І. General Provisions
1.1. The Regulation on the processing and protection of personal data of counterparties (hereinafter referred to as the Regulation) defines a set of organizational and technical measures to ensure the protection of personal data of counterparties of CitySites "(hereinafter referred to as the Company) from illegal processing, including from loss, illegal or accidental destruction , as well as from illegal access to them.
1.2. The regulation was developed on the basis of the Law of Ukraine "On Personal Data Protection" dated 01.06.2010 No. 2297-VI (hereinafter - the Law No. 2297) and the Standard Procedure for the Processing of Personal Data approved by order of the Commissioner of the Verkhovna Rada of Ukraine on Human Rights dated 08.01.2014 No. 1 / 02-14.
1.3. The Regulation is binding upon persons who have access to personal data and process personal data.
1.4. All terms in this Regulation are determined in accordance with Law No. 2297, while in accordance with the terminology of Law No. 2297, the Company is considered the owner of personal data.
1.5. Personal data includes any information or a collection of information about an individual by which it is identified or can be definitely identified.
1.6. The personal data of the Company's counterparties by access mode are information with limited access. The company has undertaken to ensure the protection of the personal data of counterparties.
1.7. The personal data of the Company's counterparties are processed on electronic media using software products such as Excel, Word, etc.
1.8. The processing of personal data means any action or set of actions, such as the collection, registration, accumulation, storage, adaptation, modification, renewal, use and distribution (distribution, sale, transfer), depersonalization, destruction of personal data.
II. Purpose and grounds for processing personal data
2.1. The processing of personal data of counterparties is carried out in order to ensure the implementation of contractual relations when the Company carries out economic activities, administrative and legal relations (in accordance with the Commercial Code of Ukraine, Civil Code of Ukraine), relations in the field of accounting and tax accounting (in accordance with the Tax Code of Ukraine, the Law Of Ukraine “On Accounting and Financial Reporting in Ukraine”, other regulatory legal acts in the field of accounting and tax accounting).
2.2. Personal data is processed on the basis of the consent of the personal data subject and on other legal grounds in strict accordance with the current legislation of Ukraine in the field of personal data protection and is stored in paper and / or electronic form.
ІІІ. Composition of personal data of counterparties processed by the Company
3.1. According to the specific purpose of processing, regulatory legal acts, and the requirements of economic activity, the Company processes the following personal data of counterparties:
email address (e-mail);
information about actions taken on the Site.
ІV. Organization of work with personal data
4.1. To ensure compliance with the requirements of Ukrainian legislation regarding the protection and processing of personal data, as well as the conditions of this Regulation, the Owner appoints responsible persons from among his employees.
4.2. The responsible person fulfills his duties in accordance with this Regulation and the norms of the current legislation of Ukraine regarding the processing and protection of personal data.
V. Rights and obligations of counterparties as subjects of personal data
5.1. The counterparty as the subject of personal data has the right to protect personal data in accordance with Article 8 of Law No. 2297, namely:
1.to know about the sources of collection, the location of their personal data, the purpose of their processing, the location or place of residence (stay) of the owner or manager of personal data or give the appropriate order to receive this information to authorized persons, except as otherwise provided by law;
2.receive information on the conditions for providing access to personal data, including information on third parties to whom his personal data is transmitted;
3.access to your personal data;
4.receive no later than thirty calendar days from the date of receipt of the request, with the exception of cases provided by law, an answer about whether his personal data is processed, as well as receive the content of such personal data;
5.present a reasoned demand to the owner of personal data with an objection to the processing of his personal data;
6.present a reasoned request for changing or destruction of their personal data by any owner and manager of personal data if this data is processed illegally or is unreliable;
7.to protect their personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision thereof, as well as to protect against the provision of information that is inaccurate or discredits the honor, dignity and business reputation of an individual;
8.file complaints with the Commissioner or the court regarding the processing of your personal data;
9.apply legal remedies in case of violation of the legislation on the protection of personal data;
10.to make reservations regarding the restriction of the right to process their personal data upon consent;
11.withdraw consent to the processing of personal data;
12.know the mechanism for automatic processing of personal data;
13.to protect against an automated solution that has legal consequences for him.
Vi. Collection of personal data of counterparties
6.1. The collection of personal data of counterparties is an integral part of the processing of such personal data, which includes actions to select or organize information about an individual.
6.2. The grounds for processing personal data of counterparties are:
conclusion and execution of an agreement to which the subject of personal data is a party or which is concluded in favor of the subject of personal data or to carry out actions preceding the conclusion of the agreement at the request of the subject of personal data (paragraph 3 of the first part of Article 11 of Law No. 2297);
the need to protect the legitimate interests of the owners of personal data, third parties, except in cases where the subject of personal data requires to stop processing his personal data and the need to protect personal data exceed this interest (paragraph 6 of the first part of Article 11 of Law No. 2297).
6.3. The fact of acquaintance of the counterparty with the rights in the field of personal data protection, a message about the owner of personal data, the composition and content of the collected personal data, the purpose of collecting personal data and the person to whom personal data will be transmitted is confirmed by acceptance of the offer.
6.4. At the conclusion of the contract, the personal data of the counterparty are entered into the database "Counterparties".
6.5. In the event that the fact of processing information about the counterparty that does not correspond to reality is revealed, such information must be corrected or destroyed.
VII. Storage and destruction of personal data of counterparties
7.1. The storage of personal data includes actions to ensure their integrity and the corresponding mode of access to them.
7.2. The personal data of the counterparties are processed in a form that allows the identification of the individual they relate to and stored for no more than is necessary in accordance with their legal purpose and the purpose of their processing, unless otherwise provided by legislation in the field of archiving and record keeping.
7.3. The personal data of the counterparties are deleted or destroyed in the manner established in accordance with the requirements of the law.
7.4. Personal data is subject to destruction in the event of:
the expiration of the data storage period determined by the consent of the personal data subject to the processing of this data or by law; termination of legal relations between the subject of personal data and the Company, unless otherwise provided by law; the entry into force of a court decision on the removal of data on an individual from a personal data base; publication of the corresponding order of the Commissioner of the Verkhovna Rada for Human Rights or officials of the Secretariat of the Commissioner identified by him.
7.5. Personal data collected in violation of the requirements of Law No. 2297 is subject to destruction in the manner prescribed by law.
7.6. The selection for the destruction of documents with personal data whose storage periods have expired is made by an expert commission, the composition of which is determined by the Company.
7.7. The destruction of personal data is carried out in a manner that excludes the further possibility of restoring such personal data.
VIII. Transfer of personal data to third parties and providing third parties with access to personal data
8.1. The transfer of the personal data of the counterparty to third parties is determined by the conditions of consent to the processing of personal data or in accordance with the requirements of the law.
8.2. Without the consent of the counterparty, his personal data may be transferred in the following cases:
when the transfer of personal data is expressly provided for by the legislation of Ukraine, and only in the interests of national security, economic welfare and human rights; receiving a request from public authorities and local governments operating within the powers granted by the legislation of Ukraine.
8.3. Access to personal data to a third party is not provided if the specified person refuses to assume obligations to ensure compliance with the requirements of Law No. 2297 or cannot provide them.
8.4. The counterparty has the right to receive any information about himself contained in the relevant personal database without specifying the purpose of the request.
IX. Protection of personal data during its processing
9.1. Protection of personal data in an automated system
9.1.1. The right of access to the automated system is granted to employees of the Company, whose job descriptions provide for the processing of data in the automated system and which provide a written commitment to non-disclosure of personal data.
9.1.2. An automated system is mandatory provided with anti-virus protection and uninterruptible power supply system elements.
9.1.3. The right of access to personal data of counterparties is granted to third parties with whom the Company has concluded an agreement to fulfill contractual obligations to counterparties.