Regulation on the processing and protection of personal data in personal data base owned by the seller
Providing his personal data on the Seller's website when registering or placing an Order, the Buyer gives the Seller his voluntary consent to the processing, use (including transfer) of his personal data, as well as other actions under the Law of Ukraine "On Personal Data Protection", without limitation of the validity of such consent.
In accordance with paragraphs 1 and 2 of the second part of Article 8, part two of Article 12 of the Law of Ukraine "On Personal Data Protection" the Seller notifies about the owner, administrator, location, composition and purpose of collecting personal data the Buyer, third parties to whom such personal data is transferred and the rights of the personal data subject.
1.The owner of the Buyer's personal data is LLC “ROST” (identification code of the legal entity in the National State Registry of Ukrainian Enterprises and Organizations - 30381807; location: 03022, Kyiv, Vasylkivska Street 37; contact phone number: +38 (044) 290-18-00.
2. The administrator of personal data is LLC "ROST" (identification code of the legal entity in the National State Registry of Ukrainian Enterprises and Organizations - 30381807; location: 03022, Kyiv, Vasylkivska Street 37; contact phone number: +38 (044) 290-18-00.
3. Location of personal data: 03134, Kyiv, Myru street, bldg. 19.
4. The composition of personal data includes:
- last name, name and patronymic of the person;
- series and number of the passport of the citizen of Ukraine, other identity document confirming the citizenship of Ukraine or the special status of the person;
- registration number of the taxpayer's registration card from the State Register of Individuals – Taxpayers (Tax ID number);
- registered or actual place of residence;
- e-mail address, contact telephone number.
Last name, first name, patronymic, registered or actual place of residence, e-mail address, contact telephone number are collected by the direct provision of personal data by the Buyer at registration.
Series and passport number of a citizen of Ukraine, other identity document confirming citizenship of Ukraine or special status of a person, registration number of the taxpayer's registration card from the State Register of Individuals – Taxpayers (Tax ID number) are collected by direct provision of personal data by the Buyer when confirming identity or making payments, or returning payments and / or goods.
Cookies may be used by the Seller when operating the Site. With its help, it is possible to identify the browser of Buyers who visit the site repeatedly; in these files, it is possible to save user settings and other information. You can set your browser to reject all cookies or notify you when they are sent.
The Seller may also store and process impersonal general information in free form for data calculation, such as: IP address, date and time of visit, type and language of browser, cookies, total number of visits to the Site, number of visits to each page of the Site, names of providers internet access services. This is necessary for the correct operation of the Site, providing services to the Site, optimizing its operation, as well as to protect the integrity of the information space of the Site.
Personal data processing means any action or set of actions performed in whole or in part in the information (automated) system and / or in personal data files, which are related to the collection, registration, accumulation, storage, adaptation, change, renewal, use and sharing (dissemination, sale, transfer), depersonalization, destruction of information about an individual.
5. The purpose of processing (collection) of personal data is:
- storage and managing counterparties' data, in accordance with Articles 6 and 7 of the Law of Ukraine “On Personal Data Protection”;
- ensuring the implementation of civil relations, providing / receiving and making payments for purchased goods / services in accordance with the Tax Code of Ukraine, the Law of Ukraine "On Accounting and Financial Reporting in Ukraine", and other responsibilities imposed by law on the owner of personal data in order to protect the legitimate interests of the owner of personal data or a third party to whom personal data is transferred;
- monitoring and evaluating the quality of goods and services of the Seller;
- creation and implementation of bonus programs, loyalty programs, sending messages in the form of e-mails, Viber messages, SMS-messages, notifications in the web browser, including in order to send commercial offers, to improve the quality of services, ratings, analysis of activities, keyword search, sending information and marketing newsletters (news, company promotions, information about promotions, promo codes and discounts, personal recommendations, personal discounts and offers), which contain information about goods and / or services, advertising and commercial offers in respect of such goods and / or services, etc.;
- creation of user's profile (individual and / or general profiles) on the Seller's website, by collecting and analyzing information on the Buyer's chosen preferences and choices made on the website, and on the Buyer's general actions on the website, by profiling cookies (" Profiling "). Such information may be used to personalize the goods and services sold through the Site, if possible, in accordance with the settings of the Buyer and the choice;
- conducting statistical and other surveys based on depersonalized data.
6. Third parties to whom the processed personal data is transferred are:
- counterparties and third parties, in order to ensure the implementation of sales relations, relations in the field of consumer protection, in the field of advertising and marketing research, etc.;
- freight forwarding, postal and courier organizations;
- any banking and / or financial institutions, participants / members of payment systems in Ukraine that provide authorization and transfer of funds by the Buyer and other third parties (without limitation) at the discretion of the Seller;
- other persons who apply to the Seller and have the right to receive personal data only on the grounds specified by law.
6.1. The transfer of personal data to foreign subjects of relations related to personal data (cross-border transfer of personal data) is not carried out.
6.2. The Buyer has the right to receive any information about himself from any subject of relations related to personal data, without specifying the purpose of the request, except as provided by law. The subject of personal data has access to personal data about himself free of charge based on a request, subject to the following information: last name, name and patronymic, place of residence (stay) and details of the document certifying the individual submitting the request (for natural person - the applicant).
6.3. The procedure for access to personal data of third parties is determined by the conditions of consent of the personal data subject provided to the owner of the personal data base for the processing of such data, in order to fulfill obligations to the personal data subject or in accordance with law.
6.4. Access to personal data is not granted to a third party if the mentioned person refuses to undertake obligation to ensure compliance with the requirements of the Law of Ukraine "On Personal Data Protection" or is unable to provide them.
6.5. The subject of the relations related to personal data submits a request for access (hereinafter - the request) to personal data to the owner of the personal data base.
6.6. The request states:
- last name, name and patronymic, place of residence (location) and details of the document certifying the natural person submitting the request (for the natural person - the applicant);
- name, location of the legal entity submitting the request, position, surname, name and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the powers of the legal entity (for the legal entity - the applicant);
- last name, name and patronymic, as well as other information that allows to identify the natural person in respect of whom the request is made;
- information about personal data base in respect of which the request is submitted, or information about the owner or administrator of this data base;
- list of personal data requested;
- the purpose of the request.
6.7. The term for studying the request for its satisfaction should not exceed ten working days from the date of its receipt.
During this period, the owner of the personal data base notifies the person submitting the request that the request will be satisfied or the relevant personal data is not subject to provision, indicating the grounds specified in the relevant legal act.
The request shall be satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.
6.8. All employees of the of the personal data base owner are required to comply with confidentiality requirements related to personal data protection and information on securities accounts and circulation of securities
6.9. Postponement of access to personal data of third parties is allowed if the necessary data cannot be provided within thirty calendar days from the date of receipt of the request. In this case, the total term for resolving the issues raised in the request may not exceed forty-five calendar days.
6.10. The postponement notice is brought to the attention of the third party who submitted the request in writing with explanation of the procedure for appealing against such a decision.
6.11. The postponement notice indicates:
- last name, name and patronymic of the official;
- date of sending the message;
- reason for postponement;
- the term during which the request will be satisfied.
6.12. Refusal of access to personal data is allowed if access to them is prohibited by law.
6.13. The refusal notice indicates:
- last name, first name, patronymic of the official who refuses access;
- date of sending the message;
- reason for refusal.
6.14.The decision on postponement or refusal of access to personal data may be appealed to the authorized state body for personal data protection, other public authorities and local governments, whose powers include the protection of personal data, or to the court.
7. Personal data is kept for no longer than is necessary in accordance with the purpose of their processing. After the Buyer stops to be a user of the Site by deleting his account on the Site, his personal data is also automatically deleted.
8. Security of personal data
8.1. The Seller is equipped with system and soft- and hardware means and means of communication that prevent loss, theft, unauthorized destruction, distortion, forgery, copying of information and meet the requirements of international and national standards, which we will update accordingly with the advent of new technologies.
9. According to the second part of Article 8 of the Law of Ukraine "On Personal Data Protection" the subject of personal data has the right to:
1) know about the sources of collection, location of their personal data, the purpose of their processing, location or place of residence (stay) of the owner or controller of personal data or give a corresponding order to obtain this information to authorized persons, except as provided by law;
2) receive information on the conditions for granting access to personal data, in particular information on third parties to whom his personal data is transferred;
3) access to his/her personal data;
4) receive no later than thirty calendar days from the date of receipt of the request, except as provided by law, an answer as to whether his personal data is processed, as well as receive the content of such personal data;
5) make a reasoned request to the owner of personal data with an objection to the processing of his/her personal data;
6) make a reasoned request to change or destroy his/her personal data by any owner and controller of personal data, if this data is processed illegally or is inaccurate;
7) protect his/her personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision or late provision, as well as to protect against the provision of information that is inaccurate or discredits the honor, dignity and business reputation of a natural person;
8) apply with complaints about the processing of his/her personal data to the Ukrainian Parliament Commissioner for human rights (Ombudsman) or to the court;
9) apply legal remedies in case of violation of the legislation on personal data protection;
10) make reservations regarding the restriction of the right to process their personal data during the consent;
11) withdraw consent to the processing of personal data;
12) know the mechanism of automatic processing of personal data;
13) protection against an automated decision that has legal consequences for him.