PERSONAL DATA PROCESSING AND PROTECTION POLICY
1. General Provisions
1.1. This Policy (hereinafter referred to as the Policy) is developed in accordance with the Law of Ukraine No. 2297-VI dated 1 June 2010 “On Personal Data Protection” and other regulations (hereinafter the Law) and is an internal document of AVRORA TM (hereinafter the Operator), which identifies key areas of its activities in the field of processing and protection of personal data.
1.2. The Policy is designed to implement the requirements of Ukrainian legislation in protection and processing of personal data and aims to protect the fundamental rights and freedoms of an individual and a citizen, including the right to privacy in connection with the processing of personal data.
1.3. The Operator’s personal data processing policy applies to all information that the Operator may receive about visitors of the website https://avrora.ua/.
2. Terms and Definitions
2.1. Personal data base shall mean a titled set of organised personal data in electronic form and/or in the form of personal data files,
2.2 Personal data owner shall mean an individual or a legal entity that determines the purpose of personal data processing, establishes the composition of these data and the procedures for their processing, unless otherwise provided by the law,
2.3. Consent of the personal data subject shall mean the (informed) voluntary expression of the will of an individual to grant permission to process their personal data in accordance with the stated purpose of processing thereof, expressed in writing or in a form that allows to conclude provision of consent. In e-commerce, the consent of the personal data subject may be given during signing up in a telecommunication system of the e-commerce subject by ticking the permission to process their personal data in accordance with the stated purpose of processing thereof, provided that such system does not create opportunities for personal data processing until the moment of ticking,
2.4. Anonymisation of personal data shall mean the removal of information that allows direct or indirect identification of a person,
2.5. Customer file shall mean any structured personal data available according to certain criteria, regardless of whether such data are centralised, decentralised or divided based on functional or geographical principles,
2.6. Processing of personal data shall mean any action or set of actions, such as collection, registration, accumulation, storage, adaptation, modification, renewal, use and distribution (distribution, sale, transfer), anonymisation, destruction of personal data, including the use of IT (automated) systems,
2.7. Recipient shall mean a natural or a legal person to whom personal data is provided, including a third party,
2.8. Personal data shall mean information or a set of data about an individual who is identified or can be specifically identified,
2.9. Personal data controller shall mean a natural or a legal person who is the owner of personal data or is authorised to process this data on behalf of the owner under the law,
2.10. Personal data subject shall mean a natural person whose personal data are processed,
2.11. Third party shall mean any person, except for the personal data subject, owner or controller and the Commissioner for Human Rights of the Verkhovna Rada of Ukraine, to whom the personal data owner or controller transfers personal data.
2.12. Website shall mean a set of graphic and information materials, as well as computer software and databases that ensure their admissibility on the Internet at the web address http://avrora.ua/.
2.13. User shall mean any visitor of the website http://avrora.ua/.
2.14. Operator shall mean a state body, legal or natural person who independently or jointly with other persons organises and carries out personal data processing, as well as determines the purposes of personal data processing, the composition of personal data to be processed, actions (operations) carried out with personal data.
2.15. Cookie shall mean a text file or files containing a small amount of information sent to a browser and stored on the user’s device. Such devices include a computer, mobile phone or other device through which the user visits the Website. Cookies can be perpetual (so-called persistent cookies) and stored on the computer until the user deletes them, or temporary (such cookies are called session cookies), i.e., stored only until the browser is closed. In addition, there are primary cookies (they are set directly by the website visited) and third-party cookies (set by other websites).
3. Objectives and Basic Terms of Personal Data Processing
3.1. The Operator processes personal data in order to:
- Enter into and execute agreements,
- Notify the users (including potential users) of the Operator’s services about the services provided, discounts, promotions and other activities of the Operator, about changes in the services and operation of the Operator,
- Conduct surveys to improve the quality of services,
- Improve the quality of customer service (including potential), the services of the Operator,
- Train and promote career growth of its employees, accounting for the results of employees’ performance of their official duties, provision of the employees with working conditions, guarantees and compensations established by the legislation of Ukraine, ensuring fulfilment of contractual agreements with employees, fulfilment of social obligations to employees,
- For other purposes stipulated by the internal regulatory documents of the Operator and the current legislation of Ukraine.
3.2. The Operator processes personal data in compliance with the requirements of the Law, namely:
- The objective of personal data processing shall be formulated in laws, other regulations, provisions, constituent or other documents governing the activities of the owner of the personal data base, and comply with the legislation of Ukraine on personal data protection,
- Personal data shall be accurate, reliable and updated if necessary,
- The scope and content of personal data shall be appropriate and not excessive in relation to the specific purpose of their processing,
- The amount of personal data that may be included in the personal data base is determined by the conditions of consent of the personal data subject or in accordance with the law,
- Personal data shall be processed for specific and lawful purposes determined with the consent of the personal data subject, or, in cases provided by the laws of Ukraine, in the manner prescribed by law,
- The data on an individual shall not be processed without their consent, except in cases specified by the law, and only in the interests of national security, economic well-being, and human rights,
- If the processing of personal data is necessary to protect the important interests of the data subject, the personal data may be processed without their consent until the consent can be obtained,
- Personal data shall be processed in a form that allows the identification of the individual to whom they relate, within a period not exceeding that required by their lawful purposes.
3.3. Personal data may be processed by means of computer technology (automated processing) or with the direct participation of a person without the use of computer technology (non-automated processing).
3.4. When processing personal data, the Operator shall provide the necessary conditions for the unimpeded implementation by the subject of personal data of their personal non-property rights to their personal data. Personal data of a natural person with limited civil capacity or declared incapable shall be controlled by their legal representative.
3.5. The Operator is not liable for the accuracy and correctness of the information provided by personal data subjects, visitors/users of the website http://avrora.ua/.
4. Personal Data Protection
4.1. The main objective of ensuring the security of personal data during their processing by the Operator is to preserve their integrity and protect the data from illegal processing, as well as from illegal access thereto.
4.2. The Operator shall ensure protection of personal data in the personal data base by using the IT functionality implemented in the information systems of the Operator as well as other systems and means of protection available to the Operator.
4.3. Protection of personal data shall be provided at all stages of their processing and in all modes of operation of personal data processing systems, including repair and routine work.
4.4. The employees of the Operator are responsible for ensuring the security of personal data within the scope of their duties related to the processing and protection of personal data. The access to personal data is provided to the Operator’s employees only to the extent necessary for the performance of their official duties.
4.5. The measures to ensure the security of personal data shall be implemented by employees who have the necessary qualifications and experience. The level of measures for the protection of personal data is determined by the current level of development of information technology and information security.
4.6. The Operator’s Personnel Policy provides for careful selection of staff and motivation of employees, which eliminates or minimises the possibility of violation of the security of personal data.
5. Types of User Data Processed by the Operator
5.1. Full name,
5.2. Email address,
5.3. Phone number,
5.4. Year, month, date and place of birth,
5.5. Details of an identity document,
5.6. Taxpayer’s identification number, date of its registration, details of the certificate of registration with the tax authority,
5.7. Address of actual place of residence and registration at the place of residence or at the place of stay,
5.8. Information on education, occupation, job and qualifications, details of documents on education,
5.9. Information on marital status and family composition,
5.10. Property information,
5.11. Debt information,
5.12. Information on employment history and duration of employment, military service, registration for military service,
5.13. The website also collects and processes impersonal data about visitors (including cookies) using Internet statistics services (Yandex Metrics and Google Analytics, etc.).
6. Legal Grounds for Personal Data Processing
6.1. The Operator processes User’s personal data only in case of their filling and sending by the User independently through the special forms located on the website http://avrora.ua/. By filling in the respective forms and sending their personal data to the Operator, the User agrees with this Policy.
7. Procedure for Collection, Storage, Transfer and Other Types of Personal Data Processing
7.1. The security of personal data processed by the Operator is ensured by implementing the legal, organisational and technical measures necessary to fully comply with the requirements of current personal data protection legislation.
7.2. The Operator shall ensure the preservation of personal data and use best efforts to prevent any access to personal data of unauthorised persons.
7.3. Under no circumstances shall the User’s personal data be transferred to third parties, except in cases related to the implementation of the applicable law.
7.4. In case of inaccuracies in personal data, the User may update them independently by sending an email to the relevant Operator to the e-mail address of the Operator at [email protected] titled “Personal data update”.
7.5. The processing time of personal data is unlimited. The User may at any time withdraw their consent to the processing of their personal data by sending an email to the Operator to the e-mail address of the Operator at [email protected] titled “Withdrawal of consent to the processing of personal data”.
8.1. Cookies are used:
- When the user visits the website repeatedly, the cookies data are updated,
- In most cases, browsers allow automatic storage of cookies on the user’s device by default,
- Disabling cookies may restrict access to published materials or cause incorrect operation of the website’s services.
8.3. The Operator uses the following categories of cookies:
- Strictly necessary cookies, i.e. cookies required for user’s navigation on the web-page, search on the website, keeping record of the user’s previous actions when going back to the previous page in the same session.
- Operational cookies, i.e. aggregate information about the ways the website is used. These data are stored on the user’s device between browser sessions. The data can include the following metrics: Time spent on the website, the most frequently visited pages, understanding which sections and services of the website were most interesting for the user, effectiveness of a certain advertising or marketing campaign, etc. All information collected through operational cookies is intended for statistical and analytical purposes. Some cookie data may be provided to third parties that have permission from the website and only for the above purposes.
- Functional cookies, i.e. cookies used to store settings or configurations kept on the user’s device between browser sessions. These cookies also allow the users to watch videos, take part in interactions (polls, voting) and interact with social media. To improve the experience after visiting the resource, these cookies remember the information provided by the user, increasing the efficiency of interaction with the website.
- Target cookies, i.e. cookies used to provide content that may be of interest to the user. These data are stored on the user’s device between browser sessions. The data can include the following metrics: tracking of the recommended text, graphics, audio and video content to avoid repeats, managing targeted advertising, evaluating the effectiveness of advertising campaigns, information about user visits to other resources during transitions, and other website settings. The website may share this information with other parties, including media customers, advertisers, agencies and related business partners, in order to provide quality targeted advertising.
- Cookies of third-party services and analytics services.
8.4. Cookie management:
Major browsers (listed below) are set to automatically accept cookies. To disable them, use the Help option in your browser. To open Help, use the menu or press F1.
Microsoft Edge: https://privacy.microsoft.com/ru-ru/privacystatement
Mozilla Firefox: https://www.mozilla.org/ru/privacy/websites/#cookies
Google Chrome: https://support.google.com/chrome/answer/95647?hl=ru
Safari for macOS: https://support.apple.com/kb/PH21411?locale=en_US
8.5. The configuration settings for cookies for mobile browsers may vary. Note that proper operation of all the functions of the website requires using cookies. Disabling cookies may restrict access to the content and cause incorrect operation of the website’s services. User information obtained through cookies is not sold or distributed publicly, and is owned by the company owning the resource.
9. Rights of the Personal Data Subject
9.1. Every individual’s personal inalienable rights to personal data are inalienable and inviolable.
9.2. The personal data subject is entitled to:
- Know about the sources of collection, location of their personal data, the purpose of their processing, location or place of residence (stay) of the personal data owner or controller, or entrust obtaining this information to authorised persons, except as provided by law,
- Receive information on the conditions for granting access to personal data, including information on third parties to whom their personal data are transferred,
- Have access to their personal data,
- No later than within thirty calendar days upon receipt of the request, except as provided by law, receive an answer as to whether their personal data are processed, as well as receive the content of the personal data,
- Make a reasoned request to the owner of personal data with an objection to the processing of their personal data,
- Make a reasoned request to change or destroy their personal data by any owner and controller of personal data if such data are processed illegally or are inaccurate,
- Protect their personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision or late provision, as well as protect against the provision of information that is inaccurate or discredits the honour, dignity and business reputation of an individual,
- File complaints regarding the processing of their personal data with the Commissioner or the court,
- Apply legal remedies in case of violation of the legislation on personal data protection,
- Make reservations regarding the restriction of the right to process their personal data during the consent,
- Withdraw consent to the processing of personal data.
10. Final Provisions
10.1. This Policy is published by the Operator on the Operator’s website.
10.2. This Policy may be changed by the Operator unilaterally without notifying personal data subjects, visitors and users of the website. The new version of the Policy is immediately published on the Operator’s website.
10.3. Signing up of the personal data subject, visitor and user on the Operator’s website or filling in the feedback form, as well as other use of the website shall be the confirmation of reading the provisions of this Policy and unconditional acceptance of its terms and conditions.
10.4. In case of questions and complaints, the subject of personal data, visitor or user of the website can contact the Operator by phone +38 (067) 872-92-92, e-mail in[email protected] or any other way available and convenient for them.