Wish List (0)

Privacy Policy

Regulations on the Processing and Protection of Personal Data in the Personal Information Databases Owned by the Seller

Contents

  1. General Notions and Scope of Application.
  2. List of Personal Information Databases.
  3. Purpose of Personal Data Processing.
  4. Procedure for Personal Data Processing: obtaining consent, notification of rights and actions with personal data of the data subject.
  5. Location of Personal Information Database.
  6. Terms of Disclosing Personal Data to Third Parties.
  7. Personal Data Protection: protection methods, accountable person, employees processing and/or having access to personal data while performing their official duties, personal data storage period.
  8. Rights of the Personal Data Subject.
  9. Procedure for Handling Requests of the Personal Data Subject.
  10. State Registration of Personal Information Database. 

1.General Notions and Scope of Application.

1.1. Notions of Terms:

Personal Information Database shall mean a named aggregate of organized personal data in an electronic form and/or in a form of a filing system;

Accountable Person shall mean a designated person who manages the works related to personal data protection while the data is processed, in accordance with the law;

Personal Information Database Controller shall mean a natural or legal entity entitled to process personal data according to the law or to the consent of the personal data subject. Controller approves the purpose of personal data processing in the personal information database, defines the content of such data and the procedures for its processing, in case otherwise provided by law; 

State Register of Personal Information Databases shall mean a joint state informational system for accumulating, collecting and processing the information related to the registered personal information databases;

Publicly Available Sources of Personal Data shall mean directories, address books, registers, lists, catalogs, and other systematized collections of open information that contain personal data posted and published with the knowledge of the personal data subject.

Social networks and Internet resources in which the personal data subject has left his/her personal data are not considered to be publicly available sources of personal data (unless the personal data subject explicitly states that the personal data is placed for their free distribution and use);

Personal Data Subject's Consent shall mean any documented voluntary declaration of will by a natural person to grant permission to process his/her personal data in accordance with the stated purpose of processing;

Personal Data Anonymization shall mean the extraction of any personally identifiable information;

Personal Data Processing shall mean any operation or set of operations related to collection, registration, accumulation, storage, adaptation, alteration, updating, use and dissemination (distribution, sale, transfer), anonymization, or destruction of personal data, and performed in whole or in part in the information (automated) system and/or in personal data files;

Personal Data shall mean the information or aggregate information about a natural person who is identified or may be identified;

Personal Information Database Administrator shall mean a natural or legal entity authorized to process personal data by the personal information database controller.

A person who is instructed by the personal information database controller and/or administrator to perform works of a technical nature with the personal information database without access to the content of personal data shall not be considered as the personal information database administrator;

Personal Data Subject shall mean a natural person whose personal data is processed in accordance with the law;

Third Party shall mean any person, except of personal data subject, personal information database controller or administrator and Authorized State Body on Personal Data Protection, to whom personal information database controller or administrator transfers the data in accordance with the law;

Specific Data shall mean personal data related to racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, as well as data related to health or sexual life.

1.2. These Regulations are mandatory for the accountable person and employees of the seller who directly process and/or have access to the personal data in connection with the performance of their duties.

 

  1. List of Personal Information Databases.

2.1. The seller owns the following personal information databases:

  • personal information database counterparties.

 

  1. Purpose of Personal Data Processing.

3.1. The purpose of personal data processing in the system is storage and servicing of counterparty data, in accordance with Articles 6, 7 of the Law of Ukraine "On Personal Data Protection".

3.2. The purpose of personal data processing is to ensure the implementation of civil relations, providing/receiving and making payments for purchased goods/services in accordance with the Tax Code of Ukraine, and with the Law of Ukraine "On Accounting and Financial Reporting in Ukraine".

 

  1. Procedure for Personal Data Processing: obtaining consent, notification of rights and actions with personal data of the data subject.

4.1. The consent of the personal data subject must be a voluntary expression of the will of the natural person to grant permission for the processing of his/her personal data in accordance with the stated purpose of their processing. The consent of the personal data subject may be given in the following forms:

  • a paper document with the details allowing to identify this document and a natural person;
  • an electronic document, which must contain mandatory details allowing to identify this document and a natural person. Voluntary expression of will of the natural person to grant permission for the processing of his/her personal data should be certified by an electronic signature of the personal data subject.
  • a mark on the electronic page of the document or in the electronic file processed in the information system on the basis of documented software and hardware solutions.

4.2. The consent of the personal data subject is given during the registration of civil relations in accordance with the applicable law.

4.3. The notification of the personal data subject on the inclusion of his/her personal data into the personal information database, the rights defined by the Law of Ukraine "On Personal Data Protection", the purpose of data collection and persons whom his/her personal data is transferred to is carried out during the registration of civil relations in accordance with the applicable law.

4.4. The processing of personal data related to racial or ethnic origin, political, religious or ideological beliefs, membership of political parties and trade unions, and data related to health or sexual life (specific data) shall be prohibited.

 

  1. Location of Personal Information Database.

5.1. The personal information databases specified in Section 2 hereof are located at the seller's address.

 

  1. Terms of Disclosing Personal Data to Third Parties.

6.1. The procedure for access to personal data of third parties is determined by the conditions of consent of the personal data subject provided to the personal information database controller for the processing of such data, or in accordance with the requirements of the law.

6.2. Access to personal data shall not be granted to a third party if such party refuses to take liabilities to ensure compliance with the requirements of the Law of Ukraine "On Personal Data Protection" or is unable to provide for execution of such requirements.

6.3. The subject of the relationship related to personal data submits a request for access (hereinafter referred to as the request) to personal data to the personal information database controller.

6.4. The request shall contain the following information:

  • full name, place of residence (place of stay) and details of the document certifying the natural person submitting the request (for the natural person as an applicant);
  • name, location of the legal entity submitting the request, position, full name of the person certifying the request; confirmation that the content of the request corresponds to the powers of the legal entity (for the legal entity as an applicant);
  • full name as well as other information allowing to identify the natural person with regard to whom the request is made;
  • information on the personal information database with regard to which the request is submitted, or information on the controller or administrator of such database;
  • list of personal data requested;
  • the purpose of the request.

6.5. The term for processing the request for its satisfaction may not exceed ten working days from the date of its receipt.

During this period, the personal information database controller notifies the person submitting the request that the request will be satisfied or the requested personal data are not subject to provision, indicating the grounds specified in the relevant legal act.

The request shall be satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

6.6. All employees of the personal information database controller are obliged to comply with the confidentiality requirements of personal data and information on securities accounts and securities circulation.

6.7. Deferral of access to personal data of third parties is permitted if the necessary data cannot be provided within thirty calendar days from the date of receipt of the request. In this case, the total term for resolving the issues raised in the request may not exceed fourty-five calendar days.

6.8. The notification of deferral shall be delivered in writing to the third party who submitted the request, explaining the procedure for appealing such a decision.

6.9. The notification of deferral shall include:

  • full name of the official;
  • notification sending date;
  • reason for deferral;
  • the period during which the request will be satisfied.

6.10. Denial of access to personal data is acceptable if access to such data is prohibited by law.

6.11. The notification of denial shall include:

  • пfull name of the official who denies access;
  • notification sending date;
  • reason for denial.

6.12. The decision to defer or deny access to personal data may be appealed to the authorized state body for personal data protection, other public authorities and local governments responsible for the personal data protection, or the court.

 

  1. Personal Data Protection: protection methods, accountable person, employees processing and/or having access to personal data while performing their official duties, personal data storage period.

7.1. The personal information database controller shall be equipped with the system, software and hardware, and communication means that prevent loss, theft, unauthorized destruction, distortion, forgery, copying of information, and meet the requirements of international and national standards.

7.2. The accountable person manages the works related to the protection of personal data during their processing, in accordance with the law. The accountable person is appointed by the order of the personal information database controller.

The responsibilities of accountable person to manage works related to the protection of personal data during their processing are specified in the job description.

7.3. The accountable person shall:

  • know the legislation of Ukraine in the field of personal data protection;
  • develop procedures for accessing the personal data of the employees in accordance with their professional, official or job responsibilities;
  • ensure that the employees of the personal information database controller comply with the requirements of the legislation of Ukraine in the field of personal data protection, and internal documents governing the activity of the personal information database controller related to the personal data processing and protection in personal information databases;
  • develop a compliance control procedure related to the requirements of the legislation of Ukraine in the field of personal data protection, and internal documents governing the activity of the personal information database controller related to the personal data processing and protection in personal information databases, which, in particular, shall contain frequency guidelines of such control;
  • notify the personal information database controller on the employees violating the requirements of the legislation of Ukraine in the field of personal data protection, and internal documents governing the activity of the personal information database controller related to the personal data processing and protection in personal information databases within one working day from the moment of detecting such violations;
  • ensure the storage of documents confirming the consent granted by the personal data subject to process his/her personal data and notification of the specified subject about his rights.

7.4. With the purpose to perform his/her duties, the accountable person is entitled to:

  • receive the necessary documents, including orders and other administrative documents issued by the personal information database controller related to the personal data processing;
  • make copies of the documents received, including the copies of files, any records stored on local area networks and stand-alone computer systems;
  • participate in the discussions of his/her responsibilities for managing the works related to the personal data protection during their processing;
  • make proposals for the improvement of working processes and methods, submit comments and options for eliminating the identified shortcomings in the process of personal data processing;
  • receive explanations related to personal data processing issues;
  • sign and approve documents within his/her competence.

7.5. The employees directly processing and/or having access to personal data while performing their official (employment) duties shall comply with the requirements of the legislation of Ukraine in the field of personal data protection, and internal documents related to the personal data processing and protection in personal information databases.

7.6. The employees having access to personal data, including those processing them, are obliged to prevent any disclosure of personal data entrusted to them or became known while performing their professional, official or employment duties. Such obligation shall be valid after the termination of their activities related to personal data, except as provided by law.

7.7. Persons having access to personal data, including those processing them, are liable under the Law of Ukraine in case of violating the requirements of the Law of Ukraine "On Personal Data Protection".

7.8. Personal data shall not be stored longer than it is necessary for the purpose, which such data are stored for, but in any case not longer than the period of data storage determined by the consent of the personal data subject given for the processing of such data.

 

  1. Rights of the Personal Data Subject.

8.1. The personal data subject is entitled to:

  • know the location of the personal information database containing his/her personal data, its purpose and name, location and/or place of residence (stay) of its controller or administrator, or give a relevant order to authorized persons to obtain such information, unless otherwise provided by law;
  • receive information on the conditions for granting access to personal data, namely the information about the third parties his/her personal data contained in the relevant personal information database are transferred to;
  • access his/her personal data contained in the relevant personal information database;
  • receive a reply whether his/her personal data are stored in the relevant personal information database, as well as receive the content of his/her personal data stored. The reply shall be received no later than thirty calendar days from the date of receipt of the request, unless otherwise provided by law;
  • make a reasoned request with an objection to the processing of his/her personal data by public authorities, local governments in exercising their powers under the law;
  • make a reasoned request to change or destroy his/her personal data by any controller and administrator of this database, if this data are processed illegally or areinaccurate;
  • the right to protect his/her personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide them or untimely provision, as well as to the protection against the provision of information that is inaccurate or discredits the honor, dignity and business reputation of an individual;
  • apply for protection of his/her personal data rights to state authorities, local governments, whose powers include the personal data protection;
  • apply legal remedies in case of violation of the legislation on personal data protection.

 

  1. Procedure for Handling Requests of the Personal Data Subject.

9.1. The personal data subject has the right to receive any information about himself/herself from any subject of relations connected with personal data, without specifying the purpose of the request, unless otherwise provided by law.

9.2. The personal data subject has an access to his/her personal data free of charge.

9.3. The personal data subject submits a request for access (hereinafter referred to as the request) to personal data to the personal information database controller.

The request shall indicate:

  • full name, place of residence (stay) and identity document details of the personal data subject;
  • other information allowing to identify the personal data subject;
  • information about the personal information database in respect of which the request is submitted, or information about the controller or administrator thereof;
  • list of personal data requested.

9.4. The term of studying the request for its satisfaction may not exceed ten working days from the date of its receipt.

9.5. During this period, the personal information database controller notifies the personal data subject that the request will be satisfied or the relevant personal data are not subject to provision, indicating the grounds specified in the relevant statutory instrument.

9.6. The request shall be satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

 

  1. State Registration of Personal Information Database.

10.1. The state registration of personal information databases is carried out in accordance with the Article 9 of the Law of Ukraine "On Personal Data Protection".

Registration

Fill the form, please