Confidentiality of Personal Data

1.The categories of data to be processed:

  • inventory data (e.g. names, addresses);
  • contact data (e.g. e-mail addresses, phone numbers);
  • content (e.g. text input);
  • usage data (e.g. interest in content, access time);
  • metadata/communication data (e.g. device information, IP addresses).

2. Purpose of processing

  • Provision of the online offer (online store), its functionality and content.
  • Responding to contact requests and communication with users.
  • Security measures.
  • Reach measurement/marketing.

3. Terms used

  • “Personal data” are defined as any information relating to an identified natural perso, or individual (hereinafter referred to as “identified persons”). An individual is classified as identifiable, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier (for example, a cookie file), or to one or more specific features that serve as an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of the said individual.
  • “Processing” means any action or a sequence of actions performed with or without automated means in connection with personal data.
  • “Data Controller” is Private Enterprise ECUS (61002, Kharkiv region, Kharkiv, Kyivskyi district, 19 Darvin Street, phone: 0675772008, Email: info@clp.org.ua), EDRPOU code 21249324.
  • Terms that have a statutory definition shall be construed as defined in the Ukrainian legislation.

4. Legal framework

Pursuant to the Law of Ukraine “On Personal Data Protection” and Art. 13 GDPR, we hereby inform you of the legal basis for our data processing.

5. Security measures

We encourage you to regularly review the content of our data privacy statement. If required, we will update the statement whenever we alter our data processing practices. We will notify you whenever you are required to take action due to these changes (e.g., provide your consent) or whenever other specific notification becomes necessary.

6. Cooperation with data processors and third parties

In case we disclose data to other persons and organisations (data processors or third parties), transfer data to them or provide them with access to data in any other way during our processing, we do so only to the extent permitted by law (in particular, when data transfer to third parties, including payment service providers, is essential to perform the relevant contract).

7. Rights of identified persons

You are entitled to request confirmation of whether the relevant data are being processed and receive information about the data, as well as additional information and copies of these data.
You are entitled to request that the data concerning you be completed if they are incomplete or corrected if they are inaccurate.
You are entitled to request the immediate deletion of the relevant data or, alternatively, the restriction of the data processing.

8. Right to withdraw consent

You are entitled to withdraw your consent, which will stay effective.

9. Right to object

You may object to further processing your data according to Art. 21 GDPR at any time. You may object, in particular, to your data processing for direct marketing purposes.

10. Cookies and right to object to direct marketing

Cookies are small files stored on users’ computers. Cookies can contain various data. The main purpose of cookies is to record data about the user (and the details of the device on which the cookies are stored) during or after their visiting an online offer. Session cookies, also known as temporary cookies, are the cookies deleted after the user has left the online offer and closed their browser. Such cookies can, for instance, record the contents of an online shopping cart or a login status. Persistent cookies are stored after the browser is closed. It means that the user’s login status is saved if they return to the website a few days later. This cookie file can also record the user’s interests for reach measurement or marketing purposes.

We may use both session and persistent cookies and provide detailed information on this in our privacy statement.
If users do not want cookies to be stored on their computers, they are encouraged to disable the corresponding option in their browser settings. Saved cookies can be deleted in the browser settings. Disabling cookies may impair the functionality of the online offer or make it impossible to be used.

11. Data deletion

The data we process will be deleted or their processing will be restricted. Unless explicitly stated in this privacy statement, the data we store will be deleted as soon as they are no longer needed for their intended use, and no statutory retention periods apply to prohibit their deletion. If the data are not deleted due to being needed for other legally permitted purposes, their processing will be restricted. That is, the data will be blocked and not processed for any other purposes. This applies, for example, to the data to be be stored under commercial or tax laws.

12. Data processing for commercial uses

We additionally process:

  • contractual data (e.g. regarding contract subject matter, validity and customer category).
  • Payment data (e.g. bank account details, payment history) relating to our clients, potential clients and business partners for the purposes of performing contractual services, providing backup services and customer service, marketing, promotions and market research.

13. Hosting

We use hosting to provide the following services: infrastructure and platform services; computing power; storage and database services; security services; and maintenance services to ensure our online offering operations.
In this case, we and/or our hosting provider process inventory data, contact data, content, contractual data, usage data, metadata and communication data of our customers, potential customers and the visitors of our online offering, based on our legitimate interest in providing efficient and secure online offering operations.

14. Access and log data collection

Following our legitimate interests, we and/or our hosting provider collect data in server log files whenever the service hosting server is accessed. Access data includes the name of the website/file accessed, access date and time, volume of transferred data, successful access notification, user’s browser type, including its version, user’s operating system, referrer URL (the page visited immediately before the access), user’s IP address and the request provider.

Log file data are stored for a maximum of seven days for security reasons (e.g. to investigate abuse or fraud) and then deleted. Data that must be stored longer as evidence are excluded from the deletion procedure until the case is finally resolved.

15. Order processing in the online store and in the identified person’s account (customer)

We process our customers’ data in response to their orders submitted in our online store to facilitate their selection and order of our products and services, as well as to fulfil these orders (payment and delivery).
The data we process include stock data, communication data, contract data and payment data. Data subjects include our customers, potential customers and other business partners. We process data to provide contractual services related to our online store operations, including respective customer billing, shipping and servicing. For this purpose, we use session cookies to store the contents of shopping carts and persistent cookies to store user registration data.
We process data determined as necessary for making, entering into and performing the contract. We will disclose data to third parties only when carrying out delivery and payment procedures or as part of our legal rights and obligations to legal advisors and governmental agencies.

Users are offered an option to create their personal account, which will enable them, e.g. to view their orders. Mandatory notifications are shown to users during their registration. User accounts are not publicly available and cannot be indexed by search engines. When users terminate their accounts, the related user account data are deleted, unless required to be stored for commercial or tax legislation. Customer account data are stored until the account is deleted and archived afterwards, should it be mandatory to store them. Users are responsible for keeping their data if they cancel their subscription before their contract expiry.

During registration and login procedures, as well as when users use our online services, we store the user’s IP address and the time of the corresponding action. The data are stored based on our legitimate interests and in the users’ interests to protect them against abuse and other unauthorized use. Essentially, we will not disclose these data to any third parties, except it is necessary to satisfy our claims or provided it is legally mandatory for us to do so.

The data will be deleted upon termination of the relevant obligations. We will review the need to store data every three years. If data archiving is required by law, we will delete them upon the expiry of the statutory retention period.

16. Social media presence

We maintain our online presence in social media and on media platforms to communicate with customers, stakeholders and users of these media, as well as to inform them of our products and services. When users access these social media and platforms, they are subject to the terms, conditions, and data processing standards of the respective operators.

Unless otherwise specified in our privacy statement, we will process users’ data when they communicate with us through social media and platforms, for example, when they send us messages.

17. Contact

When users contact us (for example, through our online contact form, email, phone, or social media), their data are processed to process their requests. User data may be stored in a customer relationship management system (CRM) or in the similar inquiry processing infrastructure.

We delete submitted requests when they are no longer needed. We review the need to store such requests biannually.

18. Provision of digital content

Pursuant to our legitimate interests, we collect data on using the digital content in the online browser of our digital library. The data processed include the name of the website/file accessed, access date and time, volume of transferred data, successful access notification, user’s browser type including its version, user’s operating system and their shortened IP addresses.
Users accessing licensed digital content in our digital library are subject to data processing. The processing is carried out to provide contractual services and support, compile anonymous usage statistics, and based on our legitimate interest in protection against abuse and other unauthorized use. Essentially, we will not disclose these data to any third parties, except it is necessary to satisfy our claims or provided it is legally mandatory for us to do so.

19. External payment service providers

We use external payment service providers providing platforms for users and us to make payment transactions, for example

In addition, we use the payment services below:

We use external payment service providers based on our reasonable interests to offer our users a convenient, efficient and secure payment method.

The data processed by payment service providers include the inventory data, such as the name and address, banking data, such as account numbers or credit card numbers, passwords, TANs and check amounts, as well as the contract, amount and recipient specific data. The data are required to effect transactions. However, the data entered are only processed and stored by the payment service providers. This means that we do not receive any account or credit card information, but only information on whether the payment has been approved or declined.

The T+Cs and data protection notices of the respective payment service providers apply to payment transactions. You may view them on the respective websites and in the transaction applications. Please, also review them for additional information and to assert your rights of cancellation, disclosure and other rights.

© Civil Platform. All rights reserved. 2024