EDGLAB policy on personal data processing
1. Purpose and scope of the document
- «EDGELAB's Policy on the Processing of Personal Data» (hereinafter - the Policy) defines the position and intentions in the field of processing and protection of personal data, in order to comply with the protection of the rights and freedoms of each person and, in particular, the right to privacy, personal and family secrecy, protection of one's honor and good name.
- The Policy must be implemented by managers and employees of all structural units and branches of EDGELAB.
- The Policy applies to all personal data of subjects processed in EDGELAB with and without the use of automation tools.
- This Policy can be accessed by any which subject of personal data.
2. Definition
- Personal data - any information belonging directly or indirectly to a specified natural person (citizen). That is, such information, in particular, may include: full name, year, month, date and place of birth, address, information about family, social, property status, information about education, occupation, income, health information, and other information.
- Processing of personal data is any action (operation) or set of actions (operations) with personal data carried out with or without automation. Such actions (operations) may include: collecting, receiving, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
- Subjects of personal data. EDGELAB has the right to process personal data of the following persons:
- EDGELAB employees;
- subjects with whom civil contracts have been concluded legal nature;
- candidates for filling vacant EDGELAB positions;
- EDGELAB clients;
- registered users of the EDGELAB website;
- representatives of legal entities;
- suppliers (individual entrepreneurs).
3. Principles and conditions of personal data processing
- Under the security of personal data, EDGELAB understands the protection of personal data against illegal or accidental access to them, destruction, changes, blocking, copying, provision, distribution of personal data, as well as other illegal actions regarding personal data and takes the necessary legal, organizational and technical measures to protect personal data.
- Processing and ensuring the security of personal data at EDGELAB is carried out in accordance with the requirements of the Constitution of Ukraine, by-laws, other defining cases and peculiarities of the processing of personal data laws of Ukraine.
- When processing personal data, EDGELAB adheres to the following principles:
- legality and fair basis;
- limiting the processing of personal data to the achievement of specific, predetermined and legal goals;
- preventing processing of personal data incompatible with the purpose of collecting personal data;
- preventing the merging of databases, containing personal data, the processing of which is carried out for mutually incompatible purposes;
- processing of personal data corresponding to the purposes of their processing;
- compliance with the content.
- EDGELAB processes personal data only in the presence of at least one of the following conditions:
- processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
- processing of personal data is necessary to achieve the goals provided for by law, to implement and fulfill the functions, powers and duties assigned to the operator by the legislation of Ukraine;
- processing of personal data is necessary for the performance of a contract to which the subject of personal data is a party, as well as for the conclusion of a contract at the initiative of the subject of personal data or a contract under which the subject of personal data will be the beneficiary or guarantor;
- processing of personal data is necessary to exercise the rights and legitimate interests of EDGELAB or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated;
- personal data is processed, access of an unlimited number of persons to whom personal data was provided by the subject or at his request;
- processing of personal data subject to publication or mandatory disclosure in accordance with the law of Ukraine.
- EDGELAB has the right to entrust the processing of personal data of citizens to third parties based on the contract concluded with these persons.
- Persons processing personal data on behalf of EDGELAB undertake to comply with the principles and rules of personal data processing and protection provided for by the law of Ukraine. For each person, a list of actions (operations) with personal data that will be carried out by the legal entity processing personal data is defined, the purpose of processing, the established obligation of such a person to observe confidentiality and ensure the security of personal data during their processing, as well as the specified requirements for the protection of processed personal data. In cases established by the legislation of Ukraine, EDGELAB has the right to transfer personal data of citizens.
- For the purpose of information provision, EDGELAB can create publicly available sources of personal data of employees, in particular directories and address books. Publicly available sources of personal data, with the consent of the employee, may include his surname, first name, patronymic, date and place of birth, position, contact phone numbers, email address. Information about the employee must be excluded from publicly available sources of personal data at any time at the request of the employee or by decision of the court or other authorized state bodies.
- EDGELAB destroys or anonymizes personal data in order to achieve the purposes of the processing or in the event that it is no longer necessary to achieve the purpose of the processing.
4. Rights of the subject of personal data
A citizen whose personal data is processed by EDGELAB has the right to:
Receive from EDGELAB:
- confirmation of the fact of EDGELAB processing of personal data;
- legal bases and purposes of personal data processing;
- information about the personal data processing methods used by EDGELAB;
- name and location of EDGELAB;
- information about persons who have access to personal data or to whom personal data may be disclosed on the basis of the contract with EDGELAB or on the basis of the law of Ukraine;
- the list of processed personal data relating to the citizen from whom the request was received and the source of their receipt, if another procedure for providing such data is not provided for by the law of Ukraine;
- information about the terms of personal data processing, in particular the terms of their storage;
- information on the procedure for exercising rights by a citizen, provided for by the Law of Ukraine «On Personal Data»;
- information on the ongoing or anticipated cross-border transfer of personal data;
- the name and address of the person processing personal data on behalf of EDGELAB;
- other information provided by the law «On personal data» or other laws of Ukraine;
- request clarification of their personal data, their blocking or destruction in the event that personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
- withdraw your consent to the processing of personal data;
- to demand the elimination of unlawful actions by EDGELAB regarding his personal data;
- appeal the actions or inaction of EDGELAB to the supervisory service in the field of communications, information technologies and mass communications or in court if the citizen believes that EDGELAB processes his personal data in violation of the requirements of the law «On Personal Data» or otherwise violates his rights and freedoms;
- for the protection of their rights and legitimate interests, in particular for compensation for damages and/or compensation for moral damage in court.
5. Liability
In case of non-fulfillment of the provisions of this Policy, EDGELAB shall bear responsibility in accordance with the current legislation of Ukraine.
We pay attention
Get clarification on the processing of your personal data, that interests you, you can contact EDGELAB personally.
The current version of the «EDGELAB Policy on Personal Data Processing» is published on the edgelab.agency website.
Information on implemented requirements for the protection of personal data EDGELAB uses the necessary legal, organizational and technical measures to protect personal data from illegal or accidental access to them, destruction, changes, blocking, copying, provision, distribution of personal data, as well as other illegal actions regarding personal data.
Such measures in accordance with the law «On Personal Data» include:
- identification of personal data security threats during their processing in personal data information systems;
- the application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems, necessary to fulfill the requirements for the protection of personal data, the implementation of which ensures the levels of personal data security established by the Government of Ukraine;
- application of compliance assessment of information protection means that have undergone the procedure in accordance with the established procedure;
- evaluation of the effectiveness of measures, that are used to ensure the security of personal data before putting the personal data information system into operation;
- detection of unauthorized access to personal data and taking measures;
- restoration of personal data modified or destroyed as a result of unauthorized access to them;
- establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions carried out with personal data in the personal data information system;
- control over the measures taken to ensure the security of personal data and the level of security of personal data information systems;
- accounting of machine carriers of personal data;
- organization of access to the territory of EDGELAB;
- placement of technical means of personal data processing within the protected territory;
- support of technical means of protection, signaling in constant readiness;
- monitoring of user actions, review of facts of violation of personal data security requirements.
In order to coordinate actions to ensure the security of personal data, EDGELAB has appointed persons responsible for ensuring the security of personal data.
In view of the fact that personal data can be obtained by EDGELAB exclusively within the framework of the user's use of the EDGELAB website and the fulfillment of contracts with EDGELAB, the notification of the authorized body for the protection of the rights of personal data subjects about the processing of personal data is not required.
Got questions?
EDGELAB specialists will advise, will share expertise and tell how to quickly increase the company's profit. Order a call from an expert - we will contact you and answer all your questions.