Regulations on the processing and protection of personal data in personal databases owned by Digital Transformation Institute

General concepts and scope

Definition of terms:

• Personal database – a named aggregate of organized personal data in electronic form and/ or in the form of personal data files;
• Responsible person – a designated person who organizes work related to the protection of personal data during their processing, in accordance with the law "On Protection of Personal Data";
• Owner of personal database – Digital Transformation Institute;
• Consent of the subject of personal data – any voluntary expression of the will of an individual to grant permission for the processing of personal data in accordance with the stated purpose of their processing;
• Personal data processing – any action or set of actions performed in whole or in part in the information (automated) personal data system, which is related to the collection, registration, accumulation, storage, adaptation, modification, renewal, use and dissemination of information about an individual;
• Personal data – information or a set of information about an individual who is identified or can be specifically identified;
• Personal Database Administrator – a natural or legal person who has the right to process this data, which provided by the Owner of the personal database or by law;
• Personal data subject – a natural person in respect of whom his / her personal data is processed in accordance with the law;
• Third party – any person, except for the personal data subject, owner or administrator of the personal database and the authorized state body for personal data protection, to whom the owner or administrator of the personal database transfers personal data in accordance with law.

Personal data that can be processed

• The controller processes personal data, in particular, but not limited to: phone number, last name, first name and patronymic, e-mail, which may be required to provide access to the online platform and its functions;
• The Participant may also be asked to create a password to access the Personal Account, which is also part of the Member's account;
• The administrator also stores and processes impersonal general information in free form for data counting, such as: IP address, date and time of visit, type and language of browser, cookies, total number of visits to the Site, number of visits each page of the Site, names of service providers internet access.

The purpose of personal data processing

• Registration, accumulation, storage and updating of information about Entities and other third parties;
• Receipt by Entities of information on the Company's activities;
• Interaction with Entities for the purpose of selling goods (services) of the Company;
• Implemented and ensuring the proper operation of the online platform;
• Realization of the purposes and tasks provided by the constituent documents of the Company.

Procedure for processing personal data: obtaining consent

The consent of the personal data subject must be a voluntary expression of the will of the individual to grant permission for the processing of his personal data in accordance with the stated purpose of their processing. The consent of the personal data subject may be given in the following forms:

• a document on paper with details that allows you to identify this document and the individual;
• an electronic document, which must contain the obligatory details that allow to identify this document and the individual.
• mark on the electronic page of the document or in the electronic file processed in the information system on the basis of documented software and hardware solutions.

Location of the personal database

Company Digital Transformation Institute is the owner of the personal data of the Entity. In case of any questions or doubts regarding the Company's handling of the personal data, it can be contacted at the following address 15, Nyzhnii Val st. Kyiv.

Transfer of personal data to third parties

The Company ___ may transfer the personal data of the Entity to certain third parties, including:

• To the Company's IT providers, in particular cloud service management service providers;
• To the third parties involved in the sale of goods (sales of services) of the Company.

If necessary, personal data may also be provided to public authorities and local governments, courts, government agencies and law enforcement agencies.

Protection of personal data

• Digital Transformation Institute has adopted and is in place security measures and policies designed to protect personal data from loss, unauthorized use, modification or deletion.
• Personal data is accessible only to those who need it for their official duties. The responsible person organizes the work related to the protection of personal data during their processing, in accordance with the law.
• Personal data is kept for as long as it is necessary to fulfill inquiries and / or contractual obligations, comply with legal requirements, etc.

Rights of the subject of personal data

• The subject has the right:
• To request access to their personal data and to learn about their processing;
• To request the correction of his/her personal data;
• To request the destruction of personal data;
• Request restriction of personal data processing;
• Object to the processing of personal data;
• Withdraw consent (if any) for processing of personal data;
• File a complaint about the processing of personal data without consent.

Subject also may exercise their other rights under the Law of Ukraine "On Protection of Personal Data" № 2297-VI of June 1, 2010.

Amendments to this Regulation

The company Digital Transformation Institute reserves the right to make changes and additions to this Regulation.

The Company recommends that Entities periodically review the page of the site, which contains information on the processing and protection of personal data. In the event of any material changes, the Company will notify the Entity by publishing a notice of changes on the Site.