The company has great respect for the confidential (personal) information of all persons who visit the Site, as well as those who use the services provided by the Site; therefore, the Company strives to protect the confidentiality of personal data (information or a set of information about an natural person who is identified or can be specifically identified), thereby creating and ensuring the most comfortable conditions for using the Site services for each user.
In this privacy and personal data protection policy (hereinafter referred to as the Policy) sets out the procedure for the Company’s processing of personal data, types of personal data that is collected, the purpose of using such personal data, the Company’s interaction with third parties, security measures to protect personal data, the terms of access to personal data, as well as contact information for the user about access, making changes, blocking or deleting their personal data, and addressing any questions that you may have regarding the practice of personal data protection.
1. THE COLLECTION AND PROCESSING OF PERSONAL DATA
Purpose of personal data processing
The company processes and collects information about Users in different ways, including personal data. As used in this Policy, personal data meets the definition in the GDPR and any applicable law, including any information that, by itself or in combination with other information, identifies or may identify the User.
The company will only process User’s personal data in accordance with applicable data protection and privacy laws. The company needs certain personal data to provide Users with access to the Platform and provide services.
Personal data collection
The company collects information about Users when they use the Company’s services on the Platform. When Users use the services of a third-party service provider, the Company’s services can be embedded in their systems, and the Company automatically receives the information that Users have provided to them to provide certain services that the Company offers.
Use of personal data
The company can use Users’ personal data in order to:
– operate, maintain and improve the Platform, products and services;
– provide the Company’s services to Users;
– process payments or payment transactions made by Users through the Platform;
– comply with current legislation and perform legitimate requests, including responding to requests from government agencies;
– ensure compliance with the Policy;
– protect the rights, privacy, security or property of individuals;
– as well as described in the section Sharing Personal Data below.
2. EXCHANGE OF PERSONAL DATA
The company can transfer Users personal data in the following ways:
– Third parties assigned by Users. The company can transfer personal data to third parties if the User has given its consent to this.
– Service providers for the Company. The company can transfer Users’ personal data to service providers that provide the services required by the Company, such as banks or other financial institutions, to process Users’ transactions and perform other financial transactions.
– Other case. The company can transfer Users’ personal data if it considers it necessary or appropriate: (A) to comply with laws; (B) to comply with legitimate requests and legal procedures, including requests from government authorities to comply with national security requirements or decisions; (C) to enforce Policies; (D) to protect the rights, privacy, security or property of individuals.
3. PLATFORMS OF OTHER SERVICES
4. INTERNATIONAL TRANSFER OF DATA
Information, including personal data that the Company receives from Users, can be transferred, stored and processed by the Company outside of the country where the User resides, including Ukraine, where data protection and privacy laws can provide a lower level of data protection than in other parts of the world. By using our Platform and providing consent, you agree to this transfer, storage and processing. The company will take all reasonable and necessary steps to ensure the safe handling of personal data in accordance with this Policy.
In order to ensure the security of data transfer and storage of payment card holders when providing the relevant services, the BillLine software product has been certified for compliance with the international Payment Card Industry Data Security Standard (hereinafter referred to as the PCI DSS) and continuously ensures compliance with this standard.
Implementation of PCI DSS standards means:
– implementation with all requirements of the international payment systems VISA and Mastercard according to the rules of payments and data protection;
– defining and developing the company’s security policy;
– providing reliable data encryption and transmitting it over the network only in encrypted form;
– differentiation of access to data based on job responsibilities and authority with real- time access control;
– defining strict requirements for the process of software development, testing and implementation with multi-stage data processing security control;
– implementation of a regular scan process system to detect vulnerabilities and then eliminate it;
– constant monitoring of the security of the user’s data both at the time of the user’s operation and for the user’s stored data;
– constantly updating to the latest and protected versions of the software used.
6. STORAGE OF PERSONAL DATA
The company will store Users’ personal data for a reasonable period of time that is necessary for Users to use the Platform if a longer retention period is not required or permitted by law (for example, for regulatory purposes).
7. RIGHTS OF THE PERSONAL DATA SUBJECT
The company informs You about Your rights as a subject of personal data, which are regulated by the Law of Ukraine On Personal data protection, namely:
– know about the sources of collection, the location of their personal data, the purpose of their processing, the location or place of residence (stay) of the owner or manager of personal data, or give a corresponding order to obtain this information to authorized persons, except in cases established by law;
– receive information about the terms of providing access to personal data, including information about third parties to whom its personal data is transmitted;
– access to your personal data;
– receive a response no later than thirty calendar days from the date of receipt of the request, except in cases provided for by law, on whether his personal data is being processed, as well as receive the content of such personal data;
– submit a reasoned request to the owner of personal data with an objection to the processing of their personal data;
– submit a reasoned request for changing or destroying your personal data by any owner or Manager of personal data, if this data is processed illegally or is unreliable;
– protect your personal data from illegal processing and accidental loss, destruction, damage due to deliberate concealment, failure provision or untimely provision of them, as well as protection from providing information that is unreliable or discrediting the honor, dignity and business reputation of a natural person;
– complain about the processing of your personal data to the Commissioner for human rights of the Verkhovna Rada of Ukraine or to the court;
– apply legal remedies in case of violation of legislation on personal data protection;
– make reservations about restricting the right to process your personal data when providing consent;
– withdraw consent to the processing of personal data;
– know the mechanism for automatic processing of personal data;
– protection against an automated decision that has legal consequences for it.
To update, access, amend, block or delete your personal data, withdraw your consent to the processing of personal data that You have provided to the Company in accordance with this Policy, or if you have any comments, requests or complaints about Your personal data processed by the Company, please contact the Company: by email /or write an email to email@example.com.
This Policy can be amended and supplemented from time to time without prior notice to the user, including when legal requirements change.
If significant changes are made to this Policy, the Company will post a notice on the Site and specify the effective date of these changes. If You do not refuse to accept them in writing within the specified period, this will mean that You agree to the relevant changes to the Policy.
Please review the Policy from time to time in order to be aware of any changes or additions.