These Rules for the processing, storage, and protection of client data (hereinafter referred to as the Rules) define the procedure for handling user data registered on the bao.ua website.
1. General Provisions
This personal data processing policy is drawn up in accordance with the requirements of the Constitution of Ukraine and the Law of Ukraine “On Personal Data Protection” dated 01.06.2010 (hereinafter referred to as the Law), as well as the General Data Protection Regulation (EU) 2016/679 dated 27.04.2016 (EU GDPR) and other applicable European data protection laws, implemented by Sole Proprietor Yatsentyuk Inna Mykolaivna (hereinafter referred to as the Operator).
1.1. The Operator considers compliance with the rights and freedoms of individuals and citizens in the processing of their personal data, including the protection of the right to privacy, personal and family confidentiality, to be its most important goal and condition of its activities.
1.2. This policy of the Operator regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may obtain about users of the mobile application.
2. Basic Terms Used in the Policy
2.1. Automated processing of personal data – the processing of personal data using computer technology.
2.2. Blocking of personal data – the temporary suspension of personal data processing (except when processing is necessary to clarify personal data).
2.3. Mobile application – software designed to run on smartphones and other mobile devices, developed for a specific platform (iOS, Android).
2.4. Personal data information system – a set of personal data contained in databases and ensuring their processing using information technologies and technical means.
2.5. Anonymization of personal data – actions that make it impossible to determine, without additional information, the affiliation of personal data to a specific User or another subject of personal data.
2.6. Processing of personal data – any action (operation) or set of actions (operations) carried out using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
2.7. Operator – a legal entity that independently or jointly with others organizes and (or) carries out the processing of personal data, and determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal data – any information related directly or indirectly to a specific or identifiable User of the mobile application.
2.9. User – any user of the mobile application.
2.10. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.11. Distribution of personal data – any actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or familiarizing an unlimited number of persons with personal data, including the publication of personal data in the media, placement in information and telecommunications networks, or granting access to personal data by any other means.
2.12. Cross-border transfer of personal data – the transfer of personal data to the territory of a foreign state, to a foreign government authority, or to a foreign individual or legal entity.
2.13. Destruction of personal data – any actions resulting in the irreversible destruction of personal data without the possibility of further recovery in the personal data information system and/or the destruction of the material carriers of personal data.
3. The Operator may process the following personal data of the User:
3.1. Full name;
3.2. Email address;
3.3. Phone number;
3.4. Marketing surveys.
3.5. The site and mobile application also collect and process anonymized visitor data (including cookies) using internet statistics services (Google Analytics, Google Firebase, and others).
3.6. Data covered by this Policy is collectively referred to as Personal Data.
3.7. The Operator does not process or store information related to the User’s payment cards. The processing of payment card information is conducted by the payment system in use.
4. Purpose of Personal Data Processing
4.1. The purpose of processing the User’s personal data is to provide the User with access to the services, information, and/or materials available in the mobile application.
4.2. The Operator also reserves the right to send the User notifications about new products and services, special offers, and various events. The User can always opt-out of receiving such communications by sending an email to the Operator at [email protected] with the subject line “Unsubscribe from notifications about new products, services, and special offers.”
4.3. Anonymized User data collected through internet statistics services is used to collect information about User actions on the website and in the mobile application, to improve the quality of the site and mobile application, and their content.
5. Legal Basis for Personal Data Processing
5.1. The Operator processes the User’s personal data only if it is filled out and/or submitted by the User independently through special forms available in the mobile application. By filling out the respective forms and/or sending their personal data to the Operator, the User consents to this Policy.
5.2. The Operator processes anonymized User data if this is allowed in the User’s browser settings.
6. Procedure for Collecting, Storing, Transferring, and Other Types of Personal Data Processing. The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary for full compliance with current legislation in the field of personal data protection.
6.1. The Operator ensures the confidentiality of personal data and takes all possible measures to prevent unauthorized access.
6.2. Personal data will never, under any circumstances, be disclosed to third parties, except in cases required by law.
6.3. If any inaccuracies are found in the personal data, the User can update them by sending a notification to the Operator’s email address [email protected] with the subject line “Personal Data Update.”
6.4. The duration of personal data processing is unlimited. The User may revoke their consent to the processing of personal data at any time by sending an email to the Operator at [email protected] with the subject line “Revocation of consent to personal data processing.”
7. Cross-Border Transfer of Personal Data
7.1. Before beginning a cross-border transfer of personal data, the Operator must ensure that the foreign country to which the data is being transferred provides reliable protection of the rights of personal data subjects.
7.2. Cross-border transfer of personal data to countries that do not meet the above requirements may only be carried out with the written consent of the personal data subject or in the execution of a contract to which the personal data subject is a party.