REGULATION ON PROCESSING AND PROTECTION OF PERSONAL DATA
Contents
- General provisions and scope
- List of personal data databases
- Purpose of personal data processing
- Procedure for processing personal data
- Location of personal data databases
- Conditions for disclosure to third parties
- Personal data protection
- Rights of the data subject
- Procedure for handling requests
- State registration of personal data databases
1. General Provisions and Scope
1.1 Definitions
Personal Data Database — a structured set of personal data in electronic and/or physical form.
Responsible Person — an individual designated to organize personal data protection in accordance with the law.
Data Controller — a natural or legal person authorized to process personal data and determine its purpose and scope.
State Register of Personal Data Databases — a unified governmental system for collecting and processing information about registered databases.
Publicly Available Sources — directories, registers, lists, and other open information sources containing personal data published with the subject’s consent.
Consent of the Data Subject — voluntary permission granted by an individual for processing their personal data.
Depersonalization — removal of identifying information.
Processing of Personal Data — any operation including collection, storage, use, transfer, or deletion of personal data.
Personal Data — any information relating to an identified or identifiable individual.
Data Processor — a person authorized to process personal data on behalf of the controller.
Data Subject — an individual whose personal data is processed.
Third Party — any person other than the data subject, controller, or authorized authority.
Sensitive Data — data related to race, political views, religion, health, or personal life.
1.2 Scope
This Regulation is mandatory for all employees involved in processing personal data.
2. List of Personal Data Databases
The Seller maintains the following database:
- Customer (counterparty) personal data database
3. Purpose of Personal Data Processing
Personal data is processed to:
- fulfill contractual obligations
- process payments
- comply with Ukrainian legislation
4. Procedure for Processing Personal Data
4.1 Consent
Consent must be voluntary and informed.
4.2 Forms of Consent
- written document
- electronic document
- checkbox confirmation on the website
4.3 Timing
Consent is obtained during order placement.
4.4 Notification
The data subject is informed about:
- their rights
- purpose of data collection
- data sharing
4.5 Restrictions
Processing of sensitive data is prohibited.
5. Location of Databases
Personal data databases are located at the Seller’s registered address.
6. Disclosure to Third Parties
- Data is shared only with consent or legal basis
- Third parties must comply with data protection laws
- Requests must include identification and purpose
Response сроки:
- review: up to 10 working days
- response: up to 30 days
7. Personal Data Protection
The Seller implements:
- technical protection systems
- secure storage
- controlled access
Responsible Person duties:
- ensure compliance
- monitor processing
- prevent violations
Employees must:
- not disclose personal data
- follow legal requirements
8. Rights of the Data Subject
The user has the right to:
- access their data
- request correction or deletion
- object to processing
- receive information about data use
- file complaints
9. Handling Requests
- Requests are processed within 10 days
- Full response within 30 days
- Access is free of charge
10. State Registration
Personal data databases are registered in accordance with Ukrainian law.