Regulations on the Processing and Protection of Personal Data
REGULATIONS ON THE PROCESSING AND PROTECTION OF PERSONAL DATA IN PERSONAL DATA DATABASES OWNED BY THE SELLER
Contents
1. General Concepts and Scope
2. List of Personal Data Databases
3. Purpose of Personal Data Processing
4. Procedure for Personal Data Processing
5. Location of Personal Data Databases
6. Conditions for Disclosure of Personal Data to Third Parties
7. Protection of Personal Data
8. Rights of the Personal Data Subject
9. Procedure for Handling Requests from Personal Data Subjects
10. State Registration of Personal Data Databases
1. General Concepts and Scope
Definitions:
Personal Data Database – a named collection of structured personal data in electronic form and/or filing systems.
Responsible Person – a person designated to organize personal data protection activities in accordance with the law.
Owner of a Personal Data Database – an individual or legal entity authorized by law or by the data subject to process personal data and determine the purpose and procedures of processing.
State Register of Personal Data Databases – the unified state information system containing information on registered personal data databases.
Public Sources of Personal Data – directories, registers, lists, catalogs, and other publicly available collections of information containing personal data published with the knowledge of the data subject.
Consent of the Personal Data Subject – any documented voluntary expression of will granting permission to process personal data for a specified purpose.
Depersonalization – removal of information enabling identification of a person.
Processing of Personal Data – any action or set of actions related to collection, registration, accumulation, storage, adaptation, modification, updating, use, dissemination, depersonalization, or destruction of personal data.
Personal Data – information relating to an identified or identifiable individual.
Controller/Processor of a Personal Data Database – a person authorized by the database owner or by law to process personal data.
Personal Data Subject – an individual whose personal data is processed.
Third Party – any person other than the data subject, database owner, processor, or authorized public authority.
Special Categories of Data – data relating to racial or ethnic origin, political, religious or philosophical beliefs, trade union membership, health, or sexual life.
The provisions of this Regulation are mandatory for all employees who process or have access to personal data in the performance of their duties.
2. List of Personal Data Databases
The Seller is the owner of the following personal data database:
• Counterparties / Customers Database.
3. Purpose of Personal Data Processing
The purpose of processing personal data is to ensure implementation of civil-law relations, provision and receipt of goods and services, and settlement of payments in accordance with the Tax Code of Ukraine and the Law of Ukraine “On Accounting and Financial Reporting in Ukraine”.
4–10.
The remaining sections govern:
• obtaining consent for processing personal data;
• notification of data subjects regarding their rights;
• location and storage of personal data databases;
• disclosure of personal data to third parties in accordance with Ukrainian law;
• technical and organizational measures for personal data protection;
• rights of personal data subjects to access, modify, delete, and protect their data;
• procedures for submitting and reviewing requests concerning personal data;
• state registration of personal data databases in accordance with Article 9 of the Law of Ukraine “On Personal Data Protection”.