Політика конфіденційності
Regulations on the Processing and Protection of Personal Data in Personal Data Databases Owned by the Seller
Contents
1. General Provisions and Scope of Application
2. List of Personal Data Databases
3. Purpose of Personal Data Processing
4. Procedure for Personal Data Processing: Obtaining Consent, Notification of Rights, and Actions Regarding Personal Data
5. Location of Personal Data Databases
6. Conditions for Disclosure of Personal Data to Third Parties
7. Protection of Personal Data: Methods of Protection, Responsible Person, Authorized Employees, and Data Retention Period
8. Rights of the Personal Data Subject
9. Procedure for Handling Requests from Personal Data Subjects
10. State Registration of Personal Data Databases
1. General Provisions and Scope of Application
1.1. Definitions:
Personal data database — a named collection of organized personal data in electronic form and/or in the form of personal data files.
Responsible person — a designated individual who organizes activities related to the protection of personal data during processing in accordance with the law.
Owner of a personal data database — an individual or legal entity authorized by law or by consent of the data subject to process personal data, who determines the purpose, content, and procedures of processing, unless otherwise provided by law.
State Register of Personal Data Databases — a unified state information system for collecting, storing, and processing information on registered personal data databases.
Publicly available sources of personal data — directories, address books, registers, lists, catalogs, and other systematized collections of open information containing personal data published with the knowledge of the data subject. Social networks and online resources are not considered publicly available sources unless the subject explicitly allows free distribution.
Consent of the personal data subject — any documented, voluntary expression of will granting permission for the processing of personal data in accordance with the stated purpose.
Depersonalization of personal data — removal of information that allows identification of an individual.
Processing of personal data — any action or set of actions performed in information systems and/or files related to collection, registration, storage, adaptation, modification, updating, use, dissemination, depersonalization, and destruction of personal data.
Personal data — information about an identified or identifiable individual.
Processor of personal data — an individual or legal entity authorized to process data by the owner or by law. Technical service providers without access to data content are not considered processors.
Personal data subject — an individual whose personal data is processed.
Third party — any person other than the data subject, database owner, processor, or authorized state authority.
Special categories of data — data concerning racial or ethnic origin, political, religious or philosophical beliefs, trade union membership, health, or sexual life.
1.2. These Regulations are mandatory for the responsible person and employees who directly process or access personal data in the course of their duties.
2. List of Personal Data Databases
2.1. The Seller owns the following database:
Counterparties’ personal data database.
3. Purpose of Personal Data Processing
3.1. The purpose of processing is to ensure civil-law relations, provision and receipt of goods and services, and financial settlements in accordance with the Tax Code of Ukraine and the Law of Ukraine “On Accounting and Financial Reporting in Ukraine.”
4. Procedure for Personal Data Processing
4.1. Consent must be a voluntary expression of will granting permission for processing.
4.2. Consent may be provided in the following forms:
Paper document with identifying details;
Electronic document with mandatory details, preferably certified by electronic signature;
Mark on an electronic document or file in an information system.
4.3. Consent is provided during the establishment of civil-law relations.
4.4. The data subject is informed about inclusion of data in the database, their rights, purposes of collection, and recipients during contract execution.
4.5. Processing of special categories of data is prohibited.
5. Location of Personal Data Databases
5.1. Databases are located at the Seller’s address.
6. Conditions for Disclosure to Third Parties
6.1. Access is determined by consent or law.
6.2. Access is denied if the third party cannot ensure compliance with data protection requirements.
6.3. Requests for access must be submitted to the database owner.
6.4. Requests must include:
Full name, address, and ID details (for individuals);
Legal entity details and authorization (for organizations);
Information identifying the data subject;
Database details;
List of requested data;
Purpose and legal grounds.
6.5. Requests are reviewed within 10 working days and fulfilled within 30 calendar days unless otherwise provided by law.
6.6. Access may be postponed for up to 45 calendar days if necessary.
6.7–6.8. Postponement must be communicated in writing with justification and appeal procedure.
6.9–6.10. Access may be refused in cases prescribed by law, with written explanation.
6.11. Decisions may be appealed in court.
7. Protection of Personal Data
7.1. The database owner uses technical and organizational measures to prevent loss, theft, unauthorized access, and damage.
7.2. A responsible person is appointed by order and acts in accordance with job instructions.
7.3. The personal data subject has the right to:
Know the location and purpose of the database;
Receive information on access conditions;
Access their data;
Receive confirmation of data storage within 30 days;
Object to unlawful processing;
Request correction or deletion of inaccurate data;
Protection from unlawful processing and misinformation;
Apply to authorities for protection;
Use legal remedies.
9. Procedure for Handling Requests from Data Subjects
9.1. The data subject has the right to obtain information about themselves without stating a purpose, except as provided by law.
9.2. Access is provided free of charge.
9.3. Requests must include:
Full name, address, and ID details;
Additional identifying information;
Database details;
List of requested data.
9.4. Requests are reviewed within 10 working days.
9.5. Requests are fulfilled within 30 calendar days unless otherwise provided by law.
10. State Registration of Personal Data Databases
10.1. State registration is carried out in accordance with Article 9 of the Law of Ukraine “On Personal Data Protection.”