User agreement

Regulation on the Processing and Protection of Personal Data in Personal Data Databases Owned by the Seller

General terms and scope of application
List of personal data databases
Purpose of personal data processing
Procedure for personal data processing: obtaining consent, notification of rights and actions with the personal data of the personal data subject
Location of the personal data database
Conditions for disclosure of personal data to third parties
Protection of personal data: methods of protection, responsible person, employees who directly process and/or have access to personal data in connection with the performance of their official duties, personal data retention period
Rights of the personal data subject
Procedure for handling requests of the personal data subject
State registration of the personal data database

1. General terms and scope of application

1.1. Definitions of terms:

personal data database — a named set of organized personal data in electronic form and/or in the form of personal data files;

responsible person — a designated person who organizes work related to the protection of personal data during their processing, in accordance with the law;

owner of a personal data database — an individual or legal entity that, by law or with the consent of the personal data subject, is granted the right to process such data; the owner approves the purpose of personal data processing in this database, establishes the composition of such data and the procedures for their processing, unless otherwise provided by law;

State Register of Personal Data Databases — a unified state information system for collecting, accumulating and processing information about registered personal data databases;

publicly available sources of personal data — directories, address books, registers, lists, catalogs and other systematized collections of open information that contain personal data and are posted and published with the knowledge of the personal data subject. Social networks and internet resources where the personal data subject leaves their personal data are not considered publicly available sources of personal data (except where the personal data subject explicitly states that the personal data are posted for the purpose of their free dissemination and use);

consent of the personal data subject — any documented, voluntary expression of will of an individual to grant permission for the processing of their personal data in accordance with the stated purpose of such processing;

depersonalization of personal data — removal of information that makes it possible to identify a person;

processing of personal data — any action or set of actions performed wholly or partly in an information (automated) system and/or in personal data files, related to the collection, registration, accumulation, storage, adaptation, modification, renewal, use and dissemination (distribution, sale, transfer), depersonalization, or destruction of information about an individual;

personal data — information or a set of information about an individual who is identified or can be specifically identified;

processor of a personal data database — an individual or legal entity that, by the owner of a personal data database or by law, is granted the right to process such data. A person who, by the owner and/or processor of a personal data database, is entrusted to perform technical works with the personal data database without access to the content of personal data is not considered a processor of a personal data database;

personal data subject — an individual in respect of whom, in accordance with the law, their personal data are processed;

third party — any person other than the personal data subject, the owner or the processor of the personal data database, and the authorized state body for personal data protection, to whom the owner or processor of the personal data database transfers personal data in accordance with the law;

special categories of data — personal data on racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and trade unions, as well as data concerning health or sex life.

1.2. This Regulation is mandatory for the responsible person and the Seller’s employees who directly process and/or have access to personal data in connection with the performance of their official duties.

2. List of personal data databases

2.1. The Seller owns the following personal data databases:

personal data database of counterparties.

3. Purpose of personal data processing

3.1. The purpose of personal data processing in the system is to ensure the implementation of civil-law relations, provision, receipt and execution of settlements for purchased goods and services in accordance with the Tax Code of Ukraine and the Law of Ukraine «On Accounting and Financial Reporting in Ukraine».

4. Procedure for personal data processing: obtaining consent, notification of rights and actions with the personal data of the personal data subject

4.1. The consent of the personal data subject must be a voluntary expression of will of an individual to grant permission for the processing of their personal data in accordance with the stated purpose of such processing.

4.2. The consent of the personal data subject may be provided in the following forms:

a paper document with details that make it possible to identify this document and the individual;
an electronic document that must contain mandatory details allowing identification of this document and the individual. The voluntary expression of will of an individual to grant permission for the processing of their personal data is advisable to be certified by the electronic signature of the personal data subject;
a mark on an electronic page of a document or in an electronic file processed in an information system based on documented software and technical solutions.

4.3. The consent of the personal data subject is provided during the establishment of civil-law relations in accordance with applicable law.

4.4. Notification of the personal data subject about inclusion of their personal data in the personal data database, the rights defined by the Law of Ukraine «On Personal Data Protection», the purpose of data collection and the persons to whom their personal data are transferred is carried out during the establishment of civil-law relations in accordance with applicable law.

4.5. Processing of personal data on racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and trade unions, as well as data concerning health or sex life (special categories of data) is prohibited.

5. Location of the personal data database

5.1. The personal data databases specified in Section 2 of this Regulation are located at the Seller’s address.

6. Conditions for disclosure of personal data to third parties

6.1. The procedure for access to personal data by third parties is determined by the terms of the consent of the personal data subject granted to the owner of personal data for processing such data, or in accordance with the requirements of the law.

6.2. Access to personal data is not granted to a third party if such person refuses to undertake obligations to ensure compliance with the requirements of the Law of Ukraine «On Personal Data Protection» or is unable to ensure such compliance.

6.3. A party to relations related to personal data submits a request for access (hereinafter — the «request») to personal data to the owner of personal data.

6.4. The request shall specify:

surname, first name and patronymic, place of residence (place of stay) and details of the identity document of the individual submitting the request (for an individual — the applicant);
name and location of the legal entity submitting the request, position, surname, first name and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the powers of the legal entity (for a legal entity — the applicant);
surname, first name and patronymic, as well as other information enabling identification of the individual in respect of whom the request is made;
information about the personal data database to which the request relates, or information about the owner or processor of this personal data database;
the list of personal data requested;
the purpose and/or legal grounds for the request.

6.5. The period for reviewing the request in terms of its satisfaction may not exceed ten working days from the date of its receipt. Within this period, the owner of the personal data database informs the person submitting the request that the request will be satisfied or that the relevant personal data are not subject to provision, indicating the grounds specified in the relevant regulatory legal act. The request shall be satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

6.6. Deferral of access to personal data for third parties is allowed if the required data cannot be provided within thirty calendar days from the date of receipt of the request. In this case, the total period for resolving the issues raised in the request may not exceed forty-five calendar days.

6.7. The notice of deferral shall be communicated to the third party that submitted the request in writing, with an explanation of the procedure for appealing such decision.

6.8. The notice of deferral shall specify:

surname, first name and patronymic of the official;
date of sending the notice;
reason for deferral;
the period during which the request will be satisfied.

6.9. Refusal to provide access to personal data is allowed if access to such data is prohibited by law.

6.10. The notice of refusal shall specify:

surname, first name and patronymic of the official who refuses access;
date of sending the notice;
reason for refusal.

6.11. A decision on deferral or refusal of access to personal data may be appealed in court.

7. Protection of personal data: methods of protection, responsible person, employees who directly process and/or have access to personal data in connection with the performance of their official duties, personal data retention period

7.1. The owner of the personal data database is equipped with system and software/technical means and communication means that prevent loss, theft, unauthorized destruction, distortion, forgery and copying of information, and comply with the requirements of international and national standards.

7.2. The responsible person organizes work related to the protection of personal data during their processing in accordance with the law. The responsible person is appointed by an order of the owner of the personal data database.

The duties of the responsible person for organizing work related to the protection of personal data during their processing are specified in the job description.

7.3. The responsible person must:

know the legislation of Ukraine in the field of personal data protection;
develop procedures for employees’ access to personal data in accordance with their professional, official or labor duties;
ensure that the employees of the owner of the personal data database comply with the requirements of Ukrainian legislation in the field of personal data protection and internal documents regulating the activities of the owner of the personal data database regarding processing and protection of personal data in personal data databases;
develop a procedure for internal control over compliance with the requirements of Ukrainian legislation in the field of personal data protection and internal documents regulating the activities of the owner of the personal data database regarding processing and protection of personal data in personal data databases, which, in particular, must include rules on the frequency of such control;
inform the owner of the personal data database about facts of violations by employees of the requirements of Ukrainian legislation in the field of personal data protection and internal documents regulating the activities of the owner of the personal data database regarding processing and protection of personal data in personal data databases no later than one working day from the moment such violations are detected;
ensure storage of documents confirming that the personal data subject has given consent to the processing of their personal data and that the said subject has been notified of their rights.

7.4. For the purpose of fulfilling their duties, the responsible person has the right to:

receive the necessary documents, including orders and other administrative documents issued by the owner of the personal data database, related to the processing of personal data;
make copies of received documents, including copies of files and any records stored in local computer networks and standalone computer systems;
participate in discussions of matters related to organizing work on personal data protection during processing;
submit proposals for improving activities and working methods, provide comments and options for eliminating shortcomings identified in the process of processing personal data;
receive explanations on issues of personal data processing;
sign and endorse documents within the limits of their competence.

7.5. Employees who directly process and/or have access to personal data in connection with the performance of their official (labor) duties must comply with the requirements of Ukrainian legislation in the field of personal data protection and internal documents regarding the processing and protection of personal data in personal data databases.

7.6. Employees who have access to personal data, including those who process them, must not disclose in any way personal data entrusted to them or that became known to them in connection with the performance of professional, official or labor duties. This obligation remains in force after they cease activities related to personal data, except as provided by law.

7.7. Persons who have access to personal data, including those who process them, bear liability under the legislation of Ukraine in the event of violation of the Law of Ukraine «On Personal Data Protection».

7.8. Personal data must not be stored longer than necessary for the purpose for which such data are stored, but in any case not longer than the data retention period determined by the consent of the personal data subject for the processing of such data.

8. Rights of the personal data subject

8.1. The personal data subject has the right to:

know the location of the personal data database containing their personal data, its purpose and name, the location and/or place of residence (stay) of the owner or processor of this personal data database, or provide the relevant authorization to obtain this information to persons authorized by them, except as provided by law;
receive information about the conditions for granting access to personal data, including information about third parties to whom their personal data contained in the relevant personal data database are transferred;
access their personal data contained in the relevant personal data database;
receive, no later than thirty calendar days from the date of receipt of the request (except as provided by law), a response as to whether their personal data are stored in the relevant personal data database, as well as receive the content of their personal data that are stored;
submit a reasoned objection to the processing of their personal data by public authorities and local self-government bodies while exercising their powers provided by law;
submit a reasoned demand to amend or destroy their personal data by any owner and processor of this database if such data are processed unlawfully or are inaccurate;
protection of their personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision thereof, as well as protection from providing information that is inaccurate or that discredits the honor, dignity and business reputation of an individual;
apply to public authorities and local self-government bodies whose powers include the protection of personal data to protect their rights regarding personal data;
use legal remedies in case of violation of legislation on personal data protection.

9. Procedure for handling requests of the personal data subject

9.1. The personal data subject has the right to obtain any information about themselves from any party to relations related to personal data without stating the purpose of the request, except as provided by law.

9.2. Access of the personal data subject to data about themselves is provided free of charge.

9.3. The personal data subject submits a request for access (hereinafter — the «request») to personal data to the owner of the personal data database.

The request shall specify:

surname, first name and patronymic, place of residence (place of stay) and details of the identity document of the personal data subject;
other information that makes it possible to identify the personal data subject;
information about the personal data database to which the request relates, or information about the owner or processor of this database;
the list of personal data requested.

9.4. The period for reviewing the request in terms of its satisfaction may not exceed ten working days from the date of its receipt. Within this period, the owner of the personal data database informs the personal data subject that the request will be satisfied or that the relevant personal data are not subject to provision, indicating the grounds specified in the relevant regulatory legal act.

9.5. The request shall be satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

10. State registration of the personal data database

10.1. State registration of personal data databases is carried out in accordance with Article 9 of the Law of Ukraine «On Personal Data Protection».

		Quantity	Total
	Sign in to apply your personal discount Apply discount code
Total $0 Proceed to checkout