Personal Data Protection
Provisions on the processing and protection of personal data in accordance with the Law of Ukraine "On Personal Data Protection."
Table of Contents
1. General Concepts and Scope of Application
Definitions
—
Personal Database — a named set of ordered personal data in electronic form and/or in the form of files.
—
Responsible Person — a person who organizes work related to the protection of personal data during its processing.
—
Data Controller — a person granted the right to process personal data, who approves the purpose of processing and establishes the data scope.
—
Subject Consent — a voluntary expression of will by an individual granting permission for the processing of their personal data according to the purpose of processing.
—
Personal Data Processing — any action of collecting, registering, accumulating, storing, using, distributing, or destroying information about an individual.
—
Personal Data — information or a set of information about an individual who is identified or can be specifically identified.
—
Data Subject — an individual whose personal data is being processed.
—
Third Party — any person, except for the subject, controller or processor of the database and the authorized state body, to whom personal data is transferred.
—
Special Categories of Data — data on racial or ethnic origin, political or religious beliefs, membership in parties and unions, as well as data on health or sex life. Processing of such data is prohibited.
These Provisions are mandatory for the responsible person and all employees who perform processing or have access to personal data in connection with their official duties.
2. List of Personal Databases
Counterparties Database
Data of legal entities and individuals with whom civil law relations are established.
Customers Database
Data of clients who place orders through the LFL3D online store.
3. Purpose of Personal Data Processing
The purpose of processing is to ensure the implementation of civil law relations, the provision and receipt of goods and services, and the implementation of relevant payments in accordance with the Tax Code of Ukraine and the Law of Ukraine "On Accounting and Financial Reporting in Ukraine."
4. Personal Data Processing Procedure
Voluntary Consent
Consent of the personal data subject must be a voluntary expression of will regarding the granting of permission for data processing in accordance with the formulated purpose.
Forms of Consent
1.A document on a paper medium with details that allow identifying the person.
2.An electronic document with mandatory details, certified by an electronic signature.
3.A mark on an electronic document page or in an electronic file within an information system.
Moment of Obtaining Consent
Consent is provided during the formalization of civil law relations in accordance with current legislation.
Prohibition of Special Categories of Data
Processing of personal data concerning racial or ethnic origin, political or religious beliefs, membership in parties and unions, as well as data on health or sex life is prohibited.
5. Location of Personal Databases
The personal databases specified in Section 2 of these Provisions are located at the seller's address.
6. Conditions for Disclosure to Third Parties
6.1
The procedure for access to personal data by third parties is determined by the conditions of the subject's consent or requirements of the law.
6.2
Access is not granted if the third party refuses to undertake obligations to comply with the requirements of the Law or cannot ensure them.
6.3
A third party submits a request for access to personal data directly to the data controller.
6.4
The request shall specify:
—Full name, place of residence, and document details of the person submitting the request (for an individual), or the name, location, and official person (for a legal entity);
—information that allows identifying the person concerning whom the request is made;
—information about the personal database or its controller;
—list of requested personal data;
—purpose and/or legal grounds for the request.
6.5
Term for studying the request — no more than 10 working days. The request is satisfied within 30 calendar days unless otherwise provided by law.
6.6
Postponement of access is allowed if data cannot be provided within 30 days. The total period cannot exceed 45 calendar days.
6.7–6.8
Notice of postponement is provided in writing and contains: Full name of the official, date of dispatch, reason for postponement, and term for fulfillment.
6.9–6.10
Denial of access is allowed only if access is prohibited by law. The refusal notice contains the official's name, date, and reason for refusal.
6.11
The decision to postpone or deny access may be appealed in court.
7. Personal Data Protection
Technical Protection
7.1
System and software-technical means of protection prevent loss, theft, unauthorized destruction, distortion, and copying of data and comply with the requirements of international and national standards.
Responsible Person
7.2
The responsible person organizes the work on personal data protection and is appointed by the Data Controller's order. Duties are specified in the job description.
Duties of the responsible person (p. 7.3):
—to know the legislation of Ukraine in the field of personal data protection;
—to develop procedures for access to personal data for employees;
—to ensure compliance by employees with legislative requirements;
—to develop a procedure for internal control over compliance with requirements;
—to notify the Controller of violations no later than one working day from detection;
—to ensure storage of consent documents and notification of subjects regarding their rights.
Rights of the responsible person (p. 7.4):
—to receive necessary orders and administrative documents;
—to make copies of documents and files;
—to make proposals for improving personal data handling;
—to sign and endorse documents within their competence.
Employee Obligations and Storage Terms
7.5
Employees who have access to personal data are obliged to comply with legislative requirements and internal documents regarding data processing and protection.
7.6
Disclosure of personal data in any way is prohibited. This obligation continues even after the termination of activities related to personal data.
7.7
Persons are liable under the legislation of Ukraine for violations of the Law of Ukraine "On Personal Data Protection."
7.8
Personal data is stored no longer than necessary to achieve the purpose of processing, and in any case — no longer than the term determined by the subject's consent.
8. Rights of the Data Subject
Know About Database
To find out the location of the personal database, its purpose, name, and information about its controller.
Obtain Access
To receive free access to your personal data and information about the conditions of its provision to third parties.
Receive Response
To receive an answer within 30 calendar days as to whether your data is stored and what its content is.
Object Processing
To present a reasoned demand against the processing of your personal data by state authorities and local self-government.
Correct or Delete
To demand modification or destruction of personal data if it is processed illegally or is unreliable.
Protection and Appeal
To contact state authorities and use legal remedies in case of violation of personal data legislation.
9. Procedure for Handling Subject Inquiries
9.1
The subject has the right to receive any information about themselves from any participant in relations related to personal data, without specifying the purpose of the request.
9.2
Access of the personal data subject to data about themselves is free of charge.
9.3
The request is submitted to the data controller and contains:
—Full name, place of residence, and identity document details;
—other information for person identification;
—information about the personal database or its controller;
—list of personal data requested.
9.4
Term for studying the request — no more than 10 working days. Within this period, the subject is notified whether the request will be satisfied or why data is not subject to provision.
9.5
The request is satisfied within 30 calendar days from the day of its receipt unless otherwise provided by law.
10. State Registration of Personal Databases
State registration of personal databases is carried out in accordance with Article 9 of the Law of Ukraine "On Personal Data Protection."
Have questions?
Contact us — our team is here to help with any questions regarding personal data processing.
Message Us