This Privacy Policy is a policy for the use and processing of personal information of Users of the BONUMFUND website at https://bonumfund.com
Last Updated: 01.07.2025
Effective Date: 01.07.2025


1. GENERAL PROVISIONS1.1 Introduction
BONUMFUND ("BONUMFUND", "we", "us", "our") is committed to protecting the personal data of all users of our services. This Privacy Policy describes how we collect, use, store, and protect your personal information when using our website https://bonumfund.com and related services.
1.2 Scope of Application
This policy applies to all BONUMFUND personal data processing operations and is supplemented by regional annexes depending on your location and applicable legislation.
1.3 Contact Information
Data Controller: BONUMFUND
Email: academy@bonumfund.com
Data Protection Officer: Not currently appointed (if required by applicable law, we will designate one)


2. DEFINITIONS
Personal Data - any information relating to an identified or identifiable natural person.
Sensitive Personal Data - personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, sexual orientation, biometric or genetic data.
Processing - any operation or set of operations performed on personal data, including collection, storage, use, modification, transmission, or deletion.
Data Subject - a natural person to whom personal data relates.


3. WHAT DATA WE COLLECT3.1 Information You Provide to Us
  • Registration data: first name, last name, email, date of birth, citizenship
  • Academic information: educational history, grades, academic achievements
  • Financial information: payment data, bank details, tax numbers
  • Documents: copies of passports, diplomas, certificates
  • Contact information: address, phone, preferred communication methods
3.2 Information Collected Automatically
  • Technical data: IP address, browser type, operating system
  • Usage data: website pages, visit times, actions on site
  • Cookies: session identifiers, user preferences (Google Analytics standard cookies)
3.3 Information from Third Parties
  • Academic transcripts from other educational institutions
  • Letters of recommendation
  • Standardized test results


4. LEGAL BASES FOR PROCESSING
We process your personal data on the following bases:
4.1 Consent
Your explicit and informed consent to data processing for specific purposes.
4.2 Contract Performance
Processing necessary for the performance of an educational contract or provision of requested services.
4.3 Legal Obligations
Compliance with applicable laws and regulatory requirements.
4.4 Legitimate Interests
Processing necessary for our legitimate interests, provided such interests do not violate your rights and freedoms.


5. PURPOSES OF DATA PROCESSING5.1 Educational Services
  • Review of admission applications
  • Provision of academic programs and courses
  • Assessment of academic performance
  • Issuance of diplomas and certificates
5.2 Administrative Purposes
  • Management of student records
  • Financial administration and billing
  • Communication with students and applicants
  • Technical support provision
5.3 Compliance Requirements
  • Fulfillment of legal and regulatory obligations
  • Reporting to educational and governmental bodies
  • Security and fraud prevention
5.4 Service Improvement
  • Analysis of educational program quality
  • Educational research
  • User experience improvement


6. DATA SHARING6.1 Internal Sharing
Data may be shared with authorized university personnel based on their job responsibilities and need-to-know basis.
6.2 Third-Party Service Providers
We may share data with verified service providers who assist us in providing educational services:
  • GreenGeeks (US-based hosting): For data storage and website hosting
  • Google Analytics: For website traffic analysis
  • Payment systems and banks
  • Educational platforms
  • Technical support services
6.3 Legal Requirements
Data may be shared with:
  • Law enforcement agencies upon official requests
  • Educational accreditation bodies
  • Judicial authorities in legal proceedings
6.4 International Transfers
Important: Your data is stored on servers in the United States (GreenGeeks hosting). When transferring data to other countries, we ensure appropriate safeguards:
  • Adequacy decisions on data protection
  • Standard contractual clauses
  • Your explicit consent


7. YOUR RIGHTS7.1 Right to Information
You have the right to receive clear information about how we use your data.
7.2 Right of Access
You may request a copy of all personal data we hold about you.
7.3 Right to Rectification
You may require correction of inaccurate or incomplete data.
7.4 Right to Erasure
In certain circumstances, you may require deletion of your data.
7.5 Right to Restrict Processing
You may require restriction of processing of your data in certain cases.
7.6 Right to Object
You may object to processing of your data for marketing purposes or based on legitimate interests.
7.7 Right to Data Portability
You may require transfer of your data in a structured, machine-readable format.
7.8 Exercising Rights
To exercise your rights, contact us at: info@aumit.us We will respond to your request within the timeframes established by law.


8. DATA RETENTION PERIODS8.1 General Principles
We retain personal data only for the time necessary to achieve processing purposes.
8.2 Specific Periods
  • Student data: 3 years after completion of studies or last interaction
  • Applicant data: 3 years after application submission
  • Financial records: in accordance with applicable tax legislation
  • Research data: according to research protocols


9. DATA SECURITY9.1 Technical Measures
  • SSL encryption for data transmission
  • Data encryption at rest
  • Regular security system updates
  • Monitoring of suspicious activity
9.2 Organizational Measures
  • Access restriction based on need-to-know principle
  • Staff training on data protection issues
  • Security policies and procedures
  • Regular security audits
9.3 Breach Notification
In case of a data security breach, we will:
  • Notify competent authorities within 72 hours
  • Inform affected individuals without undue delay
  • Take measures to remediate the breach


10. COOKIES AND TRACKING TECHNOLOGIES10.1 Types of Cookies Used
  • Necessary cookies: for website functionality
  • Analytics cookies: Google Analytics standard cookies for website usage analysis
  • Functional cookies: for saving user preferences
10.2 Third-Party Technologies
We use Google Analytics for website traffic analysis. For details, see Google's privacy policy.
10.3 Cookie Management
You can manage cookie settings in your browser.


11. MINORS' DATA PROCESSING11.1 Age Restrictions
We do not knowingly collect data from children under 18 years of age. Our services are intended for adults only.
11.2 Accidental Collection
If we become aware that we have collected data from a minor, we will delete such data immediately.


12. POLICY CHANGES12.1 Change Notifications
We will notify you of significant changes to this policy by:
  • Posting a notice on the website
  • Sending email notifications
  • Other appropriate means
12.2 Effective Date
Changes take effect from the moment of publication unless otherwise specified.


13. CONTACT INFORMATION AND COMPLAINTS13.1 Contact Us
For data protection inquiries, contact us at:
  • Email: academy@bonumfund.com
13.2 Filing Complaints
You have the right to file a complaint with the competent data protection authority in your jurisdiction.


REGIONAL ANNEXESANNEX A: FOR USERS FROM ARGENTINAA.1 Applicable Legislation
This annex applies in accordance with Argentina's Personal Data Protection Act No. 25.326.
A.2 Legal Bases (Argentina-specific)
In Argentina, the primary legal basis for data processing is your prior, explicit, and informed consent.
A.3 Your Rights in Argentina
  • Right of access: obtaining information about your data
  • Right to rectification: correcting inaccurate data
  • Right to deletion: deleting your data under certain conditions
  • Right to object: objecting to data processing
  • Response time: 10 business days from receipt of request
A.4 Cross-Border Transfers
Transfer of data from Argentina to other countries is carried out only when there is:
  • Adequate level of protection in the destination country
  • Appropriate contractual safeguards
  • Your explicit consent
A.5 Supervisory Authority
Agencia de Acceso a la Información Pública (AAIP) You may file a complaint with AAIP if you believe your rights have been violated.
A.6 Future Legislative Changes
Argentina is considering a new data protection law. When adopted, this annex will be updated.


ANNEX B: FOR USERS FROM VENEZUELAB.1 Applicable Legislation
This annex is based on Article 28 of Venezuela's Constitution and Supreme Court Decision No. 1318 of 2011.
B.2 Constitutional Rights
In accordance with Article 28 of Venezuela's Constitution, you have the right to:
  • Access information about your data in public or private registries
  • Know the purposes for which information will be used
  • Correct or delete inaccurate information
  • Delete data that unlawfully violates your rights
B.3 Data Processing Principles (per Supreme Court Decision No. 1318)B.3.1 Autonomy of Will Principle
  • Requires prior, free, informed, unequivocal, and revocable consent
  • You must be informed about data collection, responsible organization, purposes of use, and ways to exercise self-determination rights
B.3.2 Legality Principle
  • Limitations on information self-determination rights can only be established by law in the public interest
B.3.3 Purpose and Quality Principle
  • Data collection must be for a clear purpose in accordance with law
  • Only adequate, relevant, and non-excessive data may be collected
B.3.4 Temporality and Preservation Principle
  • Information must be regularly updated to prevent harm from outdated data
B.4 Special Requirements for Medical Data
Medical information of employees and students must be kept in strict confidentiality with access only for medical personnel and relevant health authorities.
B.5 No Specialized Authority
Venezuela has no specialized data protection authority. Disputes are handled by courts.


ANNEX C: FOR USERS FROM ETHIOPIAC.1 Applicable Legislation
This annex applies in accordance with Ethiopia's Personal Data Protection Proclamation No. 1321/2024.
C.2 Registration with Regulator
AUMIT will register with the Ethiopian Communications Authority (ECA) as required by law when processing data of Ethiopian residents.
C.3 Legal Bases for Processing
  • Data subject consent
  • Contract performance
  • Legal obligation compliance
  • Necessity based on public health crisis or emergency
  • Public authority mandate fulfillment
  • Legitimate interest
C.4 Your Rights in Ethiopia
  • Right to be informed
  • Right of access: obtaining a copy of your data
  • Right to rectification: correcting inaccurate data
  • Right to erasure: deleting data under certain conditions
  • Right to object to processing
  • Right to restrict processing
  • Right not to be subject to automated decision-making
  • Right to data portability
C.5 Post-Mortem Privacy Rights
Privacy rights of deceased persons remain in effect for 10 years after death and may be exercised by lawful heirs.
C.6 Data Localization
Data collected in Ethiopia must be stored on a server or data center in Ethiopia, in accordance with ECA requirements.
C.7 Breach Notification
In case of a data security breach, we will notify ECA and affected individuals within 72 hours.
C.8 Supervisory Authority
Ethiopian Communications Authority (ECA) Contact for complaints: [ECA contact information]


ANNEX D: FOR USERS FROM NIGERIAD.1 Applicable Legislation
This annex applies in accordance with Nigeria's Data Protection Act 2023 and Nigerian Data Protection Regulation (NDPR) 2019.
D.2 Extraterritorial Application
These requirements apply to AUMIT when processing data of:
  • Nigerian citizens, regardless of their location
  • Persons residing in Nigeria
  • When providing services to Nigerian students
D.3 Data Controller Registration
If AUMIT processes data of more than 1,000 Nigerian data subjects within six months, we will register with the Nigeria Data Protection Commission.
D.4 Data Protection Officer (DPO) Appointment
We may appoint a DPO if we:
  • Process data of more than 10,000 data subjects annually
  • Regularly process sensitive personal data
  • Possess critical national information infrastructure
D.5 Your Rights in Nigeria
  • Right to be informed: simple and understandable privacy policy
  • Right of access: obtaining information about processing of your data
  • Right to rectification: correcting inaccurate data
  • Right to erasure: deleting data under certain conditions
  • Right to restrict processing
  • Right to object to processing: especially for marketing purposes
  • Right to data portability
  • Right not to be subject to automated decision-making
D.6 Consent and Withdrawal
  • Consent must be free, informed, and specific
  • You may withdraw consent at any time
  • Withdrawal must be as easy as giving consent
D.7 Special Requirements for Children
We do not provide services to persons under 18 years of age.
D.8 Audit and Reporting
When processing data of more than 1,000 data subjects within six months, we provide an audit summary to the Commission.
D.9 Cross-Border Transfers
Transfer of data from Nigeria is permitted only to countries with adequate protection levels or with appropriate safeguards.
D.10 Non-Compliance Penalties
  • For data controllers with more than 10,000 subjects: 2% of annual gross revenue or 10 million naira (whichever is greater)
  • For data controllers with less than 10,000 subjects: 1% of annual gross revenue or 2 million naira (whichever is greater)
D.11 Supervisory Authority
Nigeria Data Protection Commission (NDPC) You may file a complaint with NDPC through their official website or contact details.


FINAL PROVISIONSRegional Annex Applicability
  • Regional annexes apply in addition to the main policy
  • In case of conflicts between the main policy and regional annexes, regional requirements take priority
  • If your jurisdiction is not listed in the annexes, the main policy applies
Automatic Jurisdiction Determination
We may automatically determine your jurisdiction based on IP address and apply corresponding requirements.
Updates
We will regularly update this policy and regional annexes in accordance with legislative changes.
Last Updated: 01.07.2025
Version: 1.1

Contact the administration of the site on issues related to privacy policy can be contacted by academy@bonumfund.com

Chupanov Inc
1800 S Ocean Dr, 4302
Hallandale beach
Florida, 33009, USA
EIN 36-4991123

© Bonum Foundation, 2023
Follow us on social media