Policy regarding the processing of personal data «DEV UKRAINE» LLC (hereinafter referred to as the Policy).
CHAPTER 1 GENERAL PROVISIONS
1.1. This Policy defines the activities of «DEV UKRAINE» LIMITED LIABILITY COMPANY, registered at the address: Ukraine, 01001, Kyiv, Sportivna square, building 1-A, tower B, floor 11 (hereinafter referred to as the Company or Personal Data Owner/Personal Data Manager) regarding the processing of personal data.
1.2. This Policy has been developed in pursuance of the requirements of the Law of Ukraine «On Personal Data Protection» dated June 01, 2010 No. 2297-VI (hereinafter referred to as the Law).
1.3. The concepts contained in Article 2 of the Law are used in this Policy with the same meaning.
1.4. The following terms are used in this Policy:
1.4.1. Services — any services, products, programs, events, services of the Company.
1.4.2. Site — website, which URL is https://dev.ua owned by the Company, as well as subdomains of this website.
1.5. This Policy applies to all operations performed by Personal Data Owner/Personal Data Manager with personal data using automation tools or without their use.
1.6. This Policy comes into force from the moment it is published on the Site.
CHAPTER 2 CATEGORIES OF PERSONAL DATA SUBJECTS AND SCOPE OF PERSONAL DATA PROCESSED
2.1. Personal Data Owner/Personal Data Manager processes personal data that may be obtained from the following Personal Data Subject:
2.1.1. members of the Company and affiliates of the Company;
2.1.2. employees of the Company, former employees, candidates for vacant positions;
2.1.3. contractors and customers of the Company who are individuals;
2.1.4. representatives and/or employees of counterparties and clients of the Company who are
2.1.5. legal entities or individual entrepreneurs;
2.1.6. visitors to the Site, Services of the Company;
2.1.7. persons who provided the Company with personal data by subscribing to the newsletter, when sending feedback, comments, by filling out questionnaires during promotional and other events held by the Company;
2.1.8. persons who provided personal data to the Company in another way.
2.2. Personal Data Owner/Personal Data Manager processes the following personal data of the Personal Data Subject:
2.2.1. Identity data includes full name or its parts, username or similar identifier, marital status, title, date and place of birth, nationality, gender, information from identity document (s), employment status and related information, pictures/pictures (including biometric information such as a visual image of the face) or other document (s) Company may request from time to time;
2.2.2. Contact data includes residential address, e-mail address, LinkedIn profile and telephone number;
2.2.3. Economic and appropriateness data includes employment status, work experience;
2.2.4. Technical data includes internet protocol (IP) address, login data, data from cookies, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices Data Processor use to access the Services.
2.2.5. Communication data includes communication between Data Processor and Company, including chats, call recordings and emails, history of requests and views on the Sites and Services of the Company.
2.2.6. Profile data includes username and password, Data Processor’s interests, preferences, feedback and survey responses.
2.2.7. Usage data includes information about how Data Processor get access to the Data Controller’s Services and use it.
2.3. Personal Data Owner/Personal Data Manager ensures that the content and scope of the processed personal data correspond to the stated purposes of processing and, if necessary, takes measures to eliminate their redundancy in relation to the stated purposes of processing.
2.4. Personal Data Owner/Personal Data Manager processes biometric personal data only with the consent of the Personal Data Subject or without consent in other cases provided for by the legislation of Ukraine.
2.5. Personal Data Owner/Personal Data Manager does not process special personal data relating to race, political views, bringing to administrative or criminal liability, except in cases where the Personal Data Subject independently provided such data to Personal Data Owner/Personal Data Manager, or they became known to Personal Data Owner/Personal Data Manager in accordance with the law of Ukraine.
2.6. Personal Data Owner/Personal Data Manager, if necessary, to achieve the purposes of processing, has the right to transfer personal data to third parties in compliance with the requirements of the legislation of Ukraine.
CHAPTER 3 PURPOSE OF COLLECTING PERSONAL DATA
3.1. The Company as a Personal Data Owner may only use clients’ personal data if there is a lawful basis for such use. The most common lawful bases used by the Company are:
3.1.1. consent: in some cases, the Company may process clients’ personal data only if the Company obtain clients’ prior consent;
3.1.2. performance of a contract: the Company will require clients’ personal data to be able to offer the Services in accordance with the contract terms between the Company and clients;
3.1.3. compliance with a legal obligation: due to the nature of the Services the Company provide, the laws applicable to the Company’s activities require to collect and store certain data about clients;
3.1.4. legitimate interests: sometimes the Company rely on legitimate interests to process clients’ data (e.g. to improve the Services) and the Company will do so except where such interests are overridden by clients’ interests or fundamental rights and freedoms.
Below is a table describing how the Company may use clients’ personal data and which of the legal bases are used by the Company to ensure lawful data processing:
Purpose/Activity | Type of data |
Lawful basis for processing
|
To create the account. | Identity data Contact data Technical data |
Performance of a contract when the Company provides the Services to the clients.
|
To verify the identity, carry out checks that the Company is required to conduct by applicable laws and regulations. | Identity data Contact data Screening data Transaction data Risk assessment data Technical data Communication data Financial data |
Compliance with legal obligations under applicable law.
|
To provide customer support | Identity data Contact data Financial data Transaction data Technical data |
Performance of a contract when the Company provides Services to clients.
|
To send a service notifications related to client’s use of the Services | Contact data Communication data |
Performance of a contract when Company provide Services to clients.
|
To record and store communication with clients | Identity data Contact data Communication data |
Compliance with Company’s legal obligations under applicable laws
|
To send to the clients updates and marketing communication as well as to deliver relevant content to the clients, including ads, suggestions, personalised offers and recommendations | Identity data Contact data Financial data Transaction data Technical data Profile data Usage data |
Consent or Company’s legitimate interests to improve the Services
|
To perform data analytics with respect to Company’s Services for improvement purposes | Technical data Usage data |
Company’s legitimate interests to improve the Services
|
To manage and protect Company’s business and website including system maintenance | Identity data Technical data |
Company’s legitimate interests to improve the Services and protect client’s personal data and the Services;
Performance of a contract when Company provide the Services to clients |
To help the Company improve the Services by completing a survey, feedback or review. | Identity data Profile data |
Consent |
CHAPTER 4 BASIC RIGHTS AND OBLIGATIONS OF PERSONAL DATA OWNER/PERSONAL DATA MANAGER AND PERSONAL DATA SUBJECT
4.1. Personal Data Owner/Personal Data Manager has the right to:
4.1.1. receive from the Personal Data Subject reliable information and/or documents containing personal data;
4.1.2. request from the Personal Data Subject information about the relevance and reliability of the provided personal data;
4.1.3. refuse the Personal Data Subject to satisfy the requirements to stop the processing of its personal data and/or delete them if there are grounds for processing provided for by the legislation of Ukraine, including if they are necessary for the stated purposes of their processing.
4.2. Personal Data Owner/Personal Data Manager is obliged to:
4.2.1. process personal data in the manner prescribed by the legislation of Ukraine;
4.2.2. ensure the protection of personal data in the process of their processing;
4.2.3. take measures to ensure the accuracy of the personal data processed by it, make changes to personal data that are incomplete, outdated or inaccurate;
4.2.4. consider statements of the Personal Data Subject on the processing of personal data and give reasoned answers to them;
4.2.5. provide the Personal Data Subject with information about it’s personal data, about their provision to third parties;
4.2.6. stop processing personal data, as well as delete or block them in the absence of grounds for their processing, as well as at the request of the Personal Data Subject;
4.2.7. perform other duties stipulated by the legislation of Ukraine.
4.3. The Personal Data Subject has the right to:
4.3.1. receive information regarding the processing by Personal Data Owner/Personal Data Manager of its personal data;
4.3.2. amend own personal data if the personal data is incomplete, outdated or inaccurate;
4.3.3. withdraw its consent to the processing of personal data;
4.3.4. receive information about the provision of its personal data to third parties;
4.3.5. stop processing its personal data, including its deletion, if there are no grounds for itsr processing;
4.3.6. appeal against the actions/inactions and decisions of Personal Data Owner/Personal Data Manager related to the processing of its personal data to the authorized body for the protection of the rights of Personal Data Subject in the manner prescribed by law;
4.3.7. exercise other rights provided for by the legislation of Ukraine.
4.4. The Personal Data Subject is obliged to:
4.4.1. provide Personal Data Owner/Personal Data Manager with only reliable information about yourself;
4.4.2. provide Personal Data Owner/Personal Data Manager with documents containing personal data to the extent necessary for the purpose of their processing if necessary;
4.4.3. inform Personal Data Owner/Personal Data Manager about changes in their personal data.
4.5. A Personal Data Subject, who has provided Personal Data Owner/Personal Data Manager with incomplete, outdated, inaccurate information about oneself, or information about another Personal Data Subject without the consent of the latter, is liable in accordance with the legislation of Ukraine.
CHAPTER 5 PROCEDURE AND CONDITIONS FOR PROCESSING PERSONAL DATA
5.1. The basis for the processing of personal data is the consent of the Personal Data Subject, with the exception of cases established by the legislation of Ukraine, when the processing of personal data is carried out without obtaining such consent. Until the Company receives consent to the processing of personal data by the Personal Data Subject (agreement with this Policy), the Company does not process the personal data of such Personal Data Subject.
5.2. The consent of the Personal Data Subject is a free, unambiguous, informed expression of its will, through which he authorizes the processing of its personal data. Refusal to give consent to the processing of personal data gives Personal Data Owner/Personal Data Manager the right to refuse the Personal Data Subject to provide access to the Site and Services of the Company.
5.3. The processing of personal data by Personal Data Owner/Personal Data Manager includes the following actions with personal data: collection, systematization, storage, modification, using, depersonalization, blocking, distribution, provision, deletion and other actions, in accordance with the legislation of Ukraine.
5.4. The ways of processing personal data by Personal Data Owner/Personal Data Manager: non-automated processing of personal data; automated processing of personal data with the transfer of the information received via information and telecommunication networks or without such transfer; mixed processing of personal data.
5.5. The storage of personal data is carried out in a form that allows to determine the Personal Data Subject for a period not longer than required by the purposes of processing personal data, except when the period of storage of personal data is established by the legislation of Ukraine, an agreement concluded (concluded) with the Personal Data Subject, in order to perform the actions established by that agreement.
5.6. The condition for terminating the processing of personal data may be the achievement of the goals of processing personal data, the expiration of the period for processing personal data, the withdrawal of the consent of the Personal Data Subject to the processing of its personal data, as well as the identification of unlawful processing of personal data.
5.7. When processing personal data, Personal Data Owner/Personal Data Manager takes the necessary legal, organizational and technical measures to ensure the protection of personal data from unauthorized or accidental access to them, modification, blocking, copying, distribution, provision, deletion of personal data, as well as from other illegal actions in relation to personal data.
CHAPTER 6 MECHANISM FOR EXERCISING THE RIGHTS OF THE PERSONAL DATA SUBJECT
6.1. A Personal Data Subject has the right to withdraw its consent to the processing of its personal data by submitting a written application to Personal Data Owner/Personal Data Manager in the following order:
6.1.1. To verify the fact that the Personal Data Subject is indeed the owner of an account on the Company’s Services, he is obliged to send from the its email address to which the account in the Company’s Services is registered a scanned application (or photo) to withdraw consent to the processing of its personal data;
6.1.2. The Personal Data Subject sends an application in writing form, by registered mail. Also, a Personal Data Subject has the right to submit an application in the form of an electronic document. The application must contain:
6.1.2.1. first name, last name (patronymic is necessary) of the Personal Data Subject;
6.1.2.2. address of the place of residence (place of stay);
6.1.2.3. statement of the essence of the requirement;
6.1.2.4. personal signature or electronic digital signature.
6.1.3. Personal Data Owner/Personal Data Manager, within 15 days after receiving the application from a Personal Data Subject, stops processing its personal data (if there are no grounds for processing, in accordance with the legislation of Ukraine), deletes them, if there is no technical possibility of deletion, takes measures to prevent further processing of personal data, including their blocking, and notifies about it the Personal Data Subject within the same period.
6.2. The Personal Data Subject has the right to obtain information from Personal Data Owner/Personal Data Manager regarding the processing of its personal data by submitting an application to Personal Data Owner/Personal Data Manager in the manner provided for in clause 6.1. of this Policy. Personal Data Owner/Personal Data Manager within 5 working days after receiving the application from Personal Data Subject:
6.2.1. provides the Personal Data Subject with relevant information;
6.2.2. notifies the Personal Data Subject about the reasons for refusal to provide such information.
6.3. The Personal Data Subject has the right to require from Personal Data Owner/Personal Data Manager to make changes to their personal data if they are incomplete, outdated or inaccurate, by submitting an application to Personal Data Owner/Personal Data Manager in the manner provided for in clause 6.l of this Policy, with documents attached (duly certified copies) confirming the need for such changes. Personal Data Owner/Personal Data Manager, within 15 days after receiving the application, makes changes to personal data and notifies the Personal Data Subject about it or notifies the reasons for refusal to make changes.
6.4. The Personal Data Subject has the right to receive information from Personal Data Owner/Personal Data Manager about the provision of its personal data to third parties once a calendar year free of charge, by submitting an application to Personal Data Owner/Personal Data Manager in the manner provided for in clause 6.l of this Policy. Personal Data Owner/Personal Data Manager, within 15 days after receiving the application, provides the Personal Data Subject with information about what personal data of this Personal Data Subject and to whom were provided during the year preceding the date of filing the application, or notifies it of the reasons for refusing to provide such information.
6.5. The Personal Data Subject has the right to demand from Personal Data Owner/Personal Data Manager to stop processing its personal data, including their deletion, in the absence of grounds for processing, by submitting an application to Personal Data Owner/Personal Data Manager in the manner provided for in clause 6.1 of this Policy. Personal Data Owner/Personal Data Manager, within 15 days after receiving the application, stops processing personal data (if there are no grounds for processing, in accordance with the law), deletes them, if there is no technical possibility of deletion, takes measures to prevent further processing of personal data, including their blocking, and notifies the Personal Data Subject within the same period.
CHAPTER 7 CROSS-BORDER DATA TRANSFER
7.1. The Company carries out cross-border transfer of personal data exclusively for newsletters. The mechanism for opting out of receiving such mailings is provided in the profile of the personal account of the Personal Data Subject on the website of the Company’s Services or in the letter of the mailing itself.
7.2. According to part 1-2 of Article 24 of the Law, Personal Data Owner/Personal Data Managers, managers and third parties are obliged to ensure this data protection from accidental loss or destruction, from illegal processing, including illegal destruction or access to personal data. Structural unit or individual in charge organising work related to the personal data protection during processing, shall be established (determined) in state and local authorities, as well as in Personal Data Owner/Personal Data Managers or managers that process personal data subject to notification in accordance with this Law. Information on the specified structural union or individual in charge shall be reported to the Authorised Human Rights Representative of the Verkhovna Rada of Ukraine, who shall ensure its publication.
7.3. By agreeing to this Policy, the Personal Data Subject gives their consent to the implementation of cross-border transfer of personal data.
CHAPTER 8 FINAL PROVISIONS
8.1. Issues related to the processing of personal data that are not enshrined in this Policy are governed by the legislation of Ukraine.
8.2. In case that any provision of the Policy is found to be contrary to the law, the remaining provisions corresponding to the law will remain in force and effect, and any invalid provision will be considered removed/modified to the extent necessary to ensure its compliance with the law.
8.3. Personal Data Owner/Personal Data Manager has the right, at its discretion, to change and (or) supplement the terms of this Policy without prior and (or) subsequent notification of the Personal Data Subject. The current version of the Policy is permanently available at: https://dev.ua/pages/privacy-policy.
8.4. Communication with the representative of the Company on any issues is carried out via e-mail [email protected].