Privacy policy

Table of Contents

  1. General Concepts and Scope of Application

  2. List of Personal Data Bases

  3. Purpose of Personal Data Processing

  4. Procedure for Personal Data Processing: Obtaining Consent, Notification of Rights, and Actions Involving Personal Data of the Data Subject

  5. Location of the Personal Data Base

  6. Conditions for Disclosure of Personal Data to Third Parties

  7. Protection of Personal Data: Methods of Protection, Responsible Person, Employees Directly Involved in Processing and/or Having Access to Personal Data, and Retention Period

  8. Rights of the Personal Data Subject

  9. Procedure for Handling Requests from the Personal Data Subject

  10. State Registration of the Personal Data Base

1. General Concepts and Scope of Application

1.1. Definition of Terms:

  • Personal Data Base: a named collection of organized personal data in electronic form and/or in the form of personal data card files.

  • Responsible Person: a designated person who organizes work related to the protection of personal data during its processing, in accordance with the law.

  • Owner of a Personal Data Base (Controller): a natural or legal person who is granted the right to process this data by law or by consent of the personal data subject, and who approves the purpose of personal data processing, the composition of this data, and the procedures for its processing, unless otherwise specified by law.

  • State Register of Personal Data Bases: a unified state information system for the collection, accumulation, and processing of information regarding registered personal data bases.

  • Publicly Accessible Sources of Personal Data: directories, address books, registers, lists, catalogs, and other systematized collections of open information that contain personal data, published and made available with the knowledge of the personal data subject. Social networks and internet resources where subjects leave their data are not considered publicly accessible sources unless the subject explicitly states that the data is intended for free distribution and use.

  • Consent of the Personal Data Subject: any documented, voluntary expression of will by a natural person granting permission for the processing of their personal data in accordance with the stated purpose of its processing.

  • Anonymization of Personal Data: the removal of information that allows for the identification of an individual.

  • Processing of Personal Data: any action or set of actions performed wholly or partially within an information (automated) system and/or in personal data card files, associated with the collection, registration, accumulation, storage, adaptation, modification, renewal, use, and dissemination (distribution, sale, transfer), anonymization, or destruction of information concerning a natural person.

  • Personal Data: information or a collection of information about a natural person who is identified or can be specifically identified.

  • Processor of a Personal Data Base: a natural or legal person who is granted the right to process this data by the owner of the personal data base or by law. A person entrusted by the owner and/or processor to perform technical work without access to the content of the personal data is not considered a processor of the personal data base.

  • Personal Data Subject: a natural person whose personal data is processed in accordance with the law.

  • Third Party: any person, except for the personal data subject, the owner or processor of the personal data base, and the authorized state body for personal data protection, to whom personal data is transferred by the owner or processor in accordance with the law.

  • Special Categories of Data: personal data regarding racial or ethnic origin, political, religious, or ideological beliefs, membership in political parties and trade unions, as well as data relating to health or sex life.

1.2. These Regulations are mandatory for the responsible person and employees of the Seller who directly perform processing or have access to personal data in connection with the performance of their official duties.

2. List of Personal Data Bases

2.1. The Seller is the owner of the following personal data bases:

  • Personal Data Base of Counterparties.

3. Purpose of Personal Data Processing

3.1. The purpose of processing personal data in the system is to ensure the implementation of civil-law relations, provision, receipt, and execution of settlements for purchased goods and services in accordance with the Tax Code of Ukraine and the Law of Ukraine "On Accounting and Financial Reporting in Ukraine."

4. Procedure for Personal Data Processing

4.1. The consent of the personal data subject must be a voluntary expression of will granting permission for the processing of their personal data in accordance with the formulated purpose.

4.2. Consent may be provided in the following forms:

  • A paper document with details allowing for the identification of the document and the natural person;

  • An electronic document containing mandatory details for identification; it is advisable to authenticate it with an electronic signature;

  • A checkmark on an electronic page or in an electronic file processed within the information system based on documented software and hardware solutions.

  •  

    Consent is provided during the formalization of civil-law relations in accordance with current legislation.

  • Notification regarding the inclusion of data into the base, rights in accordance with the Law "On Personal Data Protection," the purpose of collection, and the persons to whom the data is transferred, is provided during the formalization of civil-law relations.

  •  

    The processing of special categories of data (racial/ethnic origin, political/religious beliefs, health, or sex life) is prohibited.

     

5. Location of the Personal Data Base

5.1. The personal data bases specified in Section 2 are located at the place of business of the Seller.

6. Conditions for Disclosure of Personal Data to Third Parties

6.1. Access by third parties is determined by the conditions of the subject's consent or by law.

6.2. Access shall be denied if the third party refuses or fails to ensure compliance with the requirements of the Law of Ukraine "On Personal Data Protection."

6.3. Requests for access are submitted to the owner of the personal data.

6.4. The request must contain: details for identifying the applicant, legal grounds for the request, indication of the specific data base, and the purpose of the request.

6.5. The period for reviewing a request is up to 10 business days. The request must be satisfied within 30 calendar days from the date of receipt, unless otherwise provided by law.

6.6. Postponement of access is permitted if the data cannot be provided within 30 days, but the total period for resolving the issue may not exceed 45 calendar days.

6.7. – 6.11. Notice of postponement or denial is provided in writing, stating the reasons and information regarding the procedure for appealing the decision in court.

7. Protection of Personal Data

7.1. The owner's data base is equipped with system, software, and hardware tools to prevent loss, theft, unauthorized destruction, distortion, or copying, meeting international and national standards.

7.2. The responsible person is appointed by order of the Owner.

7.3. The responsible person must: know the legislation, develop access procedures, ensure compliance by employees, and report violations within one business day.

7.4. The responsible person has the right to: access necessary documents, make copies of records, and propose improvements to data protection methods.

7.5. – 7.7. Employees are obliged to maintain confidentiality even after the termination of activities related to personal data. Violation entails liability in accordance with the legislation of Ukraine.

7.8. Personal data must not be stored longer than necessary for the stated purpose or the period specified by the subject's consent.

8. Rights of the Personal Data Subject

8.1. The personal data subject has the right to:

  • Know about the location and purpose of the data base;

  • Have access to their data and receive information regarding its transfer to third parties;

  • Receive a response no later than 30 days as to whether their data is being stored;

  • Object to the processing of their data by state bodies or local self-government authorities;

  • Demand the modification or destruction of their data if it is processed unlawfully or is inaccurate;

  • Be protected against accidental loss, damage, or the provision of information that is inaccurate or defames their honor and dignity;

  • Lodge complaints regarding the protection of their rights with state bodies or courts.

9. Procedure for Handling Requests

9.1. Subjects have the right to access information about themselves without specifying the reason for the request.

9.2. Access to one's own data is provided free of charge.

9.3. The request must contain details for identification and the specific data being requested.

9.4. – 9.5. Review takes up to 10 business days; fulfillment of the request takes up to 30 calendar days.

10. State Registration

10.1. State registration of personal data bases is carried out in accordance with Article 9 of the Law of Ukraine "On Personal Data Protection."