логотип школы разработки игр XLab

WEBSITE PRIVACY POLICY

Version dated April 15, 2022


This Privacy Policy (“Policy”) describes the process of processing personal data on the website https://xlab-game.com/ (“XLab”, “we”). By giving your consent and using our Website, you or your legal representative (“User”, “you”) accept the terms of this Policy.


Acceptance of the Policy terms, consent to data processing

The User accepts this Policy and gives consent to the processing of personal data/cookie files in accordance with this Policy in the following ways:

  • by ticking the checkbox “I agree to the processing of personal data and the personal data processing policy” or a similar checkbox when filling out the application form “sign up for the course”;
  • by ticking the checkbox “I agree to the use of cookies” or a similar checkbox when using the Website;
  • by providing written consent when entering into an agreement with Xlab.

Acceptance of the Policy terms with respect to minors

To accept the terms of the Policy, you must have reached the age of legal capacity in accordance with applicable law (for individuals of the Russian Federation, this age is 18 years). If you have not reached this age, please contact your parents or legal representatives before you begin using the Website. By continuing to use our Website, you confirm that you either have legal capacity to agree to the Policy, or that your parent/legal representative has reviewed and agreed to the Policy on your behalf.

Applicable law

Xlab treats the collection and use of Users’ data responsibly. The Policy has been developed in accordance with the requirements of Russian legislation, including Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” (hereinafter “152-FZ”). We confirm that our internal processes have been brought into compliance with this Policy.


Changes to the Policy

The Policy on the page https://xlab-game.com/privacy-policy-en is presented in the most current version. Over time, we may make changes to the Policy in order to comply with the latest changes in the applicable legislation of the Russian Federation and judicial practice, as well as to keep Users informed about actual changes in our data processing procedures. All changes take effect from the moment they are published on this page. We will use our best efforts to arrange additional methods of notifying Users about the publication of changes to the Policy, but we ask you to regularly check for the latest version on the Website yourself.


DEFINITIONS

Website User — a legally capable individual using the Website to review the list of our services and/or who has sent a request/application to obtain information about Xlab services and/or who has otherwise expressed an intention to obtain the information provided and offered through the Website.

Website – the website at: https://xlab-game.com/.

Personal Data – any information relating to an individual who is directly or indirectly identified or identifiable.

Blocking of Personal Data – temporary cessation of processing of personal data (except where processing is necessary to clarify personal data).

Depersonalization (Anonymization) of Personal Data – actions as a result of which it becomes impossible, without the use of additional information, to determine that the personal data belongs to a particular personal data subject.

Processing of Personal Data – actions aimed at disclosure of personal data to a specific person or a specific group of persons.

Distribution of Personal Data – actions aimed at disclosure of personal data to an indefinite group of persons (transfer) or at making personal data available to an unlimited number of persons, including publication of personal data in mass media, posting in information and telecommunication networks, or providing access to personal data in any other way.

Destruction of Personal Data – actions as a result of which it becomes impossible to restore the content of personal data in an information system of personal data, and/or as a result of which the tangible media containing personal data are destroyed.

User Data – the User’s data that we collect. More detailed information about what specific User data we collect and for what purposes is provided in the table section of “What types of information we collect”.

Device Information – technical information about your Device. Device Information includes: browser data and types of connected browser plug-ins, operating system and operating system version, information about the type and manufacturer of the Device, the language set for the Device, the Device location.

Agreement – an agreement between us and the User under which Xlab services are provided to the User.

Device – the device from which you use our Services. Devices include mobile devices, tablets, personal computers, etc.

Financial Information – information about payments made by the User. Such information includes: bank details, transaction ID, transaction amount, billing address, transaction date, transaction history (start time of processing and completion time), payment history.

Cookies – a small fragment of data sent by our web server and stored on the User’s Device, including the IP address, date and time of access to the Website. Cookies are stored when you visit the Website, and this allows the Website to operate effectively: the use of cookies allows us to save your selected settings and collect statistics and analyze the Website traffic. In the consent window on the Website, you may refuse cookies; however, please note that you cannot disable cookies necessary for the Website’s functionality.


WHAT PRINCIPLES OF PERSONAL DATA PROCESSING WE FOLLOW

Xlab processes personal data based on the following principles:

  • legality and fairness;
  • limiting the processing of personal data to achieving specific, predetermined goals;
  • preventing processing of personal data that is incompatible with the purposes of collecting personal data;
  • preventing the merging of databases containing personal data where processing is carried out for purposes that are incompatible with each other;
  • processing only those personal data that meet the purposes of their processing;
  • ensuring that the content and scope of processed personal data correspond to the stated purposes of processing;
  • preventing the processing of personal data that is excessive in relation to the stated purposes of processing;
  • ensuring the accuracy, sufficiency, and relevance of personal data in relation to the purposes of personal data processing
  • destruction or depersonalization of personal data upon achieving the purposes of their processing or in case the need to achieve these purposes is lost, upon receiving from Users a request to destroy personal data, or upon receiving from the User a withdrawal of consent to personal data processing.

WHAT TYPES OF INFORMATION DO WE COLLECT AND FOR WHAT PURPOSES?

Why do we process your personal data?

Collecting and processing Users’ personal data is essential for our ability to provide services: to provide consultations and user support, and to enter into agreements to provide you with Xlab services.

On what basis do we process your personal data?

To process Users’ data, we obtain your consent to the processing of personal data in accordance with the Policy. At the same time, you always retain the ability to withdraw consent or request deletion of any information we have collected, even if you initially provided us consent to process your data (for how to exercise these rights, please review “What rights do you have with respect to personal data?”).

In total, we rely on the following grounds for processing your data:

1. your explicit informed consent to processing, expressed through consent forms on the Website or in writing;
2. the need to collect data in order for us to perform obligations under the agreement between you and Xlab;
3. our legitimate interest, including:

  • market research in which we offer our services, analytics/statistical analysis;
  • exercising and defending our rights and the rights of third parties;
  • marketing and promotion of our Website.

The following provides a list of data we may collect, as well as the legal basis and purposes of their collection. We do not collect any other categories of data and make every effort to eliminate accidental collection of additional data.


List of data categories, legal basis, and purposes

When providing services under the Agreement

Category:

User Information:

  • last name, first name, patronymic (if any);
  • phone number;
  • email address;
  • passport data (series, number, issuing authority code, date of issue, issuing authority, date and place of birth);
  • permanent registration address;
  • actual residence address;
  • information about education level and educational institutions (if necessary to perform obligations);
  • work experience, positions held (if necessary to perform obligations);
  • User image.

Legal basis:

  • Consent;
  • Agreement;
  • our legitimate interest in market research and statistical analysis.

Purpose(s):

performance of obligations to Users:

  • informing about the date and time of classes, changes to the curriculum, sending certificates, etc.;
  • providing user support;
  • compliance with requirements of Russian law;
  • improving the quality of services, developing new services, conducting statistical and other research based on depersonalized data, improving the experience;
  • assistance with employment;
  • sending advertising messages and information, informational mailings;
  • posting on the Website, in social networks and other Xlab online communities, for purposes not related to establishing the User’s identity: videos obtained during the provision of services, and User reviews of services provided by Xlab.

Financial Information

Category:

Financial Information

Legal basis:

  • Consent;
  • Agreement;
  • our legitimate interest in preparing reporting.

Purpose(s):

  • collecting and accounting for transactions, preparing reporting, verifying payments, crediting payments, refunding funds;
  • compliance with requirements of Russian law.

When you use the Website

Category:

Cookies; Device Information.

Legal basis:

  • Consent;
  • our legitimate interest in market research and statistical analysis.

Purpose(s):

  • analyzing statistics on the use of our Website;
  • improving User service quality and modernizing the Website.

When you contact our user support to sign up for a course or obtain a consultation

Category:

User Information:

  • name;
  • phone number;
  • email address.

Legal basis:

  • Consent, including consent expressed by implied actions;
  • our legitimate interest in market research and statistical analysis.

Purpose(s):

  • we collect only the information necessary to be able to contact you and enroll you in a course or provide a consultation;
  • sending advertising messages; informational mailings; providing advertising information

HOW WE PROCESS YOUR PERSONAL DATA

Xlab processes Users’ personal data (recording, systematization, accumulation, storage, уточнение (updating, modification), retrieval) using databases located in the territory of the Russian Federation.

Users’ personal data is processed by Xlab both with the use of automated tools and without them.

Users’ personal data is stored on electronic media. When processing personal data for the purpose of performing obligations under agreements with the User, Xlab may retrieve personal data and store it on tangible media.


DO WE TRANSFER YOUR PERSONAL DATA TO THIRD PARTIES?

Xlab has the right to transfer personal data to third parties in accordance with the requirements of Russian legislation or the consent of the personal data subject, namely:

  • to Xlab partners, to provide Users with specialized offers for entering into civil-law contracts.

Transfer of personal data to third parties is carried out subject to the following conditions:

  • the third party processes personal data using databases located in the territory of the Russian Federation;
  • the third party ensures the confidentiality of personal data during processing and use; undertakes not to disclose personal data of Users to other persons and not to distribute such personal data without the Users’ consent;
  • the third party guarantees compliance with the following measures to ensure the security of personal data during processing: use of information security tools; detection and recording of unauthorized access to personal data and taking measures to restore personal data; restriction of access to personal data; registration and accounting of actions with personal data; control and assessment of the effectiveness of measures applied to ensure the security of personal data;
  • the list of permitted methods of personal data processing: collection, recording, systematization, accumulation, storage, updating, modification, retrieval, use, depersonalization, blocking, deletion, destruction. The third party is prohibited from transferring and distributing personal data.

HOW LONG DO WE STORE YOUR PERSONAL DATA?

We strive to limit the period of processing of your data to the necessary minimum and not to store it longer than is reasonably necessary.

We process your personal data for three years from the moment the purposes of personal data processing are achieved, or until the User withdraws the specified consent, unless otherwise provided by applicable legislation of the Russian Federation.

If Russian personal data protection legislation requires storing personal data for a longer or shorter period, we will store personal data for the period required by the updated legislation.

As for the storage of cookies on the Website, their storage is limited to the duration of your Website session. However, there are several types of cookies that may be stored for up to 1 year.


WHAT RIGHTS DO YOU HAVE WITH RESPECT TO PERSONAL DATA?

We respect your rights and guarantee the exercise of the following rights:

  • you have the right to request access to your personal data (to request an export/copy of your personal data), and you also have the right to correct or delete it;
  • you have the right to restrict processing or object to the processing of your personal data;
  • you have the right to request information about our data processing procedures;
  • you have the right to file a complaint against us with the authorized supervisory authority.

You may also exercise any other rights provided by Russian legislation with respect to data protection. If you want to exercise one of the above rights, contact us by e-mail: info@xlab-game.com.

Please note that, in order to avoid errors and abuse, we will need to identify the sender of the request. In accordance with 152-FZ, to exercise your rights the law requires that your request contain:

  • the number of the primary identity document of the personal data subject or its representative;
  • information about the date of issue of the specified document and the issuing authority;
  • information confirming the User’s participation in relations with Xlab (agreement number, date of conclusion of the agreement, conventional verbal designation and/or other information), or information otherwise confirming the fact that the operator processes personal data;
  • the signature of the personal data subject or its representative

In this regard, we ask you to send requests in the form of scanned documents bearing a handwritten signature.

Please note that your right to file a complaint may be exercised by communicating with the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) at: https://rkn.gov.ru/treatments/ask-question/.

We guarantee that the data collected about you will be stored in the territory of the Russian Federation.

Please note that if you request deletion of your personal data, we will comply with such request within 30 days.


ENSURING THE SECURITY OF PERSONAL DATA

We take the security of your personal data seriously.

We follow generally accepted standards to protect your information. In particular, we have implemented at least the following measures:

  • use of encryption via the TLS 1.2 protocol or an even more secure protocol for all network connections through which data is transmitted;
  • scanning systems for vulnerabilities and security issues at least once every 12 months;
  • protection of access to confidential data, for example, via passwords or access tokens;
  • testing incident response processes at least once every 12 months;
  • implementation of an account management system at Xlab;
  • implementation of an automated system for monitoring logs and other security events, and for generating alerts about anomalous or security-related events.

Appointment of a person responsible for personal data processing.

Our employees and third parties who gain access to your data undertake to maintain the confidentiality of personal data.

We continuously improve our data security systems and do everything possible to prevent data leaks. If such a leak occurs, we undertake to notify Users and the regulatory authority as promptly as possible and to make every effort to minimize negative consequences.