User agreement

Regulation on the Processing and Protection of Personal Data in Personal Data Bases Owned by the Seller

General concepts and scope of application
List of personal data bases
Purpose of personal data processing
Procedure for personal data processing: obtaining consent, notification of rights, and actions with the personal data of the data subject
Location of the personal data base
Conditions for disclosing personal data to third parties
Protection of personal data: methods of protection, responsible person, employees directly processing and/or having access to personal data in connection with their official duties, retention period of personal data
Rights of the personal data subject
Procedure for handling requests from the personal data subject
State registration of the personal data base

1. General Concepts and Scope of Application

1.1. Definition of Terms:

Personal data base: A named collection of ordered personal data in electronic form and/or in the form of personal data filing systems.
Responsible person: A designated individual who organizes the work related to the protection of personal data during its processing, in accordance with the law.
Owner of the personal data base: A natural or legal person who is granted the right to process this data by law or with the consent of the personal data subject, who determines the purpose of processing personal data in this database, establishes the composition of this data and the procedures for its processing, unless otherwise defined by law.
State Register of Personal Data Bases: A unified state information system for the collection, accumulation, and processing of information about registered personal data bases.
Publicly available sources of personal data: Directories, address books, registers, lists, catalogs, and other systematized collections of open information containing personal data, posted and published with the knowledge of the personal data subject. Social networks and internet resources where the personal data subject leaves their personal data are not considered publicly available sources (except in cases where the personal data subject explicitly indicated that the personal data is posted for the purpose of free distribution and use).
Consent of the personal data subject: Any documented, voluntary expression of the will of a natural person regarding the granting of permission to process their personal data in accordance with the formulated purpose of their processing.
Depersonalization (Anonymization) of personal data: The extraction of information that allows the identification of a person.
Processing of personal data: Any action or set of actions, performed entirely or partially in an information (automated) system and/or in personal data filing systems, related to the collection, registration, accumulation, storage, adaptation, alteration, updating, use, and distribution (dissemination, realization, transfer) of data about an individual.
Personal data: Information or a collection of information about a natural person who is identified or can be specifically identified.
Processor of the personal data base: A natural or legal person who is granted the right to process this data by the owner of the personal data base or by law. A person who is instructed by the owner and/or processor to perform technical work with the personal data base without access to the content of the personal data is not considered a processor.
Personal data subject: A natural person whose personal data is processed in accordance with the law.
Third party: Any person, except the personal data subject, the owner or processor of the personal data base, and the authorized state body for personal data protection, to whom the owner or processor transfers personal data in accordance with the law.
Special categories of data: Personal data concerning racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and trade unions, as well as data concerning health or sex life.

1.2. This Regulation is mandatory for application by the responsible person and the seller's employees who directly process and/or have access to personal data in connection with the performance of their official duties.

2. List of Personal Data Bases

2.1. The Seller is the owner of the following personal data bases:

Personal data base of counterparties.

3. Purpose of Personal Data Processing

3.1. The purpose of processing personal data in the system is to ensure the implementation of civil law relations, the provision, receipt, and execution of payments for purchased goods and services in accordance with the Tax Code of Ukraine and the Law of Ukraine "On Accounting and Financial Reporting in Ukraine".

4. Procedure for Personal Data Processing: Obtaining Consent, Notification of Rights, and Actions

4.1. The consent of the personal data subject must be a voluntary expression of the natural person's will to grant permission for the processing of their personal data in accordance with the formulated purpose of their processing.

4.2. The consent of the personal data subject may be provided in the following forms:

A paper document with requisites that allow the identification of this document and the natural person;
An electronic document containing mandatory requisites that allow the identification of this document and the natural person. It is advisable to certify the voluntary expression of the natural person's will to grant permission for data processing with the electronic signature of the personal data subject;
A mark on an electronic page of a document or an electronic file processed in an information system based on documented software and hardware solutions.

4.3. The consent of the personal data subject is provided during the execution of civil law relations in accordance with applicable law.

4.4. The notification to the personal data subject about the inclusion of their personal data into the personal data base, the rights defined by the Law of Ukraine "On Personal Data Protection", the purpose of data collection, and the persons to whom their personal data is transferred, is carried out during the execution of civil law relations in accordance with applicable law.

4.5. The processing of personal data concerning racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and trade unions, as well as data concerning health or sex life (special categories of data) is prohibited.

5. Location of the Personal Data Base

5.1. The personal data bases specified in Section 2 of this Regulation are located at the address of the Seller.

6. Conditions for Disclosing Personal Data to Third Parties

6.1. The procedure for third-party access to personal data is determined by the conditions of the consent granted by the personal data subject to the personal data owner for processing, or in accordance with the requirements of the law.

6.2. Access to personal data is not granted to a third party if the specified person refuses to assume the obligation to comply with the requirements of the Law of Ukraine "On Personal Data Protection" or is unable to ensure compliance.

6.3. The subject of relations connected with personal data submits a request for access (hereinafter — the request) to personal data to the personal data owner.

6.4. The request must indicate:

Surname, first name, and patronymic, place of residence (place of stay), and details of the document identifying the natural person submitting the request (for a natural person applicant);
Name, location of the legal entity submitting the request, position, surname, first name, and patronymic of the person certifying the request; confirmation that the content of the request complies with the authority of the legal entity (for a legal entity applicant);
Surname, first name, and patronymic, as well as other information that allows the identification of the natural person about whom the request is made;
Information about the personal data base to which the request is directed, or information about the owner or processor of this personal data base;
A list of the requested personal data;
The purpose and/or legal basis for the request.

6.5. The period for reviewing a request to determine if it will be satisfied cannot exceed ten working days from the date of receipt. Within this period, the owner of the personal data base shall notify the person submitting the request that the request will be satisfied or that the relevant personal data are not subject to provision, indicating the legal grounds defined in the relevant regulatory act. The request shall be satisfied within thirty calendar days from its receipt, unless otherwise provided by law.

6.6. Postponement of third-party access to personal data is allowed if the necessary data cannot be provided within thirty calendar days from the receipt of the request. However, the overall period for resolving issues raised in the request cannot exceed forty-five calendar days.

6.7. The notice of postponement is communicated in writing to the third party who submitted the request, explaining the procedure for appealing such a decision.

6.8. The notice of postponement must indicate:

Surname, first name, and patronymic of the official;
Date the notice is sent;
Reason for the postponement;
The period within which the request will be satisfied.

6.9. Refusal of access to personal data is permitted if access to them is prohibited by law.

6.10. The notice of refusal must indicate:

Surname, first name, and patronymic of the official refusing access;
Date the notice is sent;
Reason for the refusal.

6.11. A decision to postpone or refuse access to personal data may be appealed in court.

7. Protection of Personal Data

7.1. Owners of the personal data base are equipped with systemic, software-hardware, and communication means that prevent loss, theft, unauthorized destruction, distortion, forgery, and copying of information, meeting the requirements of international and national standards.

7.2. The responsible person organizes the work related to personal data protection during processing, according to the law. The responsible person is designated by an order from the owner of the personal data base. The duties of the responsible person regarding the organization of personal data protection are specified in their job description.

7.3. The responsible person is obliged to:

Know the legislation of Ukraine in the field of personal data protection;
Develop procedures for employee access to personal data in accordance with their professional, official, or labor duties;
Ensure that the employees of the personal data base Owner comply with the requirements of Ukrainian legislation and internal documents regulating the Owner's activities regarding personal data processing and protection;
Develop a procedure for internal control over compliance with the law and internal documents, which must include rules on the frequency of such control;
Notify the personal data base Owner about facts of employee violations of legislation or internal documents within a period not exceeding one working day from the moment such violations are discovered;
Ensure the storage of documents confirming the personal data subject's consent to process their data and the notification of said subject about their rights.

7.4. In order to fulfill their duties, the responsible person has the right to:

Receive necessary documents, including orders and other regulatory documents issued by the personal data base Owner;
Make copies of received documents, including copies of files and records stored in local networks and standalone computer systems;
Participate in discussions concerning the execution of their duties related to personal data protection;
Submit proposals for improving activities and refining work methods, present remarks, and suggest options to eliminate identified shortcomings;
Receive explanations regarding personal data processing issues;
Sign and endorse documents within their competence.

7.5. Employees directly engaged in processing and/or having access to personal data due to their duties must comply with Ukrainian legislation and internal documents regarding data processing and protection.

7.6. Employees with access to personal data are obligated not to disclose in any way the personal data entrusted to them or which became known to them in connection with their professional duties. This obligation continues after they cease activities related to personal data, except as established by law.

7.7. Individuals with access to personal data, including those processing it, are liable under Ukrainian legislation if they violate the requirements of the Law of Ukraine "On Personal Data Protection".

7.8. Personal data must not be stored longer than necessary for the purposes for which such data are stored, but in any case, no longer than the data retention period defined by the personal data subject's consent to process this data.

8. Rights of the Personal Data Subject

8.1. The personal data subject has the right to:

Know about the location of the personal data base containing their personal data, its purpose, name, location and/or place of residence (stay) of the owner or processor of this base, or to give an appropriate instruction to obtain this information to persons authorized by them, except in cases established by law;
Receive information on the conditions for granting access to personal data, in particular, information about third parties to whom their personal data is transferred;
Have access to their personal data contained in the respective personal data base;
Receive, no later than thirty calendar days from the date of the request's receipt (except as provided by law), an answer as to whether their personal data is stored in the respective database, as well as receive the contents of their stored personal data;
Present a motivated demand with an objection to the processing of their personal data by public authorities or local self-government bodies in the exercise of their legally prescribed powers;
Present a motivated demand for the alteration or destruction of their personal data by any owner and processor of this database if the data is processed illegally or is inaccurate;
Protect their personal data against unlawful processing and accidental loss, destruction, or damage due to intentional concealment, failure to provide, or untimely provision, as well as protection from the provision of information that is inaccurate or defames the honor, dignity, and business reputation of a natural person;
Apply with issues regarding the protection of their rights concerning personal data to public authorities or local self-government bodies whose powers include the execution of personal data protection;
Apply legal remedies in case of a violation of personal data protection legislation.

9. Procedure for Handling Requests from the Personal Data Subject

9.1. The personal data subject has the right to receive any information about themselves from any subject of relations connected with personal data without stating the purpose of the request, except in cases established by law.

9.2. The personal data subject's access to data about themselves is provided free of charge.

9.3. The personal data subject submits a request for access (hereinafter — the request) to personal data to the owner of the personal data base.

The request must indicate:

Surname, first name, and patronymic, place of residence (place of stay), and details of the document identifying the personal data subject;
Other information that allows the personal data subject to be identified;
Information about the personal data base regarding which the request is submitted, or information about the owner or processor of this database;
A list of the requested personal data.

9.4. The period for reviewing a request to determine its satisfaction cannot exceed ten working days from the date of its receipt. Within this period, the owner of the personal data base informs the personal data subject that the request will be satisfied or that the relevant personal data are not subject to provision, indicating the legal grounds defined in the relevant regulatory act.

9.5. The request is satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

10. State Registration of the Personal Data Base

10.1. The state registration of personal data bases is carried out in accordance with Article 9 of the Law of Ukraine "On Personal Data Protection".

	Quantity	Total

Total €0 Proceed to checkout