Dear customers! Due to the large number of parcels, the delivery time may be extended by several days. Thank you for your understanding and sorry for the inconvenience.
Dear customers! Due to the large number of parcels, the delivery time may be extended by several days. Thank you for your understanding and sorry for the inconvenience.

Regulations on the processing and protection of personal data

PRIVACY POLICY

Of

Website

prof1group.ua

 

The authority of prof1group website takes a number of organizational and technical measures to reliably protect the provided personal data from unauthorized access by third parties.

The protection of personal data, which were granted by clients of our website, regulated by the Law of Ukraine "On Personal Data Protection" № 2297-VI of 01.06.2010.

 

Meaning

1. General concepts and scope.

2. List of personal databases.

3. The purpose of personal data processing.

4. Procedure for processing personal data: obtaining consent, notification of rights and actions with personal data of the personal data subject.

5. Location of the personal database.

6. Terms of disclosure of personal data to third parties.

7. Protection of personal data: methods of protection, responsible person, employees who directly process and / or have access to personal data in connection by the performance of their official duties, the period of storage of personal data.

8. Rights of the personal data subject.

9. Procedure for working with personal data subject requests.

10. Deletion or destruction of personal data.

 

1. General concepts and scope.

1.1 This Provision provide general demands of organizational and technical measures for the processing and protection of personal data in the Limited Liability Company  “STANDART-AV TORG” (herinafter - LLC “STANDART-AV TORG”), which is the owner of prof1group.ua  website, to process and provide protection against accidental loss or destruction, illegal processing, including illegal destruction or access to personal data of customers of the website prof1group.ua and during the tasks performance of  LLC “STANDART-AV TORG” employees.
1.2 The Provision is mandatory for responsible persons and LLC “STANDART-AV TORG” employees, who directly process and / or have access to personal data in view of the performance of their official duties and are acquainted with this Provision under their signature
1.3 The terms in this Provision are used in the following meanings:

- The personal database - named set of organized personal data of prof1group.ua website clients in electronic form and / or in the form of personal data files;

- The responsible person – defined employee of LLC “STANDART-AV TORG” who organizes work related to the protection of personal data during their processing, according to the law;

- The owner of personal data (personal database) - LLC “STANDART-AV TORG” which taken the rights for personal data processing by prof1group.ua website client’s approval and which confirms the purpose of personal data processing in the database, establishes the composition of these data and the procedures for their processing, unless otherwise provided by law;

- Generally accessible sources of personal data - directories, address books, registers, lists, catalogs, other systematized collections of open information that contain personal data posted and published with the knowledge of the personal data subject. Social networks and Internet resources in which personal data subjects leave their personal data (except when the personal data subject explicitly states that personal data is posted for the purpose of their free distribution and use);

- The agreement of personal data subject - any documented, voluntary expression of will of the prof1group.ua website client (provided when informed) to grant permission to process his personal data in accordance with the stated purpose of their processing, which is expressed in a paper or electronic document, with mandatory details that allows to identify this document and the client, which is certified by the electronic signature of the client, or a mark affixed by the client on the electronic page of the document or in an electronic file processed in the information system based on documented software and hardware solutions. Such consent of the personal data subject is also given during his registration on the website of the online store prof1group.ua by marking the granting of permission to process his personal data in accordance with the stated purpose of their processing, and this system does not create opportunities for processing of personal data until the moment of marking;

- Depersonalization of personal data - removal of information that allows to identify the prof1group.ua website client;

- The processing of personal data - any action or set of actions performed completely or partially in the information (automated) system and / or in the files of personal data of prof1group.ua website client, which are related to the collection, registration, accumulation, storage, adaptation, change, renewal, use and distribution (distribution, sale, transfer), depersonalization, destruction of information about prof1group.ua website client;

- Personal data – information or set of information about prof1group.ua website client, who is identified or could be specifically identified;

- Disposer of the prof1group.ua website client database - a natural or legal person which is given the rights by LLC "O.C.C , as the owner of the personal database, or by the law to process this data. A person who is entrusted by the owner and / or disposer of a personal database with technical work with a personal database without access to the content of personal data is not the disposer of such personal data base;

- The personal data subject - prof1group.ua website client, whose personal data is processed according to the Law of Ukraine "On Personal Data Protection" № 2297-VI of 01.06.2010;

- The third person – any person, except the personal data subject, the owner or disposer of database and The Commissioner of the Verkhovna Rada of Ukraine of Human Rights, who is given personal data by the owner or disposer of the personal data base in accordance with the law;

- The special data categories – personal data about racial or ethnic origin, political, religious or ideological beliefs, membership of political parties and trade unions, and data relating to health or sexual life.

1.4. The owner of the database is given the personal data from the personal data subject during placing by the last order through the online cart of the prof1group.ua website, when placing an order by phone, which are indicated on the website of the prof1group.ua website, or when registering a personal data subject (creation a Personal account) at the specified online store website, as well as when the subject of personal data on this online store website leaves his feedback or request.
1.5. Privacy of personal data of personal data subject is mandatory for personal data owner using with access for this personal data, provided that it are not allowed to be disseminated without the consent of the personal data subject or other legal grounds.
1.6. Using by the visitor of the prof1group.ua website means consent with this Privacy Policy and the conditions of processing personal data of personal data subjects. In case of disagreement with the terms of the Privacy Policy and the terms of personal data processing, the user is obliged to stop using the website of the online store prof1group.ua
1.7. This Privacy Policy and terms of personal data processing relate only prof1group.ua website. prof1group.ua website does not control and is not responsible for the other websites of the third parties, which the personal data subject can visit via the links available on the website of the prof1group.ua website.
1.8. The administration of the owner of the personal database does not verify the accuracy of personal data provided by personal data subjects.
1.9. Personal data subject admits that in order to careless attitude to secure storage of login and password, which gives access for personal data, third parties may gain unauthorized access to the account of the personal data subject, personal and other data.

 

2. List of personal databases.

2.1. The owner of database is the owner of clients’ personal data of prof1group.ua website.

 

3. The purpose of personal data processing.

3.1. The purpose of personal data processing in a database is storage and maintenance of data of personal data subjects, in accordance with Articles 6, 7 of the Law of Ukraine "On Personal Data Protection" № 2297-VI of 01.06.2010.

3.2. The purpose of personal data processing of personal data subject:

- implementation of civil law relations with personal data subjects, settlements for sold goods / services in accordance with the Tax Code of Ukraine, the Law of Ukraine "On Accounting and Financial Reporting in Ukraine";

- sending orders to personal data subjects by postal services and informing personal data subjects by e-mails, messages in messengers, or SMS messages about these orders;

- informing the personal data subject by different messages about new goods / services, special offers, promotions and various events in the prof1group.ua website. The personal data subject can always refuse to receive information messages by following the appropriate link in the e-mail or by calling the Internet department number.

3.3. Depersonalized data of users of the website of the online store prof1group.ua, collected through online statistics services, are used to collect information about the actions of users on the website of the online store prof1group.ua, to improve the quality of this website and its content.

4. Procedure for processing personal data: obtaining consent, notification of rights and actions with personal data of the personal data subject.

4.1. The consent of the personal data subject must be a voluntary expression of the will of the individual to grant permission for the processing of personal data in accordance with the stated purpose of their processing

4.2. The consent of the personal data subject can be provided in the following forms:

- paper document with obligatory requisites, which allows to identify this document and an individual;

- electronic document with obligatory requisites which allows to identify this document and an individual, which is certified by the electronic signature of the personal data subject, or a mark affixed by the personal data subject on the electronic page of the document or in the electronic file processed in the information system on the basis of documented software and hardware solutions;

- registration of the subject of personal data on the website of the prof1group.ua website by marking the granting of permission to process their personal data in accordance with the stated purpose of their processing.

4.3. The consent of the personal data subject provided during the registration of civil relations in accordance with applicable law, or when registering a personal data subject (creation the Personal Account) on the website of the online store prof1group.ua, as well as when leaving on this website feedback or request.

4.4. The personal data subject takes massages about inclusion of his personal data in the database of personal data of clients of the prof1group.ua website, on the rights defined by the Law of Ukraine "On Personal Data Protection" № 2297-VI of 01.06.2010, the purpose of collecting personal data and persons to whom personal data is transferred, during the registration of civil relations in accordance with applicable law, or during the registration of the personal data subject (creation the Personal Account) on the website of the online store prof1group.ua, as well as when left on this website feedback or request.

4.5. The processing of personal data concerning racial or ethnic origin, political, religious or ideological beliefs, membership of political parties and trade unions, and data relating to health or sexual life (special categories of data) is prohibited.

5. Location of the personal database.

5.1. Mentioned in section 2 of this Provision, personal databases are located at the address of the owner of the personal database.

6. Terms of disclosure of personal data to third parties.

6.1. The procedure for access of third parties to the personal data of personal data subjects is determined by the terms of the consent given by the personal data subjects to the owner of the personal data base for the processing of such data, or in accordance with the law.

6.2. Access to personal data is not granted to a third person if a third person refuses to undertake to ensure compliance with the requirements of the Law of Ukraine "On Personal Data Protection"-2297-VI of 01.06.2010 or is unable to provide them.

6.3. The subject of relations related to personal data submits a request for access (hereinafter - the request) to the personal database of clients of the prof1group.ua website to the owner of the specified personal data base.

6.4. The request included:

- Surname, first name and patronymic, place of residence (place of stay) and details of the document certifying the individual who submits the request (for an individual - the applicant);

- name, location of the legal entity submitting the request, position, surname, name and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the powers of the legal entity (for the legal entity - the applicant);

- surname, name and patronymic, as well as other information that allows to identify the natural person in respect of whom the request is made;

- list of personal data requested;

- purpose and / or legal basis for the request.

6.5. The term of studying the request for its approval may not exceed ten working days from the date of its receipt.

Within this term the owner of personal database notifies the person submitting the request that the request will be accomplish or the relevant personal data are not subject to provision, indicating the grounds specified in the relevant regulations.
The request would be accomplish within thirty calendar days from the date of its receipt, unless otherwise provided by law.

6.6. All employees of owner of database are responsible to follow the confidentiality requirements about personal data and information, which is contained in personal database of prof1group.ua website clients.

6.7. The delay of access of third parties to personal data is eligible, if the required data cannot be provided within thirty calendar days from the date of receipt of the request.

6.8. The notification about the delay leads to the third party who submitted the request in writing, explaining the procedure for appealing such a decision.

6.9. The notification about the delay included:

- surname, name and patronymic of the official;

- date of notification ;

- reason of delay;

- the term within the request will be approval.

6.10. Denial of access to personal data is allowed if access to them is prohibited by law.

6.11. The notification about the denial included:

- Surname, name and patronymic of the official, who denies access;

- date of notification;

- reason of denial.

6.12. The decision about delay or denial in access to personal data may be appealed to the Commissioner for Human Rights of the Verkhovna Rada of Ukraine or to a court.

7. Protection of personal data: methods of protection, responsible person, employees who directly process and/or have access to personal data in connection by the performance of their official duties, the period of storage of personal data.

7.1. The owner of personal database prof1group.ua website clients has the system and software and hardware communication tools that prevent that prevent loss, theft, unauthorized destruction, distortion, forgery, copying of information and correspond with the requirements of international and national standards.

7.2. The responsible person of the owner of personal database organizes the work related with protection of personal data within processing, according to the law. The responsible person appointed by the decree of owner of personal database.

Liability of responsible person about the work organization, related with the protection of personal data within processing are indicated in the job description.

7.3. The responsible person is liable for:

• know the legislation of Ukraine in the field of personal data protection;
• develop procedures for accessing personal data of employees in accordance with their professional or official or work responsibilities;
• ensure compliance by the Personal Database Owner's staff with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents governing the Personal Database Owner's activities regarding personal data processing and protection in the personal data base of prof1group.ua customers;
• develop a procedure (procedure) for internal control over compliance with the legislation of Ukraine in the field of personal data protection and internal documents governing the activities of the Owner of personal data processing and protection of personal data in personal databases, which, in particular, should contain rules on frequency such control;

to inform the Owner of the personal data base about the facts of violations by employees of the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regulating the activity of the Personal Database owner regarding personal data processing and protection in the personal database of prof1group.ua customers working day from the moment of detection of such violations;

ensure the storage of documents confirming the granting of personal data subject to the processing of personal data and notification of the specified subject about the rights.

7.4. With intent to perform the duties, the responsible person has the right to:

Take necessary documents, including orders and other administrative documents, which were given by the Owner of personal database, related with the processing of personal data;

Make copies from taken documents, including files, any records stored on local area networks and stand-alone computer systems;

Take part in discussing responsibilities for organizing work which related to the protection of personal data during their processing.

Submit proposals for improving the activities and improving methods, submit comments and options for eliminating the identified shortcomings in the process of personal data processing;

Get declaration about processing of personal data;

Sign and vise documents to the extent of responsibility.

7.5. The employees, which directly carried the processing of personal data and/or personal database have access to personal database in connection with the performance of their official (labor) duties, obligated to obtain the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regarding the processing and protection of personal data in the database of personal data of prof1group.ua website clients.

7.6. The employees which have the access to personal data and/or personal database, including the processing, are obliged not to disclose in any way personal data entrusted to them or which have become known in connection with the performance of professional or official or labor duties. This obligation is effective after they have terminated their personal data activities, except as required by law.

7.7.Persons which have access to personal data and / or to the personal data base, including the processing, in case they violate the requirements of the Law of Ukraine "On Personal Data Protection" № 2297-VI of 01.06.2010, are responsible according to the current legislation of Ukraine.

7.8. The personal data of the personal data subject is kept only for period for the purpose for which data is stored, but in any case storage lasts no longer than specified by the consent of the personal data subject to the storage and processing of data.

8 The personal data subject rights.

8.1. The personal data subject has the rights to:

⁃ know about sources of collecting of personal data and the location of personal database, which storages the personal data of the subject, the purpose and name of database, the location and/or place of residence (stay) of the owner or manager of this database or give appropriate power of attorney to authorized persons to get this information, except as required by law;
 

⁃ Get the information about the conditions of providing access to personal data, in particular the information about third parties, which get the personal data of the subject, which storage in the personal database.
 

⁃ access to personal data of subject, which storage in the personal database.
 

⁃ receive no later than thirty calendar days from the date of receipt of the request, except as provided by law, an answer as to whether personal data is stored in personal database, as well as receive the content of personal data stored.

- make a reasoned request to the owner of the personal database with an objection to the processing of their personal data by the owner and administrator of the specified personal database;

- make a reasoned request to change or destroy their personal data by the owner and administrator of the personal database, if this data is processed illegally or is inaccurate;

- to protect their personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision or late provision, as well as to protect against the provision of information that is inaccurate or discredits the honor, dignity and business reputation of the physical person;

- apply to the Commissioner for Human Rights of the Verkhovna Rada of Ukraine or to the court regarding the protection of personal data rights;

- apply legal assets in case of violation of the legislation on personal data protection;

- make reservations regarding the restriction of the right to process their personal data during the consent;

- withdraw consent to the processing of personal data;

- know the mechanism of automatic processing of personal data;

- protect against an automated decision that has legal consequences for personal data subject.

9. Procedure for working with personal data subject requests.

9.1. The personal data subject has the rights to receive any information about personal data subject from any subject of affairs, relates with personal data, without specifying the purpose of the request, except as provided by law.

9.2. The subject of personal data has access to data, which is free of charge.

9.3. The personal data subject submits a request for access (hereinafter - the request) to personal data to the owner of the personal data base.

The request included:

• surname, name and patronymic, place of residence (location) and details of the identity document of the personal data subject;

• other information that allows to identify the subject of personal data;

• information about the personal data base in respect of which the request is submitted, or information about the owner or administrator of this database;

• list of personal data, which is requested.

9.4. The term of request verification for its approval may not exceed ten working days from the date of its receipt.

9.5. Within this term the owner of personal database informs the personal data subject, that the request will be approval or the relevant personal data are not subject to provision, indicating the grounds specified in the relevant legal act.

9.6. The request could be approved within thirty calendar day from the date of its receipt, unless otherwise provided by law.

10. Deletion or destruction of personal data.

10.1. The personal data is deleted or destroyed in the manner prescribed by law.

10.2. Personal data is subject to deletion or destruction in the case of:

- expiration of the data storage period determined by the consent of the personal data subject to the processing of these data or by law;

- termination of legal relations between the owner of the personal database or the administrator, unless otherwise provided by law;

- issuance of a relevant instruction of the Commissioner of the Verkhovna Rada of Ukraine for Human Rights or officials of the Secretariat of the Commissioner appointed by Commissioner;

- entry into force of a court decision on the deletion or destruction of personal data.

10.3. Personal data collected in violation of the Law of Ukraine "On Personal Data Protection" № 2297-VI of 01.06.2010, are subject to deletion or destruction in the manner prescribed by law.