1) General ProvisionsThis Personal Data Processing Policy (hereinafter referred to as the "
Policy") is an official document of A Very Creative School (hereinafter referred to as the "
Operator"). It defines the procedure for processing and protecting personal data when using the website
https://averycreativeschool.com and the Operator’s services accessed through this website.
1.1. The objectives of this Policy are:
- Ensuring compliance with the requirements of the legislation of the European Union regarding the processing of personal data;
- Informing data subjects about the personal data processed by the Operator and the conditions of such processing.
2) Key Definitions2.1. Automated processing of personal data – processing of personal data using computing technology;
2.2. Blocking of personal data – temporary suspension of personal data processing (except when processing is necessary to clarify personal data);
2.3. Personal Data Regulation – The General Data Protection Regulation (GDPR) (EU) 2016/679;
2.4. Course – a course for which access is provided by the Operator, as detailed on the Website;
2.5. Anonymization of personal data – actions that make it impossible to determine the ownership of personal data without additional information;
2.6. Processing of personal data – any action or set of actions performed with or without the use of automation tools concerning personal data, including collection, recording, structuring, storage, updating, extraction, use, transfer, anonymization, blocking, deletion, and destruction of personal data;
2.7. Personal data – any information relating to an identified or identifiable natural person (data subject);
2.8. Platform – an online resource where the Course is hosted;
2.9. User – a natural person who has entered into a service agreement with the Operator for access to a Course;
2.10. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
2.11. Website – the website at
https://averycreativeschool.com;
2.12. Data subject – a person whose personal data is processed;
2.13. Destruction of personal data – actions that result in the irreversible deletion of personal data in a personal data information system and/or the destruction of physical carriers of personal data;
2.14. Cookies – user data containing information about online activities (device data, location, operating system type and version, browser type and version, referral source, entered form data, clicks, navigation within the site, IP address, etc.).
3) Processed Personal Data3.1. The Operator processes the following personal data of Users that do not belong to special categories of personal data or biometric data under Articles 9 and 10 of the GDPR:
- Full name;
- Email address;
- Fact of access to the Course;
- Payment card details used to pay for the Course, provided by the User or received from third parties involved in payment processing;
- Other information provided by the User in connection with the Course, including data entered in the personal account (date of birth, gender, place of residence, mobile phone number, etc.).
3.2. The Operator processes cookie data of persons visiting the Website and/or Platform, which do not belong to special categories of personal data or biometric data under Articles 9 and 10 of the GDPR.
4) Methods of Personal Data Processing 4.1. The Operator may process personal data using any actions (operations) with or without automation tools, including collection, third-party receipt, recording, structuring, storage, updating, extraction, use, anonymization, blocking, deletion, destruction, and transfer to the persons specified in Section 4.2 of this Policy.
4.2. The Operator may transfer personal data to:
4.2.1. Service providers supporting the technical operation of the Platform and Website;
4.2.2. Entities to whom the Operator transfers rights and obligations under service agreements for access to the Course;
4.2.3. The Operator’s consultants providing legal, auditing, and accounting services related to the provision of access to the Course and/or the use of the Website.
4.3. The entities listed in Section 4.2 may process personal data using the methods specified in Section 4.1 within the storage periods defined in Section 10.
5) Purposes of Personal Data Processing5.1. The Operator processes Users’ personal data for the following purposes:
5.1.1. Providing access to the Course;
5.1.2 Operating the User support service;
5.1.3. Storing data in the User’s personal account for synchronization with other Courses available on the Website;
5.1.4. Preparing and sending individual offers, informational and marketing materials (subject to User consent).
5.2. The Operator processes cookie data for the following purposes:
5.2.1. Technical cookies: ensuring the correct functioning of the Platform and Website, error detection and elimination, performance improvement, and remembering user credentials;
5.2.2. Analytical and marketing cookies: analyzing user behavior, improving services, and storing preferences.
6) Legal Basis for Personal Data Processing6.1. Personal data listed in Section 3.1 is processed based on the User’s consent obtained upon registration for the Course.
6.2. Personal data listed in Section 3.2 is processed based on the User’s implicit consent through continued use of the Website and/or Platform.
7) Sources of Personal Data Collection7.1. The Operator collects personal data directly from the data subject or from third parties, in compliance with applicable data protection laws.
8) Obligations of the Operator8.1. The Operator shall ensure the confidentiality and security of personal data, rectify violations, and implement technical and organizational measures to protect personal data.
9) Data Subject Rights9.1. Receive information about personal data processing;
9.2. Request rectification, blocking, or erasure of personal data;
9.3. Withdraw consent to personal data processing;
9.4. Lodge a complaint with the relevant supervisory authority;
9.5. Manage cookie settings via browser/device settings.
10) Retention Period for Personal Data10.1. Personal data is stored for the periods specified in consent agreements and as required by applicable document retention laws.
11) Correction, Blocking, and Deletion of Personal Data 11.1. Personal data is corrected, blocked, or deleted if found inaccurate, upon request by the data subject, or when no longer needed for processing purposes.
12) Security Measures12.1. The Operator implements legal, organizational, and technical measures to protect personal data from unauthorized access, modification, distribution, and destruction.
13) Final Provisions13.1. The current version of this Policy is available at
https://averycreativeschool.com. The Operator may amend this Policy at any time. If changes significantly affect data subjects’ rights, they will be notified via available means.
13.2. The Operator and its employees handling personal data are liable for non-compliance with data protection requirements in accordance with applicable laws and internal policies.
