1. Operator and Scope of the Policy
This Policy applies to the RusWay Global website, its forms, user accounts, and services related to consultation, university admission, scholarships, Russian-language study, foundation-year programmes, translation and certification, accommodation, reception, insurance, and visa and migration support.
Before the registration of the LLC, the public website operates only as an informational and marketing presentation. Document uploads, collection of medical data, and paid services in the name of an unregistered company must not be enabled. Once the legal entity is registered, the temporary founders’ details must be replaced with the company’s official details, including OGRN, INN, registered address and contact details.
2. Categories of Data Subjects
- Applicants and prospective or current students.
- Parents and legal representatives of minors.
- Persons who contact us for consultation.
- Employees and representatives of universities and service providers.
- Website users and visitors.
3. Data We May Process
- Identity and contact data: full name, date of birth, nationality, address, email address, phone number and preferred language.
- Passport or identity-document data, portrait photograph, and parent or legal-representative data.
- Education data: certificates, transcripts, translations, field of study, university and desired programme.
- Service data: correspondence, applications, file status, contracts, consents and electronic signatures.
- Technical data: IP address, device and browser type, login times, security logs, session identifiers and cookies when used lawfully.
- Medical or health data required only for admission, visa, migration or accommodation procedures, such as medical certificates, HIV tests, hepatitis indicators, tuberculosis certificates, chest X-rays, vaccinations or medical-accommodation needs.
4. Purposes of Processing
- Creating an account and managing a service request.
- Assessing applicant eligibility and preparing university or scholarship applications.
- Translating, certifying and sending documents to competent parties.
- Arranging visa, migration, insurance, accommodation and reception services when agreed.
- Communication, customer support and complaint handling.
- Evidencing consents and signatures, protecting accounts and preventing fraud.
- Complying with legal obligations, responding to official requests and defending legal rights.
- Improving the website using aggregated or anonymised data wherever possible.
5. Legal Bases
Depending on the circumstances and applicable law, processing is based on specific consent, steps taken before entering into and performing a contract, a legal obligation, or a legitimate interest that does not override the individual’s rights. Health and sensitive data are processed only on the basis of separate explicit consent or another specific legal basis that permits such processing.
6. Parties That May Receive Data
- Russian universities and educational institutions or scholarship-organising bodies.
- Visa and migration authorities and other competent public bodies.
- Translation, certification and legal-service providers where necessary.
- Insurance companies and accommodation, transport and reception providers.
- Hosting, database, storage, email, verification and messaging providers under appropriate data-protection agreements.
- Advisers, auditors, courts or supervisory authorities where a legal basis exists.
7. International Transfers and Data Localisation
The services may require data to be transferred to Russia or other countries. No international transfer may begin until all required notifications, authorisations, contracts and safeguards have been completed. Before collection, the requirements for storing Russian citizens’ data in databases located in Russia and the separation between initial collection and subsequent transfer must be verified.
8. Retention and Deletion
As a general rule, application and service data are retained for one year after the application or service ends and are then reviewed before deletion. Retention may be extended where an application remains active, a service or dispute is unresolved, a legal obligation exists, or a documented necessity applies. Previous versions of a signed document are deleted after the replacement version has been fully signed, unless the law requires them to be retained.
9. Minors
A service may be provided to a minor only after the parent’s or legal representative’s consent has been appropriately verified. The minor and the parent sign separately, using an independent verification link or code for each. The application remains pending until all required consents and corrections are completed.
10. Security
We apply technical and organisational safeguards proportionate to the risks, including access restrictions, encryption in transit and at rest, access logs for sensitive files, backups, incident response and service-provider reviews. No electronic method is entirely free of risk.
11. Data Subject Rights
- Request confirmation of whether personal data are being processed and obtain a copy.
- Correct inaccurate data or complete incomplete data.
- Request deletion or restriction of processing where permitted by law.
- Withdraw consent without affecting processing carried out before withdrawal.
- Object to processing or request data portability where the right applies.
- Lodge a complaint with the competent supervisory authority.
12. Security Incidents
Each security incident is assessed and documented, and supervisory authorities and affected persons are notified where required by law. A general clause must not be used to prevent user notification where notification is legally required.
13. Contact
Privacy requests should temporarily be sent to ruswayeducation@gmail.com. After the company is registered, the company’s official details and the details of any appointed data-protection or security officer will be added.