List of active policies

Full policy

POLICY ON PERSONAL DATA PROCESSING ON THE EDUCATIONAL PORTAL OF SCHOOL OF BUSINESS OF BSU

CHAPTER 1. GENERAL PROVISIONS

1. The Policy on Processing of Personal Data on the Educational Portal (hereinafter - the Policy) in the State Educational Institution "School of Business of Belarusian State University" (hereinafter - the Operator) defines the basic principles, objectives, conditions and methods of personal data processing, the list of processed personal data, rights of subjects of personal data, as well as requirements to protection of personal data implemented by the Operator.

2. This policy of personal data processing is developed taking into account the requirements of the Constitution of the Republic of Belarus, Law of the Republic of Belarus of 07.05.2021

№ 99-3 "On protection of personal data" (hereinafter - Law № 99-3) and other statutory acts of the Republic of Belarus in the field of protection of personal data.

З. The operator's most important goal and condition for carrying out its activities is to observe human and civil rights and freedoms when processing personal data, including protection of rights to privacy, personal and family secrets.

4. This Policy applies to all information that Operator may receive about visitors to the  http://eng.sbcde.by/ website (the "Site") and its sub-domains.

5. Use of the Site by the User means consent to this Privacy Policy and the terms of personal data processing.

CHAPTER 2. BASIC CONCEPTS USED IN POLICY

6. Automated processing of personal data - processing of personal data by means of computer technology.

7. Website - a set of graphic and informational materials, as well as programs for computers and databases, making them available on the Internet at the network address http://eng.sbcde.by/.

 8. Information system of personal data is a set of personal data contained in databases of personal data and information technologies and technical means ensuring its processing.

9. Disclosure of personal data - actions that make it impossible to determine, without the use of additional information, whether the personal data belongs to a particular user or another subject of personal data.

10. Processing of personal data means any action (operation) or a set of actions (operations) performed with or without the use of means of automation with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data.

11. Operator - a state body, legal entity or individual, independently or together with other persons, organizing and (or) carrying out processing of personal data, as well as determining the purposes of processing of personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

12. Personal data - any information relating to an identified individual or an identifiable individual.

13. User - any visitor to http://eng.sbcde.by/ and its subdomains.

14. Provision of personal data - actions aimed at familiarization with personal data of a certain person or a circle of persons.

15. Dissemination of personal data - actions aimed at familiarization with personal data of an indefinite range of persons.

16. Personal data subject is a natural person in respect of whom personal data is processed.

17. Destruction of personal data means any actions resulting in the irretrievable destruction of personal data with the impossibility of further restoration of the content of personal data in the information system of personal data and (or) destruction of tangible media of personal data.

CHAPTER 3. BASIC RIGHTS AND OBLIGATIONS OF THE OPERATOR

18. The operator has the right:

• to process personal data on the subject of personal data in accordance with the stated purpose;
• require the subject of personal data to provide accurate personal data needed to perform the contract, the identification of the subject of personal data, as well as in other cases prescribed by the legislation on personal data;
• to process publicly available personal data of individuals;
• process personal data subject to publication or mandatory disclosure in accordance with the law;
• entrust the processing of personal data to an authorized person, subject to the provision of effective means of protection by a third party.

19. The operator is obliged to:

• provide the subject of personal data, at his/her request, information relating to the processing of his/her personal data;
• provide the subject of personal data information about his personal data, as well as the provision of his personal data to third parties, except in cases defined by Law № 99-3 and other legislative acts;
• make changes to personal data that are incomplete, outdated or inaccurate, except
• in cases defined by Law № 99-3 and other legislative acts;
• cease processing of personal data, as well as their removal or blocking (to ensure the cessation of processing of personal data, as well as their removal or blocking by an authorized person) in the absence of grounds for the processing of personal data;
• modify, block or delete inaccurate or illegally obtained personal data on the subject of personal data at the request of the authorized body for the protection of the rights of subjects of personal data;
• take legal, organizational and technical measures to ensure protection of personal data from unauthorized or accidental access, modification, blocking, copying, distribution, provision, deletion of personal data, as well as other unlawful acts in relation to personal data;
• perform other duties stipulated by law.

CHAPTER 4. BASIC RIGHTS AND OBLIGATIONS OF PERSONAL DATA SUBJECTS

20. Subjects of personal data have the right:

• to receive information relating to the processing of his personal data in the manner, form and timing prescribed by the legislation on personal data;
• to receive information about the provision of their personal data to third parties in accordance with the legislation on personal data;
• demand that your personal data be amended if it is incomplete, outdated or inaccurate;
• require the Operator to clarify his personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
• to take statutory measures to protect their rights;
• withdraw your consent to the processing of personal data.

21. Subjects of personal data shall:

• provide the Operator with reliable data about himself;
• inform the Operator about clarification (update, change) of his personal data.

22. Persons who provided the Operator with false information about themselves, or information about another subject of personal data without the consent of the latter, shall be liable in accordance with the law.

CHAPTER 5. LIST OF PERSONAL DATA PROCESSED BY THE OPERATOR

23. This Policy establishes the obligations of the Administration of the site not to disclose and ensure the protection of confidentiality of personal data, which the User provides at the request of the Administration of the site during registration on the site.

24. The content and scope of personal data of each category of subjects is determined by the need to achieve the specific objectives of their processing, as well as the need for the Operator to exercise its rights and obligations, as well as the rights and obligations of the relevant subject.

25. The list of personal data processed by the Operator is determined in accordance with the legislation of the Republic of Belarus, local acts, achievement of the goals and includes:

• Surname, first name, patronymic.
• Email address.
• The number of the student card.

26. The above data is hereinafter referred to in this Policy under the general term Personal Data.

27. Personal data is not only information that directly identifies or makes it possible to identify an individual, but also information that, in combination with other available or accessible information, could reasonably be used to identify an individual (cookies, IP address, etc.).

28. Disabling cookies may prevent you from accessing parts of the site that require authorization.

CHAPTER 6. PRINCIPLES OF PERSONAL DATA PROCESSING

29. The processing of personal data shall be lawful and fair.

30. Processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of personal data collection shall not be permitted.

31. Databases containing personal data whose processing is incompatible with each other may not be combined.

32. Only personal data that meets the purposes for which it is processed may be processed.

33. The content and scope of processed personal data correspond to the stated processing purposes. Processed personal data shall not be excessive in relation to the stated purposes of its processing.

34. When processing personal data, the accuracy of personal data, its sufficiency and, if necessary, relevance in relation to the purpose of personal data processing shall be ensured.

The operator shall take the necessary measures and/or ensure that they are taken to remove or clarify incomplete or inaccurate data.

CHAPTER 7. PURPOSE OF COLLECTING PERSONAL USER INFORMATION

35. Purpose of processing of personal data of the User:

• identification of the User registered on the site for its further authorization;
• providing the User with access to the services, information and/or materials contained on the website http://eng.sbcde.by/ and its subdomains;
• confirmation of the accuracy and completeness of the personal data provided by the User;
• establishment of feedback with the User, including sending notices, inquiries regarding the use of the Site, processing of requests and applications from the User;
• providing the User with customer and technical support in case of problems related to the use of the Site.

36. Anonymized User data collected through Internet statistical services is used to collect information about Users' actions on the site, to improve the quality of the site and its content.

CHAPTER 8. PROCEDURE FOR COLLECTING, STORING, TRANSFERRING AND OTHERWISE PROCESSING PERSONAL DATA

37. The operator ensures the safety of personal data and takes all possible measures to exclude access to personal data by unauthorized persons.

38. In case of detection of inaccuracies in the personal data, the User can update them on their own or by sending a notification to the Operator's e-mail address cdesbmt@gmail.com with a note "Updating of personal data".

39. The term of processing of personal data is determined by achieving the purposes for which the personal data was collected, unless a different term is stipulated by contract or applicable law.

40. The condition for termination of personal data processing may be achievement of the personal data processing objectives, expiration of the consent of the subject of personal data or withdrawal of consent by the subject of personal data, as well as detection of unlawful processing of personal data.

41. The operator ensures the confidentiality of personal data when processing personal data.

42. The Administration of the site takes necessary organizational and technical measures to protect personal information of the User from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions of third parties.

43. The Administration of the site together with the User shall take all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of personal data of the User.

44. The operator shall store personal data in a form that makes it possible to identify the subject of personal data for no longer than the purposes of personal data processing require.

45. The condition for termination of personal data processing may be the achievement of the objectives of personal data processing, the expiration of the consent of the subject of personal data or withdrawal of consent by the subject of personal data, as well as the detection of unlawful processing of personal data.

CHAPTER 9. THE LIST OF ACTIONS PERFORMED BY THE OPERATOR WITH THE RECEIVED PERSONAL DATA

46. The operator collects, records, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers (distribution, provision, access), anonymizes, blocks, deletes and destroys personal data.

47. The operator carries out automated processing of personal data with or without the receipt and/or transmission of received information via information and telecommunications networks.

CHAPTER 10. FINAL PROVISIONS

48. The user can get any explanations on questions of interest concerning the processing of his personal data by contacting the Operator via e-mail cdesbmt@gmail.com.

49. This document will reflect any changes to the Operator's personal data processing policy. The policy is valid indefinitely until replaced by a new version.

50. The Site Administration has the right to make changes to this Policy without the User's consent.

51. The current version of the Policy is freely available on the Internet at http://eng.sbcde.by/privacy.

52. The User confirms that he is familiar with all the clauses of this Agreement and accepts them.

Full policy

COOKIE POLICY OF THE LMS MOODLE OF SCHOOL OF BUSINESS OF BSU

CHAPTER 1 GENERAL PROVISIONS

1. Cookie Policy LMS Moodle (hereinafter - the Policy) State Educational Institution "School of Business of Belarusian State University" (hereinafter - the Institute) uses different categories of cookies on its websites. This Cookie Policy explains what cookies are, how Moodle uses cookies, and your choices regarding cookies.

2. The purpose of processing cookies is to ensure the convenience of website users and to improve the quality of its functioning.

CHAPTER 2 WHAT COOKIES ARE

3. Cookies are small pieces of text sent by your web browser from a website that you visit. A cookie is stored in your web browser and allows the Site to recognize you and make your next visit easier and the Site more useful to you. You could say that cookies are a user ID card for Moodle servers. The word "cookie" in this policy is also used for other digital measurement technologies, such as web beacons. Cookies and web beacons allow us to serve you better and more efficiently, and to personalize you on our website. Some cookies are important for functionality and are automatically activated when you visit a website, while other cookies make the website work quickly.

4. Cookies can be "persistent" or "session" cookies.

CHAPTER 3 HOW MOODLE USES COOKIES

5. LMS Moodle uses or may use cookies and/or web beacons to help us determine and identify repeat visitors, the type of content and sites to which the user links, the length of time each user spends on a particular section of our website, and the specific features that users choose to use.

6. LMS Moodle uses different types of cookies for the functioning of the website:

• basic - necessary for the operation of the website (authentication of the subject of personal data, moving around the website and using its functions);
• functional - allow you to provide an individualized experience of using the website and are set in response to the actions of the personal data subject;
• statistical - allow you to recognize and count the number of visitors and store the history of visits to web pages in order to improve the quality of its functioning.

CHAPTER 4 YOUR CHOICES REGARDING COOKIES

7. You may, if you wish, refuse to use or block all or specific types of cookies created as a result of your visit to our website.

8. Note that most browsers automatically accept cookies, so if you do not wish to use them you may need to take action to delete or block cookies. However, please note that by refusing cookies, you may not be able to properly use some or all of the functionality offered by the website.