PRIVACY AND PERSONAL DATA PROCESSING POLICY
Moscow 31 March 2026
This policy, in accordance with Part 2 of Article 18.1 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data," defines the policy of MARINE COURSE Limited Liability Company (hereinafter referred to as the Operator) regarding the personal data processing and contains information on the Operator's personal data protection requirements. This policy applies to all personal data processed through the Site that the Operator receives or may receive from the User. This policy is an integral part of the Operator's internal document, which defines the Operator's general policy regarding the personal data processing and discloses general information on the Operator's personal data protection requirements.
1. GENERAL PROVISIONS
1. The following terms and definitions for the purposes of this policy have the following meaning:
"Personal data" means any information related to an individual (the subject of personal data), identified or identifiable on the basis of such information, including his/her surname, name, patronymic, email address, telephone number, and other information. For the purposes of this policy, personal data means both information the User provides about himself/herself when using the Site and information that is automatically transferred to the Operator during the use of the Site through the software installed on the User's device, including IP address, cookie data, information about the User's browser, technical specifications of the equipment and software used by the User, date and time of access to the Site, addresses of the requested website pages, and other similar information. In addition, for the purposes of this policy, personal data also include information about the User, the processing of which is provided for in the Agreement governing the use of the Site.
"Operator" - MARINE COURSE Limited Liability Company, TIN [Taxpayer Identification Number] 9707039746, PSRN [Primary State Registration Number] 1247700740418, address: 127006, Moscow, 34 Dolgorukovskaya St., bldg. 2, which processes personal data and determines the purposes of the personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data.
"User" is any individual (personal data subject), including those acting on behalf of and in the interests of a legal entity, who may provide his/her personal data to the Operator while using the Site, either independently or through the legal entity he/she represents, having consented to the terms set forth in the Agreement, either by signing it, or by performing the implicit actions specified therein aimed at using the Site. For the purposes of this policy, the term "User" also refers to individuals whose personal data are processed by the Operator on the Site user's instructions set forth in the Agreement.
"Site", "Personal data information system," and "Information system" mean the website available on the Internet at https://morkurs.ru/ , as well as the software modules, widgets, and feedback forms integrated therein (including those provided by third parties) used to interact with the User. The Site comprises a collection of information, text, graphic elements, designs, images, photos, videos, and other intellectual property.
"Agreement" is a user or other agreement between the User and the Operator, regulating the procedure for using the Site.
"Personal data processing" means actions (operations) with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.
"Automated personal data processing" is the personal data processing using computer technology.
"Non-automated personal data processing", "Personal data processing without the use of automation tools" mean the processing of personal data contained in a personal data information system or extracted from such a system in cases where such actions with personal data as use, clarification, distribution, destruction of personal data in relation to each of the subjects of personal data are carried out with the direct participation of a person.
"Personal data dissemination" means actions aimed at transferring personal data to a specific group of persons (transfer of personal data) or disclosing personal data to an unspecified group of persons.
"Personal data provision" means actions aimed at transferring personal data to a specific person or a specific group of persons.
"Personal data blocking" is a temporary cessation of the personal data processing (except in cases where processing is necessary to clarify personal data).
"Personal data destruction" means actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which the tangible media of personal data are destroyed.
"Personal data anonymization" means actions as a result of which it is impossible to determine the ownership of personal data by a specific subject without the use of additional information.
"Personal data use" means actions (operations) with personal data performed for the purpose of making decisions, concluding transactions or other actions that give rise to legal consequences in relation to subjects of personal data or otherwise affect their rights and freedoms or the rights and freedoms of other persons.
"Publicly available personal data" mean personal data, access to which by an unlimited group of persons is provided with the consent of the subject or to which, in accordance with federal laws, the requirement to maintain confidentiality does not apply.
"Personal data confidentiality" is a mandatory requirement for a person who has gained access to personal data to prevent its dissemination without the consent of the subject or other legal basis.
"Cookies" are small pieces of data sent by a web server and stored on the User's device. Cookies contain small pieces of text and are used to store information about browser activity. They allow to store and retrieve the identification information and other information on computers, smartphones, telephones, and other devices. Cookie specifications are described in RFC 6265. Other technologies are used for the same purposes, including data stored by browsers or devices, device-related identifiers, and other software. In this policy, all of these technologies are referred to as "cookies."
"Web beacons" and "pixels" are electronic images (single-pixel (1x1) or clear GIF images). Web beacons can help the Operator recognize certain types of information on the User's device, such as cookies, the time and date of a page view, and a description of the page where the web beacon is located.
"Counter" is a computer program that uses a piece of code installed on a website to analyze cookies and collect statistical and personal data about that website. Personal data is collected in an anonymized form.
"IP address" is a number from the numbering resource of a data transmission network built on the basis of the IP protocol (specification RFC 791 for IPv4 version and RFC 8200 for IPv6 version), which clearly defines, when providing telematic communication services, including access to the Internet, a subscriber terminal (computer, smartphone, tablet, other device) or communication equipment included in the information system and belonging to the User.
2. All other terms and definitions contained in the text of this policy shall be interpreted by the Parties in accordance with the legislation of the Russian Federation, current recommendations (RFC) of international Internet standardization authorities, and the usual rules for interpreting relevant terms that have developed on the Internet.
3. The terms and definitions used in this policy may be used in both singular and plural forms depending on the context, and the spelling of terms may be either capitalized or lowercase.
4. The titles of headings (articles), as well as the structure of the policy, are intended solely for the convenience of using the text of the policy and have no literal legal meaning.
5. This policy has been developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection", Federal Law No. 152-FZ of July 27, 2006 "On Personal Data", and other federal laws.
6. This policy defines the procedure and conditions for the personal data processing by the Operator, including the procedure for transferring personal data to third parties, the specifics of automated and non-automated personal data processing, the procedure for accessing personal data, the personal data protection system, the procedure for organizing internal control and liability for violations in the personal data processing, as well as other issues.
7. This policy shall come into force from the moment of its approval by the Operator and shall remain valid indefinitely until it is replaced by a new policy.
8. The Operator reserves the right to amend this policy without the User's consent. All changes to this policy are made by the Operator's executive directive.
9. This policy applies to all personal data processing carried out through the Site, both automated and non-automated (mixed processing). The Operator does not control and is not responsible for third-party websites that the User may access via links posted on the Site.
2. LEGAL BASIS FOR PERSONAL DATA PROCESSING
1. The Operator processes the User's personal data in accordance with the following documents:
- Constitution of the Russian Federation;
- Civil Code of the Russian Federation;
- Tax Code of the Russian Federation;
- Federal Law No. 152-FZ of 27.07.2006 "On Personal Data";
- Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection";
- Law of the Russian Federation No. 2300-1 of 07.02.1992 "On the Protection of Consumer Rights";
- Regulation of the Government of the Russian Federation No. 1025 of 15.08.1997 "On approval of the Rules for consumer services to the population in the Russian Federation";
- Regulation of the State Statistics Committee of the Russian Federation No. 1 of 05.01.2004 "On approval of standardized forms of primary records for employment and remuneration";
- Regulation of the Government of the Russian Federation of No. 687 15.09.2008 "On approval of the regulation on the specifics of personal data processing carried out without the use of automation tools";
- Regulation of the Government of the Russian Federation No. 1119 of 01.11.2012 "On approval of requirements for the personal data protection when processing them in personal data information systems";
- Decree of the Federal Service for Technical and Export Control of Russia No. 21 of 18.02.2013 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems";
- Decree of the Federal Security Service of Russia No. 378 of 10.07.2014 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems using cryptographic information protection tools necessary to meet the requirements for the personal data protection for each of the security levels established by the Government of the Russian Federation"
- other regulatory legal acts in the established sphere of the Operator's activity.
1. The User's personal data processing is carried out on the basis of and in pursuance of the Agreement governing the use of the Site and other agreements or contracts concluded between the User and the Operator.
2. The User's personal data processing may also be carried out based on his/her separate consent to such processing, which may be expressed directly while using the Site by clicking the appropriate button or by checking the appropriate checkbox. The validity period of such consent is specified in the User's consent.
3. PURPOSES OF COLLECTING PERSONAL DATA
1. The Operator processes only those personal data that are necessary for the use of the Site or the execution of agreements and contracts with the User, except in cases where the legislation of the Russian Federation provides for the mandatory storage of personal information for a period specified by law.
2. The Operator processes the User's personal data for the following purposes:
1. use of personal data of Users who are individuals using the Site on their own behalf, for the purposes of concluding and executing the Agreement or any other contract with the Operator;
2. use of personal data of Users who are individuals using the Site on behalf of the individual or legal entity they represent, for the purposes of concluding and executing the Agreement or any other contract with the Operator;
3. conducting statistical and other studies of the use of the Site based on anonymized data;
4. compliance with mandatory requirements of the legislation of the Russian Federation.
3. When processing personal data, the Operator does not combine databases containing personal data that are processed for incompatible purposes.
4. VOLUME AND CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF PERSONAL DATA SUBJECTS
1. When using interactive forms on the Site or when accessing messengers via links on the Site, the Operator may process the following User's data:
1. surname, name and patronymic;
2. mobile phone number;
3. email address;
4. account name (nickname) and user ID in instant messengers and social networks (VKontakte, Odnoklassniki and others), if the User uses them for communication;
2. Personal data permitted for processing in accordance with this policy and provided by Users who are individuals using the Site on behalf of the individual or legal entity they represent, by filling in the appropriate input fields when using the Site, may include the following information:
1. surname, name and patronymic;
2. mobile phone number;
3. email address;
4. account name (nickname) and user ID in instant messengers and social networks (VKontakte, Odnoklassniki and others), if the User uses them for communication;
3. Personal data processed in accordance with this policy and automatically transferred to the Operator during the use of the Site using software installed on the User's device may include the following information:
1. IP address of the User's device;
2. cookie data;
3. data collected by counters;
4. data obtained using web beacons;
5. information about the User's browser;
6. technical characteristics of the device and software;
7. date and time of access to the Site;
8. addresses of the requested pages of the Site;
9. geographic coordinates of the User's location.
4. The Operator does not process biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his or her identity can be established).
5. The Operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, or intimate life.
6. In accordance with this policy, the Operator processes personal data of individuals belonging to the following categories of personal data subjects:
1. individuals using the Site in accordance with the Agreement on its use on their own behalf;
2. individuals using the Site in accordance with the Agreement on its use on behalf of the individual or legal entity they represent.
5. PROCEDURE AND CONDITIONS FOR PERSONAL DATA PROCESSING
1. The Operator performs mixed processing of personal data (both with and without the use of automated tools). Personal data processing in information systems is carried out in accordance with the requirements of Russian Government Regulation No. 1119 of 01.11.2012.
2. The Operator processes and stores the User's personal data for the period necessary to achieve the personal data processing purposes specified in Section 3 of this Policy, unless a different storage period is established by the Russian Federation law. As a general rule, personal data are processed until the processing purposes are achieved, or until the User revokes consent (if processing is carried out on the basis of a consent), or for the periods established by law (for example, upon conclusion and execution of a contract and the need for subsequent document storage).
3. The User's personal data remains confidential, except in cases where the User voluntarily provides information about himself/herself for general access to an unlimited group of persons.
4. The Operator has the right to transfer the User's personal data to third parties in the following cases:
1. the User has consented to such actions, expressed in accordance with the terms of the Agreement on the Use of the Site;
2. the transfer is necessary for the User to use certain functionality of the Site (for example, for authorization through accounts on social networks) or for the execution of a certain agreement, contract or transaction with the User;
3. the transfer is provided for by the legislation of the Russian Federation or other applicable legislation within the framework of the procedure established by law;
4. In the event of a transfer of rights to the Site, it is necessary to transfer personal data to the acquirer simultaneously with the transfer of all obligations to comply with the terms of this policy in relation to the personal data received by him/her;
5. in the event that it is necessary to ensure the possibility of protecting the rights and legitimate interests of the Operator or third parties when the User violates this policy or the Agreement on the Use of the Site;
6. the transfer is necessary to ensure the functioning of the feedback forms and the Operator's CRM system;
7. the transfer may be carried out to providers of web‑analytics and marketing services, in order to ensure the functioning of the relevant counters, web beacons (pixels) and to obtain traffic statistics, as well as (with the User's consent) for the purposes of marketing and retargeting.
8. in other cases provided for by law.
5. In case of loss or unauthorized disclosure of personal data, the Operator informs the User of this fact.
6. The Operator shall take the necessary organizational and technical measures to protect the User's personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
7. The Operator, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or unauthorized disclosure of the User's personal data.
8. The Operator has the right to transfer personal data to inquiry and investigative bodies and other authorized bodies on the grounds stipulated by the current legislation of the Russian Federation.
9. When collecting personal data, the Operator records, systematizes, accumulates, stores, clarifies (updates, changes), and extracts personal data of the User who is a citizen of the Russian Federation, using databases located in the territory of the Russian Federation.
10. The Operator shall cease processing the User's personal data, the processing of which is carried out with his/her consent, upon expiration of the User's consent to their processing or upon the withdrawal of the User's consent to the processing of his/her personal data, as well as in the event of detection of unlawful processing of personal data or liquidation of the Operator, unless there are other legal grounds for processing.
11. The procedure for collecting and processing personal data using cookies is additionally regulated by the Cookie and Metrics Data Collection and Processing Policy, located at: https://morkurs.ru/documents/12/.
6. ACCESS TO PERSONAL DATA
1. Only the Operator's employees who, by virtue of their official duties, are authorized to work with the User's personal data, based on the list of persons authorized to work with personal data, which is approved by the Operator, have the right to access the User's personal data.
2. The list of employees who have access to personal data is maintained by the Operator up to date.
3. Access to the User's personal data by third parties who are not employees of the Operator is prohibited without the User's consent, except in cases established by the legislation of the Russian Federation.
4. The Operator's employee's access to the User's personal data ceases on the date of employment termination or on the date the employee loses the right to access the User's personal data due to a change in job responsibilities, position, or other circumstances, in accordance with the Operator's established procedures. In the event of employment termination, all media containing the User's personal data that were in the possession of the dismissed Operator's employee will be transferred to a superior employee in accordance with the procedures established by the Operator.
7. UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA
1. The User may at any time change, update, supplement or delete the personal data provided by him or her or part thereof using the Site interface.
2. In the event that the Operator independently discovers that the User's personal data are incomplete or inaccurate, the Operator shall take all possible measures to update the personal data and make appropriate corrections.
3. If it is impossible to update incomplete or inaccurate personal data of the User, the Operator takes measures to delete it.
4. If the User's personal data processing is found to be unlawful, the Operator will cease processing it and the personal data will be deleted.
5. In the event of the Site interface being inoperative or the lack of functionality on the Site for the User to change, update, supplement or delete personal data, as well as in any other cases, the User has the right to request in writing from the Operator clarification of his/her personal data, their blocking or destruction if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing.
6. The Operator shall make the necessary changes to personal data that are incomplete, inaccurate or outdated within a period not exceeding seven business days from the date the User provides information confirming that the personal data are incomplete, inaccurate or outdated.
7. The Operator shall destroy the User's personal data that were illegally obtained or are not necessary for the stated purpose of processing within a period not exceeding seven business days from the date the User provides information confirming that such personal data were illegally obtained or are not necessary for the stated purpose of processing.
8. The Operator notifies the User of the changes made and the measures taken and takes reasonable measures to notify third parties to whom the personal data of this User have been transferred.
9. The User's rights to modify, update, supplement, or delete personal data may be limited in accordance with legal requirements. Such restrictions may, in particular, include the Operator's obligation to retain personal data modified, updated, supplemented, or deleted by the User for a period specified by law and to transfer such personal data to government authorities in accordance with established procedures.
8. RESPONSES TO THE USER'S REQUESTS FOR ACCESS TO PERSONAL DATA
1. The User has the right to receive information from the Operator regarding his/her personal data processing, including:
1. confirmation of the fact of the personal data processing by the Operator;
2. legal grounds and purposes of the personal data processing;
3. the purposes and methods of the personal data processing used by the Operator;
4. the Operator's name and location, information about persons (except for the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of the federal law;
5. processed personal data related to the relevant User, the source of their receipt, unless another procedure for submitting such data is provided for by the federal law;
6. the terms of the personal data processing, including the terms of their storage;
7. the procedure for the User to exercise the rights provided for by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
8. information on completed or intended cross-border data transfer;
9. the name or surname, name, patronymic and address of the person processing the personal data on behalf of the Operator, if the processing is or will be entrusted to such a person;
10. other information provided by law.
2. The Operator provides free access to personal data processed and stored in the Operator's information system upon the User's request within thirty days from the date of receipt of the User's written request.
3. In the event of the Operator's refusal to provide information on the availability of personal data about the User or personal data to the User upon his/her request or upon receipt of the User's request, the Operator shall provide a reasoned response in writing, which shall be the basis for such refusal, within a period not exceeding thirty days from the date of the User's request or from the date of receipt of the User's request.
9. INFORMATION ON IMPLEMENTED REQUIREMENTS TO PROTECT PERSONAL DATA
1. The personal data security of during their processing in the information system is ensured by a personal data protection system that neutralizes current threats defined in accordance with Part 5 of Article 19 of the Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".
2. The personal data protection system applied by the Operator includes legal, organizational, technical and other measures to ensure the personal data security, determined taking into account current threats to the personal data security and information technologies used in information systems.
3. With regard to personal data for which the User has given consent for their processing by third parties, the Operator has the right to engage, on the basis of an agreement, another person to ensure the personal data security when processed in the information system.
4. When processing personal data in the Operator's information system, the latter ensures:
1. the implementation of measures aimed at preventing unauthorized access to the User's personal data and/or transfer thereof to persons who do not have the right to access such information;
2. the timely detection of unauthorized access to personal data;
3. the prevention of any impact on technical means involved in the personal data processin that may result in disruption of their functioning;
4. the ability to immediately restore personal data modified or destroyed due to unauthorized access;
5. the continuous monitoring of the level of the personal data protection.
5. In order to comply with the security requirements and implement a personal data security system, the Operator has developed a private model of security threats to the personal data information system.
6. In accordance with the RF Government Regulation No. 1119 of 01.11.2012 "On approval of requirements for the personal data protection when processing them in personal data information systems", the Operator has determined the level of the personal data protection when processing them in the personal data information system owned by the Operator.
7. The Operator has drawn up an act to determine the level of the personal data protection when processing them in the personal data information system.
8. Based on the act of determining the level of the personal data protection when processing them in the personal data information system without the use of automation tools, the Operator has developed and implemented a set of measures to protect and ensure the personal data security.
9. The Operator uses technical means and software to process and protect personal data, and also maintains a log of personal data protection measures.
10. Personal data information systems are hosted on servers of reliable hosting providers within the Russian Federation, ensuring the necessary physical and information security measures.
11. All the Operator's employees authorized to work with personal data, as well as those involved in the operation and maintenance of the personal data information system, are familiar with the requirements of this policy, as well as with the Operator's internal documents regulating the procedure for working with personal data.
12. The Operator has organized a process for training employees on the use of the personal data protection tools used by the Operator. This training is provided to employees with ongoing access to personal data, as well as to employees involved in the operation and maintenance of the personal data information system and personal data protection tools.
13. The Operator's internal documents stipulate that employees are required to immediately notify the appropriate Operator's official of any loss, damage, or shortage of information carriers containing personal data, as well as any attempts at unauthorized disclosure of personal data, its reasons, and conditions.
10. FINAL PROVISIONS
1. By using the Site, the User agrees to the terms of this Policy. If the User disagrees with the terms of this Policy, he/she shall immediately cease using the Site.
2. The law of the Russian Federation shall apply to this policy and to the relations between the User and the Operator arising in connection with the application of this policy.
3. This policy is permanently publicly available on the Operator's website at the following link: https://morkurs.ru/documents/12/.
4. The User has the right to send any offers or questions regarding this policy to the Operator's User Support Service by sending an email to the email address: info@morkurs.ru.
11. DETAILS
MARINE COURSE LLC
Legal address: 127006, Moscow, 34 Dolgorukovskaya St., bldg. 2
Actual (postal) address: 127006, Moscow, 34 Dolgorukovskaya St., bldg. 2, office 404
TIN/TRRC [Taxpayer Identification Number/Tax Registration Reason Code]: 9707039746/770701001
PSRN [Primary State Registration Number]: 1247700740418
Phone: +7 988 573-87-47
Email: info@morkurs.ru