Personal Data Processing Policy
This document contains a description of the purposes, sources and methods of collecting and using information received on the website from Users, as well as measures to ensure the safety of personal data and the confidentiality of Users.
1. General Provisions
This Policy is pursued by RogovStudio (hereinafter referred to as the "Organization") in relation to the processing and protection of personal data (hereinafter referred to as this Policy) for individuals (personal data subjects) based on the Law of Ukraine "On the Protection of Personal Data" and other regulatory acts of Ukraine.
The policy applies to all personal data (entities) that may be received by the Organization in the course of business, including employees and customers of the Organization.
The purpose of the Policy is to bring to the persons providing their personal data the necessary information to evaluate which personal data and for what purposes are processed by the Organization, what methods of ensuring their security are implemented.
The policy protects the rights and freedoms of entities when processing their personal data using automation tools or without the use of such tools, and also establishes the responsibility of persons who have access to personal data for failure to comply with the requirements governing the processing and protection of personal data.
Clients, using the services of the Organization, having informed the Organization of their personal data, including through third parties, acknowledge their consent to the processing of personal data in accordance with this Policy.
Consent to the processing of personal data may be revoked by the subject of personal data. In case of withdrawal by the subject of personal data of consent to the processing of personal data, the operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified by applicable law.
2. The concept and composition of personal data
For the purposes of this Policy, personal data refers to any information relating directly or indirectly to a specific or determinable natural person (subject of personal data)
Depending on the subject of personal data, the Organization, in order to carry out its activities and to fulfill its obligations, may process personal data of the following categories of entities: Client data - information necessary for the Organization to fulfill its obligations under contractual relations with the Client and to fulfill the requirements of Ukrainian legislation. Customer's personal data provided during registration on the website, including when the Customer orders.
3. The grounds and objectives of the processing of personal data
The organization processes personal data to carry out activities, realize its legitimate interests and requirements. The purposes of processing personal data are dictated by the need: to carry out the functions assigned to the Organization by the legislation of Ukraine in accordance with the Law "On the Protection of Personal Data", other laws and regulatory legal acts of Ukraine, as well as the Charter and regulatory acts of the Organization;
The organization collects and stores the personal data of the Client necessary for the provision of services, the execution of agreements and contracts, the fulfillment of obligations to the Client.
The organization may use the personal data of the Client for the following purposes:
identification of a party under contracts with the Company;
communication with the Client, if necessary, including sending proposals, notifications, information and requests, both related and not related to the provision of services, as well as processing applications, requests and applications of the Client;
improving the quality of services provided by the Company; 4. Terms for processing personal data
The terms for processing personal data are determined based on the purposes of processing in the information systems of the Organization, in accordance with the term of the public offer agreement, the limitation period, as well as other requirements of the legislation and regulatory documents of the Organization.
5. The circle of persons admitted to the processing of personal data
In order to achieve the objectives of Article 3 of this Policy, only those employees of the Organization who are assigned such an obligation in accordance with their official (labor) duties are allowed to process personal data. Access to other employees may be granted only in cases prescribed by law. The organization requires its employees to maintain confidentiality and ensure the security of personal data when processing it.
The organization has the right to transfer personal data to third parties in the following cases:
The personal data subject has expressly agreed to such actions;
The transfer is provided for by Ukrainian or other applicable legislation within the framework of the procedure established by law;
The transfer takes place as part of a sale or other transfer of business (in whole or in part). Moreover, to the acquirer per all obligations to comply with the terms of this Policy apply to the data received by him. 6. Personal data processing methods
In the process of providing services, in the implementation of on-farm activities, the Organization uses automated, using computer technology, and non-automated, using paper workflow, processing of personal data.
Decisions that give rise to legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests, based on exclusively automated processing of personal data by the Organization, are not made.
7. Implementation of personal data protection
The activities of the Organization for the processing of personal data in information systems are inextricably linked with the protection of the confidentiality of information received by the Organization. All employees of the Organization are required to ensure the confidentiality of personal data, as well as other information established by the Organization, if this does not contradict the current legislation of Ukraine.
The security of personal data during their processing in the Organization's information systems is ensured by the information security system, which includes: organizational measures using physical access restrictions to the premises, application of software and hardware security measures (including encryption (cryptographic) means, means of preventing unauthorized access, and software and hardware impact on the technical means of processing personal data.
The exchange of personal data during their processing in information systems is carried out through communication channels protected by technical means of information protection.
When processing personal data in the information systems of the Organization are provided:
carrying out activities aimed at preventing unauthorized access to personal data and (or) transferring them to persons who do not have access to such information;
timely detection of unauthorized access to personal data;
avoidance of impact on technical means of automated processing of personal data, as a result of which their functioning may be impaired;
the ability to immediately restore personal data modified and destroyed due to unauthorized access to them;
continuous monitoring of the level of personal data security