Privacy policy

Policy on the processing of personal data
(Privacy Policy)
1. GENERAL PROVISIONS
2. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING
Principles of personal data processing
Terms of personal data processing
Confidentiality of personal data
Publicly available sources of personal data
Special categories of personal data
Biometric personal data
Entrusting the processing of personal data to another person
Processing of personal data of Ukrainian citizens
Cross-border transfer of personal data
3. RIGHTS OF THE PERSONAL DATA SUBJECT
Consent of the personal data subject to the processing of his/her personal data
Rights of the personal data subject
4. ENSURING THE SECURITY OF PERSONAL DATA
5. FINAL PROVISIONS
1. GENERAL PROVISIONS
The Personal Data Processing Policy (hereinafter referred to as the Policy) has been developed in accordance with the Law of Ukraine dated 27.07.2006. No. 152-ZU "On Personal Data" (hereinafter referred to as the "Law-152").
This Policy defines the procedure for processing personal data and measures to ensure the security of personal data in order to protect the rights and freedoms of a person and citizen when processing their personal data, including the protection of the rights to privacy, personal and family secrets.
The following key concepts are used in the Policy:
automated processing of personal data - processing of personal data by means of computer technology;
blocking of personal data - temporary suspension of processing of personal data (except when processing is necessary to clarify personal data);
personal data information system - a set of personal data contained in databases and information technologies and technical means ensuring their processing;
depersonalization of personal data - actions that make it impossible to determine, without the use of additional information, the ownership of personal data to a specific personal data subject;
processing of personal data - any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
Operator - a state body, municipal body, legal entity or individual who, independently or jointly with other persons, organizes and (or) processes personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
personal data - any information relating to a directly or indirectly identified or determined individual (personal data subject);
disclosure of personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;
Dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or at familiarizing an unlimited number of persons with personal data, including disclosure of personal data in the media, posting in information and telecommunication networks or providing access to personal data in any other way;
cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to a foreign government authority, a foreign individual or a foreign legal entity;
destruction of personal data - actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.
The Company is obliged to publish or otherwise provide unrestricted access to this Personal Data Processing Policy in accordance with Part 2 of Article 18.1. OF THE GDPR152.
2. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING
1.Principles of personal data processing
The Operator processes personal data on the basis of the following principles:
lawfulness and fairness; limiting the processing of personal data to the achievement of specific, predetermined and legitimate purposes; preventing the processing of personal data incompatible with the purpose of collecting personal data; preventing the merger of databases containing personal data processed for purposes incompatible with each other; processing only those personal data that are relevant to the purposes of their processing; compliance of the content and scope of the processed personal data with the stated processing purposes; preventing the processing of personal data that are not
2. Terms of personal data processing
The Operator processes personal data if at least one of the following conditions is met:
processing of personal data is carried out with the consent of the personal data subject to the processing of his/her personal data; processing of personal data is necessary to achieve the goals stipulated by an international agreement of Ukraine or the law, to exercise and fulfill the functions, powers and duties assigned to the operator by the legislation of Ukraine; processing of personal data is necessary for the administration of justice, execution of a court act, act of another body or official, which are subject to execution in accordance with the legislation of Ukraine on enforcement proceedings
3. Confidentiality of personal data
The Operator and other persons who have gained access to personal data are obliged not to disclose to third parties or distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.
4.Publicly available sources of personal data
For the purpose of information support, the Operator may create publicly available sources of personal data of personal data subjects, including directories and address books. Publicly available sources of personal data with the written consent of the personal data subject may include his/her surname, name, patronymic, date and place of birth, position, contact phone numbers, e-mail address and other personal data provided by the personal data subject.
Information about the personal data subject shall be excluded from publicly available sources of personal data at any time at the request of the personal data subject, the authorized body for the protection of the rights of personal data subjects or by a court decision.
5. Special categories of personal data
The processing by the Operator of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health, intimate life is allowed in cases where:
the personal data subject has given his/her written consent to the processing of his/her personal data; personal data has been made publicly available by the personal data subject; personal data processing is carried out in accordance with the legislation on state social assistance, labor legislation, legislation of Ukraine on state pensions, labor pensions; processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject or the life, health or other vital interests of the The processing of special categories of personal data carried out in the cases provided for in clause 4 of Article 10 of the Law of Ukraine No. 152 shall be immediately terminated if the reasons for which the processing was carried out are eliminated, unless otherwise provided by law.
Personal data on criminal record may be processed by the Operator only in cases and in accordance with the procedure determined in accordance with the laws.
6.Biometric personal data Information characterizing the physiological and biological characteristics of a person, on the basis of which it is possible to establish his or her identity - biometric personal data - may be processed by the Operator only with the consent of the personal data subject in writing.
7. Entrusting the processing of personal data to another person
The Operator has the right to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. A person who processes personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data provided for by the Law of Ukraine No. 152 and this Policy
8. Processing of personal data of Ukrainian citizens
In accordance with Article 2 of the Law of July 21, 2014 No. 242-ЗУ "On Amendments to Certain Legislative Acts of Ukraine on Clarification of the Procedure for Processing Personal Data in Information and Telecommunication Networks", when collecting personal data, including through the information and telecommunication network "Internet", the operator is obliged to ensure recording, systematization, accumulation, storage, clarification (updating, changing), and removal of personal data of Ukrainian citizens using databases located in Ukraine, except for the following cases
the processing of personal data is necessary for the achievement of the goals stipulated by an international treaty of Ukraine or the law, for the exercise and fulfillment of the functions, powers and duties assigned to the operator by the legislation of Ukraine; the processing of personal data is necessary for the administration of justice, execution of a court act, an act of another body or official, which are subject to execution in accordance with the legislation of Ukraine on enforcement proceedings (hereinafter referred to as the execution of a court act); the processing of personal data is necessary for the exercise of the powers of federal
9.Cross-border transfer of personal data
The operator is obliged to ensure that the foreign state, the territory of which is to be used for the transfer of personal data, provides adequate protection of the rights of personal data subjects, before such transfer is carried out.
Cross-border transfer of personal data to the territory of foreign countries that do not provide adequate protection of the rights of personal data subjects may be carried out in the following cases:
the personal data subject's written consent to the cross-border transfer of his or her personal data; execution of an agreement to which the personal data subject is a party.
3. RIGHTS OF THE PERSONAL DATA SUBJECT
1.Consent of the personal data subject to the processing of his/her personal data
The personal data subject makes a decision to provide his or her personal data and consents to their processing freely, of his or her own free will and in his or her own interest. Consent to the processing of personal data may be provided by the personal data subject or his/her representative in any form that allows confirming the fact of its receipt, unless otherwise provided by law.
2.Rights of the personal data subject
The subject of personal data has the right to receive information from the Operator regarding the processing of his or her personal data, unless such right is restricted in accordance with the law. The subject of personal data has the right to demand from the Operator to clarify his/her personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect his/her rights.
Processing of personal data for the purpose of promoting goods, works, services on the market by means of direct contacts with the personal data subject (potential consumer) by means of communication, as well as for the purpose of political campaigning is allowed only with the prior consent of the personal data subject.
The Operator shall immediately terminate the processing of personal data for the specified purposes at the request of the personal data subject.
It is prohibited to make decisions based solely on automated processing of personal data that give rise to legal consequences in relation to the personal data subject or otherwise affect their rights and legitimate interests, except in cases provided for by law or with the written consent of the personal data subject.
If the personal data subject believes that the Operator processes his or her personal data in violation of the requirements of the Law of Ukraine No. 152 or otherwise violates his or her rights and freedoms, the personal data subject has the right to appeal the Operator's actions or inaction to the Authorized Body for the Protection of Personal Data Subjects' Rights or in court. .
A personal data subject has the right to protect his or her rights and legitimate interests, including to recover damages and/or compensation for non-pecuniary damage.
4. ENSURING THE SECURITY OF PERSONAL DATA
The security of personal data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary to meet the requirements of the legislation in the field of personal data protection.
To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
appointment of officials responsible for organizing the processing and protection of personal data; limitation of the number of persons allowed to process personal data; familiarization of subjects with the requirements of the legislation and regulatory documents of the Operator on the processing and protection of personal data; organization of accounting, storage and circulation of media containing information with personal data; identification of threats to the security of personal data during their processing, formation of threat models based on them; development of a personal data protection system based on the threat model
5. FINAL PROVISIONS
Other rights and obligations of the Operator in connection with the processing of personal data are determined by the legislation of Ukraine in the field of personal data.