EN
Policy on Processing and Protection of Personal Data

1. General Provisions

1.1. This policy (hereinafter referred to as the Policy) is developed in accordance with the Law of Ukraine dated June 1, 2010, No. 2297-VI "On Personal Data Protection," and other legislative acts (hereinafter referred to as the Law) and is an internal document of the TM "AURORA" (hereinafter referred to as the Operator), which defines the key areas of its activities in the field of processing and protection of personal data.

1.2. The Policy is developed to implement the requirements of the legislation of Ukraine in the field of protection and processing of personal data and aims to protect the fundamental rights and freedoms of individuals and citizens, including the right to privacy in connection with the processing of personal data.

1.3. The Operator's Policy regarding the processing of personal data applies to all information that the Operator may receive about visitors to the website https://avrora.ua/.

2. Key Concepts Used in the Policy

2.1. Personal Data Base - a named set of organized personal data in electronic form and/or in the form of personal data card files;

2.2. Owner of Personal Data - an individual or legal entity that determines the purpose of processing personal data, establishes the composition of this data, and the procedures for their processing unless otherwise provided by law;

2.3. Consent of the Personal Data Subject - the voluntary expression of will of an individual (provided that they are informed) to grant permission for the processing of their personal data in accordance with the formulated purpose of their processing, expressed in writing or in a form that allows for a conclusion to be made about the granting of consent. In the field of electronic commerce, the consent of the personal data subject can be given during registration in the information and telecommunications system of the electronic commerce entity by marking the permission to process their personal data in accordance with the formulated purpose of their processing, provided that such a system does not create opportunities for processing personal data before the marking is made;

2.4. Anonymization of Personal Data - the removal of information that allows for the direct or indirect identification of an individual;

2.5. Card File - any structured personal data available by defined criteria, regardless of whether such data is centralized, decentralized, or divided by functional or geographical principles;

2.6. Processing of Personal Data - any action or set of actions, such as collection, registration, accumulation, storage, adaptation, modification, renewal, use, and distribution (dissemination, implementation, transfer), anonymization, destruction of personal data, including with the use of information (automated) systems;

2.7. Recipient - an individual or legal entity to whom personal data is provided, including a third party;

2.8. Personal Data - information or a set of information about an individual who is identified or can be specifically identified;

2.9. Personal Data Manager - an individual or legal entity that is the owner of personal data or is legally granted the right to process this data on behalf of the owner;

2.10. Personal Data Subject - an individual whose personal data is processed;

2.11. Third Party - any person, except for the personal data subject, the owner or manager of personal data, and the Authorized Representative of the Verkhovna Rada of Ukraine for Human Rights, to whom the owner or manager of personal data transfers personal data.

2.12. Website - a collection of graphic and informational materials, as well as computer programs and databases that ensure their accessibility on the Internet at the web address https://avrora.ua/.

2.13. User - any visitor to the website https://avrora.ua/.

2.14. Operator - a state authority, legal or natural person who independently or jointly with other persons organizes and carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) carried out with personal data.

2.15. Cookie - a text file or files containing a small amount of information sent to the web browser and stored on the user's device. Such devices may include a computer, mobile phone, or other device through which the user visits the Site. Cookies can be persistent (called permanent cookies) and stored on the computer until the user deletes them, or temporary (these cookies are called session cookies), i.e., stored only until the browser is closed. In addition, cookies are divided into first-party (set directly by the visited Site) and third-party (set by other websites).

3. Purposes and Main Conditions for Processing Personal Data

3.1. The processing of personal data is carried out by the Operator for the purpose of:

  • concluding and executing contracts;
  • informing users (including potential ones) about the services provided by the Operator, discounts, promotions, and other activities of the Operator, about changes in services and the Operator's operations;
  • conducting surveys to improve service quality;
  • enhancing the quality of service for users (including potential ones) of the Operator's services;
  • training and career growth of employees, accounting for employees' performance results in fulfilling their job responsibilities, providing employees with the conditions of work established by the legislation of Ukraine, guarantees, and compensations, ensuring the fulfillment of contractual agreements with employees, fulfilling social obligations to employees;
  • for other purposes provided by the internal regulatory documents of the Operator and the current legislation of Ukraine.

3.2. The processing of personal data by the Operator is carried out in compliance with the requirements established by the Law, namely:

  • the purpose of processing personal data must be formulated in laws, other regulatory acts, regulations, founding or other documents regulating the activities of the personal data base owner, and must comply with the legislation of Ukraine on personal data protection;
  • personal data must be accurate, reliable, and, if necessary, updated;
  • the composition and content of personal data must be relevant and not excessive regarding the specific purpose of their processing;
  • the scope of personal data that can be included in the personal data base is determined by the conditions of consent of the personal data subject or in accordance with the law;
  • the processing of personal data is carried out for specific and lawful purposes defined by the consent of the personal data subject or in cases provided for by the laws of Ukraine, in the manner established by legislation;
  • the processing of data about an individual without their consent is not permitted, except in cases provided by law, and only in the interests of national security, economic welfare, and human rights;
  • if the processing of personal data is necessary for the protection of vital interests of the personal data subject, personal data may be processed without their consent until the consent becomes possible;
  • personal data is processed in a form that allows for the identification of the individual to whom they relate, for no longer than is necessary for their legitimate purposes.

3.3. The processing of personal data may be carried out by means of computing technology (automated processing) or with the direct participation of a person without using computing technology (non-automated processing).

3.4. When processing personal data, the Operator ensures the necessary conditions for the unhindered implementation by the personal data subject of their personal non-property rights regarding their personal data. The management of the personal data of an individual who is limited in civil capacity or recognized as incapacitated is carried out by their legal representative.

3.5. The Operator is not responsible for the accuracy and correctness of the information provided by personal data subjects, visitors/users of the website https://avrora.ua/.

4. Ensuring the Protection of Personal Data

4.1. The primary task of ensuring the security of personal data during its processing by the Operator is to maintain its integrity and protect this data from illegal processing, as well as from unauthorized access to it.

4.2. The Operator ensures the protection of personal data in the database by using the functional capabilities of information technologies implemented in the Operator's information systems and other systems and means of protection available to the Operator.

4.3. The protection of personal data is ensured at all stages of their processing and in all modes of operation of personal data processing systems, including during repair and regulatory work.

4.4. The responsibility for ensuring the security of personal data is assigned to the Operator's employees within the scope of their duties related to the processing and protection of personal data. Access to personal data is provided to the Operator's employees only to the extent necessary to perform their job responsibilities.

4.5. The implementation of measures to ensure the security of personal data is carried out by employees who possess the necessary qualifications and experience. The level of measures for the protection of personal data is determined by the current level of development of information technologies and means of information protection.

4.6. The Operator's personnel policy provides for careful selection of personnel and motivation of employees, which allows for the exclusion or minimization of the possibility of violations of personal data security by them.

5. The Operator processes the following User data

5.1. Surname, first name, patronymic;

5.2. Email address;

5.3. Phone number;

5.4. Year, month, date, and place of birth;

5.5. Details of the identity document;

5.6. Taxpayer identification number, date of registration, details of the registration certificate with the tax authority;

5.7. Address of actual residence and registration at the place of residence or temporary stay;

5.8. Information about education, profession, specialty, and qualifications, details of educational documents;

5.9. Information about marital status and family composition;

5.10. Information about property status;

5.11. Information about debts;

5.12. Information about previously held positions and work experience, military obligations, military registration;

5.13. The website also collects and processes anonymized data about visitors (including cookies) using internet statistics services (Google Analytics, and others).

6. Legal Grounds for Personal Data Processing

6.1. The Operator processes the User's personal data only when it is filled out and sent by the User independently through special forms located on the website https://avrora.ua/. By filling out the relevant forms and sending their personal data to the Operator, the User expresses their consent to this policy.

6.2. The Operator processes anonymized data about the User if permitted in the User's browser settings (the storage of cookies and the use of JavaScript technology are enabled).

7. Procedure for the Collection, Storage, Transfer, and Other Types of Personal Data Processing

7.1. The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary to fully comply with the current legislation in the field of personal data protection.

7.2. The Operator ensures the preservation of personal data and takes all possible measures to exclude unauthorized access to personal data.

7.3. The User's personal data will never be transferred to third parties under any circumstances, except in cases related to compliance with current legislation.

7.4. In the event of inaccuracies in personal data, the User can update them independently by sending a corresponding notification to the Operator's email address [email protected] with the subject "Updating Personal Data".

7.5. The term for processing personal data is unlimited. The User can revoke their consent to the processing of personal data at any time by sending a notification to the Operator via email at [email protected] with the subject "Withdrawal of Consent for Personal Data Processing".

8. Use of Cookies

8.1. Cookies are used:

  • when a user revisits the site, the cookie data is updated;
  • in most cases, the web browser by default allows automatic storage of cookies on the user's device;
  • disabling cookies may result in restricted access to published materials or incomplete functionality of the site services.

8.2. The operator cares about its users and strives to make the stay on the site as comfortable as possible. For this purpose, it is necessary to analyze the behavior, preferences, and interests of the user through cookies. Such analysis will help the operator improve the user experience with the site, determine the most convenient interface and navigation of the site.

8.3. The operator uses the following categories of cookies:

  • strictly necessary cookies - needed for user navigation on the web page, searching the site, remembering previous user actions when navigating to the previous page in the same session.
  • performance cookies - aggregate information on how the site is used. This data is stored on the user's device between browser sessions. Examples of such data may include the following metrics: time spent on the site, most frequently visited pages, understanding which sections and services of the site were most interesting to the user, how effective a particular advertising or marketing campaign was, etc. All information collected through performance cookies is intended for statistical and analytical purposes. Some cookie data may be provided to third parties who have permission from the web resource and exclusively for the aforementioned purposes.
  • functional cookies - used to save settings or configurations stored on the user's device between browser sessions. These cookies also allow users to watch videos, participate in interactive activities (surveys, voting), and interact with social networks. To make the experience after visiting the resource more pleasant, these cookies remember the information provided by the user, enhancing the effectiveness of interaction with the site.
  • targeting cookies - used to deliver content that may be of interest to the user. This data is stored on the user's device between browser sessions. Examples of such data may include the following metrics: tracking recommended text, graphic, audio, and video materials to avoid repeated display, managing targeted advertising, evaluating the effectiveness of advertising campaigns, information about the user's visits to other resources during transitions, as well as other site configuration parameters. The site may share this information with other parties, including media clients, advertisers, agencies, and partners in related businesses to provide quality targeted advertising.
  • cookies from third-party services and analytics services.

8.4. Managing cookies:

Major web browsers (listed below) are set to automatically accept cookies. To disable them, use the help feature in your browser. Help can be accessed through the menu or by pressing the F1 key.

Microsoft Edge - https://privacy.microsoft.com/ru-ru/privacystatement
Mozilla Firefox - https://www.mozilla.org/ru/privacy/websites/#cookies
Google Chrome - https://support.google.com/chrome/answer/95647?hl=ru
Opera - http://help.opera.com/Windows/11.50/ru/cookies.html 
Safari for macOS - https://support.apple.com/kb/PH21411?locale=en_US

8.5. The configuration of cookie settings for mobile device web browsers may differ; it is worth noting that full functionality of the site is only available when using cookies; disabling cookies may lead to restricted access to content and incomplete functionality of the site's services. User information obtained through cookies is not sold or publicly disclosed and is the property of the company owning the resource.

9. Rights of the Personal Data Subject

9.1. Personal non-property rights to personal data that every individual has are inalienable and inviolable.

9.2. The personal data subject has the right to:

  • know the sources of collection, location of their personal data, the purpose of its processing, the location or residence (stay) of the owner or manager of personal data, or to give a corresponding instruction for obtaining this information to authorized persons, except in cases established by law;
  • receive information about the conditions of access to personal data, including information about third parties to whom their personal data is transferred;
  • have access to their personal data;
  • receive no later than thirty calendar days from the date of receipt of the request, except in cases provided by law, a response regarding whether their personal data is being processed, as well as obtain the content of such personal data;
  • submit a reasoned demand to the owner of personal data to object to the processing of their personal data;
  • submit a reasoned demand for modification or destruction of their personal data by any owner and manager of personal data if such data is processed illegally or is inaccurate;
  • protect their personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide, or untimely provision, as well as to protect against the provision of false information that may discredit the honor, dignity, and business reputation of the individual;
  • file complaints regarding the processing of their personal data with the Commissioner or the court;
  • apply legal remedies in case of violation of the legislation on the protection of personal data;
  • make reservations regarding the limitation of the right to process their personal data when giving consent;
  • revoke consent to the processing of personal data.

10. Final Provisions

10.1. This Policy is posted by the Operator on the Operator's website.

10.2. This Policy may be changed by the Operator unilaterally without notifying the subjects of personal data, visitors, and users of the site. The new version of the Policy is immediately posted on the Operator's website.

10.3. The fact of registration of the personal data subject, visitor, and user on the Operator's website or filling out the feedback form, as well as any other use of the site, is confirmation of familiarization with the terms of this Policy and unconditional acceptance of its terms.

10.4. In case of questions and claims from the personal data subject, visitor, or user of the site, they can contact the Operator by phone +38 (067) 872-92-92 via email [email protected], or in any other accessible and convenient way.