PRIVACY POLICY
PRIVACY POLICY
This Privacy Policy ("Policy") is effective between you and LIMITED LIABILITY COMPANY "VKMZ "FASAD", registered at the address: 03124, Kyiv, Vaclav Havel Boulevard, 16, registration code: 41486537, VAT: 414865326582 ("Company", "we", "us", "our", "VKMZ "FASAD"). Contact information, including our email address and other communication channels, is provided in the relevant section of this Policy below.
This Policy applies to our use of any personal data processed by us in connection with the offering and provision of our services, the sale of goods, and in other cases provided for in this Policy.
This Policy has been prepared in accordance with the requirements of the Law of Ukraine No. 2297-VI "On the Protection of Personal Data" ("the Law"), as well as the General Data Protection Regulation of the European Union ("GDPR"), where applicable.
In processing your personal data, we may perform various roles in accordance with the Law or GDPR. Depending on the actual circumstances of the processing, we may act as a personal data controller, recipient, personal data processor under the Law; data controller, joint controller, or data processor under the GDPR.
TERMS AND DEFINITIONS
In this Policy definitions are used as follows:
"Personal Data Controller" means a natural or legal person who determines the purpose of personal data processing, establishes the composition of such data and the procedures for their processing, unless otherwise provided by law.
"Recipient" means a natural or legal person to whom personal data is provided, including a third party.
"Personal Data Processor" means a natural or legal person to whom the personal data controller or the law grants the right to process such data on behalf of the controller.
"Data controller" [under GDPR] means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is processed.
"Data processor" [under GDPR] means the natural or legal person who processes personal data on behalf of the data controller.
"Joint controllers" [under GDPR] means two or more controllers jointly determining the purposes and means of processing.
"Data Subject" – a natural person whose personal data is held by the Company.
"Personal Data" means information or a set of information about a natural person who is identified or can be specifically identified.
"Processing" means any action or set of actions, such as collection, registration, accumulation, storage, adaptation, alteration, renewal, use and dissemination (distribution, sale, transfer), depersonalization, destruction of personal data, including using information (automated) systems.
TYPES OF PERSONAL DATA WE COLLECT
We collect the following types (categories) of personal data in the course of our activities:
(a) Contact (identification) information. When you submit personal data through contact/feedback forms, social networks, email, or provide it in a telephone conversation with Company representatives, we may collect your name, phone number, email address, social network identifiers, conversation records, and the content of your request.
(b) Order and delivery information. When you place an order for goods, we may collect your full name, location (country and city), delivery address, phone number, email address, information about whether you are a furniture manufacturer, as well as details regarding the type of ordered furniture, type of work, configuration preferences, and technical specifications. For the purpose of fulfilling and delivering your order, we may collect the name, phone number, and delivery address of a third-party recipient.
(c) Information about participants in exhibitions and events. When you attend our exhibitions or other events, we may collect and process your personal data, such as your name, contact details, and professional information. This is done to facilitate communication, manage event logistics, provide relevant information, and promote our products and services.
(d) Job applicant information. When you provide us with your personal data in response to a vacancy, we may collect data about your first and last name, phone number, email, resume, cover letter, portfolio links or professional social network profiles, education level, work experience, etc.
(e) Payment information. To fulfill your order, you may need to provide payment information. This may include data such as the selected payment method, bank account/bank card number, expiration date, CVV code, cardholder name, billing address, and transaction history.
(f) Service-related information. When we are engaged to provide services by another organization, we may receive personal data from that organization necessary to perform the services. This may include names, contact details, delivery addresses, order specifications, design preferences, or other information relating to end clients.
We use the personal data collected by us and the personal data you have provided to us or requested us to collect solely for the purposes specified in this Policy. We may transfer your personal data to third parties solely for the purposes specified in this document.
We DO NOT use automated decision-making, including profiling, which produces legal effects concerning the data subject or similarly significantly affects the data subject.
We DO NOT knowingly collect or process personal data of children or any sensitive personal data. Please refrain from sharing sensitive personal data about yourself or third parties.
What happens if I refuse to provide my personal data?
Your refusal to provide personal information may limit our ability to provide you with services/sell goods in whole or in the part that requires the use of personal information.
LEGAL BASIS FOR PROCESSING
The Law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
· Performance of a contract with you: Cases where we need to perform a contract that we are about to enter into or have already entered into with you.
· Our legitimate interest: We may use your personal data where it is necessary to conduct our business and achieve our legitimate interests, for example, to prevent fraud, protect our rights, and ensure the best and safest customer experience. We always consider and balance any potential impact on you and your rights (both positive and negative) before processing your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
· Legal obligations: We may use your personal data where necessary to comply with a legal obligation to which we are subject. We will identify the relevant legal obligation when we rely on this legal basis.
· Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specific purpose, for example, if you have subscribed to an email newsletter.
PURPOSES OF PROCESSING
|
Purpose of Processing |
Data Category |
Legal Basis |
|
Order processing and delivery |
Contact (identification information), order and delivery information |
Performance of a contract |
|
Payment operations and accounting |
Payment information |
Performance of a contract, legal obligations |
|
Customer communication (support, coordination) |
Contact (identification information) |
Performance of a contract, legal obligations |
|
Sale of goods and services |
Contact (identification information), order and delivery information, payment information, service-related information |
Performance of a contract, consent |
|
Marketing messages and commercial offers |
Contact (identification information) |
Consent |
|
Organization of exhibitions, trainings, other events |
Contact (identification information) |
Consent |
|
Quality control and dispute resolution |
Contact (identification information), order and delivery information, payment information, service-related information |
Performance of a contract, legitimate interest, consent |
|
Fraud prevention and security organization |
Contact (identification information), order and delivery information, payment information, service-related information |
Legitimate interest, legal obligations |
|
Disclosure of information upon lawful request by authorized state authorities |
Any requested information, the disclosure of which is provided for by law |
Legal obligations |
|
Employee recruitment |
Job applicant information |
Consent, legitimate interest |
We may also process certain personal data as a Processor on request and in accordance with instructions provided by the Data Controller.
In accordance with each purpose of processing, we process only those personal data and only to the extent that is minimally necessary to properly achieve the processing purposes.
We retain and process your personal data only for as long as is reasonably necessary to fulfill the purposes for which we collected them, except where longer retention is required or expressly permitted by law.
We retain and process personal data provided by the subject for 3 years from the moment the subject ceases legal relations with us.
We cannot delete or anonymize your data if we are required to retain it for compliance with the law or for the purposes of legal proceedings.
SHARING YOUR PERSONAL DATA WITH THIRD PARTIES
We share your personal data with the Company's partners. This may involve transferring your data outside Ukraine.
We may transfer your personal data to service providers who perform certain functions on our behalf. This may involve transferring personal data outside Ukraine.
Whenever we transfer your personal data to third parties, we ensure the security of your data, including by conducting prior due diligence on the third parties to whom we transfer personal data and entering into data processing agreements where required by law.
SECURITY OF YOUR PERSONAL DATA
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorized way. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected or actual personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.
RIGHTS OF THE DATA SUBJECT
The data subject has the right:
1) to know about the sources of collection, location of their personal data, the purpose of their processing, the location or place of residence (stay) of the personal data controller or processor, or to give a corresponding instruction to obtain this information to persons authorized by them, except in cases established by law;
2) to receive information about the conditions for providing access to personal data, including information about third parties to whom their personal data is transferred;
3) to access their personal data;
4) to receive, no later than thirty calendar days from the date of receipt of the request, except in cases provided by law, a response as to whether their personal data is being processed, as well as to receive the content of such personal data;
5) to make a reasoned request to the personal data controller with an objection to the processing of their personal data;
6) to make a reasoned request for the change or destruction of their personal data by any personal data controller and processor if such data is being processed unlawfully or is inaccurate;
7) to have their personal data protected from unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision thereof, as well as to protection from the provision of information that is inaccurate or dishonors the honor, dignity, and business reputation of the natural person;
8) to lodge complaints about the processing of their personal data with the Commissioner or the court;
9) to apply legal remedies in case of violation of the legislation on personal data protection;
10) to make reservations regarding the restriction of the right to process their personal data when giving consent;
11) to withdraw consent to the processing of personal data;
12) to know the mechanism of automatic processing of personal data;
13) to be protected from an automated decision that has legal consequences for them.
You may exercise your rights as a data subject or obtain clarification regarding the content of your rights and how we can assist in exercising your rights by contacting us at the email address: support@viyar.com
We may need to request specific additional information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We respond to requests for the exercise of individual data subject rights within the time limits established by the Law. If the Law does not establish a special time limit for responding to a data subject's request, the general time limits for considering citizens' appeals shall apply.
I AM LOCATED IN THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA
If you are located in the European Union or the European Economic Area, the processing of your personal data is carried out in accordance with the requirements of Regulation (EU) 2016/679 (GDPR). In this section, we explain the rights you have under the GDPR and how you can exercise them in relation to the processing of your data by our company.
|
Right under the GDPR |
Description |
How to exercise it |
|
Right to withdraw consent (Art. 7) |
You can withdraw your consent for data processing at any time. |
You can submit a request. |
|
Right to be informed (Art. 13, 14) |
You have the right to be informed about the collection and use of your personal data. |
All information about our collection and use of your personal data is described in this Privacy Policy and the Cookies Policy. |
|
Right of access (Art. 15) |
You have the right to confirm whether your personal data is being processed by us and access such data, along with specific information. |
You can submit a request.
|
|
Right to rectification (Art. 16) |
You have the right to correct inaccurate personal data about you and to have incomplete personal data completed. |
You can submit a request. |
|
Right to erasure (“right to be forgotten”) (Art.17) |
You have the right to have your personal data deleted without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the personal data have to be erased for compliance with a legal obligation in the European Union or an EU Member State law; the personal data have been collected in relation to the offer of information society services referred to in Article 8(1); the personal data have been unlawfully processed. |
You can submit a request.
|
|
Right to restriction of processing (Art. 18) |
You can limit the way in which we use your data where one of the following applies: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise, or defence of legal claims; you have objected to processing, pending the verification of that objection. |
You can submit a request.
Where processing has been restricted on this basis, we may continue to store your personal data.
However, we will only otherwise process it: with your consent; for the establishment, exercise, or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest. |
|
Right to data portability (Art. 20) |
You have the right to receive your personal data in a structured, commonly accepted, and machine-readable format and have the right to request that we transmit this data directly to another controller to the extent that the legal basis for our processing of your personal data is your consent or performance of a contract and the processing is carried out by automated means. |
You can submit a request. |
|
Right to object (Art. 21) |
You have the right to object to our processing of your personal data at any time to the extent that the processing is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
Also, you have the right to object to our processing of your personal data for direct marketing purposes (including profiling). |
You can submit a request.
|
|
Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22) |
This right restricts us from making solely automated decisions, including those based on profiling, which produce legal or other significant effects for data subjects. |
We DO NOT use automated decision-making and profiling. |
|
Right to lodge a complaint (Art. 77) |
You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the requirements of the GDPR. |
You can submit the complaint in the EU member state of your place of habitual residence or to the data protection authority stated in this Privacy Policy. |
|
Right to compensation (Art. 82) |
Any person who has suffered material or moral damage as a result of a violation of GDPR requirements has the right to receive compensation from the controller or processor for the caused damage. |
Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the EU Member State referred to in Article 79(2). |
CONTACTS
If you have any questions about this Policy or about the use of your personal data, or if you wish to exercise your rights, please contact us in the following ways:
Email: support@viyar.com
Correspondence address: 03124, Kyiv, Vaclav Havel Boulevard, 16
COMPLAINTS
You have the right at any time to lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights, who supervises compliance with personal data protection legislation in Ukraine. However, we would appreciate the opportunity to deal with your concerns before you approach the regulator, so please contact us in the first instance.
You can find the Commissioner's contacts on the official website: https://ombudsman.gov.ua/
POLICY UPDATES
We ensure that our Policy complies with the requirements of applicable law and maintains high standards of personal data processing. Therefore, we regularly review the Policy. We recommend that you periodically review the content of the Policy for changes. If you continue to use the Service after we update the Policy, you automatically agree to its provisions, which take effect from the moment of their publication.