Regulations on the processing data | Krilov. Art of Autographs

Regulations on the processing and protection of personal data

Content


General concepts and scope of application.

Composition and content of personal data

The purpose, limits and terms of personal data processing

Location of personal data.

Terms of disclosure of information about personal data to third parties.

Protection of personal data.

Rights of the User (subject of personal data).

The procedure for dealing with requests from subjects of personal data (Users).

Amendments to the Regulation.

1. General provisions and scope of application.


1.1. This Regulation on the processing and protection of personal data (hereinafter - the "Regulation") was developed for www.krilov-art.com in accordance with the current legislation of Ukraine, including, but not limited to, the Law of Ukraine "On the Protection of Personal Data" dated June 1 No. 2297-VI of 2010 and establishes the procedure for receiving, collecting, accumulating, storing, processing, using, ensuring protection and disclosure of personal data (hereinafter - "Data" and/or "Personal Data") using the website: a-of -a.com (hereinafter referred to as the "Site") and/or related services and tools.


1.2. By registering on the krilov-art.com website and starting to use the online store, or when trying to place an order without prior registration, the User (Buyer) gives permission and unambiguous consent to the processing of his personal data under the conditions and in the order set forth below, and also confirms familiarization with this Regulation, its acceptance and agreement with its content.


1.3. Under the Online platform a-of-a.com in this Regulation, the Site is also used as "Online store" and/or "Online platform a-of-a.com" and/or "Online platform" .


1.4. The User (Buyer, consumer) in these Regulations means any natural and/or legal entity that has access to the Online Store and uses its functionality and services.


1.5. The owner of the Users' personal data is the website www.krilov-art.com


1.6. In this Regulation, all terms are used in the meaning defined in the Law of Ukraine "On the Protection of Personal Data" dated June 1, 2010 No. 2297-VI.


1.7. The Site may contain links to other websites (exclusively for informational purposes). If you link to other websites, these Terms will not apply to those websites. In this regard, the Company recommends that you familiarize yourself with the privacy and personal data policy of each site before submitting personal data by which you can be identified.



1.8. This Regulation is mandatory for application by the responsible person and employees of the Internet store who directly process and/or have access to personal data in connection with the performance of their official duties.

2. Composition and content of personal data.


2.1. Data means any information directly or indirectly related to a specific User. This can be: first name, last name, patronymic (if available), phone number, e-mail address, date of birth, presence of children, gender, hobbies, presence of pets, presence of a car and its VIN number, language of communication, address of the place of residence/stay/delivery, information about the User's actions while using the Online Store, IP address, data about the device used by the User (device type, browser type, device operating system), message history (information contained in correspondence between the User with the administration of the online store or with third-party sellers of the marketplace), the history of reviews or comments, other information through which communication is carried out and which, at the request of the User, is provided by him in the registration form and/or when filling out his own profile in the online store , when completing a survey (by filling out a questionnaire or in another way), or information received during oral communication between the User and the Site administration, information provided when making a payment in the online store (including when purchasing goods and/or services that are offered in the online store on credit/payment in installments. In particular: information regarding the User's passport data, identification code, etc.). This list of personal data is not permanent and mandatory for all Users, but depends on the needs and wishes of the User himself and on the operations he/she performs in the online store. Data also means other information obtained by the Online Store on legal grounds from third parties and/or available from the User's profiles in social networks - in the case of registration in the Online Store using social network authentication services. In this case, the User gives his consent to the processing of information available from the relevant accounts (profiles) in social networks.


2.2. Users are responsible for all information they post to public accounts. The user must understand all the risks associated with the fact that he publishes the address or information about the exact place of his location. If the User decides to enter the Online Platform using the authentication service of a third-party operator, such as Facebook information, the Company may receive an additional profile or other information to which access is provided by such a third party.

3. Purpose, limits and terms of personal data processing.


3.1. The purpose of personal data processing is:


- ensuring the implementation of civil and legal relations, economic and tax relations, implementation of the functions, powers and duties assigned to the Company in accordance with the current legislation of Ukraine;


- identification of the client as a User of the Internet store, for communication with the User, including for the provision of services, payment processing, shipping, settlement operations, reporting, accounting and management accounting, creation and implementation of bonus programs, loyalty programs, sending mailings by mail, e-mail, by phone number, including for the purpose of sending commercial offers, notifications about promotions and news of the Internet store, and/or to provide Users of the Internet store with financial services (provided by third parties and/or partners of the Company) , with the aim of improving the quality of goods/providing services, forming ratings of goods and offers of the Internet store, analyzing the activity of Users, conducting keyword searches, managing traffic in the Internet store, analyzing and forecasting the preferences and interests of Users in order to form the most relevant and profitable personal offers or promotional offers; conducting research and analytical activities, sending informational and marketing newsletters (news, company promotions, information about promotions, promotional codes and discounts, personal recommendations, personal discounts and offers), which contain information about goods and/or services, advertising and commercial offers regarding such goods and/or services, etc.;


- for the purpose of sending newsletters, commercial offers, notifications about promotions, loyalty programs, bonus programs and/or for the purpose of sending messages about the functioning of the online store by mail, e-mail, by phone number, by sending informational messages. The user can at any time refuse to receive informational and marketing newsletters - through the appropriate settings on the Site (krilov-art.com).;


- in order to fulfill other obligations imposed by law on the Owner of personal data, to protect the legal interests of the owner of personal data or a third party to whom personal data is transferred.


3.2. The company does not process data related to race, nationality, political views, religious and other beliefs, membership in public organizations. Information that characterizes the physiological characteristics of Users, on the basis of which it is possible to establish their identity, is also not processed.


3.3 The processing of personal data is limited to the collection of the minimum amount of mandatory information necessary exclusively to fulfill the User's request. In any case, when non-mandatory information is requested, the User shall be informed of this at the time of collection of such information. Non-mandatory information is provided by the User at his own will and at his own discretion. The Company uses this information for the purposes of improving the Online platform, its services, offering the User offers, depending on their preferences and based on optional information provided by the User.


3.4. Data processing and storage terms are determined based on the purposes of Data processing, as well as based on the conditions specified in the contracts concluded with Users in accordance with the requirements of the current legislation of Ukraine. Personal data is processed and stored for as long as necessary to achieve the purposes for which it was collected, including to fulfill any legal, accounting or reporting requirements or until the data is deleted by the User or at the request of the User.


3.5. Users can at any time change/delete personal information or refuse to receive messages, or withdraw consent to Data processing. This can be done in your Personal account or by sending a message to the e-mail address: cab@rozetka.com.ua with a note in the subject of the letter "Personal data". Deletion of the account (account) at the initiative of the User takes place in the order specified in the User Agreement and in the Terms of Use of the Site: krilov-art.com


3.6. In case of inactivity in the User's account for a period exceeding 5 (five) years, the Company reserves the right to delete the User's account, including all personal data stored in the account, which means that you will no longer be able to access it and use it.

4. Location of personal data.


4.1. Personal data of Users of the Online Store are processed and protected on secure a-of-a.com servers.

5. Terms of disclosure of personal data to third parties


5.1. The Company may exchange Data with affiliates of the Company (companies operating on the basis of joint ownership), who may process and use the Data for the purpose specified in this Regulation.


5.2. Disclosure of Data occurs when the User orders goods/services in the online store from sellers of such goods and services in the amount necessary for identification of the User, execution and processing of the User's order (including for the purpose of properly making payments for goods/services, ensuring that the User receives financial services, etc.).


5.3. The Company may engage third-party suppliers of goods/services to fulfill the order, in such cases, such third-party suppliers of goods/services are not authorized to use personal data received through the Online Platform, other than to fulfill the Order.


5.4. The Company may transfer certain depersonalized information, as well as authorize the collection of such depersonalized information directly on the Internet site using appropriate technologies (data that do not allow identifying Users individually) to third-party service providers, trusted partners or authorized researchers for the purpose of conducting market research, improving the effectiveness of advertising offers and campaigns (by offering more relevant online store offers), analytical activities, better understanding of which advertising, goods and/or services may interest Users, improving the overall quality and efficiency of goods/services on the Online Platform, etc.


5.5. The Company may also exchange Data with suppliers of goods/services during contests, promotions, and promotions on the Online Platform in order to properly ensure the conduct of such contests, promotions, and promotions. In this case, the Data is used and can be transferred to third parties for the purposes and for the purpose of conducting such contests, promotions and promotions, determining the winner. In the event of a win/victory, if contests, promotions and promotions are conducted by suppliers of goods/services, such suppliers of goods/services may independently contact Users regarding contests, promotions and promotions, determination of winners, registration of winnings, etc.


5.6. The Company processes Data on a legal and fair basis: Data is not disclosed to third parties and is not distributed without the User's consent, with the exception of cases provided for by the current legislation of Ukraine and only in the interests of national security, economic well-being and human rights, in particular, but not exclusively: - for justified requests of state authorities, which have the right to demand and receive such Data; - for the purpose of combating fraud and abuse on the online platform.


5.7. In cases of transfer of personal data provided for in section 5 of this Regulation, informing the User about the transfer of his personal data remains at the discretion of the Company.

6. Protection of personal data.


6.1. The owner of personal data is equipped with system and software and communication tools that prevent loss, theft, unauthorized destruction, distortion, forgery, copying of information and meet the requirements of international and national standards.


6.2. Employees/authorized persons who directly process and/or have access to personal data in connection with the performance of their official (labor) duties are obliged to comply with the requirements of the legislation of Ukraine in the field of protection of personal data and internal documents, regarding the processing and protection of personal data.


6.3. Employees/authorized persons who have access to personal data, including those who carry out their processing, are obliged not to allow disclosure in any way of personal data entrusted to them or which became known in connection with the performance of professional or official duties or labor duties. Such an obligation is effective after they cease activities related to personal data, except for cases established by law.


6.4. Personal data should not be stored longer than necessary for the purpose for which such data is stored, but in any case not longer than the data storage period determined by this Regulation with the consent of the User.


6.5. For the purposes of protecting User accounts and their personal data from unauthorized access, two-factor authentication is additionally used, which is an additional level of user account protection.


6.6. Two-factor authentication is activated if a verified phone number is available in the user account and at least one of the following conditions is met:

• there is a confirmed phone number in the account; • a bank card is linked to the account;

• there are available bonuses on the account balance;

• a credit questionnaire is filled out in the account (it is filled out in cases when the User wishes to purchase goods on credit). provision, indicating the grounds specified in the relevant normative legal act.


6.7. Two-factor authentication is triggered when the User is authorized from an unknown device. So, in addition to entering a password, you also need to enter a one-time 6-digit code, which is sent to the User's phone in the form of an SMS or Viber message, or an additional verification of trusted devices (identifier of the verified device/program) takes place. The same message contains information about his/her account login options:

• the date of the authorization attempt

• Device IP

• Type of client browser


6.6. All employees of the owner of the personal data base are obliged to comply with the requirements of confidentiality regarding personal data and information regarding accounts in securities and circulation of securities.


6.8. In some cases, for example, if the User has made too many unsuccessful authorization attempts, an additional protection algorithm is triggered - reCaptcha input (to check if the user is not a robot).


6.8. The notice of postponement is brought to the attention of the third party who submitted the request in writing with an explanation of the procedure for appealing such a decision.


6.9. This Regulation sets out internal policies and procedures for the collection, processing, use, disclosure of personal information or personal data when using the website https://rozetka.com.ua/ or the Rozetka mobile application. The data owner has developed and implemented internal rules for working with personal data, which includes the procedure for deleting a number of data after deleting the User's personal account, the levels of access of the Company's internal employees to User data, the safe procedure for exchanging such data within the Company. The Company constantly audits its security systems in order to identify opportunities for improving the safe storage and use of User data. The Company also complies with the requirements of the Standard Procedure for Processing Personal Data, approved by the Verkhovna Rada of Ukraine Order No. 1/02-14 dated January 8, 2014 (at the link https://zakon.rada.gov.ua/laws/show/v1_02715-14#Text ) to the extent that it concerns personal data:

7. Rights of the User (subject of personal data). with the performance of their official duties, the period of storage of personal data.


7.1. The subject of personal data (User) has the right to:

• to know about the location of personal data, which contains his personal data, its purpose and name, location and / or place of residence (residence) of the owner or administrator, or to give the appropriate instructions for obtaining this information to persons authorized by him, except for cases established by law;

• receive information about the terms of providing access to personal data, in particular information about third parties to whom personal data is transferred;

• to access your personal data;

• manage the procedure for sending messages through the appropriate settings on the online platform (krilov-art.com).

• to receive no later than thirty calendar days from the date of receipt of the request, except in cases provided by law, an answer on whether his personal data is stored, as well as to receive the content of his personal data that is stored;

• submit a reasoned demand with an objection to the processing of your personal data by state authorities, local self-government bodies in the exercise of their powers provided for by law;

• make a reasoned demand for the change or destruction of your personal data by any owner and administrator, if these data are processed illegally or are unreliable;

• to protect your personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision of data, as well as protection from providing information that is unreliable or dishonors the honor, dignity and business reputation of a physical person individuals;

• apply for the protection of your rights regarding personal data to state authorities, local self-government bodies, whose powers include the protection of personal data;

• apply legal remedies in case of violation of the legislation on the protection of personal data.

8. Procedure for handling requests of the subject of personal data (User).


8.1. The subject of personal data (User) has the right to receive any information about himself from any subject of relations related to personal data, without specifying the purpose of the request, except for cases established by law.


8.2. The access of the subject of personal data (User) to personal data is free of charge.


8.3. The subject of personal data (User) submits a request for access (hereinafter - request) to personal data to the owner of personal data. The request specifies: • surname, first name and patronymic, place of residence (place of stay) and details of the document certifying the identity of the subject of personal data (the User); • other information that makes it possible to identify the person of the subject of personal data (the User); • information about the personal data for which the request is submitted, or information about the owner or administrator; • list of requested personal data.


8.4. The term of examining the request for its satisfaction cannot exceed ten working days from the date of its receipt.


8.5. During this period, the Owner of personal data shall notify the subject of personal data (the User) that the request will be satisfied or that the relevant personal data shall not be provided, indicating the grounds specified in the relevant legal act.


8.6. The request is satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.

9. Amendments to the Regulations


9.1. The Company may unilaterally update these Terms from time to time without notifying the User of such changes. The new version of the Regulation enters into force from the moment of its posting on the online platform, unless otherwise provided by the new version of the Regulation.


9.2. If any changes were made to the Regulations, with which the User does not agree, he is obliged to stop using the Internet store. The fact of continued use of the Internet store is confirmation of the User's consent and acceptance of the relevant version of the Regulations.