Privacy Policy
PROVISIONS ON THE PROCEDURE OF PERSONAL DATA PROCESSING AND INFORMATION TRANSFER
LLC "GRUPIUS"
CONTENT
1. General provisions
1.1. General requirements and scope of application
1.2. Definition of terms
1.3. The database of personal data, the owner and manager of which is the Company
1.4. Purpose of personal data processing
1.5. Composition of personal data processed by the Company
1.6. Notice on the rights of personal data subjects
2. Processing of personal data
2.1. Grounds for processing personal data
3. Procedure for accessing personal data
3.1. Access to personal data subjects
3.2. Third party access
4. Protection of personal data
5. Protection of personal data in the field of electronic commerce
6. Responsibility for violation of the order of personal data processing
7. State registration of personal data bases
1. General provisions
1.1. General requirements and scope.
This Regulation on the procedure for processing personal data and transferring information (hereinafter referred to as the "Regulation") is a public announcement from "GRUPIUS" LLC (hereinafter referred to as the "Company") addressed to an unspecified range of personal data subjects who in one way or another enter into relations with the Company. This Regulation was developed in accordance with the Law of Ukraine (as amended) "On the Protection of Personal Data" dated 01.06.2010 No. 2297-VI (hereinafter - the "Law"), the Standard Procedure for Processing Personal Data, approved by the order of the Verkhovna Rada Commissioner for Human Rights from 08.01.2014 No. 1/02-14, as well as other legal acts that regulate relations in the field of personal data protection.
By announcing this Regulation, the Company pursues the goal of regulating relations with the subjects of personal data in order to fulfill the requirements of the legislation in the field of information in general and the Law in particular. The Company also reserves the right to interpret the absence of officially expressed objections to the subject matter and content of the Regulation on the part of the subjects of personal data as confirmation that they have read it, it is clear to them and they accept the procedure for processing their personal data by the Company announced in it. The regulation defines the main concepts related to personal data, contains the purpose of personal data processing, the rights of personal data subjects, the procedure for personal data protection, and other requirements of Ukrainian legislation on personal data protection.
1.2. Definition of terms
In this Regulation, the following terms are used in the following sense:
personal data base - a named set of organized personal data in electronic form and/or in the form of personal data files;
the company - the owner of personal data - "GRUPIUS" LLC, which is granted the right to process this data by law or with the consent of the subject of personal data, which approves the purpose of processing personal data, establishes the composition of this data and the order of its processing. Details of the Company: "GRUPIUS" Limited Liability Company, Ukraine, 08205, Kyiv region, Buchanskyi district, Irpin city, Universitetska street, building 2/1, office 56/1, EDRPOU 44822976;
consent - the voluntary expression of the will of the subject of personal data regarding the granting of permission for the processing of his personal data. The subject's consent to the processing of his personal data must be voluntary, expressed in writing or provided electronically on the websitewww.groupius.com or other related Internet resources by clicking on the button "Make an order", "Buy" and similar;
client – subject of personal data who acts in relations with the Company;
processing of personal data - any action or set of actions, such as collection, registration, accumulation, storage, adaptation, change, renewal, use and distribution (distribution, implementation, transfer), depersonalization, destruction of personal data, including using information (automated) systems;
personal data - information or a set of information about a natural person who is identified or can be specifically identified;
personal data processing period - the period during which the Company processes the personal data of the subject of personal data, which is calculated from the moment the Company receives personal data and consent to the processing of personal data and does not exceed the period necessary to realize the purpose of processing and the period determined by the legislation of Ukraine in the field of archival affairs and record keeping.
subject of personal data - a natural person whose personal data is processed;
third party - any person, with the exception of the subject of personal data, the Company or the Commissioner for Human Rights of the Verkhovna Rada of Ukraine, to whom personal data is transferred.
an authorized representative of the state authority on personal data protection - the Human Rights Commissioner of the Verkhovna Rada of Ukraine (hereinafter referred to as the "Commissioner").
1.3. Database of personal data owned by the Company
The company is the owner of the personal data base of clients of "GRUPIUS" LLC. The Company processes personal data of subjects who independently contact the Company and provide it with their personal data. Such subjects of personal data have given their consent to the processing of their personal data and entry into the database during the time necessary for this and in accordance with the purpose specified in this Regulation.
1.4. Purpose of personal data processing
The purpose of processing personal data is to store and serve customers in accordance with Articles 6 and 7 of the Law of Ukraine "On the Protection of Personal Data" and to ensure the implementation of civil legal relations, providing/receiving and making payments for purchased goods/services in accordance with the Civil Code of Ukraine, the Economic Code of Ukraine, the Tax Code of Ukraine, the Law of Ukraine "On Accounting and Financial Reporting in Ukraine" and other provisions of the current legislation of Ukraine.
1.5. Composition of personal data processed by the Company
Information is processed in personal databases:
-
surname, first name and patronymic (if available) of the subject;
-
passport data;
-
a sample of a personal signature;
-
age;
-
sex;
-
place of permanent residence or temporary stay;
-
place of registration;
-
registration number of the taxpayer's registration card (if available);
-
phone numbers;
-
Bank details;
-
e-mail address.
1.6. Notice on the rights of personal data subjects
The Company hereby informs the subjects of personal data about the inclusion of their personal data in the Company's personal data databases, as well as about their rights as subjects of personal data, stipulated in Article 8 of the Law of Ukraine No. 2297-VI dated 01.06.2010 "On the Protection of Personal Data " (with changes and additions), including:
-
to know about the sources of collection, the location of his personal data, the purpose of their processing, the location of the owner of personal data or to give a corresponding mandate to obtain this information to persons authorized by him, except for cases established by law;
-
receive information about the conditions for providing access to personal data, in particular information about third parties to whom their personal data is transferred;
-
to access your personal data;
-
receive no later than thirty calendar days from the date of receipt of the request, except in cases provided by law, an answer on whether their personal data is being processed, as well as the content of such personal data;
-
present a reasoned demand to the Company with an objection to the processing of his personal data;
-
protection of personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision of data, as well as protection from providing information that is unreliable or disgraces the honor, dignity and business reputation of a natural person;
-
file complaints about the processing of your personal data with the Commissioner;
-
apply legal remedies in case of violation of the legislation on the protection of personal data;
-
enter a reservation regarding the limitation of the right to process your personal data when giving consent;
-
withdraw consent to the processing of personal data;
-
know the mechanism of automatic processing of their personal data;
-
to protect against an automated decision that has legal consequences for them.
2. Processing of personal data
2.1. Grounds for processing personal data
The basis for processing personal data in databases is the consent of the subject of personal data to the processing of his personal data.
The consent of the subject of personal data must be a voluntary expression of the individual's will to grant permission for the processing of his personal data in accordance with the formulated purpose of their processing. The consent of the subject of personal data can be given in the form of a mark on the electronic page of the document or in an electronic file processed in the information system based on documented software and technical solutions.
3. The procedure for accessing personal data
All personal data, except for de-identified personal data owned by the Company, is restricted access information by access mode.
3.1. Access of subjects of personal data
Access to a natural person whose personal data is processed by the Company is granted in accordance with the procedure provided for by the legislation of Ukraine and the internal documents of the Company, based on a written request of the natural person - the subject of personal data. The request states: surname, first name and patronymic, place of residence (place of stay) and details of the document certifying the natural person submitting the request. Access of the subject of personal data to personal data is free of charge.
3.2. Third party access
This provision provides for the possibility of access to personal data of third parties based on the consent of the subject of personal data given to the Company for the processing of such personal data, or (in some cases) in accordance with the requirements of the Law.
Access to personal data is not granted to a third party if the specified person refuses to undertake obligations to ensure compliance with the requirements of the Law or is unable to ensure them. In order to obtain access to personal data, the subject of relations related to personal data submits a request to the Company specifying: surname, first name and patronymic, place of residence (place of stay) and details of a document certifying a natural person, who submits the request (for a natural person - the applicant); name, location of the legal entity submitting the request, position, surname, first name and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the authority of the legal entity (for the legal entity - the applicant); surname, first name and patronymic, as well as other information that makes it possible to identify the natural person in respect of whom the request is made; list of requested personal data; the purpose and/or legal basis for the request.
The company examines the request for its satisfaction within 10 (ten) working days from the day of its receipt. During this period, the Company informs the person who submits the request that the request will be granted or that the relevant personal data cannot be provided, indicating the reason.
The request is satisfied within 30 (thirty) calendar days from the date of its receipt, unless otherwise provided by the Law.
It is allowed to delay access to personal data of third parties if the necessary data cannot be provided by the Company within 30 (thirty) calendar days from the date of receipt of the request. At the same time, the total term for solving the issues raised in the request cannot exceed 45 (forty-five) calendar days.
The Company's notice of postponement states:
1) surname, first name and patronymic of the official;
2) the date of sending the message;
3) the reason for the delay;
4) the period during which the request will be satisfied.
Denial of access to personal data is permitted if access to it is prohibited by law. In the notification of refusal, the Company indicates: surname, first name, patronymic of the official who refuses access; the date of sending the message; reason for refusal.
4. Protection of personal data
The company is equipped with system and software-technical means and means of communication and takes all necessary measures to ensure the protection of personal data at all stages of their processing, including with the help of organizational and technical measures that prevent loss, theft, unauthorized destruction, illegal processing or access to personal data.
The organizational measures include: determining the procedure for accessing personal data of the Company's employees; determination of the procedure for keeping records of operations related to the processing of the subject's personal data and access to them; development of an action plan in case of unauthorized access to personal data, damage to technical equipment, emergency situations; regular training of employees who work with personal data.
The company keeps records of employees who have access to the subjects' personal data. The company determines the level of access of the specified employees to the personal data of the subjects. Each of these employees has access to only those personal data (parts thereof) of subjects that are necessary for him in connection with the performance of his professional or official or labor duties.
Employees who have access to personal data give a written commitment not to disclose personal data entrusted to them or which became known to them in connection with the performance of professional or official or labor duties. This written commitment defines the level of responsibility of employees who have access to personal data.
Employees who have access to personal data, including those who process it, are liable in accordance with the legislation of Ukraine if they violate the requirements of the Law.
The company independently determines the procedure for saving information about operations related to the processing of the subject's personal data and access to them.
In the case of processing personal data of subjects using an automated system, such system automatically records the specified information. This information is stored by the Company for one year from the end of the year in which the specified operations were carried out, unless otherwise provided by the legislation of Ukraine. In order to ensure the security of personal data processing, the Company also takes special technical protection measures, including the exclusion of unauthorized access to the processed personal data and the operation of the technical and software complex by means of which personal data is processed.
5. Protection of personal data in the field of electronic commerce
The use of personal data in the field of electronic commerce may be carried out in the event that the subject of electronic commerce creates conditions for the protection of such data. Participants in relations in the field of electronic commerce are obliged to ensure the protection of personal data that became known to them from electronic documents (messages) during the execution of electronic transactions, in accordance with the procedure provided by the Law of Ukraine "On the Protection of Personal Data". It is prohibited to use and request personal data by parties to an electronic transaction for a purpose other than the execution of an electronic transaction, unless otherwise established by law or by agreement of the parties.
Registration of a natural person in the information system of an e-commerce subject means giving consent to the use and processing of his personal data and taking other actions provided for by the Law of Ukraine "On the Protection of Personal Data".
Identification of a person by means of an electronic signature must be carried out during each entry into the information system of the subject of electronic commerce.
In order to prevent unauthorized access to a person's account in the information and telecommunications system of an e-commerce entity, an additional unique set of electronic data added (joined) to a special set of electronic data that was entered (created) by such a person may be used to identify such a person during registration.
6. Responsibility for violation of the order of personal data processing
Violation of the legislation on the protection of personal data and non-compliance with the requirements of this Regulation entails the responsibility established by regulatory and legal acts, as well as internal documents of the Company.
7. State registration of the personal data base
State registration of personal data bases is carried out in accordance with Article 9 of the Law of Ukraine "On the Protection of Personal Data".