Notice on the processing of personal data

In accordance with paragraphs 1 and 2 of part two of Article 8, part two of Article 12 of the Law of Ukraine “On Personal Data Protection”, the state institution “Entrepreneurship and Export Promotion Office” (hereinafter referred to as the Institution) in this notice on the processing of personal data informs about who collects, processes personal data, as well as the composition and purpose of collecting personal data processed using the website “Diia.Business” (hereinafter referred to as the website), third parties to whom such personal data are transferred, and the rights of the subject of personal data.

On behalf of the Institution, we are committed to protecting your personal data and your right to data confidentiality. If you have any questions or doubts regarding this notice on the processing of personal data or our practices in handling your personal information, please contact us at: DataProtection@epo.org.ua.

When you visit the website https://business.diia.gov.ua, use the services and services within it, you entrust us with your personal information. We take the confidentiality of your data seriously and the key principles for the processing of personal data. This notice on the processing of personal data sets out the basic framework conditions for a data protection statement that complies with the provisions of the EU General Data Protection Regulation (GDPR). We would like to explain to you as clearly as possible what information we collect, how we use it and what rights you have in this regard. If you do not agree with any of the terms of this notice on the processing of personal data, we ask you to stop using our website and the services within it.

This privacy policy applies to all information collected on the website (https://business.diia.gov.ua) and/or its related services.

The following are responsible for data processing:

Please read this notice on the processing of personal data carefully, it will help you make informed decisions about providing us with your personal information.

1. WHAT INFORMATION DO WE COLLECT?

Personal information that you disclose to us

Short answer: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register and log in to the website, fill out a profile in your personal account, fill out forms to order services.

The personal information that we collect may include:

Publicly available personal information: name, surname; personal tax number; phone numbers; company email address; company data: name; registration code of the Unified State Register of Economic Activities or TIN; legal form; legal address; personal email address; phone number; website; files uploaded to the website, and other similar data.

Collection of last name, first name, patronymic (if any), registration number of the taxpayer's account card, email address, mobile phone number and other personal data is carried out:

• during authentication and authorization, which is performed using a Google account;

• by directly providing personal data by an individual while using the website.

Personal information that you provide: program agent, user session and other similar data.

Information that is collected automatically:

Short answer: some information — IP address and/or browser characteristics, geolocation — is collected automatically when you visit this website.

We automatically collect certain information when you visit, use or browse the website. This information does not reveal your identity (for example, your name or contact details), but may include data about your device and its usage (for example, your IP address, browser and device settings). This information is needed, primarily, to ensure the security and functionality of the website.

Online means of identifying the visitor (user) of the website: we collect IP addresses (Internet Protocol) and means of identifying cookies.

Cookies are small text files that are stored on the browser of the visitor (user) of the website. We use them during the session to identify users when they visit our site, in order to ensure reliable operation of the system. User cookies are stored on the user's browser in an encoded form. They can be disabled in the browser. However, this may negatively affect the functioning of the website.

2. HOW DO WE USE INFORMATION OBTAINED FROM YOU?

Short answer: We process your information for purposes related to legitimate business interests, the performance of our agreement with you, compliance with our legal obligations and/or your consent.

We use personal information collected through the Website for various business purposes as set out below. We process your personal information for these purposes in accordance with our legitimate business interests to enter into or perform a contract with you with your consent and/or to comply with our legal obligations. We set out the relevant grounds for processing the information next to each of the purposes as set out below.

We use the information we collect or receive:

• To send you administrative information, available services and new features and/or information about changes to the Website rules.

• To protect the website, for example, to monitor and prevent possible fraud.

• To provide the data subject with access to services provided using the website.

3. WILL YOUR INFORMATION BE PROVIDED TO ANY THIRD PARTIES?

Short answer: We only provide information to third parties with your consent to process your personal data, to ensure compliance with the law, to provide you with services, to protect your rights.

We may process or provide data based on the following legal grounds:

• Consent: We may process your data if you have given us consent to process your personal data to use your personal information for a specific purpose.

• Enforcement of consent to process your personal data: If you have given us your consent, we may process your personal information to perform the terms of our agreement.

• Provision of services: This information may be used, in particular, to enable the provision of consulting services by external consultants.

• Vital interests: Your information may be disclosed if necessary to investigate, prevent or respond to possible disruptions, violations, fraud, situations that pose a potential threat to the safety of any person.

Personal data is not transferred to foreign entities in relations related to personal data (cross-border transfer of personal data).

4. HOW LONG DO WE KEEP YOUR INFORMATION?

Short answer: We keep your information for as long as is necessary to fulfill the purposes set out in this privacy policy, unless otherwise required by applicable law.

We will keep your information for no longer than is necessary for our business purposes, unless you request that we delete your data. After that, the data will be deleted from our database.

5. HOW DO WE PROTECT YOUR INFORMATION?

Short answer: We protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate technical and organizational security measures designed to protect the security of all personal information we process. However, please note that we cannot guarantee the complete security of the Internet. While we make every effort to protect your personal information, the transmission of personal information to and from our services is at your own discretion and risk. You should only access the services in a secure environment.

6. DO WE COLLECT INFORMATION FROM MINORS?

Short answer: we do not knowingly collect data from individuals under the age of 16 and do not offer them products and services. Information is collected from visitors (users) over the age of 16 who are engaged in entrepreneurial activities.

Individuals who have reached the age of 16 can register as an individual entrepreneur in Ukraine. For an individual who has reached the age of 16 and has a desire to engage in entrepreneurial activities, but does not have full civil capacity, it is necessary to submit a notarized written consent of the parents (or adoptive parents, guardian or guardianship and trusteeship body).

We do not knowingly collect data from individuals under the age of 16 and do not offer them products and services. By using the Services, you confirm that you are 16 years of age and that you are engaged in entrepreneurial activity and consent to the processing of personal data. If we become aware of the receipt of personal information from users under the age of 16, we will deactivate the relevant account and ensure the prompt deletion of this data from our system. If you become aware of any data that we have received from individuals under the age of 16, we ask you to contact us at DataProtection@epo.org.ua.

7. WHAT DATA PRIVACY RIGHTS DO YOU HAVE?

In certain circumstances, you may also have the right to object to the processing of your personal information. To submit a relevant request, please use the contact details provided below. We will consider each request and will act in accordance with applicable data protection legislation.

If we act in accordance with your consent to process your personal information, you have the right to withdraw your consent at any time. However, this does not affect the lawfulness of the processing of your personal information prior to your withdrawal of consent.

If you have any questions or comments regarding your data privacy rights, you can send us a message at DataProtection@epo.org.ua.

8. DATA BREACH

Data confidentiality is violated in the event of unauthorized access to or collection, use, disclosure and disposal of personal information. You will receive a notification of a data breach if you may be seriously harmed. For example, a data breach may lead to serious financial losses or harm to your mental or physical health. If the Institution becomes aware of a security breach that has led to or may lead to unauthorized access, use or disclosure of personal information, the Institution will conduct a prompt investigation of the case and notify the authorized supervisory state body no later than within 72 hours of receiving information about the breach, except in cases where the breach of personal data is not likely to harm the rights and freedoms of natural and legal persons.

9. CONTROL OF DO-NOT-TRACK FEATURES 

Most web browsers and some operating systems and mobile applications have a Do-Not-Track (“DNT”) feature or setting that you can enable to communicate your preferred level of privacy that prevents the monitoring and collection of your online activity. There is currently no single technological standard for identifying and implementing DNT commands. In any case, we take into account your browser settings and do not transfer data about your activity to third-party services if DNT is enabled.

10. DO WE UPDATE THIS NOTICE?

Short answer: yes, we update this Privacy Notice as necessary to comply with applicable law.

We may make changes to this Privacy Notice from time to time. The updated version will be marked with a new update date, and the updated version will be effective immediately after it is made available. We encourage you to review this Privacy Notice regularly to stay informed about how we process and protect your information.

11. HOW CAN YOU DELETE THE DATA WE RECEIVE FROM YOU?

You have the right to request the deletion of personal information we collect from you. To do so, you can contact us using the contact details provided above. We will respond to your request within 30 days.

Immediately upon receipt of the request, the data will be completely deleted from all databases without the possibility of recovery. However, we ask you to note that data may not always be completely or sufficiently completely deleted from our systems.