Login

Country

Language

Cart

Your cart is empty

Privacy policy

Regulations on the Processing and Protection of Personal Data in Personal Data Databases Owned by the Seller

Contents

  1. General Concepts and Scope of Application

  2. List of Personal Data Databases

  3. Purpose of Processing Personal Data

  4. Procedure for Personal Data Processing: obtaining consent, notification of rights, actions related to the data subject’s personal data

  5. Location of the Personal Data Database

  6. Conditions for Disclosure of Personal Data to Third Parties

  7. Protection of Personal Data: protection measures, responsible person, employees with direct processing and/or access, retention period

  8. Rights of the Data Subject

  9. Procedure for Handling Data Subject Requests

  10. State Registration of Personal Data Databases

1. General Concepts and Scope of Application

1.1. Definitions:

  • Personal Data Database – a named collection of organized personal data in electronic form and/or as personal data card files.

  • Responsible Person – an appointed individual organizing the protection of personal data during processing, in accordance with law.

  • Database Owner (Controller) – a natural or legal person legally entitled, by law or by consent of the data subject, to process personal data; sets the purpose, scope, and procedures of processing unless law states otherwise.

  • State Register of Personal Data Databases – a unified governmental information system for registering, accumulating, and processing information on registered personal data databases.

  • Publicly Available Sources of Personal Data – directories, address books, registries, lists, catalogs, or other systematized compilations of open information containing personal data published with the data subject’s explicit knowledge. Social networks and general internet resources are not considered publicly available unless the data subject explicitly permits public distribution.

  • Consent of the Data Subject – any documented, voluntary expression of intent by an individual to allow processing of their personal data for clearly stated purposes.

  • Anonymization – removal of identifying data that allows personal identification.

  • Processing of Personal Data – any action(s), handled fully or partially in an information (automated) system or card files, involving collection, registration, accumulation, storage, adaptation, modification, renewal, use, dissemination (including distribution, sale, transfer), anonymization, destruction of personal data.

  • Personal Data – data concerning a natural person who is identified or may be identified.

  • Data Manager (Processor) – a natural or legal person authorized by the owner or by law to process personal data; does not include individuals performing technical tasks without accessing personal data.

  • Data Subject – a natural person whose personal data is being processed under the law.

  • Third Party – any person other than the data subject, the owner or manager of the database, or an authorized state body for data protection, to whom personal data is legally transferred.

  • Special Categories of Data – data revealing race, ethnicity, political views, religious/philosophical beliefs, political party or trade union membership, as well as data on health or sexual life.

1.2. These Regulations are mandatory for the Responsible Person and employees of the Seller who directly process or access personal data in performing their job duties.

2. List of Personal Data Databases

2.1. The Seller is the owner of the following personal data database:

  • Counterparty Database.

3. Purpose of Processing Personal Data

3.1. The purpose of processing personal data in the system is to implement civil-law relations; to provide, receive, and process payments for purchased goods and services in accordance with the Tax Code of Ukraine and the Law of Ukraine “On Accounting and Financial Reporting in Ukraine.”

4. Procedure for Personal Data Processing

4.1. Consent of the data subject must be voluntarily expressed and documented, pertaining to clearly stated purposes of processing.

4.2. Types of consent include:

  • A paper document with identifying requisites.

  • An electronic document containing requisites enabling identification, ideally signed with the subject’s electronic signature.

  • A mark on an electronic form or file via documented technical means.

4.3. Consent is provided upon entering into a civil-law agreement per applicable Ukrainian legislation.

4.4. Upon conclusion of civil-law relations, the data subject must be informed of inclusion in the database, rights under the Law of Ukraine “On Personal Data Protection,” purpose of data collection, and recipients of data.

4.5. Processing of special categories of personal data is prohibited.

5. Location of the Personal Data Database

5.1. The databases listed in Section 2 are located at the Seller’s registered address.

6. Conditions for Disclosure to Third Parties

6.1. Access to personal data by third parties is permitted only based on the data subject’s consent or legal mandates.

6.2. Third parties must agree to comply with the Law “On Personal Data Protection” and be capable of doing so.

6.3. A third party submits a request specifying full name, residence, identifying document details, database name or data controller, requested data list, purpose, and legal grounds.

6.4–6.11. Requests are reviewed within 10 business days; data is provided within 30 calendar days unless the law states otherwise. Extension up to 45 calendar days is permitted with written notice of the delay and reasons. Grounds for refusal or delay must be communicated in writing. The decision may be appealed in court.

7. Protection of Personal Data

7.1. The Owner implements technical, organizational, and communication security measures to prevent loss, theft, unauthorized destruction, distortion, falsification, or copying of information in accordance with national and international standards.

7.2. The responsible person is officially appointed by order and specified in the job description.

7.3. The responsibilities of the responsible person include:

  • knowledge of legislation in the field of personal data protection;

  • development of procedures for access to personal data;

  • ensuring compliance with legislation and internal regulations by employees;

  • reporting violations within one working day from the moment of detection;

  • storage of documents regarding the consents provided by personal data subjects.

7.4. The rights of the responsible person include:

  • access to necessary documents;

  • the ability to make copies of documents;

  • participation in discussions on personal data protection issues;

  • making proposals to improve procedures;

  • obtaining clarifications on personal data processing issues;

  • signing and approving documents within their area of competence.

7.5. Employees who process or have access to personal data are obliged to comply with the legislation of Ukraine and internal documents on data processing and protection.

7.6. Employees are obliged not to disclose personal data in any way even after the termination of employment, unless otherwise provided by law.

7.7. Persons who violate the requirements of the Law of Ukraine "On Personal Data Protection" are liable in accordance with the law.

7.8. Personal data must not be stored longer than necessary for the purpose of processing, and in any case, not longer than the period agreed with the personal data subject.

8. Rights of the Data Subject

8.1. The data subject has the right to:

  • Know the location, purpose, name, address of the database and its controller/processor;

  • Obtain conditions of data access and identify third-party recipients;

  • Access their personal data stored in the database;

  • Receive confirmation within 30 calendar days whether their data is stored, and access to those data;

  • Object to processing by public authorities;

  • Request correction or deletion if data is illegal or inaccurate;

  • Protect against unlawful processing, accidental loss, destruction, damage, concealment, untimely or false information harming reputation;

  • Appeal to state or local authorities for data protection;

  • Pursue legal remedies if data protection law is breached.

9. Procedure for Handling Personal Data Subject Requests

9.1. The personal data subject has the right to receive any information about themselves without specifying the purpose of the request, unless otherwise provided by law.

9.2. Access to personal data for the subject is free of charge.

9.3. A written request must include:

  • surname, first name, patronymic, place of residence (location), details of the identity document;

  • other information allowing the identification of the subject;

  • information about the personal data database or about the owner or controller;

  • list of requested personal data.

9.4–9.5. The request is considered within 10 working days, and the personal data subject receives a response within 30 calendar days, unless otherwise provided by law.

10. State Registration of Personal Data Databases

10.1. State registration is conducted in accordance with Article 9 of the Law of Ukraine “On Personal Data Protection.”