Privacy Policy

Annex 1. Privacy Policy and Consent Notice

This Privacy Policy and Consent Notice (“PPCN”) forms part of the Terms of Use entered into by and between you and CEO Speech LLC which is available at red.resource-education.com or such other location as the Terms of Use may be posted from time to time.

Definitions used herein are described in the Terms of Use.

PPCN describes the privacy practices for our Website, Products and Services we offer on it. This document helps you to understand about the personal data we collect, how we use it, the rights you have over your personal data, the measures we take to keep it safe plus the details of the specific consent you give us in respect of your personal data.

In order to fully understand the consent you are giving us in relation to your personal data in Consent Section below you should first read carefully the Privacy Policy Section immediately below that explains you a lot about your personal data aspects.

PPCN is based on and reflects various mandatory requirements of applicable laws around the world, where CEO Speech LLC is operating, that govern the protection of personal data, including but not limited to Regulation (EU) 2016/679 of the European Parliament and of the Counsel of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the so called “General Data Protection Regulation” or “GDPR” as sometimes abbreviated).

1. PRIVACY POLICY SECTION

In order to simplify your understanding of legal terminology and various aspects of your personal data collection, storage, use, processing and cross border transfer we have put the Privacy Policy Section in the form of questions and answers.

What is a personal data?

Personal data is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What personal data of yours we collect?

Account Information

There is some mandatory information that you are always giving us as a starter to get registered on the website:

  • your family name; 

  • given name and any other middle names you wish to enter;

  • e-mail.

Plus there is supplementary information you may wish to give us to expand your profile:

  • phone numbers;

  • date of birth;

  • address of place of work;

  • address of place of living.

Payment and Card Information

Website supports payments and transactions with third parties. If you want to use this feature, you must provide certain information for identification and verification, such as your name, credit, debit or other card number, card expiration date, and CVV code. For other payment methods using bank transfer, PayPal, Yandex Money, WebMoney and other payment systems you may need to provide account and other details.

Your personal data relating to you as a cardholder is stored in a highly secure environment and handled by our payment partner. Its services are certified to PCI-DSS Level 1, which is the highest level of certification within the Payment Card Industry Data Security Standard. 

Please note that you can remove this information anytime from your account using your account settings.

Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms.

Location Information

We may get your approximate location from your IP address.

Usage Information

When you access or use the Website, we can receive certain usage data. For instance, files uploaded, profile filled, etc. 

We also collect data about the computers and other electronic devices you use to access or use the Website, including IP addresses, browser type, language, operating system, the referring web page, pages visited, location and cookie information.

How we use your personal data?

We use the information we collect for the following purposes:

To provide and maintain Website and its features 

Using the personal data we collect from you, we are able to deliver the Services and the Products on our Website to you and perform the Terms of Use entered with you. The use of your personal data gives you better customer support.

To improve and develop the Website

We use the personal data we collect from you to improve the Website and further develop it. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new Products and Services on the Website.

To promote safety and security

We use the personal data we collect from you to promote the safety and security of the Website, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.

To fulfil the Terms of Use 

We use your personal data to honor the Terms of Use and make the best of your experience with our Website.

Whom is your personal data shared with? 

Upon valid demands of judicial or governmental authorities

We may preserve or disclose information about you to comply with legal process or other government inquiry, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us.

We may also preserve or disclose information about you to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Website.

How can you control your personal data?

By accessing and exporting your personal data 

When you log into your account, you can access much of your personal data. You can also download information using your browser in a commonly used file format supported by your browser.

By editing and deleting your personal data 

Your account on the Website allows you change and delete your personal information. For instance, you can edit or delete the profile data you provide and delete your account if you wish. You can also terminate the Terms of Use with us and we will be required upon your request to delete your account and personal data within 30 days.

By requesting all of your personal data

Upon request sent by e-mail to us at antoine@resource-education.com,  you may wish to request us to compile all personal data that is stored on you on the Website and we are committed to respond and give you such data within 30 days of the request received by us.

How long is your personal data kept?

We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. 

We keep your other profile personal data, until you delete such data or your account because we use this data to provide you with the Products and the Services on the Website.

Upon your termination of the Terms of Use, deletion of your account, your personal data shall be securely destroyed and/or (if specifically requested) returned to you within a maximum period of 30 days, unless applicable legislation or legal process prevents it from doing so.

How is your personal data protected?

We work hard to keep your personal data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your personal data. This includes but is not limited to the following: 

  • use of Tier III data servers;

  • all passwords are stored in hashed (not salted form);

  • all passwords in the production configuration files are encrypted and certificates required to decrypt configs are installed on the production machines by administrators and not accessible for engineers with lower levels of access;

  • a limited number of our employees have access to personal data and they are all bound by relevant confidentiality covenants under their employment or civil law services agreements;

  • a limited number of our employees who have access to personal your data are thoroughly checked by our security team and can only use your personal data as part of their work plus in addition to this, access is limited by authorization procedures and infrastructure, which does not allow employees with insufficient rights to access personal data.

That being said in modern fast-changing world no method of storing, using and transmitting data is completely secure. 

For more technical information on this topic you may wish to contact at customer support.

Where is your personal data stored?

If you are using the web-site http://www.eu.resource-education.com, your data is stored in Europe.

If you are using the web-site http://www.na.resource-education.com, your data is stored in the U.S.A.

If you are using the web-site http://www.red.resource-education.com, your data is stored in the Russian Federation.

If you are using the web-site http://www.sa.resource-education.com, your data is stored in [please indicate where you store data for those in South America.

If you are using the web-site http://www.ea.resource-education.com, your data is stored in [please indicate where you store data for those in East Asia.

Where is your personal data sent?

We operate in a number of countries and may transfer your personal data within, from, to the EU, the U.S. and other countries for the purposes described herein.

Please note that the countries where we operate may have privacy and data protection laws and level that differ from, and are potentially less protective than, the laws and level of your country. The consent you give us means that you agree to this risk when you create your account on the Website and click “I have read and accept the Privacy policy and consent notice” to personal data cross-border transfers, irrespective of which country you live in.

Who we are under the GDPR terminology?

In relation to your personal data if you are an individual we act as a controller whereby for certain users who are mainly legal entities we may act as a processor. 

How long will these privacy rules for your data protection last?

We may change this privacy policy from time to time but we will notify you before we make material changes to this privacy policy and give you an opportunity to review the new or updated privacy policy before deciding if you would like to continue to use the Website. In any case you always have the right to delete your account and as result your personal data will be deleted within 30 days of the account closure. 

What if you still have more questions about your personal data?

If you have more questions, suggestions, or concerns about this privacy policy, or about our use of your personal data, please contact us.

2. CONSENT SECTION

This section deals with your personal data consent. It is essential to read Privacy Policy Section in order to understand what type of personal data is collected from you. Under GDPR and certain other applicable laws, including but not limited to Federal Law of Russia #152-FZ dated July 27, 2006 “On personal data”, we are required to get specific consent from you in relation to the personal data we get from you.

The consent you are giving hereby relates to the personal data that was entered on your account page on the Website.

The consent you are giving is a free, wilful, clear and explicit consent to:

  • process personal data for the purpose of providing, supporting and improving the Services and the Products, using appropriate technical, administrative and organizational security measures as well as for the purposes set forth in the Terms of Use;

  • cross-border transfers of your personal data to those countries where we are present or may be present in future with the understanding that whilst the U.S., the EU countries and a number of other countries have similar and appropriate rules and level of personal data safeguard and protection there may be transfers of your personal data to those countries that lack the appropriate level and legislative regulation of personal data safeguard and protection.

Please note that you have the right to withdraw your consent at any time by deleting your account on the Website or specifically writing to us with clear statement that you withdraw your consent and wish your account to be terminated and all personal data to be deleted. 

The consent you are giving is made in the form of clear acceptance of and adherence to the Privacy Policy and Consent Notice when you register on the Website as a new user.

Annex 2. GDPR Data Processing Addendum 

1. Roles under GDPR

Definitions used herein have the same meaning as attributed to them in the Terms of Use.

1.1. You acknowledge that you are aware of the GDPR that may affect you when you receive or collect any Content from your clients containing Personal data and when you further upload that Content containing Personal data on our Website.

1.2. You also understand that under the GDPR, depending on how you received and use your Content containing Personal data, you may be considered a “controller” or a “processor” as defined under article 4 of the GDPR.

1.3. Whenever you act as a school or teacher and upload Your content containing Personal data we will act as a “processor” within the meaning of article 4 of the GDPR and this DPA shall apply.

2. Your warranties, covenants and undertakings

2.1. You covenant and undertake to us:

  • to comply at all times with GDPR prescribed for data controllers or data processors (as the case may be) in respect of any Personal data you provide to us and/or upload on the Website pursuant to the Terms of Use;

  • if we receive any request from a data subject in relation to Personal data, provided to us and/or uploaded by you on the Website pursuant to the Terms of Use, and advise the data subject to submit his/her request to you, you will be responsible for responding to any such request including, where necessary, by using the functionality of the Website;

  • if specifically requested by us to enter into Model Contract Clauses (see form at: http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087);

  • that you are solely responsible for complying with incident notification laws applicable to you and fulfilling any third party notification obligations related to any breach of Personal data, provided to us and/or uploaded by you on the Website pursuant to the Terms of Use.

2.2. You warrant to us:

  • if GDPR applies to the processing of Personal data you provide to us and/or upload on the Website pursuant to the Terms of Use and you are a processor, then your instructions and actions with respect to that Personal data have been authorized by the relevant controller;

  • that the Security Measures (as detailed below) implemented and maintained by us as set out herein provide a level of security appropriate to the risk in respect of the Customer data you provide to us and/or upload on the Website pursuant to the Terms of Use.

3. Your authorizations and consents

3.1. You authorize and instruct us and give your consent to the following:

  • We may store and process Customer Data in the United States and any other country in which we maintain facilities provided that we can maintain there the same level of privacy protection as required under the EU-US Privacy Shield (https://www.privacyshield.gov/);

  • to process Personal data you provide to us and/or upload on the Website pursuant to the Terms of Use only in accordance with applicable law: (a) to provide the services and related support to you; (b) as further specified via your use of the Website (submitted via your account on the Website or by e-mail); c) as documented in the Terms of Use, including this DPA; and (d) as further documented in any other instructions given by you and acknowledged by us as constituting instructions for purposes of this DPA;

  • engagement of any other third parties as Subprocessors* with the understanding that if you entered into Model Contract Clauses, this authorization will constitute your prior written consent to the subcontracting by us of the processing of Personal data if such consent is required under the Model Contract Clauses. 
    (*Subprocessors means third parties authorized under this DPA to have logical access to and process Personal data in order to provide parts of the services under the Terms of Use and related support.)

4. Our warranties, covenants and undertakings

4.1 We covenant and undertake to you:

  • to comply at all times with GDPR in respect of any Personal data provided to us and/or uploaded by you on the Website pursuant to the Terms of Use;

  • to process Personal data (i) only for the purpose of providing, supporting and improving our Services and Products, using appropriate technical and organizational security measures; and (ii) for the purposes set forth in the Terms of Use;

  • to process Personal data contained in any of your Content only in accordance with the written instructions from you (submitted via your account on the Website or by email);

  • to notify you if, in our opinion, an instruction for the processing of Personal data given by you infringes applicable GDPR;

  • to inform you in writing if we cannot comply with the requirements under this DPA, in which case you can terminate the Terms of Use or take any other reasonable action, including suspending Personal data processing operations;

  • that we will, in a manner consistent with the functionality of the Website, enable you to access, rectify and restrict processing of Personal data, provided to us and/or uploaded by you on the Website pursuant to the Terms of Use;

  • that we will assist you in fulfilling any obligation to respond to requests by data subjects, including if applicable your obligation to respond to requests for exercising the data subject’s rights set out in the GDPR;

  • we will take appropriate steps to ensure compliance with the security measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance, including ensuring that all persons authorized to process Personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

  • in case we engage any Subprocessor, such Subprocessor only accesses and uses any Personal data, provided to us and/or uploaded by you on the Website pursuant to the Terms of Use, to the extent required to perform the obligations subcontracted to it, and does so in accordance with the relevant agreement and the data protection obligations under article 28(3) of the GDPR are imposed on such Subprocessor;

  • in case we engage any Subprocessor, we remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor;

  • to comply with the instructions described in section 3.1 above (including with regard to Personal data transfers);

  • to implement appropriate technical and organisational measures in such a manner that processing of Personal data will meet the GDPR requirements and ensure the protection of the rights of the data subjects;

  • if we receive any request from a data subject in relation to Personal data, provided to us and/or uploaded by you on the Website pursuant to the Terms of Use, we will advise the data subject to submit his/her request to you;

  • for transfers of EU personal data from the EEA to the US or other jurisdiction providing ‘adequate’ data protection, shall comply with and provide at least the same level of privacy protection as required under the EU-US Privacy Shield (https://www.privacyshield.gov/);

  • upon your written request or on termination of the Terms of Use, shall securely destroy or return such Personal data, provided to us and/or uploaded by you on the Website pursuant to the Terms of Use, to you within a maximum period of 30 days, unless applicable legislation or legal process prevents it from doing so;

  • if the storage and/or processing of Personal data involves transfers of Personal data out of the EEA and the GDPR applies to the transfers of such data, we will, if specifically requested by you, enter as the data importer of the Personal data into Model Contract Clauses with you as the data exporter of such data, and that the transfers are made in accordance with such Model Contract Clauses (see form at: http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087);

  • if we become aware of any breach of Personal data, provided to us and/or uploaded by you on the Website pursuant to the Terms of Use, we will: (a) notify you of such breach of Personal data promptly and without undue delay; and (b) promptly take reasonable steps to minimize harm and secure Personal data.

5. Purposes of processing Personal data

5.1. We may process Personal data provided to us and/or uploaded by you on the Website pursuant to the Terms of Use (i) for the purpose of providing, supporting and improving our Services and Products, using appropriate technical and organizational security measures; and (ii) for the purposes set forth in the Terms of Use. 

6. Our Security Measures

6.1. Security Measures include:

  • use of Tier III data servers;

  • all passwords are stored in hashed (not salted form);

  • all passwords in the production configuration files are encrypted and certificates required to decrypt configs are installed on the production machines by administrators and not accessible for engineers with lower levels of access;

  • a limited number of our employees have access to Personal data and they are all bound by relevant confidentiality covenants under their employment or civil law services agreements;

  • a limited number of our employees who have access to your personal data are thoroughly checked by our security team and can only use Personal data as part of their work plus in addition to this, access is limited by authorization procedures and infrastructure, which does not allow employees with insufficient rights to access personal data;

  • Before contracting any Subprocessors, we conduct an audit of the security and privacy practices of Subprocessors to ensure Subprocessors provide a level of security and privacy appropriate to their access to Personal data and the scope of the services they are engaged to provide. The Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.

6.2. These Security Measures may be updated or modified provided that such updates and modifications do not result in the degradation of our overall security.

7. Scope of instructions given to us

7.1. This DPA and the Terms of Use set out your complete and final instructions to us in relation to the processing of your Content containing Personal data and processing outside the scope of these instructions (if any) shall require prior written agreement between you and us. We will not use or process the Personal Data for any other purpose other than the Terms of Use and this DPA.

8. DPA Duration

8.1. This DPA shall remain in effect as long as the Terms of Use between you and us remain in effect.