Personal data processing policy



1. GENERAL PROVISIONS

1.1. This GLOBUS.studio policy regarding the processing of personal data (hereinafter - the Policy) is approved in accordance with with the law "On Personal Data" and applies to all personal data that GLOBUS.studio (hereinafter referred to as the Operator) can receive from the subject of personal data.

1.2. The Policy applies to personal data received both before and after the approval of this Policy.

1.3. This Policy is a publicly available document declaring the conceptual foundations of the Operator's activities in the processing and protection of personal data.

2. PERSONAL DATA PROCESSED BY THE OPERATOR

2.1. Within the framework of this Policy, personal data means:

2.1.1. Personal data received by the Operator for the conclusion and execution of a contract, a party to which, or a beneficiary or guarantor, according to which the subject of personal data is.

2.1.2. Personal data obtained by the Operator in connection with the implementation of labor relations.

2.2. The terms and conditions for the termination of the processing and storage of personal data of the personal data subject are determined in accordance with the procedure established by the legislation of Ukraine.

3. PURPOSE OF COLLECTION, PROCESSING AND STORAGE AND LEGAL RATIONALE FOR THE PROCESSING OF PERSONAL DATA

3.1. The operator collects, processes and stores the personal data of the personal data subject in order to:

3.1.1. Conclusion and execution of the contract.

3.1.2. Implementation of labor relations.

3.1.3. Implementation and execution of functions, powers and duties assigned by the legislation of Ukraine to the Operator on the basis and in accordance with the Constitution of Ukraine, The Law "On Personal Data", the Law "On Information, Information Technologies and Information Protection" and other requirements of the legislation of Ukraine in the field of processing and protection of personal data.

4. TERMS OF PROCESSING OF PERSONAL DATA AND THEIR TRANSFER TO THIRD PARTIES

4.1. The operator processes personal data using automation tools and without using automation tools.

4.2. The operator has the right to transfer the personal data of the personal data subject to third parties in the following cases:

4.2.1. The personal data subject has clearly expressed his consent to such actions.

4.2.2. The transfer is provided for by the current legislation of Ukraine within the established procedure.

4.3. When processing the personal data of the subject of personal data, the Operator is guided by the law "On Personal Data", other requirements of the legislation of Ukraine in the field of processing and protection of personal data and this Policy.

5. RIGHTS OF THE PERSONAL DATA SUBJECT

5.1. The personal data subject has the right to receive information regarding the processing of his personal data, including containing:

5.1.1. Confirmation of the fact of personal data processing by the Operator.

5.1.2. Legal bases and purposes of personal data processing.

5.1.3. The methods of processing personal data used by the Operator.

5.1.4. Name and location of the Operator, information about persons (except for the Operator's employees), who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of law.

5.1.5. Processed personal data relating to the relevant subject of personal data, the source of their receipt, unless another procedure for submitting such data is provided for by law.

5.1.6. Terms of processing personal data, including the terms of their storage.

5.1.7. The procedure for the exercise by the subject of personal data of the rights provided for by this law.

5.1.8. Information on the performed or expected cross-border data transfer.

5.1.9. The name or surname, name, patronymic and address of the person who processes personal data on behalf of the operator, if processing is or will be entrusted to such person.

5.2. Information regarding the processing of personal data of the personal data subject provided to the personal data subject, should not contain personal data relating to other subjects of personal data, except in cases where when there is a legal basis for the disclosure of such personal data.

5.3. The subject of personal data has the right to demand from the Operator clarification of his personal data, their blocking or destruction in the event that if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and also take measures provided by law to protect their rights.

6. INFORMATION ABOUT THE IMPLEMENTED REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA

6.1. The most important condition for the implementation of the goals of the Operator is to ensure the necessary and sufficient level of security information systems of personal data, compliance with confidentiality, integrity and availability of processed personal data and the safety of data carriers containing personal data at all stages of working with them.

6.2. The conditions and regime created by the Operator for the protection of information classified as personal data allow ensuring the protection of the processed personal data.

6.3. The Operator, in accordance with the current legislation of Ukraine, has developed and put into effect a set of organizational and administrative, functional and planning documents that regulate and ensure the security of processed personal data.

6.4. Introduced a security mode for processing and handling personal data, as well as a security mode for premises, in which the processing and storage of personal data carriers is carried out.

6.5. A person responsible for organizing the processing of personal data, administrators of personal data information systems and security administrator of information systems of personal data, he has defined responsibilities and developed instructions for ensuring the security of information.

6.6. The circle of persons entitled to process personal data has been determined, instructions have been developed for users to work with personal data, anti-virus protection, actions in crisis situations.

6.7. The requirements for personnel, the degree of responsibility of employees for ensuring the security of personal data have been determined

6.8. The employees engaged in the processing of personal data were familiarized with the provisions of the legislation of Ukraine to ensure the security of personal data and requirements for the protection of personal data, documents defining the policy of the Operator in relation to the processing of personal data, local acts on the processing of personal data. Periodic training is provided the specified employees to the rules for the processing of personal data.

6.9. Necessary and sufficient technical measures have been taken to ensure the security of personal data from accidental or unauthorized access, destruction, modification, blocking of access and other unauthorized actions:

6.9.1. An access control system has been introduced.

6.9.2. Protection against unauthorized access to workstations, information networks and personal data bases has been established.

6.9.3. Installed protection against malicious software and mathematical impact.

6.9.4. Regular backup of information and databases is carried out.

6.9.5. Information transmission over public networks is carried out using cryptographic information protection tools.

6.10. A system of control over the procedure for processing personal data and ensuring their security has been organized. Checks planned compliance of the personal data protection system, audit of the level of protection of personal data in personal data information systems, functioning of information security tools, identifying changes in the processing mode and protecting personal data.

7. UPDATE AND APPROVAL OF POLICIES

7.1. The policy is approved and put into effect by an administrative document signed by the head of the Operator.

7.2. The operator has the right to make changes to this Policy. When making changes in the name of the Policy, the date of the last revision of the edition is indicated. The new version of the Policy comes into force from the moment it is posted on the Operator's website, unless otherwise provided by the new version of the Policy.

7.3. The norms of the current legislation of Ukraine are applied to this Policy and the relationship between the subject of personal data and the Operator.

Home