This Privacy Policy is a policy for the use and processing of personal information of Users of the BONUMFUND website at https://bonumfund.comLast Updated: 01.07.2025 Effective Date: 01.07.20251. GENERAL PROVISIONS1.1 IntroductionBONUMFUND ("BONUMFUND", "we", "us", "our") is committed to protecting the personal data of all users of our services. This Privacy Policy describes how we collect, use, store, and protect your personal information when using our website https://bonumfund.com and related services.1.2 Scope of ApplicationThis policy applies to all BONUMFUND personal data processing operations and is supplemented by regional annexes depending on your location and applicable legislation.1.3 Contact InformationData Controller: BONUMFUND Email: academy@bonumfund.com Data Protection Officer: Not currently appointed (if required by applicable law, we will designate one)2. DEFINITIONSPersonal Data - any information relating to an identified or identifiable natural person.Sensitive Personal Data - personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, sexual orientation, biometric or genetic data.Processing - any operation or set of operations performed on personal data, including collection, storage, use, modification, transmission, or deletion.Data Subject - a natural person to whom personal data relates.3. WHAT DATA WE COLLECT3.1 Information You Provide to Us- Registration data: first name, last name, email, date of birth, citizenship
- Academic information: educational history, grades, academic achievements
- Financial information: payment data, bank details, tax numbers
- Documents: copies of passports, diplomas, certificates
- Contact information: address, phone, preferred communication methods
3.2 Information Collected Automatically- Technical data: IP address, browser type, operating system
- Usage data: website pages, visit times, actions on site
- Cookies: session identifiers, user preferences (Google Analytics standard cookies)
3.3 Information from Third Parties- Academic transcripts from other educational institutions
- Letters of recommendation
- Standardized test results
4. LEGAL BASES FOR PROCESSINGWe process your personal data on the following bases:4.1 ConsentYour explicit and informed consent to data processing for specific purposes.4.2 Contract PerformanceProcessing necessary for the performance of an educational contract or provision of requested services.4.3 Legal ObligationsCompliance with applicable laws and regulatory requirements.4.4 Legitimate InterestsProcessing necessary for our legitimate interests, provided such interests do not violate your rights and freedoms.5. PURPOSES OF DATA PROCESSING5.1 Educational Services- Review of admission applications
- Provision of academic programs and courses
- Assessment of academic performance
- Issuance of diplomas and certificates
5.2 Administrative Purposes- Management of student records
- Financial administration and billing
- Communication with students and applicants
- Technical support provision
5.3 Compliance Requirements- Fulfillment of legal and regulatory obligations
- Reporting to educational and governmental bodies
- Security and fraud prevention
5.4 Service Improvement- Analysis of educational program quality
- Educational research
- User experience improvement
6. DATA SHARING6.1 Internal SharingData may be shared with authorized university personnel based on their job responsibilities and need-to-know basis.6.2 Third-Party Service ProvidersWe may share data with verified service providers who assist us in providing educational services:- GreenGeeks (US-based hosting): For data storage and website hosting
- Google Analytics: For website traffic analysis
- Payment systems and banks
- Educational platforms
- Technical support services
6.3 Legal RequirementsData may be shared with:- Law enforcement agencies upon official requests
- Educational accreditation bodies
- Judicial authorities in legal proceedings
6.4 International TransfersImportant: Your data is stored on servers in the United States (GreenGeeks hosting). When transferring data to other countries, we ensure appropriate safeguards:- Adequacy decisions on data protection
- Standard contractual clauses
- Your explicit consent
7. YOUR RIGHTS7.1 Right to InformationYou have the right to receive clear information about how we use your data.7.2 Right of AccessYou may request a copy of all personal data we hold about you.7.3 Right to RectificationYou may require correction of inaccurate or incomplete data.7.4 Right to ErasureIn certain circumstances, you may require deletion of your data.7.5 Right to Restrict ProcessingYou may require restriction of processing of your data in certain cases.7.6 Right to ObjectYou may object to processing of your data for marketing purposes or based on legitimate interests.7.7 Right to Data PortabilityYou may require transfer of your data in a structured, machine-readable format.7.8 Exercising RightsTo exercise your rights, contact us at: info@aumit.us We will respond to your request within the timeframes established by law.8. DATA RETENTION PERIODS8.1 General PrinciplesWe retain personal data only for the time necessary to achieve processing purposes.8.2 Specific Periods- Student data: 3 years after completion of studies or last interaction
- Applicant data: 3 years after application submission
- Financial records: in accordance with applicable tax legislation
- Research data: according to research protocols
9. DATA SECURITY9.1 Technical Measures- SSL encryption for data transmission
- Data encryption at rest
- Regular security system updates
- Monitoring of suspicious activity
9.2 Organizational Measures- Access restriction based on need-to-know principle
- Staff training on data protection issues
- Security policies and procedures
- Regular security audits
9.3 Breach NotificationIn case of a data security breach, we will:- Notify competent authorities within 72 hours
- Inform affected individuals without undue delay
- Take measures to remediate the breach
10. COOKIES AND TRACKING TECHNOLOGIES10.1 Types of Cookies Used- Necessary cookies: for website functionality
- Analytics cookies: Google Analytics standard cookies for website usage analysis
- Functional cookies: for saving user preferences
10.2 Third-Party TechnologiesWe use Google Analytics for website traffic analysis. For details, see Google's privacy policy.10.3 Cookie ManagementYou can manage cookie settings in your browser.11. MINORS' DATA PROCESSING11.1 Age RestrictionsWe do not knowingly collect data from children under 18 years of age. Our services are intended for adults only.11.2 Accidental CollectionIf we become aware that we have collected data from a minor, we will delete such data immediately.12. POLICY CHANGES12.1 Change NotificationsWe will notify you of significant changes to this policy by:- Posting a notice on the website
- Sending email notifications
- Other appropriate means
12.2 Effective DateChanges take effect from the moment of publication unless otherwise specified.13. CONTACT INFORMATION AND COMPLAINTS13.1 Contact UsFor data protection inquiries, contact us at:- Email: academy@bonumfund.com
13.2 Filing ComplaintsYou have the right to file a complaint with the competent data protection authority in your jurisdiction.REGIONAL ANNEXESANNEX A: FOR USERS FROM ARGENTINAA.1 Applicable LegislationThis annex applies in accordance with Argentina's Personal Data Protection Act No. 25.326.A.2 Legal Bases (Argentina-specific)In Argentina, the primary legal basis for data processing is your prior, explicit, and informed consent.A.3 Your Rights in Argentina- Right of access: obtaining information about your data
- Right to rectification: correcting inaccurate data
- Right to deletion: deleting your data under certain conditions
- Right to object: objecting to data processing
- Response time: 10 business days from receipt of request
A.4 Cross-Border TransfersTransfer of data from Argentina to other countries is carried out only when there is:- Adequate level of protection in the destination country
- Appropriate contractual safeguards
- Your explicit consent
A.5 Supervisory AuthorityAgencia de Acceso a la Información Pública (AAIP) You may file a complaint with AAIP if you believe your rights have been violated.A.6 Future Legislative ChangesArgentina is considering a new data protection law. When adopted, this annex will be updated.ANNEX B: FOR USERS FROM VENEZUELAB.1 Applicable LegislationThis annex is based on Article 28 of Venezuela's Constitution and Supreme Court Decision No. 1318 of 2011.B.2 Constitutional RightsIn accordance with Article 28 of Venezuela's Constitution, you have the right to:- Access information about your data in public or private registries
- Know the purposes for which information will be used
- Correct or delete inaccurate information
- Delete data that unlawfully violates your rights
B.3 Data Processing Principles (per Supreme Court Decision No. 1318)B.3.1 Autonomy of Will Principle- Requires prior, free, informed, unequivocal, and revocable consent
- You must be informed about data collection, responsible organization, purposes of use, and ways to exercise self-determination rights
B.3.2 Legality Principle- Limitations on information self-determination rights can only be established by law in the public interest
B.3.3 Purpose and Quality Principle- Data collection must be for a clear purpose in accordance with law
- Only adequate, relevant, and non-excessive data may be collected
B.3.4 Temporality and Preservation Principle- Information must be regularly updated to prevent harm from outdated data
B.4 Special Requirements for Medical DataMedical information of employees and students must be kept in strict confidentiality with access only for medical personnel and relevant health authorities.B.5 No Specialized AuthorityVenezuela has no specialized data protection authority. Disputes are handled by courts.ANNEX C: FOR USERS FROM ETHIOPIAC.1 Applicable LegislationThis annex applies in accordance with Ethiopia's Personal Data Protection Proclamation No. 1321/2024.C.2 Registration with RegulatorAUMIT will register with the Ethiopian Communications Authority (ECA) as required by law when processing data of Ethiopian residents.C.3 Legal Bases for Processing- Data subject consent
- Contract performance
- Legal obligation compliance
- Necessity based on public health crisis or emergency
- Public authority mandate fulfillment
- Legitimate interest
C.4 Your Rights in Ethiopia- Right to be informed
- Right of access: obtaining a copy of your data
- Right to rectification: correcting inaccurate data
- Right to erasure: deleting data under certain conditions
- Right to object to processing
- Right to restrict processing
- Right not to be subject to automated decision-making
- Right to data portability
C.5 Post-Mortem Privacy RightsPrivacy rights of deceased persons remain in effect for 10 years after death and may be exercised by lawful heirs.C.6 Data LocalizationData collected in Ethiopia must be stored on a server or data center in Ethiopia, in accordance with ECA requirements.C.7 Breach NotificationIn case of a data security breach, we will notify ECA and affected individuals within 72 hours.C.8 Supervisory AuthorityEthiopian Communications Authority (ECA) Contact for complaints: [ECA contact information]ANNEX D: FOR USERS FROM NIGERIAD.1 Applicable LegislationThis annex applies in accordance with Nigeria's Data Protection Act 2023 and Nigerian Data Protection Regulation (NDPR) 2019.D.2 Extraterritorial ApplicationThese requirements apply to AUMIT when processing data of:- Nigerian citizens, regardless of their location
- Persons residing in Nigeria
- When providing services to Nigerian students
D.3 Data Controller RegistrationIf AUMIT processes data of more than 1,000 Nigerian data subjects within six months, we will register with the Nigeria Data Protection Commission.D.4 Data Protection Officer (DPO) AppointmentWe may appoint a DPO if we:- Process data of more than 10,000 data subjects annually
- Regularly process sensitive personal data
- Possess critical national information infrastructure
D.5 Your Rights in Nigeria- Right to be informed: simple and understandable privacy policy
- Right of access: obtaining information about processing of your data
- Right to rectification: correcting inaccurate data
- Right to erasure: deleting data under certain conditions
- Right to restrict processing
- Right to object to processing: especially for marketing purposes
- Right to data portability
- Right not to be subject to automated decision-making
D.6 Consent and Withdrawal- Consent must be free, informed, and specific
- You may withdraw consent at any time
- Withdrawal must be as easy as giving consent
D.7 Special Requirements for ChildrenWe do not provide services to persons under 18 years of age.D.8 Audit and ReportingWhen processing data of more than 1,000 data subjects within six months, we provide an audit summary to the Commission.D.9 Cross-Border TransfersTransfer of data from Nigeria is permitted only to countries with adequate protection levels or with appropriate safeguards.D.10 Non-Compliance Penalties- For data controllers with more than 10,000 subjects: 2% of annual gross revenue or 10 million naira (whichever is greater)
- For data controllers with less than 10,000 subjects: 1% of annual gross revenue or 2 million naira (whichever is greater)
D.11 Supervisory AuthorityNigeria Data Protection Commission (NDPC) You may file a complaint with NDPC through their official website or contact details.FINAL PROVISIONSRegional Annex Applicability- Regional annexes apply in addition to the main policy
- In case of conflicts between the main policy and regional annexes, regional requirements take priority
- If your jurisdiction is not listed in the annexes, the main policy applies
Automatic Jurisdiction DeterminationWe may automatically determine your jurisdiction based on IP address and apply corresponding requirements.UpdatesWe will regularly update this policy and regional annexes in accordance with legislative changes.Last Updated: 01.07.2025 Version: 1.1Contact the administration of the site on issues related to privacy policy can be contacted by
academy@bonumfund.com