Privacy Policy
This Privacy Policy, hereinafter referred to as the Policy, applies to the processing of personal data that we may receive from individuals (data subjects) based on the Constitution of Ukraine and the Law of Ukraine "On Personal Data Protection" dated 01.06.2010 No. 2297-VI (hereinafter - the Law), as well as the General Data Protection Regulation (EU) 2016/679 of 27.04.2016 (EU General Data Protection Regulation, hereinafter - GDPR) and other applicable European data protection legislation, collectively referred to as the Legislation.
This Privacy Policy is designed to explain:
- what personal data we collect from you;
- how and why we use them;
- to whom we disclose your personal data;
- how we protect the confidentiality of your personal data;
- how to contact us and who to contact if you have any questions regarding the processing of your personal data.
We process your personal data only if one of the conditions specified in Article 6 of the GDPR is met, including, but not limited to:
- You have consented to the processing of your personal data;
- processing is necessary for the provision of services to you;
- such processing is required by the legislation of the country in which you reside.
We take the security of personal data of our clients, potential clients, and other individuals who have contacted us seriously, therefore we take all necessary measures to protect your personal data.
The Administration undertakes to take all necessary measures to prevent abuse of your personal data that become known to us. We will process your personal data in strict compliance with the requirements of applicable Legislation and only if there are legal grounds for such processing.
You are not obliged to provide us with personal data, but without certain information about you, we will not be able to provide you with some of our services. In case we control the methods of collecting your personal data and determine the purposes for which these personal data are used, the Administration is the "controller of personal data" for the purposes of the GDPR and other applicable European data protection legislation, as well as the "owner of personal data" within the meaning of the Law.
1. Terms and Definitions
1.1 Personal Data - information or a set of information about an identified or identifiable natural person (User);
1.2 Special categories of personal data - so-called "sensitive" personal data that may harm the data subject at work, in an educational institution, in the living environment, or may lead to discrimination in society. For example, these are personal data containing information about racial origin, political or religious views, membership in trade unions, health status, sexual life, biometric or genetic data. In the terminology of Ukrainian legislation, these are personal data the processing of which poses a special risk to data subjects;
1.3 Data Subject - a natural person to whom personal data relate and who can be identified by these personal data or who has already been identified;
1.4 Site Administration (Administration, as well as further we, us, our) - all information at the link https://drupalteam.org/;
1.5 Processing of personal data - any action or set of actions such as collection, recording, accumulation, storage, adaptation, alteration, restoration, use and dissemination (distribution, implementation, transmission), anonymization, destruction of personal data, including using information (automated) systems;
1.6 Dissemination of personal data - actions to transfer information about an individual with the consent of the data subject;
1.7 Use of personal data - any actions of the Administration on the processing of these data, actions to protect them, as well as actions to provide partial or full right to process personal data to other subjects of relations related to personal data, carried out with the consent of the data subjects or in accordance with Legislation;
1.8 Anonymization of personal data - removal of information that allows identifying a person directly or indirectly;
1.9 User - a data subject, any capable natural person who has joined this Policy in their own interests.
1.10 Authorization procedure - the process of recognizing a user on the site, according to the data entered during authorization and further assignment of an ID to access the server.
1.11 Cookie - a file containing an identifier (a string consisting of letters and numbers) that is sent from a web server to a web browser and stored by the browser. Subsequently, the identifier is sent back to the server each time the browser requests a page from the server.
2. General Provisions
2.1 The Policy applies to all of your personal data that may be obtained by us during your use of the program or website. This Policy extends to personal data obtained both before and after the effective date of this Policy.
2.2 The purpose of the Policy is to provide you with the necessary information to evaluate which personal data are processed by us and for what purposes, to explain the methods of their processing, and to ensure your security.
2.3 By using the website and providing the Administration with your personal data, including through third parties, you acknowledge your consent to the processing of your personal data in accordance with this Policy.
2.4 If you disagree with the terms of this Policy, you are obliged to cease using the website.
2.5 Consent to the processing of personal data (hereinafter - PD) may be withdrawn by the data subject. In case of withdrawal by the data subject of consent to the processing of such data, the Administration has the right to continue processing PD without the consent of the data subject if there are grounds specified in the Legislation.
2.6 The website Administration does not verify the accuracy of the personal data provided by the User and cannot assess their legal capacity. However, the Administration assumes that the User acts conscientiously, provides accurate and sufficient personal data, and makes all necessary efforts to maintain such data up-to-date, and does not violate the rights of third parties.
2.7 By agreeing to the terms of this Policy, you confirm that at the time of collecting personal data, you are informed about the individuals to whom personal data are transferred, about the content and purposes of collecting personal data. You confirm (guarantee) that the personal data transferred to us for processing are provided with the consent of the owner of the personal data and within the framework of the Legislation.
2.8 The Administration, having received personal data from the User, does not undertake to inform the subjects (their representatives) of personal data whose personal data have been transferred to it about the start of processing personal data since the obligation to provide such information, when concluding an agreement with the data subject and/or obtaining consent for such transfer, lies with the User who provided the personal data.
2.9 Processing of your personal data is carried out in accordance with the requirements of the Law. Processing of personal data of persons located in the territory of the EU or who are citizens of the EU is regulated, in particular, by the General Data Protection Regulation EU 2016/679 (hereinafter - GDPR). Additionally, the legislation of other countries may establish additional requirements.
2.10 This Policy is an internal document of the Administration.
2.11 The Policy applies to all information that the Administration may obtain about the User when using the website, as well as in the course of fulfilling any agreements and contracts with the User.
2.12 The controller of personal data is exempt from liability for the consequences arising from the processing of personal data if it is not responsible for the event that caused such consequences.
2.13 You also agree that the Owner of personal data has the right to provide access to and transfer your personal data to third parties without any additional notices, solely if the purpose of their processing remains unchanged and only in cases provided by this privacy policy and/or Ukrainian legislation.
2.14 No one under the age of 18 should provide us with personal information through the website. We do not intentionally collect personal information from individuals under the age of 18. Parents and guardians should constantly monitor the activities of their children in connection with this.
3. Composition of Personal Data
3.1 For the purpose of carrying out its activities and fulfilling its obligations, the Administration processes the User's personal data provided to them during registration on the website and ensures their storage.
3.2 The User's personal data include:
3.2.1 Information about your visits and use of this site, including referral source, duration of visit, navigation paths;
3.2.2 Information about your computer, including your IP address, geographic location, browser type and version, and operating system;
3.2.3 Information you enter when creating a profile on our site, such as your name, profile photos, IP addresses;
3.2.4 Information such as your name and email address that you enter to set up a subscription to our emails and/or newsletters;
3.2.5 Information you enter when using services on our site;
3.2.6 Information generated when using our site, including the day, time, and conditions of its use;
3.2.7 Information related to everything you buy, services you use, including your name, country and city, phone number, email address, data for calculating shipping costs;
3.2.8 Information you post on our site with the intention of publishing it on the internet, including your username, profile photos;
3.2.9 Information contained in any messages you send to us by email;
3.2.10 Any other personal information you send to us.
3.3 Before disclosing to us personal information of another person, you must obtain the consent of that person to both disclosure and processing of this personal information in accordance with this Policy.
3.4 The Administration has the right to establish requirements for the composition of personal data that must be provided when using the site. If certain information is not marked by the Administration as mandatory, its provision or disclosure is at the discretion of the User.
3.5 Data automatically transmitted to the Administration when using the site by the User through the software installed on the device: IP address, device operating system type, technical equipment and software characteristics, date and time of access to the site.
3.6 In the course of our activities, we may collect certain information using advertising identifiers and analytical services.
3.7 We may allow third parties, such as analytics providers, to collect information. The data they collect is subject to the protection of the privacy policies of these third parties.
4. Grounds and Purpose of Personal Data Processing
4.1 The grounds for processing personal data are:
4.1.1 Consent of the data subject to the processing of their personal data by the Administration;
4.1.2 Conclusion and performance of a contract, where one of the parties is the data subject or which is concluded for the benefit of the data subject, or for the implementation of measures preceding the conclusion of a contract at the request of the data subject;
4.1.3 Necessity for the Administration to fulfill the requirements provided by the Legislation.
4.2 The purpose of processing personal data is:
4.2.1 Carrying out functions assigned to the Administration in accordance with Ukrainian legislation and GDPR;
4.2.2 Collection, storage, and processing of personal data obtained on the website within the framework of the Law and GDPR;
4.2.3 Sending the User commercial (marketing) messages containing additional information about the services, current promotions, and special offers regarding the services provided by the Administration on the website;
4.2.4 Identification of the data subject during the use of the service;
4.2.5 Communication with the data subject when necessary, including providing offers, informational materials, messages, information, and requests, advertisements, as well as processing requests from the data subject;
4.2.6 Improving the quality of the website, its ease of use, developing new functional features, and improving the quality of service;
4.2.7 Conducting statistical and other research based on depersonalized data;
4.2.8 Fulfilling contractual and other obligations by the Administration to the User under agreements concluded between the Administration and the User or third parties on behalf of the User.
5. Main Principles of Personal Data Processing
5.1 Personal data processing by the Administration is based on the principles of:
5.1.1 Legitimacy of the purposes and methods of personal data processing;
5.1.2 Conscientiousness of the Administration as the owner of personal data (achieved by fulfilling the requirements of Ukrainian legislation regarding the processing of personal data);
5.1.3 Achieving specific, predetermined purposes of personal data processing;
5.1.4 Consistency of the purposes of personal data processing with the purposes determined and declared during the collection of personal data;
5.1.5 Correspondence of the list and volume of processed personal data, as well as methods of personal data processing, to the declared purposes of processing;
5.1.6 Accuracy of personal data, their sufficiency for processing purposes, inadmissibility of processing personal data that do not correspond to the purpose of processing personal data;
5.1.7 Ensuring the accuracy of personal data during processing, their sufficiency;
5.1.8 Prohibition of merging databases containing personal data (whose processing is carried out for incompatible purposes);
5.1.9 Storage of personal data in a form that allows identifying the data subject no longer than is required by the purposes of their processing. Processed personal data are subject to destruction or depersonalization upon achievement of the processing purposes or in case of loss of the necessity to achieve these purposes, unless otherwise provided by the legislation of Ukraine and GDPR.
5.2 We must also consider the periods for which we may need to retain your personal data to fulfill our legal obligations to you or regulatory authorities.
5.3 Processing of personal data by the Administration is carried out for statistical or other research purposes subject to mandatory depersonalization of personal data. The Administration does not process personal data concerning racial or ethnic origin, political, religious, or philosophical beliefs, membership in political parties and professional unions, convictions for criminal offenses, as well as data relating to health, sex life, biometric, and genetic data. Personal data processing is carried out in compliance with the conditions determined by the legislation of Ukraine and GDPR.
6. Terms of Personal Data Processing
6.1 The terms of personal data processing are determined based on the purposes of processing, but not longer than prescribed by the Legislation.
6.2 Personal data, the processing (storage) term of which has expired, must be destroyed or depersonalized unless otherwise provided by Law. Personal data storage is carried out in a form that allows identifying the data subject no longer than required by the purposes of personal data processing if the storage period is not established by Law. Processed personal data shall be destroyed or depersonalized after achieving the processing purposes or in case of loss of the necessity to achieve these purposes, unless otherwise provided by Law. We must also consider the periods for which we may need to retain your personal data to fulfill our legal obligations to you or regulatory authorities (in accordance with EU Regulation 261/2004).
6.3 Over time, we may minimize the personal data we use, or even anonymize your data so that they can no longer be associated with you personally. In this case, we may use this information without further informing you.
6.4 If there has been no activity in your profile for more than 24 months, we reserve the right to delete your account, including all personal data stored in it. This means that you will no longer be able to access it.
7. Persons Authorized to Process Personal Data on Behalf of the Administration
7.1 Only those employees of the Administration who are assigned such duties in accordance with their official (employment) duties are allowed to achieve the purposes of this Policy for personal data processing. Access by other employees may be granted only in cases provided by Law. The Administration guarantees from its employees compliance with confidentiality and ensuring the security of personal data during their processing.
7.2 We have the right to disclose your personal information to any of our employees, officials, insurers, professional consultants, agents, suppliers, or subcontractors if necessary for the purposes defined by this Policy.
7.3 We have the right to disclose your personal information to any member of our group of companies to the extent necessary for the purposes defined by this Policy.
7.4 The Administration has the right to transfer personal data to third parties in the following cases:
7.4.1 The data subject has expressed their consent to such actions in writing;
7.4.2 The transfer is provided by Ukrainian or other relevant legislation within the framework of the established procedure. In this case, access to personal data is not provided to a third party if such person refuses to take on the obligations regarding compliance with the Law or cannot ensure them.
7.4.3 In connection with any current or future judicial proceedings.
7.4.4 For the purpose of establishing, exercising, or defending our legal rights (including providing information to other parties for the purposes of fraud prevention or reducing credit risks).
7.4.5 To the buyer (or potential buyer) of any business or assets that we sell (or intend to sell).
7.4.6 To any person whom we reasonably believe may apply to a court or other competent authority for disclosure of such personal data and, in our reasonable opinion, this court or authority will issue an order for disclosure of such personal data.
7.5 The Administration has the right to entrust the processing of personal data to a third party with the consent of the data subject unless otherwise provided by Ukrainian legislation, based on an agreement concluded with a third party, the condition of which is compliance with confidentiality and non-disclosure of personal data.
7.6 Representatives of state authorities (including supervisory, supervisory, law enforcement, and other authorities) have access to personal data processed by the Administration to the extent and in the manner determined by the Legislation.
7.7 The information we collect may be stored, processed, and transmitted between any countries in which we operate so that we can use the information in accordance with this Policy.
7.8 The information we collect may be transferred to the following countries that do not have data protection laws similar to the laws of the European Economic Area: United States of America, Japan, China, and India.
7.9 Personal information you post on our website or provide for publication may be available via the Internet worldwide. We cannot prevent the use or misuse of such information by others.
8. Implementation of Personal Data Protection
8.1 The activity of the Administration regarding the processing of personal data in information systems is inseparably linked to ensuring the confidentiality of the received information, if it does NOT contradict applicable legislation.
8.2 The system of personal data protection includes organizational and/or technical measures determined taking into account current threats to the security of personal data and information technologies used in information systems. The Administration updates these measures with the emergence of new technologies as needed.
8.3 Exchange of personal data during their processing in information systems is carried out through communication channels protected by technical means of information security.
8.4 When processing personal data in information systems, the Administration ensures:
8.4.1 Conducting measures aimed at preventing unauthorized access to personal data and/or their transfer to persons who are not authorized to access such information;
8.4.2 Timely identification of facts of unauthorized access to personal data;
8.4.3 Prevention of influence on technical means of automated processing of personal data, which may disrupt their functioning;
8.4.4 Ability for immediate restoration of personal data modified and destroyed due to unauthorized access to them;
8.4.5 Continuous monitoring of the level of personal data protection.
8.5 Regarding personal information, confidentiality is maintained, except in cases where the website technology or settings of the software used by the User provide for open exchange of information with other Users of the website or with any Internet users.
8.6 The Administration implements the following requirements of Ukrainian legislation in the field of personal data:
8.6.1 Requirements for the confidentiality of personal data;
8.6.2 Requirements for ensuring the exercise by the data subject of their rights;
8.6.3 Requirements for ensuring the accuracy of personal data, and in certain cases their relevance to the purpose of processing personal data, including taking measures to delete or clarify incomplete or inaccurate data;
8.6.4 Requirements for the protection of personal data from unlawful or accidental access to them, destruction, distortion, blocking, copying, provision, dissemination of personal data (as well as other unlawful actions with personal data);
8.6.5 Other requirements of the Law.
8.7 In accordance with the Law, the Administration independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided by legislation in the field of personal data protection against unauthorized or illegal processing of data, as well as against unintentional loss, destruction, or damage.
8.8 The Administration adheres to the principle of minimizing personal data. We process only the information about you that is necessary, or information that goes beyond the necessary processing, which you provide voluntarily.
8.9 Additionally, we have configured the website to provide services in a way that ensures maximum confidentiality and can be adjusted at your discretion. When transmitting personal data to state authorities, we always use the most secure and proven methods of data transmission.
9. Rights of the Data Subject
9.1 Rights of personal data subjects according to Ukrainian legislation:
9.1.2 To know about the sources of collection, the location of their personal data, the purpose of their processing, the location of the personal data controller, or to give an appropriate authorization for obtaining this information to authorized persons, except as provided by law.
9.1.3 To receive information about the terms of access to personal data, including information about third parties to whom their personal data are transferred.
9.1.4 To access their personal data.
9.1.5 To receive, no later than thirty calendar days from the date of receipt of the request, except as provided by law, a response as to whether their personal data are being processed or stored, and if so, what data exactly.
9.1.6 To submit a reasoned request to the Administration to object to the processing of their personal data.
9.1.7 To submit a reasoned request for the modification or destruction of their personal data if the data are processed unlawfully or are inaccurate.
9.1.8 To protect their personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, non-provision, or untimely provision, as well as protection from the provision of information that is inaccurate or defamatory to the honor, dignity, and business reputation of the individual.
9.1.9 To lodge complaints about the processing of their personal data with the Administration, the Authorized Human Rights Representative of the Verkhovna Rada of Ukraine, or the court.
9.1.10 To apply legal remedies in case of violation of personal data protection legislation.
9.1.11 To make reservations regarding the restriction of the right to process their personal data when giving consent.
9.1.12 To withdraw consent to the processing of personal data.
9.1.13 To familiarize themselves with the mechanism of automatic processing of personal data.
9.1.14 To be protected from automated decision-making that has legal consequences for them.
9.2 The Administration has the right to entrust the processing of personal data to a third party with the consent of the data subject, unless otherwise provided by Ukrainian legislation, based on a contract concluded with a third party, the condition of which is compliance with confidentiality and non-disclosure of personal data.
9.3 Representatives of state authorities (including controlling, supervisory, law enforcement, and other bodies) have access to personal data processed by the Administration to the extent and in the manner determined by Ukrainian legislation.
9.4 Other rights of personal data subjects in accordance with the GDPR:
9.4.1 In addition to Ukrainian legislation on personal data protection, the Administration pays attention to ensuring your rights established by the GDPR.
9.4.2 Right to information.
9.5 We are ready to provide data subjects with information about which of their personal data we process.
9.6 If you wish to find out which of your personal data we process, you can request this information at any time, including by contacting the Administration. You can find the list of data that we must provide to you in Articles 13 and 14 of the GDPR. In this case, when contacting us, you must specify your specific requirements so that we can consider your request on legal grounds and provide a response.
9.7 Please note that if we cannot verify your identity through electronic messages or during your phone call, or if there are reasonable doubts about your identity, we may ask you to provide a document confirming your identity, including by personal visit to the Administration's location. Only in this way can we avoid disclosing your personal data to a person who may impersonate you.
9.8 We process requests in the shortest possible time, but at the same time, we ask you to remember that providing a complete and lawful response regarding personal data is a complex process that can take about a month (up to 30 working days).
10. Cookies
10.1 Our website uses cookies. Cookies can be either "persistent" or "session" cookies: persistent cookies will be stored by the browser and will remain valid until the expiration date, unless deleted by the user beforehand; "session" cookies, on the other hand, will be deleted after the user's session with the website or after closing the browser. Cookies typically do not contain any information that identifies the user. However, your personal information that we have may be associated with information stored and obtained from cookies.
10.2 On our website, we use Google Analytics and Google Ads (formerly known as AdWords) to recognize the computer when the user: visits the website; navigates the site; uses the shopping cart on the site, and more.
10.3 We use cookies for the purpose of: site usability; website usage analysis; site administration; fraud prevention and site security enhancement; site personalization for individual users; targeted advertising that may be of interest to individual users.
11. Right to Rectify Your Data
11.1 If you find that some of the personal data we process about you is incorrect or outdated, please inform us. In this case, we may ask you to PROVIDE a document confirming your identity, including by personal visit to the Administration's location.
11.2 If you want to correct personal data processed by us, you can correct them yourself by logging into your account on the website or by contacting the Administration.
11.3 In certain cases, we CANNOT change your personal data. In particular, such cases may include when your personal data have already been used in the performance of a contract and/or they are contained in a tax document prepared in accordance with tax legislation.
12. Withdrawal of Consent to Personal Data Processing and Right to Erasure
12.1 If the Administration processes your personal data based on consent to the processing of personal data (in particular, for marketing/advertising mailings), further processing can be terminated at any time. It is sufficient to withdraw consent for such processing.
12.2 You also have the right to erasure. In cases provided for in Article 17 of the GDPR, the Administration will delete your personal data that it processes, except for personal data that we are obliged to retain in accordance with legal requirements.
12.3 In this case as well, for security purposes, the Administration may ask you to provide a document confirming your identity, including directly at the Administration's location.
13. Storage of Personal Data
13.1 The Administration maintains a database of personal data. To ensure their security, we use cloud storage provided by https://drupalteam.org/. The data is located in data processing centers in Ukraine.
14. Changes to the Privacy Policy
14.1 This Policy may be amended or terminated by the Administration unilaterally without prior notice to users, including if required by law. The new version of the Policy comes into force from the moment it is posted on the website, unless otherwise provided by the new version of the Policy. Therefore, we ask you to check the current Policy to ensure that you have the latest information.
15. Who You Can Contact for the Protection of Your Personal Data
15.1 If you have any questions, comments, complaints, or requests regarding the protection and processing of personal data, you can contact us at https://drupalteam.org/. Or you can email us at: hello@drupalteam.org.
15.2 Please provide your name, surname, email address, and detailed questions, comments, complaints, or demands in all correspondence.
15.3 The administrative authority responsible for personal data protection in Ukraine is the Department for Personal Data Protection of the Secretariat of the Commissioner for Human Rights of the Verkhovna Rada of Ukraine. You can contact them with complaints or suggestions if you believe that your rights have been violated in connection with the processing of personal data.