Delivery and payment Exchange and return User agreement
0 800 33 06 74
0 Basket: 0 items - 0 грн
0 Basket: 0 items - 0 грн
Close
0800330674
[email protected]
Київ, вул. Івана Франка, 22/24
dsasa

User agreement

HomeUser agreement

Regulation on processing and protection of personal data in databases, owned by the seller.

 

Content:

  1. General terms and scope of application.
  2. List of personal data databases.
  3. Purpose of personal data processing.
  4. Procedure for processing personal data: obtaining consent, notification of rights and actions with personal data of the subject of personal data.
  5. Location of personal data databases.
  6. Conditions for disclosing information about personal data to third parties.
  7. Protection of personal data: methods of protection, responsible person, employees who directly carry out processing and/or have access to personal data in connection with the performance of their official duties, storage period of personal data.
  8. Rights of the subject of personal data.
  9. Procedure for handling requests from the subject of personal data.
  10. State registration of the personal data database.

 

  1. General terms and scope of application.

 

1.1. Definition of terms:

personal data database – a named set of ordered personal data in electronic and/or personal data card file form;

responsible person – a designated person who organizes work related to the protection of personal data during their processing, in accordance with the law;

owner of the personal data database – a natural or legal person to whom the right to process this data has been granted by law or with the consent of the subject of personal data, who approves the purpose of processing personal data in this database, establishes the composition of this data and the procedures for their processing, if not determined by law;

State Register of personal data databases – a single state information system for collecting, accumulating and processing information about registered personal data databases;

public sources of personal data – directories, address books, registers, lists, catalogs, and other systematic compilations of open information containing personal data, posted and published with the knowledge of the subject of personal data.

Social networks and internet resources where the subject of personal data leaves personal data are not considered public sources of personal data (except in cases where the subject of personal data explicitly consents to their use as such).

Consent of the data subject – any documented voluntary expression of the will of a natural person regarding the permission to process their personal data in accordance with the stated purpose of their processing;

Anonymization of personal data – the removal of information that allows for the identification of a person;

Processing of personal data – any action or set of actions, carried out either wholly or partially in an information (automated) system and/or in personal data filing systems, related to the collection, registration, accumulation, storage, adaptation, modification, restoration, use, dissemination (distribution, implementation, transfer), anonymization, destruction of information about a natural person;

Personal data – information or a set of information about a natural person who is identified or can be specifically identified;

Controller of the personal data database – a natural or legal person who owns the personal data database or is authorized by law to process such data.

 

A person who is not the controller of the personal data database is the one to whom the owner and/or controller of the personal data database is entrusted to carry out technical work on the personal data database without access to the content of personal data;

 

Data subject – a natural person for whom the processing of their personal data is carried out in accordance with the law;

 

Third party – any person, except for the data subject, the owner or controller of the personal data database, and the authorized state body on personal data protection issues, to whom the owner or controller of the personal data database transfers personal data in accordance with the law;

 

Special categories of data – personal data on racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in political parties and professional associations, as well as data related to health or sex life.


1.2. This Regulation is mandatory for the responsible person and employees of the seller who directly process and/or have access to personal data in connection with the performance of their official duties.

 

  1. List of personal data bases.

2.1. The seller owns the following personal data bases:

a database of counterparties’ personal data.

  1. Purpose of personal data processing.

3.1. The purpose of personal data processing in the system is to store and service data of counterparties, in accordance with Articles 6, 7 of the Law of Ukraine “On Personal Data Protection”.

 

3.2. The purpose of personal data processing is to ensure the implementation of civil legal relations, provision/receipt and settlement of payments for goods/services purchased in accordance with the Tax Code of Ukraine, the Law of Ukraine “On Accounting and Financial Reporting in Ukraine”.

 

  1. Procedure for processing personal data: obtaining consent, notification of rights and actions with personal data of the personal data subject.

4.1. The consent of the personal data subject must be a voluntary expression of the will of a natural person to grant permission for the processing of their personal data in accordance with the formulated purpose of their processing. The consent of the personal data subject can be given in the following forms:

 

a document on paper medium with requisites that allow identifying this document and the natural person;

 

an electronic document that must contain mandatory requisites that allow identifying this document and the natural person. The voluntary expression of the will of a natural person to grant permission for the processing of their personal data should be certified by the electronic signature of the personal data subject.

a mark on the electronic page of the document or in an electronic file that is processed in the information system based on documented software and technical solutions.

 

4.2. The consent of the personal data subject is given during the formation of civil legal relations in accordance with the current legislation.

4.3. The subject of personal data shall be notified of the inclusion of their personal data in the database of personal data, their rights defined by the Law of Ukraine “On the Protection of Personal Data,” the purpose of data collection, and the persons to whom their personal data are transferred during the formation of civil-law relations in accordance with the current legislation.

 

4.4. Processing of personal data on racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and professional unions, as well as data related to health or sex life (special categories of data) is prohibited.

  1. Location of the personal data base.

5.1. The personal data bases specified in section 2 of this Regulation are located at the seller’s address.

  1. Conditions for disclosing information about personal data to third parties.

6.1. The procedure for accessing personal data of third parties is determined by the conditions of consent of the subject of personal data provided to the owner of the personal data base for processing such data, or in accordance with the requirements of the law.

 

6.2. Access to personal data of a third party shall not be granted if the said person refuses to undertake obligations to ensure compliance with the requirements of the Law of Ukraine “On the Protection of Personal Data” or is unable to do so.

 

6.3. The subject of relations related to personal data submits a request for access (hereinafter – the request) to personal data to the owner of the personal data base.

6.4. The request shall indicate:

the last name, first name and patronymic, place of residence (place of stay), and the details of the document certifying the individual who submitted the request (for an individual applicant);

the name, location of the legal entity that submitted the request, position, last name, first name and patronymic of the person who certifies the request, confirmation that the content of the request corresponds to the powers of the legal entity (for a legal entity applicant);

the last name, first name and patronymic, as well as other information that allows identifying the individual regarding whom the request is being made;

Information about the personal data base for which the request is made, as well as information about the owner or manager of this database;

A list of personal data being requested;

 

The purpose of the request.

6.5. The deadline for reviewing the request to determine its satisfaction shall not exceed ten working days from the date of its receipt.

During this period, the owner of the personal data base shall inform the person submitting the request that the request will be satisfied or that the relevant personal data cannot be provided, with an indication of the basis determined by the relevant regulatory act.

The request shall be satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

 

6.6. All employees of the owner of the personal data base are obliged to comply with the confidentiality requirements regarding personal data and information on securities accounts and securities circulation.

 

6.7. Deferred access to third-party personal data is allowed if the necessary data cannot be provided within thirty calendar days from the date of receipt of the request. At the same time, the total period for resolving issues raised in the request shall not exceed forty-five calendar days.

 

6.8. Notification of the deferral shall be communicated to the third party who submitted the request in writing, with an explanation of the procedure for appealing such a decision.

 

6.9. The notification of deferral shall indicate:

the surname, name, and patronymic of the official;

the date of sending the notification;

the reason for the deferral;

the deadline for satisfying the request.

6.10. Refusal to access personal data is allowed if access to them is prohibited by law.

 

6.11. The notification of refusal shall indicate:

the surname, name, and patronymic of the official who refused access;

the date of sending the notification;

the reason for the refusal.

6.12. The decision to defer or refuse access to personal data may be appealed to the authorized state body for the protection of personal data, other state authorities and local self-government bodies, which have the authority to protect personal data, or to a court.


7. Personal data protection: protection methods, responsible person, employees who directly carry out processing and/or have access to personal data in connection with their official duties, personal data storage period.

7.1. The owner of the personal data base is equipped with system and software and technical means of communication that prevent loss, theft, unauthorized destruction, distortion, forgery, copying of information, and comply with international and national standards.

 

7.2. The responsible person organizes work related to the protection of personal data during their processing in accordance with the law. The responsible person is determined by the order of the owner of the personal data base. The duties of the responsible person for organizing work related to the protection of personal data during their processing are specified in the job description.

 

7.3. In order to perform their duties, the responsible person has the right to:

obtain necessary documents, including orders and other regulatory documents issued by the owner of the personal data base related to the processing of personal data;

make copies of obtained documents, including copies of files, any records stored in local computer networks and standalone computer systems;

participate in the discussion of the duties related to organizing work related to the protection of personal data during their processing;

make proposals for improving activities and improving work methods, provide comments and options for eliminating identified shortcomings in the process of processing personal data;

receive explanations on issues related to personal data processing;

sign and approve documents within their competence.

7.4. Employees who directly process and/or have access to personal data in connection with the performance of their official (employment) duties are obliged to comply with the requirements of Ukrainian legislation on the protection of personal data and internal documents regarding the processing and protection of personal data in personal data databases.

7.5. Employees who have access to personal data, including those who process them, are obliged not to disclose personal data entrusted to them or which became known to them in connection with the performance of their professional, official or employment duties in any way. Such obligation remains in force after the termination of their activities related to personal data, except in cases established by law.

 

7.6. Persons who have access to personal data, including those who process them, bear responsibility in accordance with Ukrainian legislation in case of their violation of the requirements of the Law of Ukraine “On Personal Data Protection”.

 

7.8. Personal data should not be stored longer than necessary for the purpose for which such data is stored, but in any case not longer than the data retention period determined by the consent of the personal data subject for the processing of such data.

 

  1. Rights of the personal data subject.

    8.1. The subject of personal data has the right:

 

to know about the location of the personal data database that contains their personal data, its purpose and name, the location and/or residence (stay) of the owner or controller of this database or to give the appropriate authorization to authorized persons to obtain this information, except for cases established by law;

to receive information about the conditions for providing access to personal data, including information about third parties to whom their personal data contained in the relevant personal data database are transferred;

to have access to their personal data contained in the relevant personal data database;

to receive, no later than thirty calendar days from the date of the request, except for cases provided by law, a response regarding whether their personal data is stored in the relevant personal data database, as well as to receive the content of their personal data that is stored;

to submit a motivated demand with an objection to the processing of their personal data by state authorities, local authorities in the exercise of their powers provided by law;

to submit a motivated demand for the change or destruction of their personal data by any owner or controller of this database if this data is processed illegally or is inaccurate;

to protect their personal data from illegal processing and accidental loss, destruction, damage due to deliberate concealment, failure to provide or untimely provision, as well as protection from the provision of information that is inaccurate or discredits the honor, dignity, and business reputation of a person;

to appeal to the authorities of state power, local self-government authorities, whose powers include the protection of personal data, regarding the protection of their rights regarding personal data;

to use means of legal protection in case of violation of legislation on the protection of personal data.

  1. Handling requests from the subject of personal data.

9.1. The subject of personal data has the right to receive any information regarding their personal data that is being processed, as well as to know the purpose of such processing, its location, and the persons who have access to it, or to request a copy of this information, except for cases established by law.


9.2. The subject of personal data has free access to their own data.

 

9.3. The subject of personal data submits a request for access (hereinafter referred to as the request) to the owner of the personal data database.

The request must contain:

The surname, first name, patronymic, place of residence (place of stay), and the details of the document that confirms the identity of the subject of personal data.

Other information that allows identifying the subject of personal data.

Information about the personal data database to which the request refers or information about the owner or manager of this database.

A list of personal data being requested.

9.4. The deadline for reviewing the request for its satisfaction cannot exceed ten working days from the date of its receipt.

 

9.5. Within this period, the owner of the personal data database informs the subject of personal data that the request will be satisfied or that the relevant personal data will not be provided, specifying the grounds determined in the relevant regulatory legal act.

 

9.6. The request is satisfied within thirty calendar days from the date of its receipt unless otherwise provided by law.

  1. State registration of the personal data database.

10.1. The state registration of personal data databases is carried out in accordance with Article 9 of the Law of Ukraine “On the Protection of Personal Data”.