Regulations on the processing and protection of personal data in personal data bases owned by the seller.

Content

1. General concepts and scope of application.

2. List of personal data base.

3. Purpose of personal data processing.

4. The procedure for processing personal data: creation of consent, notification of rights and actions with personal data of the subject of personal data.

5. Location of the personal data base.

6. Terms of disclosure of personal data to third parties.

7. Protection of personal data: methods of protection, the responsible person, employees who record processing and/or have access to personal data in connection with the performance of their official duties, the period of storage of personal data.

8. Rights of the subject of personal data.

9. Procedure for handling requests of the subject of personal data.

10. State registration of the personal data base.


1. General concepts and scope of application.

1.1. Definition of terms: personal data base — a named set of organized personal data in electronic form and/or in the form of personal data files; responsible person - a designated person who organizes work related to the protection of personal data during their processing, in accordance with the law; the owner of personal data is a natural or legal entity that is granted the right to process this data by law or with the consent of the subject of personal data, which approves the purpose processing of personal data in this database, establishes the composition of these data and procedures for their processing, unless otherwise determined by law;

The State Register of Personal Data Bases is a single state information system for collecting, accumulating and processing information on registered personal data bases; publicly available sources of personal data — directories, address books, registers, lists, catalogs, other systematized collections of open information, which contain personal data, placed and published with the knowledge of the subject of personal data.

Social networks and Internet resources in which the subject is not considered public sources of personal data leave their personal data (unless the subject of personal data expressly states that personal data are posted for the purpose of their free distribution and use); consent of the subject of personal data - any documented, voluntary expression of will of a natural person regarding the granting of permission for the processing of his personal data in accordance with the formulated purpose of their processing; depersonalization of personal data — removal of information that enables identification a person who is identified or can be specifically identified; the manager of the personal data base is a natural or legal person who is authorized by the owner of the personal data base or by law to process this data.

A person who is instructed by the owner and/or manager of the personal data base to use technical work with the personal data base without access to the content of personal data is not a manager of the personal data base; subject of personal data - a natural person, in respect of whom, in accordance with the law, the processing of his personal data is created; third party - any person, as a subject of personal data, the owner or administrator of the personal data base and the authorized state body for personal data protection, which creates the transfer of personal personal data by the owner or administrator of the database in accordance with the law; special categories of data — personal data about racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, as well as data related to health or sex life.


1.2. This Regulation is mandatory for application in accordance with the person and employees of the seller, who contain the description of the processing and/or have access to personal data in connection with the performance of their official duties.


2. List of personal data base.

2.1. The seller is the owner of the following personal data base:

● database of personal data of the counterparty.


3. Purpose of personal data processing.

3.1. The method of processing personal data in the system is the storage and maintenance of counterparty data, in accordance with Articles 6 and 7 of the Law of Ukraine "On the Protection of Personal Data".

3.2. The method of processing personal data is to ensure the realization of civil legal relations, provision/production and settlement of purchased goods/services in accordance with the Tax Code of Ukraine, the Law of Ukraine "On Accounting and Financial Reporting in Ukraine".


4. The procedure for processing personal data: creation of consent, notification of rights and actions with personal data of the subject of personal data.

4.1. The consent of the subject of personal data must be a voluntary expression of the individual's will to grant permission for the processing of his personal data in accordance with the formulated purpose of their processing. The consent of the subject of personal data can be given in the following forms:

● a document on a medium with requisites, which enables identification of this document and the natural person;

● an electronic document, which must contain mandatory details that allow identification of this document and a natural person. It is expedient to certify the voluntary expression of the individual's will regarding the granting of permission for the processing of his personal data with the electronic signature of the subject of personal data.

● a mark on the electronic page of the document or in the electronic file processed in the information system on the basis of documented software and technical solutions.

4.2. The consent of the subject of personal data is given during the registration of civil legal relations in accordance with the current legislation.


5. Location of the personal data base.

5.1. The personal data base specified in section 2 of this Regulation is located at the address of the seller.


6. Terms of disclosure of personal data to third parties.

6.1. The procedure for accessing personal data of third parties based on the terms of the consent of the subject of personal data, given to the owner of the personal data base for the processing of this data, or in accordance with the requirements of the law.

6.2. Access to personal data is not granted to a third party if the specified person refuses to undertake obligations to ensure compliance with the requirements of the Law of Ukraine "On the Protection of Personal Data" or it is impossible to ensure them.

6.3. The subject of relations related to personal data makes a request for access (hereinafter - a request) to personal data to the owner of the personal data base.

6.4. The request states:

● surname, first name and patronymic, place of residence (place of stay) and details of a document certifying the natural person submitting the request (for a natural person, the applicant);

● name, website of the legal entity submitting the request, position, surname, first name and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the authority of the legal entity (for a legal entity, the applicant);

● surname, first name and patronymic, as well as other information that makes it possible to identify the natural person in respect of whom the request is made;

● information about the personal data base in respect of which the request is made, or information about the owner or manager of this base;

● list of requested personal data;

● the purpose of the request.

6.5. The term of examining the request for its satisfaction cannot exceed ten working days from the date of its receipt. during this period, the owner of the personal data base informs the person who submits the request that the request will be satisfied or that the relevant personal data cannot be provided, indicating the reason, defined in the relevant normative legal act. The request is satisfied thirty calendar days from the date of its receipt, unless otherwise provided by law.

6.6. All employees possessing a personal data base are obliged to comply with confidentiality requirements regarding personal data and information regarding securities accounts and securities circulation.

6.7. Delay of access to personal data of third parties is allowed if the amount of data cannot be provided within three calendar days from the date of receipt of the request. At the same time, the total term for solving the issues raised in the request cannot exceed forty-five calendar days.

6.8. Notice of postponement shall be sent to the third party who submitted the request in written form with an explanation of the procedure for appealing such a decision.

6.9. The notice of postponement states:

● surname, first name and patronymic of the official;

● message sending data;

● the reason for the delay;

● the line during which the request will be satisfied.

6.10. Denial of access to personal data is permitted if access to it is prohibited by law.

6.11. The notice of refusal states:

● surname, first name, patronymic of the official who refuses access;

● message sending data;

● reason for refusal.

6.12. The decision to delay or deny access to personal data may be appealed to the authorized state body for personal data protection, other state authorities and local self-government bodies, under whose authority personal data protection is carried out, or to a court.


7. Protection of personal data: methods of protection, the responsible person, employees who record processing and/or have access to personal data in connection with the performance of their official duties, the period of storage of personal data.

7.1. The owner of personal data bases is provided with system and software and communication tools that prevent loss, theft, unauthorized destruction, distortion, forgery, copying of information and the requirements of international and national standards.

7.2. The responsible person organizes the work related to the protection of personal data during their processing, in accordance with the law. Responsible person by order of the Owner of the personal data base. The duties of the relevant person regarding the organization of work, related to the protection of personal data during their processing, are determined by job instructions.

7.3. The responsible person is obliged to:

● know the legislation of Ukraine in the field of personal data protection;

● develop procedures for access to personal data of employees in accordance with their professional or official or labor duties;

● to ensure compliance by employees of the Volodil database of personal data with the requirements of Ukrainian legislation in the field of personal data protection and internal documents regulating the activities of the Volodil database of personal data regarding the processing and protection of personal data in personal data bases;

● to develop the order (procedure) of internal control over compliance with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regulating the activities of the Owner of the personal data base in relation to the processing and protection of personal data in the personal data base, which, in particular, should publish norms on the implementation of such control;

● add to the Owner's personal data base about violations of the requirements of Ukrainian legislation in the field of personal data protection and internal documents regulating the activities of the Owner's personal data base regarding the processing and protection of personal data in the personal data base no later than one working day from the moment of discovery of such data. damage;

● ensuring the storage of documents confirming the provision of the personal data subject's consent to the processing of his personal data and notification of the said subject about his rights.

7.4. Upon completion of his duties, the responsible person has the right to:

● receive documents, including orders and other administrative documents issued by the Owner of the personal data base, related to the processing of personal data;

● make copies of received documents, including copies of files, any records stored in local computer networks and autonomous computer systems;

● sign and certify documents within the limits of their competence.

7.5. Employees who process and/or have access to personal data in connection with the performance of their official (labor) obligations are obliged to comply with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents, processing and protection of personal data. in personal databases.

7.6. Employees who have access to personal data, including, use their processing, are obliged not to allow the disclosure in any form of personal data that have been checked by them or that have become known in connection with the performance of professional or official or labor duties responsibilities of the The commitment is valid after they stop the activity related to personal data, except for the notification established by law.

7.7. Persons who have access to personal data, including, familiarize themselves with their processing in case they violate the requirements of the Law of Ukraine "On the Protection of Personal Data", are not liable according to the legislation of Ukraine.

7.8. Personal data must not be stored longer than necessary for the purpose for which such data is stored, but in any case no longer than the data storage period determined by the consent of the subject of personal data to the processing of this data.


8. Rights of the subject of personal data.

8.1. The subject of personal data has the right to:

● to know about the site of personal data, which contains his personal data, his database of purpose and name, site and / or place of residence (stay) of the owner or manager of this database or to give appropriate instructions to obtain this information to persons authorized by him, except for those established by law;

● receive information about the conditions for granting access to personal data, in particular information about third parties to whom his personal data is transferred, which are compiled in the relevant personal data base;

● to access your personal data contained in the relevant personal data base;

● receive no later than thirty calendar days from the date of receipt of the request, in addition to those provided by law, an answer on whether his personal data is stored in the relevant personal data base, as well as receive the content of his personal data that is stored;

● present a reasoned demand with objections to the processing of your personal data by state authorities, local self-government bodies in the exercise of their powers provided for by law;

● make a reasoned demand for changes or destruction of your personal data by any owner and administrator of this database, if these data are processed illegally or are unreliable;

● to protect your personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or invalid provision of data, as well as protection from providing information that is unreliable or harms the honor, dignity and business reputation of a physical person persons individuals;

● apply for the protection of one's rights regarding personal data to state authorities, local self-government bodies, whose authority is to protect personal data;

● replace the means of legal protection in case of violation of the legislation on the protection of personal data.


9. Procedure for handling requests of the subject of personal data.

9.1. The subject of personal data has the right to receive any information about himself from any subject of relations related to personal data, without specifying the purpose of the request, except for those established by law.

9.2. The access of the subject of personal data to the data about himself can be created free of charge.

9.3. The subject of personal data submits a request for access (hereinafter - request) to personal data to the owner of the personal data base.

The request states:

● surname, first name and patronymic, place of residence (place of stay) and details of a document certifying the identity of the subject of personal data;

● other information that makes it possible to identify the person of the subject of personal data;

● information about the personal data base in respect of which the request is made, or information about the owner or manager of this base;

● list of requested personal data.

9.4. The term of examining the request for its satisfaction cannot exceed ten working days from the date of its receipt.

9.5. in this order, the owner of the personal data base notifies the subject of personal data that the request will be satisfied or that the relevant personal data are not subject to provision, indicating the grounds determined in accordance with the regulatory legal act.

9.6. The request is satisfied thirty calendar days from the date of its receipt, unless otherwise provided by law.


10. State registration of the personal data base.

10.1. State registration of personal data bases is carried out in accordance with Article 9 of the Law of Ukraine "On the Protection of Personal Data

Made reliably by GigaProg © 2024
Cart
0 items
Your cart is currently empty
Go to the catalog to select the product
Go to catalog
Error