PRIVACY STATEMENT GIGATRANS Ukraine LLC, GIGATRANS LLC
1. TERMS AND ABBREVIATIONS
Personal data shall mean any personal information that allows a third party to identify an individual (a data subject).
Special categories of personal data shall mean so-called “sensitive” personal data that may harm the data subject at work, in an educational institution, in their living environment, or may lead to their discrimination in society. For example, this is personal data that contain information about racial background, political or religious views, trade union membership, health, sexuality, biometric or genetic data. The law of Ukraine defines this term as personal data, the processing of which poses significant risks for personal data subjects.
Personal data subject shall mean an individual to whom the personal data are related and who can be or has already been identified on the basis of such personal data.
Personal data controller shall mean an individual or a legal entity that determines the purposes and means for the processing of personal data and bears the primary responsibility for their processing. The law of Ukraine defines the Personal Data Controller as the “owner of personal data”.
Personal data processor shall mean an individual or a legal entity that processes personal data for the controller based on the controller’s instructions (orders). The law of Ukraine defines the Personal Data Processor as the “administrator of personal data”.
Processing of personal data shall mean any activity or a number of activities such as collection, registration, accumulation, storage, adaptation, alteration, updating, use and dissemination (distribution, sale, transfer), depersonalization, or destruction of personal data that may involve the use of (automated) information systems.
ISO/IEC 27701. Privacy Information Management System (PIMS) shall mean an ISO 27701 standard designed to control data confidentiality, which in combination with ISM (ISO 27001) allows an organisation to demonstrate effective management of confidential information. ISO 27001 is a voluntary certification that requires organisations to take a risk-based approach before managing confidential information.
General Data Protection Regulation; GDPR; Regulation (EU)2016/679 shall mean the EU Regulation on the protection of personal data of all subjects within the European Union and the European Economic Area. It also applies to the export of personal data outside the EU and the EEA. The GDPR was developed to provide EU citizens and residents with the means to exercise control over their personal data and to simplify the regulatory environment for international business by unifying regulations within the EU. The GDPR aims to protect the personal data of EU citizens, and compliance with the GDPR is mandatory for most entities working in Europe or with EU citizens.
2. REGULATORY REFERENCES
This Document has been developed in accordance with:
• ISO / IEC 27001 Standard Information Security Management System;
• ISO / IEC 27701 Standard Privacy Information Management System;
• General Data Protection Regulation (GDPR);
• The Law of Ukraine On Personal Data Protection;
3. PURPOSE AND SCOPE
This Privacy Statement (hereinafter referred to as the Statement) describes our policies and procedures for the collection, use, disclosure and dissemination of your personal information or personal data when using the Company’s website. By using the website and filling out the forms on the website, you unconditionally agree with all the provisions of this Privacy Statement.
We value the personal information of our customers and partners. Therefore, all collected information, both personal and commercial, shall be used for technical, accounting and other purposes set forth herein, in accordance with the requirements of the Law of Ukraine On Personal Data Protection, ISO/IEC 27701, Privacy Information Management System and the EU General Data Protection Regulation 2016/679 (GDPR).
The processing of personal data of customers in the territory of the EU or customers who are EU citizens shall be regulated by the General Data Protection Regulation of the EU 2016/679 (hereinafter referred to as the GDPR), as well as national laws, which may impose additional requirements.
This Statement sets out our commitment to the non-disclosure of and privacy practices with respect to the personal data that the User provides when using the website.
If you disagree with the terms of this Statement, cease using the website.
The Company provides appropriate technical and organisational means of personal data protection, including, without limitation, in accordance with:
• ISO / IEC 27001: 2013 Standard implemented in the Company;
• ISO / IEC 27701: 2019 Standard implemented in the Company;
• the EU General Data Protection Regulation 2016/679 9 (GDPR);
• the Law of Ukraine On Personal Data Protection;
• the Law of Ukraine On Protection of Information in Information and Telecommunication Systems;
• the implemented comprehensive information security system, which is confirmed by relevant certificates/attestation documents, regular external and internal audits.
4. WHEN DO WE COLLECT INFORMATION
When controlling the methods of personal data collection and determining the purposes of the use thereof, we act as the “data controller” in accordance with the GDPR other applicable European data protection laws, as well as the “owner of personal data” within the meaning of the Law of Ukraine On Personal Data Protection.
We process personal data only if one of the following conditions is met, including but not limited to:
• Consent to the Personal Data Processing is granted;
• Processing is necessary in order to provide our assistance and services;
• Data are processed in accordance with contractual obligations;
• Processing is required by the effective law.
5. PURPOSES OF PERSONAL DATA PROCESSING
We need personal data to:
• Check the technical feasibility of providing our services and advising potential customers on this issue;
• Make contractual arrangements to provide our services to customers and comply with the requirements of the effective laws to the content of primary business documents;
• Ensure that our existing customers can use the loyalty program;
• Process claims and feedback;
• Run research and surveys on the preferences of our website users, improve our services, assess the level of satisfaction with these services and adhere to the established SLA.
6. WHAT INFORMATION DO WE COLLECT AND PROCESS
We collect and process the following information:
• Information entered by users into the forms on the website to the extent necessary to get consulting services, enter into and execute the service agreement (full name, e-mail, phone number and any other information that is openly requested by the website);
• Information that becomes known to us during communication with you by phone (phone calls may be recorded by agreement), e-mail and through any other channels selected by you or our experts for convenient communication;
• Information that is automatically collected when you use our website, including cookies and any other technologies used to collect information about actions performed on the website (page views, date and time of visits, type of browser and device, mobile operator’s IP address and other information related to the use of the website, unique advertising and content identifiers);
• Any other personal information that has been voluntarily provided to us.
We do not collect special (sensitive) categories of personal data, and should such data be disclosed, their use should be minimal and only voluntary.
Our website is not intended to be used by minors, especially children under 14 years old. Should a minor voluntarily provide their personal information, it may be processed to satisfy the legitimate interests of this person, including if they are expressed by their legal representatives. The legal basis for collection and processing of this information by us is the consent of the website user or our customer (through action/omission), performance of the agreement, legitimate interests of the parties. If the storage of personal data is not required by applicable law, we may delete such data.
7. HOW DO WE USE THE INFORMATION OBTAINED
We use the information obtained as follows:
• Verifying the technical feasibility of our services;
• Consulting on our services;
• Providing our services, making proper contractual and accounting arrangements in accordance with the requirements of applicable laws;
• Processing claims and feedback;
• Displaying relevant advertising and information content developed based on user experience;
• Sending offers, news and information about new services (you can unsubscribe at any time by clicking “unsubscribe”, which is available in each e-mail);
• Contacting you to advise and provide services on technical and commercial matters relating to the services;
• Analyzing and assessing the use of the website to improve the user experience;
• Storing individual user settings on the website;
• Fulfilling legal obligations as part of business operations and business management.
8. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
We may transfer your personal data to third parties in cases where we get legal requests from state bodies (courts, law enforcement agencies and tax authorities, etc.) in accordance with the effective law of Ukraine.
After you click on links to third-party websites on our websites, the Company shall neither apply these rules, nor guarantee compliance therewith or be liable for the use of personal data.
If personal information is already publicly available, we cannot ensure its privacy in accordance with these rules.
9. OBLIGATIONS OF THE PARTIES
The User shall:
• Provide the information required to use the website;
• Update, supplement the provided information on personal data if such information has been changed.
• Use the information obtained solely for the purpose set forth in this Statement;
• Ensure the information is kept confidential, refrain from disclosing, selling, sharing, publishing the obtained personal data of the User or otherwise making it public without the User’s prior written consent, except as set forth herein;
• Take precautions to protect the privacy of the User’s personal data in accordance with the procedure commonly used to protect this type of information in the ordinary course of business.
10. LIABILITY OF THE PARTIES
In case of failure to fulfil our obligations, we shall be liable for all the damages incurred by the User due to the misuse of personal data in accordance with the effective law of Ukraine.
In case of loss or disclosure of confidential information, we shall not be liable if the confidential information:
• Becomes public before its loss or disclosure;
• Has been disclosed with the consent of the User.
The Company shall not be liable for the loss or disclosure of confidential information unless it has been proven that the leakage of personal data occurred through its fault.
11. WHERE ARE PERSONAL DATA STORED
Personal data are stored on the servers of GIGATRANS Ukraine LLC, GIGATRANS LLC located in data processing centres (DPCs), operating in Ukraine (Location on request)
12. HOW LONG ARE PERSONAL DATA STORED
Personal data storage shall not be stored for longer than required to meet the purpose of their processing or comply with the requirements set by the effective law.
Cookies are small text files that websites store on computers or mobile devices when users start using them.
They allow the website to remember the operations and actions performed by the user of the website for a while.
Our cookies do not identify individual users or collect personal data but only identify a computer or a mobile device. Cookies and other tracking technologies enabled on our website and applications can be used in various ways, e.g. to operate the website, analyse traffic or for advertising purposes.
Otherwise, the user shall be considered to have agreed to the use of existing cookies on the website.
14. PROTECTION OF PERSONAL DATA
The rights of the personal data subject are set by the Law of Ukraine On Personal Data Protection and the GDPR.
To ensure the implementation of the Law of Ukraine On Personal Data protection, the Personal Data Protection Department has been created in the Office of the Commissioner for Human Rights of the Verkhovna Rada of Ukraine.
The rights of the personal data subject of EU, UK and EEA citizens are established in accordance with the GDPR; Regulation (EU) 2016/679.
The violated rights may also be defended in court.
If you believe that the Company has violated your rights through the processing of your personal data, you can send us your claims or feedback at email@example.com
15. DISPUTE RESOLUTION
Prior to filing a lawsuit regarding the legal relationship between the User of the website and the Company, you shall submit a preliminary claim (written proposal to resolve the dispute voluntarily).
The claim recipient, within thirty (30) calendar days upon receipt of the claim, shall notify the claimer in writing of the claim review results.
In case of disagreement, the dispute shall be settled in court in the standard manner prescribed and in accordance with the effective law of Ukraine.
The effective law of Ukraine shall apply to this Statement and the relations that arise between the User and the website Administration.