Privacy policy
Document version № 1
«”22″ January 2019
«”22″ January 2019
1. GENERAL PROVISIONS
1.1. Privacy Policy (hereinafter – the Policy) is published by LLC “VIOLD” USREOU number 42126138, place of registration 03158, Ukraine, Kyiv, V. Pokotila Street, b. 5, room 486 (hereinafter – the Operator) to inform about the policy implemented by the Operator on the processing of personal data of users of the Operator’s Site – personal data subjects (hereinafter – the User).
1.2. The policy is developed and published by the Operator in accordance with the Law of Ukraine “On Personal Data Protection” (hereinafter – the Law “On Personal Data Protection”).
1.3. The policy is designed to implement the requirements of legislation in the field of processing and protection of personal data and aims to protect the rights and freedoms of man and citizen in the processing of personal data, including protection of privacy, personal and family secrets.
1.4. The policy contains information that is subject to disclosure in accordance with the Law “On Personal Data Protection”, is a publicly available document and is located at: https://smart-scm.org/.
1.5. To keep up to date the documents defining the Operator’s policy on personal data processing, the Operator has the right to change this Policy at any time by publishing the relevant changes. This Policy may not be changed except by posting the amended document on the Site.
2. BASIC CONCEPTS
2.1. Personal data – any information relating directly or indirectly to an identified individual (personal data subject).
2.2. Processing of personal data – any action (operation) or set of actions (operations) carried out with the use of automation or without the use of such means of data processing, including collection, recording, systematization, accumulation, storage, refinement (update, change) , extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.3. The personal data operator – independently or jointly with other persons carrying out personal data processing, as well as determines the purposes of personal data processing, their composition to be processed, actions (operations) carried out with personal data of users.
2.4. Confidentiality of personal data – the obligation of the Operator and other persons who have gained access to personal data, not to disclose to third parties and not to disseminate them without the consent of the personal data subject, unless otherwise provided by current legislation of Ukraine.
2.5. Site – a set of programs for electronic computers and other information contained in the information system, access to which is provided through the information and telecommunications network of the Internet and located at: https://smart-scm.org/. The Site may contain links to other Internet resources. The Operator is not responsible for the confidentiality of information posted by the User on such resources.
3. User's RIGHTS
3.1. The user has the right:
3.1.1. To receive personal data related to the User and information related to their processing;;
3.1.2. To clarify, block or destroy his personal data if they are incomplete, outdated, inaccurate, illegally obtained or are redundant for the stated purpose of processing;
3.1.3. To withdraw response his consent on the processing of personal data;
3.1.4. To protect his rights and legitimate interests, including damages and compensation for non-pecuniary damage in court;
3.1.5. To appeal against the actions or inaction of the Operator in the authorized bodies for the protection of the rights of personal data subjects or in court.
3.1.1. To receive personal data related to the User and information related to their processing;;
3.1.2. To clarify, block or destroy his personal data if they are incomplete, outdated, inaccurate, illegally obtained or are redundant for the stated purpose of processing;
3.1.3. To withdraw response his consent on the processing of personal data;
3.1.4. To protect his rights and legitimate interests, including damages and compensation for non-pecuniary damage in court;
3.1.5. To appeal against the actions or inaction of the Operator in the authorized bodies for the protection of the rights of personal data subjects or in court.
4. GROUNDS FOR PROCESSING PERSONAL DATA
4.1 The Operator processes personal data on a lawful and fair basis to perform the functions, powers and responsibilities assigned by law, the exercise of the rights and legitimate interests of the Operator and the User.
4.2 The Operator receives personal data directly from the User and processes them only with the consent of the User. The Operator receives personal data of the User when interacting with certain functions of the Site.
5. PROCESSING OF PERSONAL DATA OF USERS
5.1. This Policy establishes the obligations of the Operator not to disclose and it ensures the protection of confidentiality of personal data provided by the User when using the Site.
5.2. The operator processes personal data of users in order to comply with the laws of Ukraine, as well as for such purposes as:
5.2.1. Conclusions and execution of agreements.
5.2.2. Informing about new products and services.
5.2.3. Providing Users with access to special information.
5.2.4. Processing of applications on the Operator’s Website.
5.2.5. Publication on the site, in internal handbooks, address books of the organization.
5.2.1. Conclusions and execution of agreements.
5.2.2. Informing about new products and services.
5.2.3. Providing Users with access to special information.
5.2.4. Processing of applications on the Operator’s Website.
5.2.5. Publication on the site, in internal handbooks, address books of the organization.
5.3. The Operator processes the personal data of users with their consent, obtained by marking the field of his consent to the terms of this Agreement.
5.4. Categories of personal data that the Operator collects to achieve the objectives specified in paragraph 5.2. policies:
5.4.1. Surname.
5.4.2. Name.
5.4.3. Patronymic.
5.4.4. User’s year of birth
5.4.5. Address.
5.4.6. Email address.
5.4.7. The user ID stored in the cookie.
5.4.8. User ID – ORCID ID
5.4.9. Academic degree and academic title of the user.
5.4.10. The place of work of the user.
5.4.11. User position.
5.4.1. Surname.
5.4.2. Name.
5.4.3. Patronymic.
5.4.4. User’s year of birth
5.4.5. Address.
5.4.6. Email address.
5.4.7. The user ID stored in the cookie.
5.4.8. User ID – ORCID ID
5.4.9. Academic degree and academic title of the user.
5.4.10. The place of work of the user.
5.4.11. User position.
5.5. The operator does not perform any special categories of personal data of users.
5.6. The operator does not process any biometric categories of personal data of users.
5.7. This Policy may only be applied to information processed in the course of using the Site. The Operator does not control and is not responsible for the processing of information by sites and services of third parties, to which Users can go via links available within the Site.
5.8. The Operator does not check the accuracy of personal data provided by the User and is not able to assess his capacity(physical ability). However, the Operator assumes that the User provides reliable and sufficient personal data and keeps them up to date.
6. PROCESSING OF PERSONAL DATA OF USERS USING COOKIE FILES
6.1. Cookies transmitted from users’ technical devices may be used to provide users with personalized features of the Site, for personal advertising displayed to Users for statistical and research purposes, and to improve the Site.
6.2. Users are aware that the hardware and software they have used to visit sites on the Internet may have the function of blocking cookies (for any site or for certain sites), as well as deleting previously received cookies.
6.3. The Operator has the right to establish that the provision of certain functions of the Site is possible only if the reception and receipt of cookies is allowed by Users.
6.4. The structure of the cookie, its content and technical parameters are determined by the Operator and may change without prior notice to users.
6.5. Counters located on the site or application of the Site can be used to analyze user cookies, to collect and process statistical information about the use of the Site, as well as to ensure the functionality of the Site as a whole or its individual functions in particular. The technical parameters of the meters are determined by the Operator and may change without prior notice to users.
7. CONDITIONS OF PROCESSING OF PERSONAL DATA OF USERS
7.1. The processing of users’ personal data is limited by the time it takes to achieve the processing purposes.
7.2. The operator processes personal data of users in an automated manner using computer technology.
7.3. Actions for the processing of personal data include the collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.
7.4. With regard to personal data of users, their confidentiality is maintained, except in cases of voluntary provision of information about themselves by Users for public access to an unlimited number of persons.
7.5. The Operator has the right to transfer personal data of the User to third parties in the following cases:
7.5.1. Users have agreed to such actions;
7.5.2. The transfer is necessary for the Users to use certain functions of the Site or to perform a certain agreement or contract;
7.5.3. The transfer is provided by the Ukrainian or other relevant legislation within the procedure established by the legislation;
7.5.4. Such transfer takes place as part of the sale or other transfer of business (in whole or in part), and the acquirer passes all obligations to comply with the terms of this Policy in relation to the personal data received by him;
7.5.5. As a result of processing personal data of users by their depersonalization, depersonalized statistical data were obtained, which are transferred to a third party for research, performance of works or provision of services on behalf of the Operator;
7.5.6. Personal data of users may be transferred to the authorized bodies of state power of Ukraine on the grounds and in the manner prescribed by current legislation of Ukraine.
7.5.1. Users have agreed to such actions;
7.5.2. The transfer is necessary for the Users to use certain functions of the Site or to perform a certain agreement or contract;
7.5.3. The transfer is provided by the Ukrainian or other relevant legislation within the procedure established by the legislation;
7.5.4. Such transfer takes place as part of the sale or other transfer of business (in whole or in part), and the acquirer passes all obligations to comply with the terms of this Policy in relation to the personal data received by him;
7.5.5. As a result of processing personal data of users by their depersonalization, depersonalized statistical data were obtained, which are transferred to a third party for research, performance of works or provision of services on behalf of the Operator;
7.5.6. Personal data of users may be transferred to the authorized bodies of state power of Ukraine on the grounds and in the manner prescribed by current legislation of Ukraine.
7.6. When processing personal data of users, the Operator is guided by:
7.6.1. Law of Ukraine “On Personal Data Protection”;
7.6.2. The Operator takes the necessary organizational and technical measures to protect the User’s personal data from unauthorized or accidental access, destruction, distortion, blocking, copying, distribution, as well as other illegal actions of third parties.
7.6.3. The Operator together with the User takes all necessary measures to prevent damage or other negative consequences caused by the loss or disclosure of personal data.
7.6.1. Law of Ukraine “On Personal Data Protection”;
7.6.2. The Operator takes the necessary organizational and technical measures to protect the User’s personal data from unauthorized or accidental access, destruction, distortion, blocking, copying, distribution, as well as other illegal actions of third parties.
7.6.3. The Operator together with the User takes all necessary measures to prevent damage or other negative consequences caused by the loss or disclosure of personal data.
8. MANDATORY DATA STORAGE
8.1. The rights of users provided by this Policy may be limited in accordance with the requirements of applicable law. In particular, such restrictions may provide the obligation of the Operator to keep the changed or deleted information by the Users for the period established by the legislation, and / or to transfer such information in accordance with the legally established procedure of the state body.
9. INFORMATION ON ENSURING THE SECURITY OF PERSONAL DATA
9.1. The Operator appoints a person responsible for the organization of personal data processing to perform the duties provided by the Law “On Personal Data Protection” and regulations adopted in accordance with it.
9.2. The operator applies a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and their protection against unauthorized actions:
9.2.1. Establishes rules of access to the personal data processed in the information system of the Operator, and also provides registration and the account of all actions with them;
9.2.2. Assess the damage that may be caused to Users in case of violation of the Law “On Personal Data Protection”;
9.2.3. Determines threats to the security of personal data during their processing in the information system of the Operator;
9.2.4. Applies organizational and technical measures and uses the means of information protection necessary to achieve the established level of personal data protection;
9.2.5. Identifies the facts of unauthorized access to personal data and takes measures to respond, including the restoration of personal data modified or destroyed as a result of unauthorized access to them;
9.2.6. Assess the effectiveness of the measures taken to ensure the security of personal data before the commissioning of the information system of the Operator;
9.2.7. Carries out internal control of compliance of personal data processing with the Law “On Personal Data Protection”, adopted in accordance with their regulations, requirements for personal data protection, Policy, Regulations and other local acts, including control over measures taken to ensure the security of personal data and their level of security during processing in the information system of the Operator.
9.2.2. Assess the damage that may be caused to Users in case of violation of the Law “On Personal Data Protection”;
9.2.3. Determines threats to the security of personal data during their processing in the information system of the Operator;
9.2.4. Applies organizational and technical measures and uses the means of information protection necessary to achieve the established level of personal data protection;
9.2.5. Identifies the facts of unauthorized access to personal data and takes measures to respond, including the restoration of personal data modified or destroyed as a result of unauthorized access to them;
9.2.6. Assess the effectiveness of the measures taken to ensure the security of personal data before the commissioning of the information system of the Operator;
9.2.7. Carries out internal control of compliance of personal data processing with the Law “On Personal Data Protection”, adopted in accordance with their regulations, requirements for personal data protection, Policy, Regulations and other local acts, including control over measures taken to ensure the security of personal data and their level of security during processing in the information system of the Operator.
10. OPERATOR INFORMATION
10.1. The database containing personal data of users – citizens of Ukraine, is located on the territory of Ukraine.
10.2. For implementation the rights and legitimate interests, Users have the right to contact the Operator by sending a request personally or with the help of a representative to the address specified in paragraph 1.1. Policy or to the email address provided on the Site. The request must contain the information specified in the Law “On Personal Data Protection”.