Privacy Policy



Regulation on the processing and protection of personal data in databases owned by the seller

Content

  1.                 General concepts and scope.
  2.                 List of personal data bases.
  3.                 The purpose of personal data processing.
  4.                 Procedure for processing personal data: obtaining consent, notification of rights and actions with personal data of the subject of personal data.
  5.                 Location of the database of personal data.
  6.                 Terms of disclosure of personal data to third parties.
  7.                 Protection of personal data: protection methods, responsible person, employees who directly process and / or have access to personal data in connection with their duties, the term of personal data storage.
  8.                 Rights of the subject of personal data.
  9.                 Procedure for work with the requests of the subject of personal data.
  10.             State registration of personal data base.

1. General concepts and scope.

1.1. Definition of terms:

database of personal data   - Named collection of ordered personal data in electronic form and / or in the form of personal data files;

responsible person   - a certain person who organizes work related to the protection of personal data during processing, in accordance with the law ;

owner of the database of personal data   - a natural or legal person who by law or with the consent of the subject of personal data has the right to process such data, which approves the purpose of processing personal data in this database, establishes the composition of these data and procedures for their processing, unless otherwise specified by law;

The State register of personal data bases is the only state information system for collecting, collecting and processing information about registered personal data bases;

public sources of personal data -   directories, address books, registers, lists, catalogs, other systematic collections of open information containing personal data, posted and published from the knowledge of the subject of personal data.

Social networks and Internet resources, in which the subject of personal data leave personal data (except when the person of the personal data directly indicates that the personal data are placed for the purpose of their free distribution and use) are not considered socially accessible sources of personal data;

consent of the subject of personal data   - any documented, voluntary will of an individual to grant permission to process her personal data in accordance with the stated purpose of processing them;

depersonalization of personal data   - extraction of information that allows identification of a person;

processing of personal data -   any action or set of actions performed in whole or in part in an information system (automated) and / or in personal data files that are associated with the collection, registration, accumulation, storage, adaptation, modification, renewal, use and distribution (distribution , realization, transfer), impersonation, destruction of information about an individual;

personal data -   information or collection of information about an individual that is identified or can be specifically identified;

personal data base manager -   a natural or legal person who has been given the right to process this data by the owner of the database of personal data or by law.

Person is not the manager of the personal data base, which the owner and / or the manager of the personal data base has been entrusted with carrying out technical work with a database of personal data without access to the contents of personal data;

subject of personal data -   an individual in respect of which personal data is processed in accordance with the law ;

third person -   any person, with the exception of the subject of personal data, the owner or keeper of the database of personal data and the authorized state body for the protection of personal data, to which the owner or manager of the personal data base transfers personal data in accordance with the law ;

special data categories -   personal data on racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, as well as data relating to health or sexual life.

1.2. This provision is mandatory for use by the responsible person and the seller of the person who is directly processing and / or have access to personal data in connection with the performance of their official duties.

2. List of personal data bases.

2.1. The seller owns the following personal data bases:

  •                     database of personal data counterparties.

3. The purpose of processing personal data.

3.1. The purpose of processing personal data in the system is the storage and maintenance of data of counteragents, in accordance with articles 6, 7 of the Law of Ukraine "On protection of personal data ":.

3.2. The purpose of personal data processing is to ensure the implementation of civil-law relations, to provide / receive and settle payments for goods / services purchased in accordance with the Tax Code of Ukraine, the Law of Ukraine "On Accounting and Financial Reporting in Ukraine".

4. Procedure for processing personal data: obtaining consent, notification of rights and actions with personal data of the subject of personal data.

4.1. The consent of the subject of personal data should be a voluntary declaration of the physical person to grant permission to process his personal data in accordance with the stated purpose of their processing. The consent of the subject of personal data may be provided in the following forms:

  •                     a document on a paper carrier with requisites, which makes it possible to identify this document and the individual;
  •                     an electronic document that must contain the requisites for identifying this document and the individual. The voluntary disclosure of an individual to grant permission to process her personal data is appropriate to certify the electronic signature of the subject of personal data.
  •                     a mark on the electronic page of a document or an electronic file that is processed in the information system on the basis of documented software and technical decisions.

4.2. The consent of the subject of personal data is provided during the execution of civil-law relations in accordance with the current legislation.

4.3. The subject of personal data about the inclusion of his personal data into the database of personal data, the rights established by the Law of Ukraine "On Protection of Personal Data", the purpose of data collection and the persons to which his personal data are transmitted during the execution of civil-law relations in accordance with the current legislation.

4.4. The processing of personal data about racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, as well as data related to health or sexual life (special categories of data) is prohibited.

5. Location of the database of personal data.

5.1. The information contained in Section 2 of this Provision of the Personal Data Base is at the seller's address.

6. Terms of disclosure of personal data to third parties.

6.1. The procedure for access to personal data of third parties is determined by the consent of the subject of personal data provided to the owner of the database of personal data for the processing of these data, or in accordance with the requirements of the law.

6.2. Access to personal data to a third person is not granted if the specified person refuses to assume the obligation to ensure fulfillment of the requirements of the Law of Ukraine "On Protection of Personal Data" or can not provide them.

6.3. The subject of relations related to personal data, requests access (hereinafter - request) to personal data owner of the database of personal data.

6.4. The request indicates:

  •                     surname, name and patronymic, place of residence (place of residence) and details of the document certifying the natural person submitting the request (for the individual - the applicant);
  •                     name, location of the legal entity submitting the request, position, full name, surname, and patronymic of the person certifying the request; confirmation that the content of the request meets the authority of the legal entity (for the legal entity - the applicant);
  •                     surname, name and patronymic, as well as other information allowing identification of the individual in respect of which the request is made;
  •                     information about the database of which the request is filed or information about the owner or manager of this database;
  •                     list of personal data requested;
  •                     purpose of the request.

6.5. The term for examining a request for satisfaction may not exceed ten business days from the date of its receipt.

During this period, the owner of the personal data base shall inform the person requesting that the request is satisfied or the relevant personal data are not subject to provision, indicating the grounds specified in the relevant regulatory act.

The request is satisfied within thirty calendar days from the day it was received, unless otherwise provided by law.

6.6. All employees of the owner of the personal data base are required to comply with the confidentiality requirements regarding personal data and information on securities accounts and securities circulation.

6.7. Postponement of access to personal data of a third party is allowed in the event that the necessary data can not be provided within thirty calendar days from the date of receipt of the request. In this case, the general term for resolving issues raised in the request, can not exceed forty-five calendar days.

6.8. The notice of postponement shall be communicated to the third party who submitted the request in writing, explaining the order of appeal of such decision.

6.9. The notice of postponement shall indicate:

  •                     surname, name and patronymic of the official;
  •                     date of sending the message;
  •                     cause of delay;
  •                     the time period within which a request will be accepted.

6.10 Denial of access to personal data is allowed if access to them is prohibited by law.

6.11. The notice of refusal shall indicate:

  •                     surname, name, and patronymic of the official who refuses access;
  •                     date of sending the message;
  •                     reason for refusal

6.12. A decision to postpone or refuse access to personal data may be appealed to an authorized state body for the protection of personal data, other bodies of state power and bodies of local self-government, whose authority is to protect personal data, or to a court .

7. Protection of personal data: protection methods, responsible person, employees who directly process and / or have access to personal data in connection with the performance of their official duties, the period of storage of personal data.

7.1. Vologda database of personal data is equipped with system and software and technical means and means of communication that prevent loss, theft, unauthorized destruction, distortion, counterfeiting, copying of information and comply with international and national standards.

7.2. The responsible person organizes work related to the protection of personal data in their processing, in accordance with the law . Responsible person is determined by the order of Vologdil base of personal data.

Responsibilities of the responsible person regarding the organization of work related to the protection of personal data in their processing are indicated in the job description.

7.3. Responsible person is obliged:

  •                     know the legislation of Ukraine in the field of protection of personal data;
  •                     to develop procedures for accessing personal data of employees in accordance with their professional or service or job responsibilities;
  •                     to ensure that the employees of the Vologda database of personal data comply with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regulating the activity of the Vologda database of personal data processing and protection of personal data in the databases of personal data;
  •                     to develop the procedure for (internal) control over observance of the requirements of the legislation of Ukraine in the field of protection of personal data and internal documents regulating the activity of Vologda, the database of personal data concerning the processing and protection of personal data in the databases of personal data, which, in particular, should contain rules on the periodicity of the implementation of such control;
  •                     Inform the Vologda database of personal data on violations by employees of the requirements of the legislation of Ukraine in the area of ​​personal data protection and internal documents regulating the activities of Vologda, database of personal data processing and protection of personal data in the databases of personal data within a term not later than one business day since the detection of such violations ;
  •                     to ensure the storage of documents confirming the submission by the subject of personal data consent to the processing of his personal data and notification of the specified subject on his rights.

7.4. In order to fulfill his duties, the responsible person has the right:

  •                     receive the necessary documents, including orders and other regulatory documents, issued by Vologodets personal data base related to the processing of personal data;
  •                     make copies of the received documents, including copies of files, any records stored in local area networks and autonomous computer systems;
  •                     to participate in the discussion of his duties of organizing work related to the protection of personal data in their processing;
  •                     To submit proposals for improvement of the activities and improvement of working methods, to submit comments and options for elimination of identified deficiencies in the processing of personal data;
  •                     receive explanations on the processing of personal data;
  •                     sign and bring documents within the scope of their competence.

7.5. Employees who directly process and / or have access to personal data in connection with the performance of their official (labor) duties are obliged to comply with the requirements of the legislation of Ukraine in the field of protection of personal data and internal documents, on the processing and protection of personal data in the databases of personal data.

7.6. Employees who have access to personal data, including processing them, are obliged not to disclose in any way personal data that they were entrusted to or became aware of in connection with the performance of professional or service or labor duties tries Such an obligation applies after termination of their activity related to personal data, except in cases established by law.

7. 7. Persons having access to personal data, including processing them in case of violation of their requirements of the Law of Ukraine "On Protection of Personal Data", are liable in accordance with the legislation of Ukraine.

7.8. Personal data should not be stored for longer than is necessary for the purpose for which such data is stored, but in any case, not longer than the storage period specified by the consent of the subject of personal data for the processing of these data.

8. Rights of the subject of personal data.

8.1. A person has the right to:

  •                     to know about the location of the database of personal data containing his personal data, his purpose and name, the location and / or place of residence (stay) of the owner or manager of this database, or to give a corresponding order to obtain this information for authorized persons, except in cases established by law;
  •                     to receive information on the conditions for granting access to personal data, in particular information about third parties to which his personal data contained in the relevant database of personal data are transferred;
  •                     to access their personal data contained in the relevant database of personal data;
  •                     receive no more than thirty calendar days from the date of receipt of the request, except in cases provided for by law, the answer as to whether his personal data are stored in the appropriate database of personal data, as well as to receive the contents of his personal data which is stored;
  •                     to make a motivated claim with a protest against the processing of their personal data by state authorities, local self-government bodies in the exercise of their powers envisaged by law;
  •                     make a motivated request for the modification or destruction of their personal data by any possessor and manager of this database, if these data are processed illegally or are unreliable;
  •                     to protect their personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision thereof, as well as to protect against providing information that is unreliable or defame the honor, dignity and business reputation of an individual ;
  •                     apply for the protection of their rights regarding personal data to state authorities, bodies of local self-government, whose authority is to carry out the protection of personal data;
  •                     to apply remedies in case of violation of the legislation on protection of personal data.

9. Procedure for work with the requests of the subject of personal data.

9.1. The subject of personal data has the right to receive any information about himself in any subject of relations related to personal data, without specifying the purpose of the request, except in cases established by law.

9.2. Access to the data subject's personal data about themselves is free of charge.

9.3 The subject of personal data file requests for access (hereinafter - request) to personal data owner of the database of personal data.

The request indicates:

  •                     surname, name and patronymic, place of residence (place of residence) and details of the document certifying the identity of the subject of personal data;
  •                     other information that allows identification of the person of the subject of personal data;
  •                     information about the database of which the request is filed or information about the owner or manager of this database;
  •                     list of requested personal data.

9.4. The term for examining a request for satisfaction may not exceed ten business days from the date of its receipt.

9.5 During this period, the owner of the personal data base brings to the attention of the subject of personal data that the request will be satisfied or the corresponding personal data is not subject to provision, indicating the grounds specified in the relevant regulatory act.

9.6. The request is satisfied within thirty calendar days from the day it was received, unless otherwise provided by law.

10. State registration of personal data base.

10.1. State registration of personal data bases is carried out in accordance with Article 9 of the Law of Ukraine "On Protection of Personal Data".