Privacy Policy

The Privacy Policy (hereinafter - the Policy) defines the procedure for processing personal data and measures to ensure the security of personal data of Pasika UA LLC. The official Pasika online store is the website https://uapasika.com/. The seller considers the observance of human and civil rights and freedoms in the processing of relevant personal data, including the protection of the rights to privacy, personal and family secrets, to be its most important goal and condition for the implementation of its activities. Translated with DeepL.com (free version)

This Seller's Policy on the processing of personal data applies to all information that the Seller may receive about the Buyers who have filled out the form on the website https://uapasika.com/. This Policy explains the type, scope and purpose of processing personal data (hereinafter referred to as “data”) within the framework of the Public Offer Agreement and related websites, functions and content, as well as other external types of online presence, such as a profile on social networks or other services offered and IT systems used. Translated with DeepL.com (free version)

This policy and relations arising in connection with the policy and the Public Offer Agreement are subject to the provisions of the Constitution of Ukraine and the Law of Ukraine" On Personal Data Protection "(hereinafter referred to as the Law), as well as the General Data Protection Regulation (hereinafter referred to as the GDPR or GDPR) and other applicable European legislation. data protection legislation, collectively referred to as the legislation.

Key Terms:

Personal data-information or a set of information about an individual that is identified or can be clearly identified;

GDPR-European Union regulation on the protection of personal data of all persons within the European Union and the European Economic Area;

Consent of the personal data subject is a voluntary expression of will to grant permission for the processing of personal data in accordance with the specific purpose of their processing;

Processing of personal data-any action or set of actions, such as collection, registration, accumulation, storage, adaptation, modification, updating, use and distribution (distribution, implementation, transfer), depersonalization, destruction of personal data, including using information (automated) systems.

1. General provisions
   • The Policy applies to all personal data of the Buyer that may be received by the Seller in the process of using the website https://uapasika.com/ by the Buyer. This Policy applies to personal data received both before and after the entry into force of this Policy.
   • The purpose of the policy is to provide the buyer with the necessary information that allows them to assess what personal data is processed by the seller and for what purposes, methods of processing them and ensuring security.
   • When using the site, the buyer, by informing the seller of your personal data, including with the help of third parties, acknowledges your consent to the processing of your personal data in accordance with this Policy.
   • In case of disagreement with the terms of this Policy, the seller must stop using the website.
   • Consent to the processing of personal data may be revoked by the personal data subject. If the personal data subject withdraws consent to the processing of personal data, the seller has the right to continue processing personal data without the consent of the personal data subject, if there are grounds specified in the legislation.
   • The seller does not verify the accuracy of the personal data provided by the buyer, and does not have the ability to assess its legal capacity. However, the seller assumes that the buyer acts in good faith, carefully, provides reliable and sufficient personal data and makes all necessary efforts to keep such data up to date and does not violate the rights of third parties.
   • By agreeing to the terms of this Policy, the buyer confirms that at the time of collecting personal data, he is notified of the persons to whom personal data is transferred, the content and purposes of personal data collection. The buyer confirms (guarantees) that the personal data transferred to the seller for processing is transferred with the consent of the owners of personal data and within the framework of the law.
   • The seller, having received personal data from the buyer, does not assume the obligation to inform the subjects( their representatives), the personal data that is transferred to him, about the beginning of personal data processing, since the obligation to carry out appropriate information, when concluding a contract with the subject of personal data and / or obtaining consent to such transfer, is borne by the buyer, who sent your personal data.
   • The processing of the buyer's personal data is carried out in accordance with the requirements of the law. The processing of personal data of persons located in the EU or who are EU citizens is regulated, in particular, by the EU General Data Protection Regulation 2016/679. The legislation of other countries may also establish additional requirements.
   • This policy applies to all information that the seller can obtain about the buyer when using the website, as well as when the seller performs any transactions and contracts with the buyer.
   • This policy is an internal document of the seller.
   • The Seller is released from responsibility for the consequences that have occurred in connection with the processing of personal data by him, if he is not responsible for the event that caused such consequences.
   • The buyer also agrees that the owner of personal data has the right to provide access and transfer the buyer's personal data to third parties without any additional notifications, only if the purpose of their processing does not change and only in cases stipulated by this Policy and/or the legislation of Ukraine.
   • No one under the age of 18 should provide us with personal information through the website. The Seller does not purposefully collect personal information from persons under the age of 18. Parents and guardians should constantly monitor their children's related activities.

2. Composition of personal data
   • In order to carry out its activities and fulfill its obligations, the Seller processes the Buyer's personal data provided by the Buyer when visiting the website https://uapasika.com/ and stores it on the Seller's server.
   • The buyer's personal data includes: last name, first name, patronymic, email address, mobile/landline phone number, country of residence, place of work, position, date of birth, as well as other data that the buyer entered in the registration form on the site.

The seller notices to the buyer that it is necessary to provide only those personal data that are necessary to provide the service chosen by the buyer, receive an information newsletter, or respond to a special request/claim. At the same time, if the buyer decides to provide additional personal data, the seller will also be able to process them with the necessary level of protection.

• The seller has the right to set requirements for the composition of personal data that must be provided when using the website. If certain information is not specified as mandatory by the seller, its provision or disclosure is carried out by the buyer at its own discretion.
• Data that is automatically transmitted to the seller when the buyer uses the website using the software installed on the device: IP address, information about the browser and type of operating system of the device, hardware and software specifications, date and time of access to the website.

3. Grounds and purpose of personal data processing
   • The grounds for processing personal data are:

1) consent of the personal data subject to the processing of his / her personal data by the seller;

2) conclusion and execution of a contract, one of the parties to which is the subject of personal data or concluded in favor of the subject of personal data, or for the implementation of measures preceding the conclusion of the contract at the request of the subject of personal data;

3) the need for the seller to comply with the requirements stipulated by law.

• The purpose of processing personal data is:

- performing the functions assigned to the seller in accordance with the legislation of Ukraine and the GDPR;

сбора collection, storage and processing of personal data obtained on the website in accordance with the law and the GDPR;

to send the buyer commercial (marketing) messages containing additional information about services, current promotions and special offers, product catalogs related to the services provided by the seller using the site.

⦁ identification of the personal data subject when using the site;

communication with the personal data subject, if necessary, including sending offers, informational materials, messages, information and requests, advertising, as well as processing requests from the personal data subject;

⦁ improve the quality of the website, make it easier to use, develop new features and improve the quality of service;

- improvement of professional skills and qualifications of the seller;

⦁ conducting statistical and other research based on depersonalized data;

fulfillment by the seller of contractual and other obligations to the buyer under transactions concluded between the seller and the buyer or third parties in favor of the buyer.

4. Basic principles of personal data processing
   • The processing of personal data by the seller is carried out on the basis of the following principles::
     • Legality of the purposes and methods of processing personal data;
     • The integrity of the seller, as the owner of personal data, is achieved by meeting the requirements of the legislation of Ukraine regarding the processing of personal data;
     • Achievement of specific, pre-defined purposes of personal data processing;
     • Compliance of the purposes of personal data processing with the purposes defined in advance and stated during the collection of personal data;
     • Compliance of the list and scope of personal data processed, as well as the methods of processing personal data, with the stated purposes of processing;
     • The accuracy of personal data, their sufficiency for the purpose of processing, the inadmissibility of processing personal data that is redundant in relation to the purposes of processing personal data;
     • When processing personal data, ensuring the accuracy of personal data, their sufficiency, and, if necessary, their relevance to the purposes of personal data processing.
     • Databases containing personal data that are processed for incompatible purposes should not be combined.;
     • Storage of personal data in a form that allows you to determine the subject of personal data for no longer than the purpose of their processing requires.
     • Personal data that is processed is subject to destruction or depersonalization upon the achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by the legislation of Ukraine and the GDPR.
     • The seller must also take into account the periods for which the buyer's personal data will need to be stored in order to fulfill the buyer's legal obligations to the seller or regulatory authorities.
     • The seller may eventually minimize the buyer's personal data that it uses, or make the buyer's data anonymous so that it cannot be linked to the buyer personally. In this case, the seller will be able to use this information for statistical or other purposes without further notice to the buyer, since such information ceases to be personal data.
   • The processing of personal data is carried out by the seller for statistical or other research purposes, subject to mandatory depersonalization of personal data.
   • The Seller does not process personal data related to racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, criminal convictions, as well as data on health, sex life, biometric and genetic data.
   • The processing of personal data is carried out in compliance with the conditions defined by the legislation of Ukraine and the GDPR.

5. Terms of personal data processing
   • The terms of processing personal data are determined based on the purposes of processing, but not longer than it is determined by law.
   • Personal data whose processing (storage) period has expired must be destroyed or depersonalized, unless otherwise provided by law. Storage of personal data is carried out in a form that allows you to determine the subject of personal data for no longer than the purpose of processing personal data requires, if the period of storage of personal data is not established by Law. The processed personal data is subject to destruction or depersonalization after the purposes of processing have been achieved or if it is no longer necessary to achieve these purposes, unless otherwise provided by law (in accordance with EU Regulation 261/2004).

6. Circle of persons authorized to process personal data by the seller
   • In order to achieve the purposes of this Policy, only those employees of the seller who are assigned such a duty in accordance with their official (labor) duties are allowed to process personal data. Access to other employees may be granted only in cases stipulated by Law. The seller guarantees that its employees respect the confidentiality and security of personal data during their processing.
   • The Seller has the right to transfer personal data to third parties in the following cases::

- the personal data subject has given written consent to the following actions:;

- the transfer is provided for by Ukrainian or other relevant legislation within the procedure established by law. At the same time, access to personal data is not granted to a third party if the specified person refuses to undertake obligations to ensure compliance with the requirements of the law or is unable to provide them.

• The seller has the right to entrust the processing of personal data to a third party with the consent of the personal data subject, unless otherwise provided by the legislation of Ukraine, on the basis of a contract concluded with a third party, the condition of which is confidentiality and non-disclosure of personal data.
• Representatives of state authorities (including regulatory, supervisory, law enforcement and other bodies) get access to personal data processed by the seller, to the extent and in accordance with the procedure established by law.
• If the seller processes data in a third country (i.e., in a country outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this is only the case if the contractual obligations are fulfilled (before) on the basis of consent buyer, on the basis of a legal obligation or on the basis of legitimate interests. In accordance with the permits provided for by law or contract, the seller processes or entrusts data processing in a third country only if the special requirements of art. 44 and subsequent articles of the GDPR. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of the level of data protection corresponding to the EU level, or compliance with officially recognized special contractual obligations (so-called "standard contractual provisions").
• We use the tools of companies located in the United States or in other third countries that are not secure from the point of view of data protection laws. If these tools are active, the buyer's personal data may be transferred to these third countries and processed there. In these countries, a level of data protection comparable to the EU cannot be guaranteed. For example, US companies are required to provide personal data to security authorities, and the buyer, as a data subject, cannot sue them. Therefore, it cannot be excluded that the US authorities (for example, the secret services) will process, evaluate and permanently store the buyer's data on US servers for monitoring purposes. The merchant has no influence on these processing operations.
• The merchant engages service providers to develop, administer, and / or maintain their websites.
• The seller's service providers process the buyer's data only to the extent necessary for the performance of their tasks, and follow the seller's instructions on this data.

7. Implementation of personal data protection
   • The seller's activity in processing personal data in information systems is inextricably linked to the protection of the confidentiality of the information received by the seller, if this does not contradict the current legislation.
   • The personal data protection system includes organizational and / or technical measures determined taking into account current threats to the security of personal data and information technologies used in information systems. The Seller will update these measures with new technologies if necessary.
   • The exchange of personal data during their processing in information systems is carried out by communication channels protected by technical means of information protection.
   • When processing personal data in the seller's information systems, the following are provided::

- carrying out measures aimed at preventing unauthorized access to personal data and (or) transferring them to persons who do not have the right to access such information;

timely detection of unauthorized access to personal data;

- prevention of impact on the technical means of automated processing of personal data, as a result of which their functioning may be disrupted;

⦁ possibility of immediate recovery of personal data modified and destroyed as a result of unauthorized access to them;

- constant monitoring of the security of personal data.

• Personal information is kept confidential, except for cases when the technology of the website or the configuration of the software used by the buyer provides for the open exchange of information with other buyers of the sites or with any Internet users.
• The buyer implements the following requirements of the Ukrainian legislation in the field of personal data:

⦁ personal data privacy requirements;

💥 requirements for ensuring the exercise of the rights of the personal data subject;

- requirements for ensuring the accuracy of personal data, and, if necessary, relevance to the purposes of personal data processing (with taking (ensuring the adoption of) measures to delete or clarify incomplete or inaccurate data);

⦁ requirements for the protection of personal data from unauthorized or accidental access to them, destruction, distortion, blocking, copying, provision, dissemination of personal data, as well as other illegal actions in relation to personal data;

- other legal requirements.

• According to the Law, the seller independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the legislation in the field of personal data from unauthorized or illegal processing and from unintentional loss, destruction or damage. The seller adheres to the principle of minimizing personal data. The seller processes only the information about the buyer that it needs, or information that the buyer, by its consent, provides more than is necessary for processing. In addition, the merchant configures all interfaces of the Website and application to provide services in such a way that the greatest possible confidentiality is observed. When transferring personal data to public authorities, the seller always uses the most secure and verified ways of transmitting such data.
• Cookies and other tracking technologies.
  • Cookies are small text files that are stored by websites on your computer or mobile devices when a customer starts using them. This way, the site will remember the benefits and actions that were performed by the buyer for some time, including so that the buyer does not need to re-enter this data. Cookies themselves do not identify an individual user, but only identify the computer or mobile device used by the buyer.
  • Cookies and other tracking technologies on the seller's website can be used in various ways, for example, for the purpose of operating the website, analyzing traffic, or advertising purposes. The seller uses cookies and other tracking technologies, in particular, to improve the quality and efficiency of our services.
  • You can set up a ban on cookies and other tracking technologies in the settings of some Internet browsers. At the same time, the buyer should understand that if some cookies are disabled, the functionality of the site may be limited and the buyer will not be able to use all its advantages, and some pages may not work correctly.
• For security reasons and to protect the transmission of confidential content, such as orders or requests that the buyer sends to the seller as the site operator, this site uses current SSL or TLS encryption. The buyer can recognize an encrypted connection by changing the browser's address bar from "http://" to " https://", as well as by the lock symbol in the browser bar.
• If SSL or TLS encryption is enabled, the data that the buyer transmits to the seller cannot be read by third parties in plain text.
• Data transmission over the Internet (for example, when communicating via email) may have security gaps. You cannot fully protect your data from access by third parties.
• If, after entering into a payment agreement, there is an obligation to send the buyer's payment data to the seller (for example, the account number for authorizing debiting funds), this data is required for processing the payment.
• Payment operations using conventional payment methods (Visa/MasterCard, direct debit) are performed exclusively using an encrypted SSL or TLS connection. The buyer can recognize an encrypted connection by changing the browser's address bar from "http://" to " https://", as well as by the lock symbol in the browser bar.
• Thanks to the encrypted communication, your payment data that you transmit to us cannot be read by third parties.
• The seller's website uses hosting services from external suppliers (hosters). Personal data collected on the merchant's website is stored on the hoster's servers. This can primarily include IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access operations, and other data generated by the website.
• The hoster is engaged in order to fulfill the contract with our potential and existing clients (Article 6, clause 1, lit. "b" GDPR) and in the interests of safe, fast and efficient provision of our online offer by a professional service provider (Article 6, paragraph 1, lit."f" GDPR). If a corresponding request for consent has been submitted, processing takes place exclusively on the basis of Article 6, paragraph 1, lit. "a" GDPR and section 25, para. 1 TTDSG, if the consent applies to the storage of cookies or if the information is accessed on the user's end device (for example, in the case of creating digital fingerprints of the device) within the meaning of TTDSG. You can revoke your consent at any time.
• The seller's hoster will process the buyer's data only to the extent necessary to provide the services provided for in the contract, and in compliance with the seller's instructions on this data.

8. inquiries and communication

• If the buyer contacts the seller by email, phone or fax, we will store and process your request, including all related personal data (name, request), in order to process your request. We do not share this data without your consent.
• This data is processed on the basis of Article 6, paragraph 1, lit. "b" GDPR, if the buyer's request is related to the performance of the contract or is necessary for taking pre-contractual measures. In all other cases, the basis for processing is the seller's legitimate interest in the effective processing of requests addressed to the seller (Article 6, paragraph 1, lit. "f" GDPR) or consent to the buyer (Article 6, paragraph 1, lit. "a" GDPR) if the seller has requested the buyer's consent.
• The data that the buyer sends to the seller as part of contact requests will remain with the seller until the buyer asks the seller to delete it, until the buyer withdraws its consent to storage, or until the purpose of storage is no longer relevant (for example, after processing your question). Mandatory legal provisions, in particular regarding statutory retention periods, remain unchanged.
• In certain cases, the seller uses the buyer's address in compliance with all legal provisions to send advertising by mail (postal advertising).

The legal basis for this is the seller's legitimate interest in direct advertising in accordance with Article 6, paragraph 1, lit. "f" GDPR. If a corresponding request for consent has been submitted, processing takes place exclusively on the basis of Article 6, paragraph 1, lit. "A" GDPR; this consent can be revoked at any time with future validity. In some cases, as part of data collection, you may be informed about special provisions, and they will take precedence over existing provisions.

• The buyer's postal address will remain with the seller until the purpose of data processing is no longer relevant. If the buyer submits a legal request for deletion or withdraws its consent to receive mail advertising, the buyer's data will be deleted, unless the seller has other legally permitted reasons for storing the buyer's personal data (for example, regarding storage periods provided for by Tax or commercial law); in the latter case, the data will be deleted when these reasons disappear.
• If the buyer contacts the seller on social networks, the buyer's request, including all related personal data (name, request), is stored and processed by the seller for the purpose of processing the buyer's request. The seller does not transmit this data without the buyer's consent.
• This data is processed on the basis of Article 6, paragraph 1, lit. "b" GDPR, if the buyer's request is related to the performance of the contract or is necessary for taking pre-contractual measures. In all other cases, the basis for processing is the buyer's consent (Article 6, paragraph 1, lit. "a" GDPR) and / or the seller's legitimate interests (art. "f" GDPR), since the seller has a legitimate interest in the efficient processing of requests made to us.
• The data that the buyer sends to the seller as part of contact requests will remain with the seller until the buyer asks the seller to delete it, until the buyer withdraws its consent to storage, or until the purpose of storage is no longer relevant (for example, after processing your question). Mandatory legal provisions, in particular regarding statutory retention periods, remain unchanged.

9. Rights of the personal data subject
   • Rights of personal data subjects in accordance with the legislation of Ukraine:
     • Know about the sources of collection, the location of your personal data, the purpose of their processing, the location of the personal data controller, or give an appropriate order to receive this information to authorized persons, except in cases established by Law.
     • Receive information about the conditions for granting access to personal data, including information about third parties to whom his personal data is transferred.
     • Access to your personal data.
     • Receive a response no later than thirty calendar days from the date of receipt of the request, except in cases provided for by Law, on whether and what kind of personal data is being processed.
     • Submit a reasoned request to the seller to object to the processing of their personal data.
     • Submit a reasoned request to change or destroy your personal data if the data is processed illegally or is unreliable.
     • To protect your personal data from illegal processing and accidental loss, destruction, damage due to deliberate concealment, failure to provide or untimely provision of them, as well as to protect against the provision of information that is unreliable or discredits the dignity and business reputation of an individual.
     • Submit complaints about the processing of your personal data to the seller, to the Commissioner for Human Rights of the Verkhovna Rada of Ukraine, or to the court.
     • Apply legal remedies in case of violation of the legislation on personal data protection.
     • Make reservations regarding the restriction of the right to process your personal data when giving your consent.
     • Revoke consent to the processing of personal data.
     • Get acquainted with the mechanism of automatic processing of personal data.
     • In defense of an automated decision that has legal consequences for them.
     • The seller has the right to entrust the processing of personal data to a third party with the consent of the personal data subject, unless otherwise provided by the legislation of Ukraine, on the basis of a contract concluded with a third party, the condition of which is confidentiality and non-disclosure of personal data.
     • Representatives of state authorities (including regulatory, supervisory, law enforcement and other bodies) get access to personal data processed by the seller, to the extent and in accordance with the procedure established by the legislation of Ukraine.
   • Other rights of personal data subjects in accordance with the GDPR: in addition to the Ukrainian legislation on personal data protection, the seller is careful to ensure the rights of the buyer established by the GDPR.
     • Right to information.
       • The seller is ready to provide data subjects with information about what personal data it processes.
       • If the buyer wants to know what personal data the seller processes, they can make a request for this information at any time, including by contacting the buyer. The list of data that the seller must provide to the buyer is found in articles 13 and 14 of the GDPR. At the same time, when applying, the buyer must indicate their specific requirements so that the seller can legally consider the request and give an answer.
       • If the seller is unable to verify the buyer's identity by exchanging electronic messages or by contacting the buyer by telephone, or if there is reasonable doubt about the buyer's identity, the seller may ask the buyer to provide an identity document, including by personally appearing at the seller's location. Only in this way will the seller be able to avoid disclosing the buyer's personal data to a person who may impersonate the buyer.
       • The seller processes requests as soon as possible, but informs you that providing a complete and legitimate response to personal data is a process that can take up to a month.
     • Right to correct customer data.
       • If the buyer finds that some of the personal data processed by the seller about the buyer is incorrect or outdated, he must inform the seller about this. The seller may ask the buyer to provide an identity document, including by personally appearing at the address of the seller's location.
       • In some cases, the seller will not be able to change the buyer's personal data. In particular, such a case may occur when personal data has already been used in the course of executing the contract and/or it is contained in a tax document that was issued in accordance with tax legislation.
     • Revocation of consent to the processing of personal data and the right to be forgotten
       • If the buyer processes the buyer's personal data on the basis of consent to the processing of personal data (in particular, for the purpose of carrying out marketing / advertising newsletters), further processing can be stopped at any time. It is sufficient to withdraw consent to such processing.
       • The buyer can also exercise their right to be forgotten. In cases provided for in Article 17 of the GDPR, the seller will destroy the buyer's personal data that it processes, with the exception of personal data that the seller is required to store in accordance with legal requirements.
     • If this Privacy Policy does not specify a specific retention period, the buyer's personal data will remain with the seller until the purpose of data processing is no longer relevant.
     • If the buyer submits a legal request for deletion or withdraws its consent to data processing, the buyer's data will be deleted, unless the seller has other legally permitted reasons for storing the buyer's personal data (for example, regarding storage periods provided for by Tax or commercial law); in the latter case, the data will be deleted when these reasons disappear.

10. Place of personal data storage
    • The seller uses Microsoft cloud services to store personal data and ensure their security.

11. Changing the Privacy Policy
    • This Policy may be changed or terminated by the Seller unilaterally without prior notice to the Buyers, including if required by law. The new version of the Policy shall come into force upon its posting on the website, unless otherwise provided by the new version of the Policy. Therefore, the Buyer should visit the page https://uapasika.com/privacy-policy to make sure that he has the latest information.
    • In accordance with Article 32 of the GDPR, the buyer takes appropriate technical and organizational measures to ensure an appropriate level of protection risk, taking into account the current state of the art, implementation costs and the type, scope, circumstances and purposes of processing, as well as the different probability of occurrence and severity of the risk to the rights and freedoms of individuals.

These measures include, inter alia, ensuring the confidentiality, integrity and availability of data by controlling physical access to data, as well as related operations of accessing, entering, transmitting, ensuring availability and separating them.

• The Vendor has established procedures that ensure the implementation of data subjects ' rights, data deletion, and response to data threats. The seller also takes into account the rules of personal data protection when developing or selecting equipment, software and processes in accordance with the principle of data protection using technological design and default settings that are convenient for data protection (Article 25 of the GDPR).