### **1.2.**
This policy of the Operator regarding personal data processing (hereinafter referred to as the “Policy”) applies to all information that the Operator may obtain about visitors to the website **https://that-school.com**.

---

## **2. Key Terms Used in the Policy**

### **2.1.**
**Automated processing of personal data** – processing of personal data using computing technology.

### **2.2.**
**Blocking of personal data** – temporary suspension of personal data processing (except when processing is necessary for personal data clarification).

### **2.3.**
**Website** – a collection of graphical and informational materials, as well as software and databases, making them accessible via the Internet at **https://that-school.com**.

### **2.4.**
**Personal data information system** – a system that contains personal data in databases and processes them using information technologies and technical tools.

### **2.5.**
**Depersonalization of personal data** – actions that make it impossible to determine personal data ownership to a specific User without additional information.

### **2.6.**
**Processing of personal data** – any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, updating (modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

### **2.7.**
**Operator** – a state body, municipal body, legal or physical entity that independently or jointly organizes and/or carries out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data subject to processing, and the actions (operations) performed with personal data.

### **2.8.**
**Personal data** – any information related directly or indirectly to a specific or identifiable User of **https://that-school.com**.

### **2.9.**
**Personal data allowed for dissemination** – personal data to which an unlimited number of people have access, provided by the personal data subject through consent for processing personal data permitted for dissemination in accordance with the Personal Data Law.

### **2.10.**
**User** – any visitor to the website **https://that-school.com**.

### **2.11.**
**Provision of personal data** – actions aimed at disclosing personal data to a specific person or a specific circle of persons.

### **2.12.**
**Dissemination of personal data** – any actions aimed at disclosing personal data to an indefinite number of persons (transferring personal data) or providing access to personal data to an unlimited number of persons, including publication in mass media, posting in information and telecommunications networks, or providing access to personal data in any other way.

### **2.13.**
**Cross-border transfer of personal data** – transfer of personal data to the territory of a foreign state to a foreign government authority, foreign individual, or foreign legal entity.

### **2.14.**
**Destruction of personal data** – any actions that result in the irreversible destruction of personal data with the impossibility of further restoring the personal data content in the personal data information system and/or the destruction of physical carriers of personal data.

---

## **3. Operator’s Rights and Obligations**

### **3.1. The Operator has the right to:**
- Obtain accurate information and/or documents containing personal data from the data subject.
- Continue processing personal data without the data subject’s consent in cases specified by the Personal Data Law.
- Independently determine the scope and list of measures necessary and sufficient to ensure compliance with obligations under the Personal Data Law.

### **3.2. The Operator is obliged to:**
- Provide the data subject, upon request, with information regarding the processing of their personal data.
- Organize personal data processing in accordance with applicable law.
- Respond to requests and inquiries from data subjects and their legal representatives in accordance with the Personal Data Law.
- Notify the authorized body for personal data protection upon request within 10 days.
- Publish or otherwise provide unrestricted access to this Policy.
- Take legal, organizational, and technical measures to protect personal data from unauthorized access, destruction, modification, blocking, copying, dissemination, and other illegal actions.
- Cease the processing and destroy personal data in accordance with the Personal Data Law.
- Fulfill other obligations stipulated by the Personal Data Law.

---

## **4. Rights and Obligations of Personal Data Subjects**

### **4.1. Personal data subjects have the right to:**
- Obtain information regarding the processing of their personal data, except in cases provided by law.
- Demand that the Operator clarify, block, or destroy their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the declared purpose of processing.
- Revoke consent for the processing of personal data and request termination of processing.
- Appeal unlawful actions or inaction of the Operator to the authorized body for personal data protection or in court.
- Exercise other rights provided by law.

### **4.2. Personal data subjects must:**
- Provide the Operator with accurate information about themselves.
- Inform the Operator of updates to their personal data.

---

## **5. Principles of Personal Data Processing**

### **5.1.**
Processing is carried out on a lawful and fair basis.

### **5.2.**
Processing is limited to achieving specific, pre-defined, and lawful objectives.

### **5.3.**
Combining databases containing personal data processed for incompatible purposes is not allowed.

### **5.4.**
Personal data processing must be accurate, sufficient, and relevant to the purposes of processing.

---

## **6. Contact Information**

For any inquiries regarding this Policy, Users may contact the Operator via email: **gogolschooltlv@gmail.com** or **that.school.israel@gmail.com**.

The current version of this Policy is freely available at **https://that-school.com/policy**.