User agreement

Regulation on the Processing and Protection of Personal Data in Personal Data Bases Owned by the Seller

Contents

General Concepts and Scope of Application
List of Personal Data Bases
Purpose of Personal Data Processing
Procedure for Personal Data Processing: Obtaining Consent, Notification of Rights, and Actions with Personal Data of the Data Subject
Location of Personal Data Base
Conditions for Disclosure of Personal Data to Third Parties
Protection of Personal Data: Protection Methods, Responsible Person, Employees Directly Involved in Processing and/or Having Access to Personal Data in Connection with Their Official Duties, Retention Period of Personal Data
Rights of the Data Subject
Procedure for Handling Requests of Data Subjects
State Registration of Personal Data Base

1. General Concepts and Scope of Application
1.1. Definitions of Terms:

Personal Data Base – a named collection of organized personal data in electronic form and/or in the form of personal data files.
Responsible Person – a designated individual who organizes the work related to the protection of personal data during their processing, in accordance with the law.
Owner of the Personal Data Base – a natural or legal person authorized by law or the consent of the data subject to process personal data, who approves the purpose of personal data processing in this database, determines the composition of these data, and the procedures for their processing unless otherwise specified by law.
State Register of Personal Data Bases – a unified state information system for collecting, accumulating, and processing information about registered personal data bases.
Publicly Available Sources of Personal Data – directories, address books, registers, lists, catalogs, and other systematic collections of publicly available information containing personal data published with the consent of the data subject. Social networks and internet resources where personal data are left by the data subject are not considered publicly available sources, except when the data subject has explicitly stated that their personal data is posted for free distribution and use.
Consent of the Data Subject – any documented, voluntary expression of will by a natural person to allow the processing of their personal data in accordance with the specified purpose.
Anonymization of Personal Data – the removal of data that can identify an individual.
Personal Data Processing – any action or set of actions performed wholly or partially in an information (automated) system and/or in personal data files, relating to the collection, registration, accumulation, storage, adaptation, modification, updating, usage, distribution (dissemination, implementation, transmission), anonymization, or destruction of information about a natural person.
Personal Data – information or a set of information about a natural person who is identified or can be identified.
Personal Data Administrator – a natural or legal person authorized by the data owner or law to process personal data. The person performing technical work on the database without access to the content of personal data is not considered the administrator.
Data Subject – a natural person whose personal data is processed under the law.
Third Party – any individual, other than the data subject, the owner, or the administrator of the personal data base, and the authorized state body for personal data protection, to whom personal data is transferred by the owner or administrator in accordance with the law.
Special Categories of Data – personal data about racial or ethnic origin, political, religious, or philosophical beliefs, membership in political parties and trade unions, as well as data related to health or sexual life.

1.2. This Regulation is mandatory for application by the responsible person and employees of the seller who are directly involved in the processing and/or have access to personal data in connection with the performance of their official duties.

2. List of Personal Data Bases
2.1. The seller is the owner of the following personal data bases:

Personal data base of counterparties.

3. Purpose of Personal Data Processing
3.1. The purpose of personal data processing in the system is to ensure the realization of civil law relations, the provision, receipt, and settlement for purchased goods and services in accordance with the Tax Code of Ukraine, the Law of Ukraine "On Accounting and Financial Reporting in Ukraine."

4. Procedure for Personal Data Processing: Obtaining Consent, Notification of Rights, and Actions with Personal Data of the Data Subject
4.1. The consent of the data subject must be a voluntary expression of will by the natural person to allow the processing of their personal data in accordance with the formulated purpose of processing.

4.2. The consent of the data subject may be given in the following forms:

A document on paper with the requisites allowing identification of this document and the natural person.
An electronic document containing the necessary requisites for identifying the document and the natural person. The voluntary expression of will by the data subject should ideally be certified with the electronic signature of the data subject.
A mark on the electronic page of the document or an electronic file processed in the information system based on documented software-technical solutions.

4.3. The consent of the data subject is given when formalizing civil legal relations according to current legislation.

4.4. The data subject must be informed about the inclusion of their personal data in the personal data base, their rights defined by the Law of Ukraine "On the Protection of Personal Data," the purpose of data collection, and the persons to whom their personal data will be transferred, during the formalization of civil legal relations in accordance with current legislation.

4.5. The processing of personal data about racial or ethnic origin, political, religious, or philosophical beliefs, membership in political parties and trade unions, as well as data related to health or sexual life (special categories of data) is prohibited.

5. Location of the Personal Data Base
5.1. The personal data bases specified in section 2 of this Regulation are located at the seller's address.

6. Conditions for Disclosure of Personal Data to Third Parties
6.1. The procedure for access to personal data by third parties is determined by the conditions of consent given by the data subject to the owner of the personal data for processing the data or in accordance with the requirements of the law.

6.2. Access to personal data is not granted to third parties if the individual refuses to take on the obligation to ensure compliance with the requirements of the Law of Ukraine "On the Protection of Personal Data" or is unable to ensure compliance.

6.3. The subject of personal data may submit a request regarding access to personal data to the owner of the personal data base.

6.4. The request must contain:

Full name, place of residence (stay), and details of the document identifying the natural person making the request (for an individual - applicant).
The name, location, position, and full name of the person certifying the request for legal entities, as well as confirmation that the request's content corresponds to the powers of the legal entity (for legal entities).
The full name and other details allowing identification of the individual to whom the request pertains.
Details about the personal data base, or the owner or administrator of this base.
The list of requested personal data.
Purpose and/or legal grounds for the request.

6.5. The period for considering the request regarding its satisfaction cannot exceed ten business days from the day it is received. Within this period, the owner of the personal data base must notify the person making the request whether the request will be satisfied or whether the relevant personal data cannot be provided, indicating the reason under the relevant regulatory legal act. The request should be satisfied within thirty calendar days from its receipt unless otherwise provided by law.

6.6. Delays in granting access to personal data are allowed if the required data cannot be provided within thirty calendar days from the day the request was received. The total period for resolving the issues raised in the request cannot exceed forty-five calendar days.

6.7. The notification about the delay should be sent in writing to the third party who made the request, explaining the procedure for appealing this decision.

6.8. The notification about the delay must include:

Full name of the official.
Date of sending the notification.
Reason for the delay.
The time frame in which the request will be satisfied.

6.9. Refusal to grant access to personal data is allowed if access is prohibited by law.

6.10. The notification about the refusal must include:

Full name of the official refusing access.
Date of sending the notification.
Reason for refusal.

6.11. A decision about delay or refusal of access to personal data may be appealed in court.

7. Protection of Personal Data: Protection Methods, Responsible Person, Employees Directly Involved in Processing and/or Having Access to Personal Data in Connection with Their Official Duties, Retention Period of Personal Data
7.1. The owner of the personal data base is equipped with systems, software-technical means, and communication tools that prevent loss, theft, unauthorized destruction, distortion, forgery, copying of information, and comply with international and national standards.

7.2. The responsible person organizes the work related to the protection of personal data during their processing in accordance with the law. The responsible person is appointed by the order of the owner of the personal data base.

The duties of the responsible person related to organizing the work on the protection of personal data during their processing are specified in the job description.

7.3. The responsible person must:

Be familiar with the legislation of Ukraine in the field of personal data protection;
Develop procedures for accessing employees' personal data according to their professional, official, or labor duties;
Ensure that the employees of the Data Controller comply with the requirements of Ukrainian legislation on personal data protection and internal documents that regulate the Data Controller’s activities regarding the processing and protection of personal data in personal data bases;
Develop an internal control procedure to ensure compliance with the requirements of Ukrainian legislation in the field of personal data protection and internal documents that regulate the Data Controller’s activities regarding the processing and protection of personal data in personal data bases. This procedure should include norms on the frequency of such control;
Inform the Data Controller about any violations by employees of Ukrainian legislation on personal data protection and internal documents regulating the Data Controller’s activities regarding the processing and protection of personal data within one business day from the moment such violations are detected;
Ensure the storage of documents that confirm the consent of the data subject for the processing of their personal data and notify the subject of their rights.

7.4. In order to fulfill their duties, the responsible person has the right to:

Receive necessary documents, including orders and other regulatory documents issued by the Data Controller, related to personal data processing;
Make copies of received documents, including copies of files and any records stored in local computer networks and standalone computer systems;
Participate in discussions related to their duties concerning the organization of work related to personal data protection during processing;
Make proposals for improving operations and refining working methods, submit comments, and offer ways to correct identified deficiencies in personal data processing;
Receive explanations regarding the processing of personal data;
Sign and approve documents within their competence.

7.5. Employees who directly process and/or have access to personal data in connection with the performance of their official (labor) duties are required to comply with Ukrainian legislation in the field of personal data protection and internal documents regarding the processing and protection of personal data in personal data bases.

7.6. Employees who have access to personal data, including those who process it, are required to prevent any disclosure of personal data entrusted to them or made known to them in connection with the performance of their professional, official, or labor duties, by any means. This obligation remains in effect even after their work related to personal data ends, except in cases established by law.

7.7. Individuals who have access to personal data, including those who process it, are responsible under Ukrainian law for any violation of the requirements of the Law of Ukraine "On the Protection of Personal Data."

7.8. Personal data should not be stored longer than necessary for the purpose for which the data is stored, but in any case, not longer than the storage period determined by the consent of the data subject for the processing of this data.

8. Rights of the Data Subject

8.1. The data subject has the right to:

Know the location of the personal data base that contains their personal data, its purpose and designation, and the location and/or residence (place of stay) of the data controller or the authorized person responsible for this base, or to give relevant instructions regarding receiving this information by authorized persons, except in cases established by law;
Receive information about the conditions for granting access to personal data, including information about third parties to whom their personal data is transferred within the relevant personal data base;
Access their personal data contained in the relevant personal data base;
Receive a response no later than thirty calendar days from the date the request is received, unless otherwise provided by law, about whether their personal data is stored in the relevant personal data base, as well as the content of the personal data stored;
Submit a reasoned objection against the processing of their personal data by government authorities or local government bodies when they exercise their powers provided by law;
Submit a reasoned request to change or delete their personal data by any data controller and manager if such data is processed illegally or is inaccurate;
Protect their personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, non-submission, or untimely submission, as well as protection from providing inaccurate information that discredits the honor, dignity, or business reputation of the individual;
Appeal for the protection of their rights regarding personal data to government authorities or local government bodies responsible for personal data protection;
Apply legal remedies in case of violation of personal data protection laws.

9. Procedure for Working with Requests from Data Subjects

9.1. The data subject has the right to receive any information about themselves from any subject involved in personal data relations, without specifying the purpose of the request, except in cases established by law.

9.2. The access to data about oneself is provided free of charge.

9.3. The data subject submits a request for access (hereinafter – request) to the personal data controller. The request should include:

Full name, place of residence (place of stay), and details of the document proving the identity of the data subject;
Other information that allows the identification of the data subject;
Information about the personal data base or the data controller or manager of this base;
A list of personal data being requested.

9.4. The time for reviewing the request and making a decision cannot exceed ten working days from the date of its receipt. During this period, the personal data controller informs the data subject whether the request will be granted or the requested personal data will not be provided, indicating the grounds for refusal according to the relevant legal act.

9.5. The request must be fulfilled within thirty calendar days from its receipt, unless otherwise provided by law.

10. State Registration of Personal Data Bases

10.1. The state registration of personal data bases is carried out in accordance with Article 9 of the Law of Ukraine "On the Protection of Personal Data."

	Quantity	Total

Total $0 Proceed to checkout