User agreement

User Agreement

Regulation on the processing and protection of personal data in personal data bases owned by the seller

General concepts and scope of application
List of personal data bases
Purpose of processing personal data
Procedure for processing personal data: obtaining consent, notification of rights and actions with personal data of the personal data subject
Location of the personal data base
Conditions for disclosure of personal data information to third parties
Protection of personal data: methods of protection, responsible person, employees who directly process and/or have access to personal data in connection with the performance of their official duties, storage period of personal data
Rights of the personal data subject
Procedure for handling requests from the personal data subject
State registration of the personal data base

1. General concepts and scope of application

1.1. Definition of terms:

personal data base — a named set of ordered personal data in electronic form and/or in the form of personal data files;
responsible person — a designated person who organizes work related to the protection of personal data during their processing, in accordance with the law;
owner of the personal data base — a natural or legal person who is granted the right to process this data by law or with the consent of the personal data subject, who approves the purpose of processing personal data in this database, establishes the composition of this data and the procedures for its processing, unless otherwise determined by law;
State Register of Personal Data Bases — a unified state information system for collecting, accumulating, and processing information about registered personal data bases;
publicly available sources of personal data — directories, address books, registers, lists, catalogs, and other systematic collections of open information containing personal data, placed and published with the knowledge of the personal data subject. Social networks and internet resources where the personal data subject leaves their personal data are not considered publicly available sources of personal data (except in cases where the personal data subject explicitly states that the personal data is posted for the purpose of its free distribution and use);
consent of the personal data subject — any documented, voluntary expression of will by a natural person regarding granting permission for the processing of their personal data in accordance with the formulated purpose of their processing;
anonymization of personal data — the removal of information that allows identifying a person;
processing of personal data — any action or set of actions performed wholly or partially in an information (automated) system and/or in personal data files related to the collection, registration, accumulation, storage, adaptation, modification, updating, use, and dissemination (distribution, realization, transfer), anonymization, and destruction of information about a natural person;
personal data — information or a set of information about a natural person who is identified or can be specifically identified;
processor of the personal data base — a natural or legal person who is granted the right to process this data by the owner of the personal data base or by law. A person entrusted by the owner and/or processor of the personal data base to carry out technical work with the personal data base without access to the content of personal data is not a processor of the personal data base;
personal data subject — a natural person whose personal data is processed in accordance with the law;
third party — any person, with the exception of the personal data subject, the owner or processor of the personal data base, and the authorized state body for personal data protection, to whom the owner or processor of the personal data base transfers personal data in accordance with the law;
special categories of data — personal data regarding racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and trade unions, as well as data concerning health or sexual life.

1.2. This Regulation is mandatory for application by the responsible person and employees of the seller who directly process and/or have access to personal data in connection with the performance of their official duties.

2. List of personal data bases

2.1. The seller is the owner of the following personal data bases:

personal data base of counterparties.

3. Purpose of processing personal data

3.1. The purpose of processing personal data in the system is to ensure the implementation of civil-legal relations, provision, receipt, and execution of settlements for purchased goods and services in accordance with the Tax Code of Ukraine, the Law of Ukraine "On Accounting and Financial Reporting in Ukraine".

4. Procedure for processing personal data: obtaining consent, notification of rights and actions with personal data of the personal data subject

4.1. The consent of the personal data subject must be a voluntary expression of will by a natural person regarding granting permission for the processing of their personal data in accordance with the formulated purpose of their processing.

4.2. The consent of the personal data subject can be provided in the following forms:

a document on paper with details allowing the identification of this document and the natural person;
an electronic document containing mandatory details allowing the identification of this document and the natural person. It is advisable to certify the voluntary expression of will by a natural person regarding granting permission for the processing of their personal data with the electronic signature of the personal data subject;
a mark on an electronic page of a document or in an electronic file processed in an information system based on documented software and technical solutions.

4.3. The consent of the personal data subject is provided during the formalization of civil-legal relations in accordance with current legislation.

4.4. Notification of the personal data subject about the inclusion of their personal data in the personal data base, rights defined by the Law of Ukraine "On Protection of Personal Data", the purpose of data collection, and persons to whom their personal data is transferred is carried out during the formalization of civil-legal relations in accordance with current legislation.

4.5. The processing of personal data regarding racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and trade unions, as well as data concerning health or sexual life (special categories of data) is prohibited.

5. Location of the personal data base

5.1. The personal data bases indicated in section 2 of this Regulation are located at the seller's address.

6. Conditions for disclosure of personal data information to third parties

6.1. The procedure for access to personal data by third parties is determined by the conditions of the consent of the personal data subject provided to the owner of personal data for the processing of this data, or in accordance with the requirements of the law.

6.2. Access to personal data is not granted to a third party if the said person refuses to assume obligations regarding ensuring compliance with the requirements of the Law of Ukraine "On Protection of Personal Data" or is unable to ensure them.

6.3. The subject of relations connected with personal data submits a request for access (hereinafter — request) to personal data to the owner of personal data.

6.4. The request shall indicate:

surname, first name and patronymic, place of residence (place of stay) and details of the document certifying the natural person submitting the request (for a natural person applicant);
name, location of the legal entity submitting the request, position, surname, first name and patronymic of the person certifying the request;
confirmation that the content of the request corresponds to the powers of the legal entity (for a legal entity applicant);
surname, first name and patronymic, as well as other information enabling the identification of the natural person regarding whom the request is made;
information about the personal data base regarding which the request is made, or information about the owner or processor of the personal data base;
list of requested personal data.

6.5. The term for examining the request for its satisfaction cannot exceed ten working days from the date of its receipt. Within this period, the owner of the personal data base notifies the person submitting the request that the request will be satisfied or that the requested personal data cannot be provided, specifying the grounds defined in the relevant regulatory legal act. The request is satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

6.6. Deferral of access to personal data of third parties is permitted if the necessary data cannot be provided within thirty calendar days from the date of receipt of the request. In this case, the total term for resolving the issues raised in the request cannot exceed forty-five calendar days.

6.7. Notification of deferral is brought to the attention of the third party who submitted the request in writing with an explanation of the procedure for appealing such a decision.

6.8. The notification of deferral shall indicate:

surname, first name and patronymic of the official;
date of sending the notification;
reason for deferral;
the period within which the request will be satisfied.

6.9. Refusal of access to personal data is permitted if access to them is prohibited by law.

6.10. The notification of refusal shall indicate:

surname, first name, patronymic of the official refusing access; date of sending the notification; reason for refusal.

6.11. The decision on deferral or refusal of access to personal data may be appealed to the court.

7. Protection of personal data: methods of protection, responsible person, employees who directly process and/or have access to personal data in connection with the performance of their official duties, storage period of personal data

7.1. The owner of the personal data base is equipped with system, software, and hardware and communication means that prevent loss, theft, unauthorized destruction, distortion, forgery, copying of information, and meet the requirements of international and national standards.

7.2. The responsible person organizes work related to the protection of personal data during their processing in accordance with the law. The responsible person is determined by the order of the Owner of the personal data base.

7.3. Employees who directly process and/or have access to personal data in connection with the performance of their official duties must comply with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regarding the processing and protection of personal data in personal data bases.

7.4. Employees having access to personal data, including those processing them, are obliged not to disclose in any way personal data entrusted to them or which became known to them in connection with the performance of professional or official duties. This obligation remains valid after they cease activities related to personal data, except in cases established by law.

7.5. Persons having access to personal data, including those processing them, in case of violation of the requirements of the Law of Ukraine "On Protection of Personal Data", bear responsibility according to the legislation of Ukraine.

7.6. Personal data generally should not be stored longer than necessary for the purpose for which such data is stored, but in any case not longer than the data storage period determined by the consent of the personal data subject regarding the processing of this data.

8. Rights of the personal data subject

8.1. The personal data subject has the right:

to know about the location of the personal data base containing their personal data, its purpose and name, location, and/or place of residence (stay) of the owner or processor of this database, or to give an appropriate instruction regarding obtaining this information to authorized persons, except in cases established by law;
to receive information on the conditions for granting access to personal data, specifically information about third parties to whom their personal data contained in the respective personal data base is transferred;
to access their personal data contained in the respective personal data base;
to receive a response on whether their personal data is stored in the respective personal data base, as well as to receive the content of their personal data stored therein, no later than thirty calendar days from the date of receipt of the request, except in cases provided by law;
to submit a reasoned demand with an objection against the processing of their personal data by state authorities, local self-government bodies in the exercise of their powers provided by law;
to submit a reasoned demand regarding the modification or destruction of their personal data by any owner and processor of this database if this data is processed illegally or is inaccurate;
to the protection of their personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision, as well as to protection from providing information that is inaccurate or discredits the honor, dignity, and business reputation of the natural person;
to apply for the protection of their rights regarding personal data to state authorities, local self-government bodies capable of ensuring the protection of personal data;
to apply legal remedies in case of violation of legislation on personal data protection.

9. Procedure for handling requests from the personal data subject

9.1. The personal data subject has the right to receive any information about themselves from any subject of relations connected with personal data, without specifying the purpose of the request, except in cases established by law.

9.2. Access of the personal data subject to data about themselves is free of charge.

9.3. The personal data subject submits a request for access to personal data (hereinafter — request) to the owner of the personal data base. The request typically specifies: surname, first name and patronymic, place of residence (place of stay) and details of the document certifying the natural person submitting the request (for a natural person applicant); name, location of the legal entity submitting the request, position, surname, first name and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the powers of the legal entity (for a legal entity applicant); surname, first name and patronymic, as well as other information enabling the identification of the natural person regarding whom the request is made; information about the personal data base regarding which the request is made, or information about the owner or processor of the personal data base; list of requested personal data.

9.4. The term for examining the request for its satisfaction cannot exceed ten working days from the date of its receipt. Within this period, the owner of the personal data base notifies the person submitting the request that the request will be satisfied or that the requested personal data cannot be provided, specifying the grounds defined in the relevant regulatory legal act.

9.5. The request is satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

10. State registration of the personal data base

10.1. State registration of personal data bases is carried out in accordance with Article 9 of the Law of Ukraine "On Protection of Personal Data".

		Quantity	Total
	Sign in to apply your personal discount Apply discount code
Total $0 Proceed to checkout

User agreement

User Agreement

Contents

1. General concepts and scope of application

2. List of personal data bases