User agreement

Provisions on the Processing and Protection of Personal Data in Personal Data Databases Owned by the Seller

General Concepts and Scope of Application
List of Personal Data Databases
Purpose of Personal Data Processing
Procedure for Personal Data Processing: Obtaining Consent, Notification of Rights, and Actions with Personal Data of the Data Subject
Location of the Personal Data Database
Conditions for Disclosing Personal Data to Third Parties
Protection of Personal Data: Methods of Protection, Responsible Person, Employees Directly Processing and/or Accessing Personal Data in Connection with Their Official Duties, Data Retention Period
Rights of the Data Subject
Procedure for Handling Data Subject Requests
State Registration of the Personal Data Database

1. General Concepts and Scope of Application

1.1. Definition of Terms:

Personal Data Database — a named collection of organized personal data in electronic form and/or in the form of personal data files;

Responsible Person — a designated individual who organizes work related to the protection of personal data during its processing, in accordance with the law;

Owner of the Personal Data Database — an individual or legal entity granted the right by law or with the consent of the data subject to process this data, who determines the purpose of processing personal data in this database, establishes the composition of this data, and the procedures for its processing, unless otherwise specified by law;

State Register of Personal Data Databases — a unified state information system for collecting, accumulating, and processing information about registered personal data databases;

Publicly Available Sources of Personal Data — directories, address books, registers, lists, catalogs, and other systematized collections of open information containing personal data, published with the knowledge of the data subject. Social networks and internet resources where the data subject leaves their personal data are not considered publicly available sources of personal data (except in cases where the data subject explicitly states that the personal data is provided for free dissemination and use);

Consent of the Data Subject — any documented, voluntary expression of an individual’s will to allow the processing of their personal data in accordance with the stated purpose of its processing;

De-identification of Personal Data — the removal of information that allows an individual to be identified;

Personal Data Processing — any action or set of actions, fully or partially carried out in an information (automated) system and/or in personal data files, related to the collection, registration, accumulation, storage, adaptation, modification, updating, use, and dissemination (distribution, sale, transfer), de-identification, or destruction of information about an individual;

Personal Data — information or a set of information about an individual who is identified or can be specifically identified;

Controller of the Personal Data Database — an individual or legal entity authorized by the owner of the personal data database or by law to process this data. A person entrusted by the owner and/or controller of the personal data database with technical work on the database without access to the content of the personal data is not considered a controller;

Data Subject — an individual whose personal data is processed in accordance with the law;

Third Party — any person, except the data subject, the owner or controller of the personal data database, or an authorized state body on personal data protection matters, to whom the owner or controller of the personal data database transfers personal data in accordance with the law;

Special Categories of Data — personal data concerning racial or ethnic origin, political, religious, or philosophical beliefs, membership in political parties or trade unions, as well as data related to health or sexual life.

1.2. This Provision is mandatory for use by the responsible person and the seller’s employees who directly process and/or have access to personal data in connection with the performance of their official duties.

2. List of Personal Data Databases

2.1. The seller is the owner of the following personal data databases:

Counterparties’ personal data database.

3. Purpose of Personal Data Processing

3.1. The purpose of processing personal data in the system is to ensure the implementation of civil law relations, provision, receipt, and settlement for purchased goods and services in accordance with the Tax Code of Ukraine and the Law of Ukraine "On Accounting and Financial Reporting in Ukraine."

4. Procedure for Personal Data Processing: Obtaining Consent, Notification of Rights, and Actions with Personal Data of the Data Subject

4.1. The consent of the data subject must be a voluntary expression of an individual’s will to allow the processing of their personal data in accordance with the stated purpose of its processing.

4.2. The consent of the data subject may be provided in the following forms:

A paper document with details that allow identification of the document and the individual;
An electronic document that must contain mandatory details enabling identification of the document and the individual. The voluntary expression of the individual’s will to allow the processing of their personal data is appropriately certified by the data subject’s electronic signature;
A mark on an electronic page of a document or in an electronic file processed in an information system based on documented software-technical solutions.

4.3. The consent of the data subject is obtained during the execution of civil law relations in accordance with applicable legislation.

4.4. Notification of the data subject about the inclusion of their personal data in the personal data database, rights defined by the Law of Ukraine "On Personal Data Protection," the purpose of data collection, and the persons to whom their personal data is transferred is carried out during the execution of civil law relations in accordance with applicable legislation.

4.5. The processing of personal data concerning racial or ethnic origin, political, religious, or philosophical beliefs, membership in political parties or trade unions, as well as data related to health or sexual life (special categories of data) is prohibited.

5. Location of the Personal Data Database

5.1. The personal data databases specified in Section 2 of this Provision are located at the seller’s address.

6. Conditions for Disclosing Personal Data to Third Parties

6.1. The procedure for third-party access to personal data is determined by the terms of the consent provided by the data subject to the owner of the personal data for its processing or in accordance with legal requirements.

6.2. Access to personal data is not granted to a third party if that party refuses to undertake obligations to comply with the requirements of the Law of Ukraine "On Personal Data Protection" or is unable to ensure such compliance.

6.3. A subject of relations related to personal data submits a request for access (hereinafter referred to as a request) to the owner of the personal data database.

6.4. The request must specify:

Surname, first name, patronymic, place of residence (location), and details of the document certifying the identity of the individual submitting the request (for an individual applicant);
Name, location of the legal entity submitting the request, position, surname, first name, and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the legal entity’s authority (for a legal entity applicant);
Surname, first name, patronymic, and other information enabling identification of the individual to whom the request pertains;
Information about the personal data database to which the request relates, or information about the owner or controller of this database;
List of requested personal data;
Purpose and/or legal grounds for the request.

6.5. The period for reviewing a request to determine its satisfaction must not exceed ten working days from the date of its receipt. During this period, the owner of the personal data database informs the requester whether the request will be satisfied or the relevant personal data cannot be provided, stating the grounds specified in the relevant regulatory legal act. The request is fulfilled within thirty calendar days from the date of its receipt, unless otherwise provided by law.

6.6. Deferral of access to personal data for third parties is permitted if the necessary data cannot be provided within thirty calendar days from the date of receipt of the request. However, the total period for resolving the issues raised in the request must not exceed forty-five calendar days.

6.7. Notification of deferral is provided to the third party who submitted the request in writing, with an explanation of the procedure for appealing such a decision.

6.8. The deferral notification includes:

Surname, first name, and patronymic of the official;
Date of sending the notification;
Reason for the deferral;
Timeframe within which the request will be satisfied.

6.9. Denial of access to personal data is permitted if access to it is prohibited by law.

6.10. The denial notification includes:

Surname, first name, and patronymic of the official denying access;
Date of sending the notification;
Reason for the denial.

6.11. A decision on deferral or denial of access to personal data may be appealed in court.

7. Protection of Personal Data: Methods of Protection, Responsible Person, Employees Directly Processing and/or Accessing Personal Data in Connection with Their Official Duties, Data Retention Period

7.1. The owner of the personal data database is equipped with system and software-technical means and communication tools that prevent loss, theft, unauthorized destruction, distortion, forgery, or copying of information and comply with international and national standards.

7.2. The responsible person organizes work related to the protection of personal data during its processing in accordance with the law. The responsible person is appointed by an order of the owner of the personal data database.

The duties of the responsible person regarding the organization of work related to the protection of personal data during its processing are specified in the job description.

7.3. The responsible person is obliged to:

Be familiar with Ukrainian legislation in the field of personal data protection;
Develop procedures for employee access to personal data in accordance with their professional, official, or employment duties;
Ensure that the employees of the owner of the personal data database comply with the requirements of Ukrainian legislation in the field of personal data protection and internal documents regulating the activities of the owner regarding the processing and protection of personal data in personal data databases;
Develop a procedure (process) for internal control over compliance with Ukrainian legislation in the field of personal data protection and internal documents regulating the activities of the owner regarding the processing and protection of personal data in personal data databases, which must include provisions on the frequency of such control;
Notify the owner of the personal data database of any violations by employees of the requirements of Ukrainian legislation in the field of personal data protection and internal documents regulating the activities of the owner regarding the processing and protection of personal data in personal data databases no later than one working day from the moment such violations are detected;
Ensure the storage of documents confirming the data subject’s consent to the processing of their personal data and notification of the data subject about their rights.

7.4. To fulfill their duties, the responsible person has the right to:

Obtain necessary documents, including orders and other administrative documents issued by the owner of the personal data database related to the processing of personal data;
Make copies of received documents, including copies of files and any records stored in local computing networks and standalone computer systems;
Participate in discussions regarding the duties they perform related to the organization of work on protecting personal data during its processing;
Submit proposals for improving activities and refining working methods, provide comments and options for addressing identified shortcomings in the personal data processing process;
Obtain explanations regarding personal data processing matters;
Sign and endorse documents within their competence.

7.5. Employees who directly process and/or have access to personal data in connection with the performance of their official (employment) duties are obliged to comply with the requirements of Ukrainian legislation in the field of personal data protection and internal documents regarding the processing and protection of personal data in personal data databases.

7.6. Employees who have access to personal data, including those who process it, are obliged not to disclose in any way personal data entrusted to them or that became known to them in connection with the performance of professional, official, or employment duties. This obligation remains in effect after they cease activities related to personal data, except in cases established by law.

7.7. Persons who have access to personal data, including those who process it, bear responsibility in accordance with Ukrainian legislation in case of violation of the requirements of the Law of Ukraine "On Personal Data Protection."

7.8. Personal data must not be stored longer than necessary for the purpose for which it is stored, but in any case, not longer than the retention period specified in the data subject’s consent to the processing of this data.

8. Rights of the Data Subject

8.1. The data subject has the right to:

Know the location of the personal data database containing their personal data, its purpose and name, the location and/or residence (stay) of the owner or controller of this database, or authorize designated persons to obtain this information, except in cases established by law;
Receive information about the conditions for providing access to personal data, including information about third parties to whom their personal data contained in the respective database is transferred;
Access their personal data contained in the respective personal data database;
Receive, no later than thirty calendar days from the date of the request, except in cases provided by law, a response indicating whether their personal data is stored in the respective personal data database, as well as the content of their stored personal data;
Submit a reasoned objection to the processing of their personal data by state authorities or local self-government bodies in the exercise of their powers provided by law;
Submit a reasoned request to change or destroy their personal data by any owner or controller of this database if the data is processed illegally or is inaccurate;
Protect their personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide, or untimely provision, as well as protection from the provision of information that is inaccurate or defames the honor, dignity, and business reputation of an individual;
Address issues of protecting their rights regarding personal data to state authorities or local self-government bodies authorized to protect personal data;
Use legal remedies in case of violations of personal data protection legislation.

9. Procedure for Handling Data Subject Requests

9.1. The data subject has the right to obtain any information about themselves from any entity involved in personal data relations without specifying the purpose of the request, except in cases established by law.

9.2. Access to data about themselves by the data subject is provided free of charge.

9.3. The data subject submits a request for access (hereinafter referred to as a request) to personal data to the owner of the personal data database.

The request must specify:

Surname, first name, and patronymic, place of residence (location), and details of the document certifying the identity of the data subject;
Other information enabling identification of the data subject;
Information about the personal data database to which the request relates, or information about the owner or controller of this database;
List of requested personal data.

9.4. The period for reviewing a request to determine its satisfaction must not exceed ten working days from the date of its receipt. During this period, the owner of the personal data database informs the data subject whether the request will be satisfied or the relevant personal data cannot be provided, stating the grounds specified in the relevant regulatory legal act.

9.5. The request is fulfilled within thirty calendar days from the date of its receipt, unless otherwise provided by law.

10. State Registration of the Personal Data Database

10.1. State registration of personal data databases is carried out in accordance with Article 9 of the Law of Ukraine "On Personal Data Protection."

		Quantity	Total
	Sign in to apply your personal discount Apply discount code
Total ₴0 Proceed to checkout