User agreement

Regulations on the Processing and Protection of Personal Data in Personal Data Databases Owned by the Seller

General Concepts and Scope of Application
List of Personal Data Databases
Purpose of Personal Data Processing
Personal Data Processing Procedure: Obtaining Consent, Notification of Rights, and Actions Regarding the Personal Data of the Data Subject
Location of the Personal Data Database
Conditions for Disclosing Personal Data to Third Parties
Protection of Personal Data: Methods of Protection, Responsible Person, Employees Who Directly Process and/or Have Access to Personal Data in Connection with Their Official Duties, Personal Data Retention Period
Rights of the Personal Data Subject
Procedure for Handling Requests from the Personal Data Subject
State Registration of the Personal Data Database

1. General Concepts and Scope of Application

1.1. Definitions:

personal data database — a named collection of organized personal data in electronic form and/or in the form of personal data filing systems;

responsible person — a designated individual who organizes work related to the protection of personal data during its processing, in accordance with the law;

owner of the personal data database — a natural or legal person who, by law or with the consent of the personal data subject, is granted the right to process such data, who approves the purpose of personal data processing in this database, establishes the composition of such data and the procedures for their processing, unless otherwise provided by law;

State Register of Personal Data Databases — a unified state information system for the collection, accumulation, and processing of information about registered personal data databases;

publicly available sources of personal data — directories, address books, registers, lists, catalogues, and other systematized collections of open information containing personal data, placed and published with the knowledge of the personal data subject. Social networks and internet resources where personal data subjects leave their personal data are not considered publicly available sources of personal data (except in cases where the personal data subject has explicitly indicated that the personal data is published for the purpose of free distribution and use);

consent of the personal data subject — any documented, voluntary expression of will by a natural person granting permission to process their personal data in accordance with the stated purpose of such processing;

anonymization of personal data — the removal of information that makes it possible to identify a person;

processing of personal data — any action or set of actions performed wholly or partially in an information (automated) system and/or in personal data filing systems, related to the collection, registration, accumulation, storage, adaptation, modification, updating, use and dissemination (distribution, sale, transfer), anonymization, or destruction of information about a natural person;

personal data — information or a set of information about a natural person who is identified or can be specifically identified;

administrator of the personal data database — a natural or legal person who has been granted the right to process personal data by the owner of the personal data database or by law. A person who has been instructed by the owner and/or administrator to carry out technical work with the personal data database without access to the content of the personal data shall not be considered an administrator;

personal data subject — a natural person whose personal data is processed in accordance with the law;

third party — any person, other than the personal data subject, the owner or administrator of the personal data database, and the authorized state body for personal data protection, to whom the owner or administrator of the personal data database transfers personal data in accordance with the law;

special categories of data — personal data concerning racial or ethnic origin, political, religious, or ideological beliefs, membership in political parties and trade unions, as well as data relating to health or sexual life.

1.2. These Regulations are mandatory for application by the responsible person and the seller’s employees who directly process and/or have access to personal data in connection with the performance of their official duties.

2. List of Personal Data Databases

2.1. The seller owns the following personal data databases:

personal data database of counterparties.

3. Purpose of Personal Data Processing

3.1. The purpose of personal data processing in the system is to ensure the implementation of civil legal relations, the provision, receipt, and settlement of payments for purchased goods and services in accordance with the Tax Code of Ukraine and the Law of Ukraine «On Accounting and Financial Reporting in Ukraine».

4. Personal Data Processing Procedure: Obtaining Consent, Notification of Rights, and Actions Regarding the Personal Data of the Data Subject

4.1. The consent of the personal data subject must be a voluntary expression of will by a natural person granting permission to process their personal data in accordance with the stated purpose of such processing.

4.2. The consent of the personal data subject may be provided in the following forms:

a paper document with details that allow the identification of the document and the natural person;
an electronic document that must contain mandatory details allowing the identification of the document and the natural person. The voluntary expression of will by a natural person to grant permission to process their personal data should be certified by the electronic signature of the personal data subject;
a mark on an electronic page of a document or in an electronic file processed in an information system based on documented software and hardware solutions.

4.3. Consent of the personal data subject is provided at the time of entering into civil legal relations in accordance with current legislation.

4.4. Notification of the personal data subject about the inclusion of their personal data in the personal data database, the rights defined by the Law of Ukraine «On Personal Data Protection», the purpose of data collection, and the persons to whom their personal data is transferred, is carried out at the time of entering into civil legal relations in accordance with current legislation.

4.5. Processing of personal data concerning racial or ethnic origin, political, religious, or ideological beliefs, membership in political parties and trade unions, as well as data relating to health or sexual life (special categories of data) is prohibited.

5. Location of the Personal Data Database

5.1. The personal data databases specified in Section 2 of these Regulations are located at the seller’s address.

6. Conditions for Disclosing Personal Data to Third Parties

6.1. The procedure for granting third parties access to personal data is determined by the terms of the personal data subject's consent given to the owner of the personal data for the processing of such data, or in accordance with the requirements of the law.

6.2. Access to personal data shall not be granted to a third party if the said person refuses to undertake obligations to ensure compliance with the requirements of the Law of Ukraine «On Personal Data Protection» or is unable to ensure such compliance.

6.3. A party to relations involving personal data submits a request for access (hereinafter — request) to personal data to the owner of the personal data.

6.4. The request shall specify:

last name, first name, and patronymic, place of residence (place of stay) and details of the document identifying the natural person submitting the request (for a natural person — applicant);
name and location of the legal entity submitting the request, the position, last name, first name, and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the powers of the legal entity (for a legal entity — applicant);
last name, first name, and patronymic, as well as other information allowing identification of the natural person about whom the request is made;
information about the personal data database regarding which the request is submitted, or information about the owner or administrator of such database;
list of personal data being requested;
purpose and/or legal grounds for the request.

6.5. The period for reviewing a request for its satisfaction shall not exceed ten working days from the date of its receipt. Within this period, the owner of the personal data database notifies the person submitting the request that the request will be satisfied or that the relevant personal data are not subject to provision, indicating the grounds defined in the relevant regulatory act. The request shall be satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

6.6. A deferral of access to personal data of third parties is permitted if the necessary data cannot be provided within thirty calendar days from the date of receipt of the request. In this case, the total period for resolving the issues raised in the request shall not exceed forty-five calendar days.

6.7. The notification of deferral is communicated to the third party who submitted the request in writing, with an explanation of the procedure for appealing such a decision.

6.8. The notification of deferral shall specify:

last name, first name, and patronymic of the official;
date of dispatch of the notification;
reason for the deferral;
the period within which the request will be satisfied.

6.9. Denial of access to personal data is permitted if access thereto is prohibited by law.

6.10. The notification of denial shall specify:

last name, first name, and patronymic of the official denying access;
date of dispatch of the notification;
reason for the denial.

6.11. A decision to defer or deny access to personal data may be appealed in court.

7. Protection of Personal Data: Methods of Protection, Responsible Person, Employees Who Directly Process and/or Have Access to Personal Data in Connection with Their Official Duties, Personal Data Retention Period

7.1. The owner of the personal data database is equipped with system, software, hardware, and communication tools that prevent the loss, theft, unauthorized destruction, distortion, falsification, or copying of information, and which comply with the requirements of international and national standards.

7.2. The responsible person organizes work related to the protection of personal data during its processing, in accordance with the law. The responsible person is appointed by order of the Owner of the personal data database.

The duties of the responsible person regarding the organization of work related to the protection of personal data during processing are set out in the job description.

7.3. The responsible person is obliged to:

know the legislation of Ukraine in the field of personal data protection;
develop procedures for employees’ access to personal data in accordance with their professional, official, or employment duties;
ensure that employees of the Owner comply with the requirements of Ukrainian legislation on personal data protection and internal documents regulating the activities of the Owner with respect to the processing and protection of personal data;
develop an internal control procedure for compliance with the requirements of Ukrainian legislation on personal data protection and internal documents, which must include, in particular, provisions on the frequency of such control;
notify the Owner of the personal data database of any violations by employees of the requirements of Ukrainian legislation on personal data protection no later than one working day from the moment such violations are discovered;
ensure the retention of documents confirming the personal data subject’s consent to the processing of their personal data and the notification of such subject of their rights.

7.4. For the purpose of fulfilling their duties, the responsible person has the right to:

obtain necessary documents, including orders and other administrative documents issued by the Owner relating to the processing of personal data;
make copies of obtained documents, including copies of files and any records stored in local computer networks and standalone computer systems;
participate in discussions of the organizational work related to the protection of personal data during processing;
submit proposals for improving activities and perfecting working methods, provide observations and options for eliminating identified deficiencies in the personal data processing process;
receive explanations on matters relating to personal data processing;
sign and endorse documents within the scope of their authority.

7.5. Employees who directly process and/or have access to personal data in connection with the performance of their official (employment) duties are obliged to comply with the requirements of Ukrainian legislation on personal data protection and internal documents.

7.6. Employees who have access to personal data, including those who process it, are obliged not to disclose, in any manner, personal data that has been entrusted to them or that became known to them in connection with the performance of their professional, official, or employment duties. This obligation remains in force after the termination of their activities related to personal data, except in cases established by law.

7.7. Persons who have access to personal data, including those who process it, shall be held liable in accordance with Ukrainian legislation in the event of a violation of the requirements of the Law of Ukraine «On Personal Data Protection».

7.8. Personal data must not be stored for longer than is necessary for the purpose for which such data is stored, but in any case no longer than the data retention period specified in the personal data subject’s consent to the processing of such data.

8. Rights of the Personal Data Subject

8.1. The personal data subject has the right to:

know the location of the personal data database containing their personal data, its purpose and name, the location and/or place of residence (stay) of the owner or administrator of such database, or to authorize designated persons to obtain such information, except in cases established by law;
receive information about the conditions for granting access to personal data, including information about third parties to whom their personal data is transferred;
access their personal data contained in the relevant personal data database;
receive, no later than thirty calendar days from the date of receipt of the request, unless otherwise provided by law, a response as to whether their personal data is stored in the relevant database, as well as to receive the content of their stored personal data;
submit a reasoned objection to the processing of their personal data by state authorities and local self-government bodies in the exercise of their powers as provided by law;
submit a reasoned demand for the modification or destruction of their personal data by any owner or administrator of such database, if such data is processed unlawfully or is inaccurate;
have their personal data protected against unlawful processing and accidental loss, destruction, or damage due to intentional concealment, non-provision, or untimely provision, as well as protection against the provision of information that is inaccurate or that discredits the honor, dignity, and business reputation of the natural person;
appeal to state authorities and local self-government bodies, within whose powers the protection of personal data falls, regarding the protection of their rights with respect to personal data;
apply legal remedies in the event of a violation of personal data protection legislation.

9. Procedure for Handling Requests from the Personal Data Subject

9.1. The personal data subject has the right to obtain any information about themselves from any party to relations involving personal data, without stating the purpose of the request, except in cases established by law.

9.2. Access by the personal data subject to data about themselves is provided free of charge.

9.3. The personal data subject submits a request for access (hereinafter — request) to personal data to the owner of the personal data database.

The request shall specify:

last name, first name, and patronymic, place of residence (place of stay) and details of the document identifying the personal data subject;
other information allowing the identification of the personal data subject;
information about the personal data database regarding which the request is submitted, or information about the owner or administrator of such database;
list of personal data being requested.

9.4. The period for reviewing a request for its satisfaction shall not exceed ten working days from the date of its receipt. Within this period, the owner of the personal data database notifies the personal data subject that the request will be satisfied or that the relevant personal data are not subject to provision, indicating the grounds defined in the relevant regulatory act.

9.5. The request shall be satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

10. State Registration of the Personal Data Database

10.1. State registration of personal data databases is carried out in accordance with Article 9 of the Law of Ukraine «On Personal Data Protection».

		Quantity	Total
	Sign in to apply your personal discount Apply discount code
Total $0 Proceed to checkout