User agreement

Privacy Policy on Personal Data Processing and Protection

1. General Definitions and Scope

1.1. Definitions

  • Personal Data Database — a named set of organized personal data in electronic form and/or in the form of personal data files.

  • Data Controller — a natural or legal person who, by law or with the consent of the data subject, is authorized to process personal data, and who determines the purpose of processing, the scope of data, and the processing procedures.

  • Data Processor — a natural or legal person authorized by the controller or by law to process personal data on behalf of the controller.

  • Responsible Person — the designated individual responsible for organizing personal data protection processes.

  • Data Subject — an identified or identifiable natural person whose data is being processed.

  • Third Party — any entity other than the data subject, controller, processor, or authorized public authority.

  • Publicly Available Sources — official registries, directories, lists, and other structured collections of data made available with the data subject’s knowledge. Social networks and websites are not considered publicly available unless expressly stated by the data subject.

  • Consent — any freely given, specific, informed, and unambiguous indication of the data subject’s will to allow the processing of their personal data.

  • Processing — any operation performed on personal data including collection, registration, accumulation, storage, adaptation, alteration, use, dissemination, depersonalization, or destruction.

  • Special Categories of Data — data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and data concerning health or sex life.

1.2. Scope of Application

This Policy applies to the responsible person and employees of the Seller who directly process or have access to personal data in the course of performing their job duties.


2. List of Personal Data Databases

The Seller is the controller of the following personal data database:

  • Database of Business Partners.


3. Purpose of Personal Data Processing

Personal data is processed to:

  • Fulfill civil-law obligations;

  • Provide and receive services and goods;

  • Carry out settlements and reporting in accordance with the Tax Code of Ukraine, and the Law of Ukraine "On Accounting and Financial Reporting in Ukraine".


4. Procedure for Personal Data Processing

4.1. Consent Requirements

Consent must be a freely given expression of will regarding the processing of personal data for specific purposes.

4.2. Forms of Consent

Consent may be obtained in:

  • Written form (with identifiable document and subject);

  • Electronic form (including digital signature);

  • Confirmation mark in a digital interface, recorded via secure software systems.

4.3. Consent Collection

Consent is obtained at the time of entering into civil-law relationships as required by applicable legislation.

4.4. Notification

The data subject is notified of:

  • Inclusion of their data in a database;

  • Their rights under the Law of Ukraine "On Personal Data Protection";

  • The purpose of data collection;

  • The parties to whom the data may be transferred.

4.5. Special Categories

Processing of special categories of personal data is strictly prohibited.


5. Location of the Personal Data Database

The databases are located on secure servers within the jurisdiction of Ukraine. Remote access for international data processors is granted strictly under data processing agreements.


6. Conditions for Disclosure to Third Parties

Personal data may be disclosed only:

  • To authorized public authorities (on legal grounds);

  • To contractors or partners with signed data processing agreements;

  • Upon the data subject’s prior written consent.


7. Data Protection Measures

7.1. Protection Methods

  • Data encryption, access control, and firewalls;

  • Secure password policies and user authentication;

  • Regular system audits and software updates.

7.2. Responsible Person

A designated responsible person is appointed to ensure compliance with data protection laws.

7.3. Staff Access

Only employees whose duties require data processing may access personal data, following training and NDAs.

7.4. Storage Duration

Personal data shall be stored for no longer than necessary to fulfill processing purposes or as required by law.


8. Rights of the Data Subject

The data subject has the right to:

  • Access, correct, update, or delete personal data;

  • Withdraw consent at any time;

  • Restrict or object to processing;

  • Lodge a complaint with a supervisory authority.


9. Handling Data Subject Requests

All requests shall be submitted in writing to the Seller's contact details provided on the website. Requests will be processed within 30 calendar days unless otherwise stipulated by law.


10. State Registration of the Personal Data Database

The database is registered in the State Register of Personal Data Databases in accordance with Ukrainian legislation.