Privacy and Policy (GDPR)

Privacy and Personal Data Processing Policy (GDPR)

Applicable to the website: https://bernshtein.phd

1. General provisions:

This Privacy Policy (hereinafter the “Policy”) is drafted in accordance with the General Data Protection Regulation (EU Regulation 2016/679, “GDPR”) and governs the collection, use, processing and protection of personal data of users (hereinafter the “User”) by the platform [Bernshtein.phd] (hereinafter the “Platform”).

2. Key definitions:

  • Personal data: any information relating to an identified or identifiable natural person.
  • Processing: any operation performed on personal data such as collection, storage, access, modification, use, disclosure or deletion.
  • User: a natural person using services offered by the course author through the Platform.

3. Purpose and legal basis of processing

The personal data of the User are processed for the following purposes::

  • Service delivery: providing access to educational courses and related platform services.
  • Identification and authentication: verifying the User’s identity and ensuring account security.
  • Communication: responding to queries and informing Users about new services, promotions and updates.
  • Analytics and improvement: collecting statistics to improve service quality.

The legal bases for processing are:

  • User consent provided during registration or order placement.
  • Performance of a contract between the User and the course author.
  • Legitimate interest of the Platform in fraud prevention and service security.

4. Categories of data processed:

The course author may process the following categories of the User’s personal data:

  • Identification data: full name, date of birth, email address, phone number.
  • Payment data: information on payment methods and transactions (without storing full card numbers).
  • Technical data: IP address, browser and device used to access the service.
  • Platform usage data: order history, visited pages, session durations.

5. User Rights:

The User has the right to:

  • Access their personal data and understand how they are processed.
  • Rectify inaccurate or incomplete data.
  • Request the erasure of their data, except where retention is legally required.
  • Withdraw consent at any time.
  • Lodge a complaint with a supervisory authority (e.g. ICO in the UK, AEPD in Spain).

6. Data protection measures

The Platform applies appropriate technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure or destruction, including:

  • Data encryption during transmission.
  • Restricted access to authorised personnel only.
  • Regular updates of security systems and software.

7. Data disclosure to third parties

Personal data will not be disclosed to third parties unless:

  • The User has given prior consent.
  • Disclosure is necessary to deliver the service (e.g. payment processors).
  • Disclosure is required by law or governmental authority.
    .

8. Data retention period

Data will be retained for as long as necessary to fulfil the purposes of processing and in accordance with legal requirements. After that period, data will be securely deleted.

9. Policy updates

The Platform reserves the right to amend this Policy at any time. Updates take effect upon publication on the official website.
The User is responsible for reviewing the current version regularly.

10. Contact Information

For further information or to exercise your rights under this Policy, please contact the course author via the “Contact” section of the official website.

This Policy has been prepared in accordance with Regulation (EU) 2016/679 and is intended to ensure transparency and security in the processing of Users’ personal data.