PERSONAL DATA AND THEIR PROTECTION

1. PERSONAL DATA DATABASE

The Seller is the owner of the following personal data database – “database of counterparties’ personal data”.

2. PURPOSE OF PERSONAL DATA PROCESSING

The purpose of personal data processing is to ensure the implementation of civil-legal relations, provision, receipt, and settlement of payments for goods and services in accordance with the Tax Code of Ukraine, the Law of Ukraine “On Accounting and Financial Reporting in Ukraine”, etc.

3. PROCEDURE FOR PERSONAL DATA PROCESSING

The processing of personal data includes obtaining consent, informing about rights, and actions with the personal data of the data subject.

The consent of the personal data subject must be a voluntary expression of will of an individual to permit the processing of their personal data in accordance with the defined purpose of such processing.

Consent of the personal data subject may be provided in the following forms:

  • a paper document containing details that allow identification of the document and the individual;
  • an electronic document containing mandatory details that allow identification of the document and the individual. The voluntary expression of will to allow personal data processing should be confirmed by an electronic signature of the data subject where appropriate;
  • a mark on an electronic document page or in an electronic file processed in an information system based on documented software and technical solutions.

Consent is provided during the execution of civil-legal relations in accordance with applicable legislation.

Notification of the data subject about the inclusion of their personal data in the database, their rights under the Law of Ukraine “On Personal Data Protection”, the purpose of data collection, and third parties to whom data may be transferred is carried out during the establishment of civil-legal relations in accordance with applicable legislation.

Processing of personal data concerning racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, as well as data concerning health or sex life (special categories of data) is prohibited.

4. LOCATION OF THE PERSONAL DATA DATABASE

The personal data databases are located at the Seller’s address: Dnipropetrovsk region, Novomoskovsk, Suchkova Street, 115.

5. CONDITIONS FOR DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

Access to personal data by third parties is determined by the terms of consent given by the data subject to the data controller for the processing of such data, or in accordance with legal requirements.

Access to personal data is not granted to a third party if that party refuses to undertake obligations to ensure compliance with the Law of Ukraine “On Personal Data Protection” or is unable to ensure such compliance.

A subject of personal data relations submits a request for access (hereinafter – a request) to the personal data controller.

The request must include:

  • surname, name, patronymic, place of residence (stay), and details of the identity document of the applicant (for an individual applicant);
  • name, location of the legal entity submitting the request, position, surname, name, and patronymic of the authorized person; confirmation that the request corresponds to the legal authority of the entity (for a legal entity applicant);
  • surname, name, patronymic, and other information enabling identification of the individual to whom the request relates;
  • information about the database concerned or its controller/administrator;
  • list of requested personal data;
  • purpose and/or legal grounds for the request.

The request review period may not exceed ten working days from the date of receipt. During this period, the data controller informs the requester whether the request will be satisfied or whether the requested data cannot be provided, indicating the legal basis. The request is fulfilled within thirty calendar days unless otherwise provided by law.

Postponement of access is allowed if the requested data cannot be provided within thirty calendar days. The total period may not exceed forty-five calendar days.

A postponement notice is provided in writing with explanation of appeal procedures.

The notice must include: name of responsible officer, date, reason for postponement, and expected timeframe.

Refusal of access is allowed if prohibited by law.

A refusal notice must include: name of responsible officer, date, and reason for refusal.

Decisions on postponement or refusal may be appealed in court.

6. PERSONAL DATA PROTECTION

The personal data controller is equipped with system and software-technical means and communication tools that prevent loss, theft, unauthorized destruction, distortion, falsification, copying of information and comply with international and national standards.

A responsible person organizes personal data protection activities in accordance with the law. The responsible person is appointed by order of the data controller.

Duties are defined in the job description.

The responsible person is obliged to:

  • know Ukrainian legislation on personal data protection;
  • develop procedures for employee access to personal data;
  • ensure compliance with legislation and internal policies;
  • develop internal control procedures;
  • report violations;
  • ensure storage of consent documents.

The responsible person has the right to:

  • receive necessary documents;
  • make copies;
  • participate in discussions;
  • submit proposals;
  • receive explanations;
  • sign documents within competence.

Employees must comply with legislation and internal rules and must not disclose personal data even after termination of duties.

Violations are subject to liability under Ukrainian law.

Personal data must not be stored longer than necessary.

7. RIGHTS OF THE DATA SUBJECT

The data subject has the right to:

  • know the sources and location of their personal data;
  • access their personal data;
  • receive information about data processing conditions;
  • receive data within 30 days;
  • object to processing;
  • request correction or deletion;
  • protection against unlawful processing;
  • file complaints;
  • withdraw consent;
  • protection from automated decision-making.

8. PROCEDURE FOR DATA SUBJECT REQUESTS

The data subject has the right to obtain any information about themselves.

Access is free of charge.

A request must include identification details and information about the requested data.

Review period – up to 10 working days.

Fulfillment – up to 30 calendar days unless otherwise required by law.

9. FINAL PROVISIONS

All other matters not covered shall be governed by the current legislation of Ukraine.

If any provision becomes invalid due to legal changes, the remaining provisions remain in force.