Personal data processing policy
1. General provisions
1.1. This Personal Data Processing Policy (hereinafter - the Policy) is developed in accordance with the Law of Ukraine dated 01.06.2010 № 2297-VI “On Personal Data Protection” (hereinafter - the Law) and the legislation of the European Union on the protection of personal data of European Union entities, cases of processing of such data, and is an internal regulatory document of LLC "Universum Clinic" (hereinafter - the Clinic), which defines the key areas of its activities in the field of processing and protection of personal data.
1.2. The policy is designed to implement the requirements of current legislation in the field of protection and processing of personal data and aims to protect the fundamental rights and freedoms of man and citizen in cases where the Clinic processes his personal data.
2. Objectives and basic conditions of personal data processing
2.1. The processing of personal data is carried out by the Clinic in order to:
• conclusion and execution of agreements;
• notification of users (including potential) of the Clinic's services about the services provided, discounts, promotions and other activities of the Clinic, about changes in the services and work of the Clinic;
• conducting surveys to improve the quality of service;
• improving the quality of customer service (including potential) services of the Clinic;
• implementation of additional programs to encourage users of the Clinic's services;
• training and career growth of employees, accounting for the results of employees ’performance of their official duties, providing the employee with working conditions, guarantees and compensations established by the legislation of Ukraine, ensuring fulfillment of contractual agreements with employees, fulfillment of social obligations to employees;
• for other purposes provided by the internal regulatory documents of the Clinic and the current legislation of Ukraine.
- 2.2. To achieve the objectives specified in paragraph 2.1. Policies, personal data may be processed within the time limits established by the legislation of Ukraine for storage of relevant documentation (medical, labor documentation, etc.), and if such time limits are not set - for 5 years.
- 2.3. The processing of personal data in the Clinic is carried out in compliance with the requirements of the Law, namely:
- • the purpose of personal data processing must be formulated in laws, other regulations, provisions, constituent or other documents governing the activities of the owner of the personal data base, and comply with the legislation of Ukraine on personal data protection;
- • personal data must be accurate, reliable, if necessary - updated;
- • the composition and content of personal data must be appropriate and not excessive in relation to the specific purpose of their processing;
- • the amount of personal data that may be included in the personal data base is determined by the conditions of consent of the personal data subject or in accordance with the law;
- • personal data processing is carried out for specific and lawful purposes, determined with the consent of the personal data subject, or in cases provided by the laws of Ukraine, in the manner prescribed by law;
- • it is not allowed to process data on an individual without his / her consent, except in cases specified by law, and only in the interests of national security, economic well-being and human rights;
- • if the processing of personal data is necessary to protect the vital interests of the data subject, the processing of personal data without his consent is possible until such time as it becomes possible to obtain consent;
- • personal data are processed in a form that allows the identification of the individual to whom they relate, no longer than is necessary for the lawful purposes for which they were collected or further processed.
2.4. Processing of personal data includes collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, distribution (including transfer in Ukraine and cross-border transfer), depersonalization, blocking, destruction of personal data, as well as transfer their contractors of the Clinic.
2.5. Processing of personal data can be carried out by means of computer technology (automated processing) or with the direct participation of a person without the use of computer technology (non-automated processing).
2.6. When processing personal data, the Clinic provides the necessary conditions for the unimpeded realization by the subject of personal data of his personal non-property rights to his personal data.
Disposal of personal data of a natural person with limited civil capacity or declared incapable is carried out by his / her legal representative.
2.7. The clinic is not responsible for the accuracy and correctness of the information provided by personal data subjects, visitors / users of the website universum.clinic.
3. Ensuring the protection of personal data
3.1. The main task of ensuring the security of personal data during their processing in the Clinic is to preserve their integrity and protect this data from illegal processing, as well as from illegal access to them.
3.2. The Clinic provides protection of personal data in the personal data base by using the functionality of information technologies implemented in the information systems of the Clinic, and other systems and means of protection available in the Clinic.
3.3. Protection of personal data is provided at all stages of their processing and in all modes of operation of personal data processing systems, including repair and routine work.
3.4. The responsibility for ensuring the security of personal data rests with the staff of the Clinic within their responsibilities related to the processing and protection of personal data. Access to personal data is provided to the employees of the Clinic only to the extent necessary for the performance of their official duties.
3.5. The implementation of measures to ensure the security of personal data is carried out by employees who have the necessary qualifications and experience. The level of measures for the protection of personal data is determined by the current level of development of information technology and information security.
3.6. The personnel policy of the Clinic provides for careful selection of staff and motivation of employees, which eliminates or minimizes the possibility of violating the security of personal data.
4. Access to processed personal data
4.1. Access to personal data processed in the Clinic is granted to persons who directly process and / or have access to personal data in connection with the performance of their official (employment) duties, as well as persons whose personal data are subject to processing.
4.2. The staff of the Clinic has access to the processed personal data in accordance with their job responsibilities and the requirements of the internal regulatory documents of the Clinic.
4.3. The procedure for access of the personal data subject to his personal data processed by the Clinic is determined in accordance with the legislation of Ukraine and may be specified by the internal regulatory documents of the Clinic.
4.4. When transferring personal data to third parties, in accordance with the concluded agreements, the Clinic ensures mandatory compliance with the requirements of the legislation in the field of protection and processing of personal data and internal regulatory documents of the Clinic.
5. Implemented requirements for personal data protection
5.1. The Clinic takes legal, organizational and technical measures (or ensures their adoption), necessary and sufficient to ensure the fulfillment of obligations under the Law of Ukraine "On Personal Data Protection" and regulations adopted in accordance with it, as well as European Union legislation on protection of personal data of European Union entities, in cases of processing such data, to protect personal data from unauthorized or accidental access to them, destruction, misrepresentation, blocking, copying, providing, disseminating personal data, as well as from other unlawful acts against personal data data.
5.2. The composition of the measures specified in paragraph
5.1. of this Policy, including their content and choice of personal data protection, is determined, and internal regulatory documents on the processing and protection of personal data are approved (issued) by the Clinic, based on regulatory requirements in the field of personal data processing and protection.
5.3. In cases provided by law, the processing of personal data is carried out by the Clinic with the consent of personal data subjects.
5.4. The clinic acquaints its employees who directly process personal data with the provisions of personal data legislation, including requirements for personal data protection, the Policy and other internal regulatory documents on personal data processing, and (or) training of these employees on processing and protection of personal data.
5.5. The Clinic provides:
• assessment of the effectiveness of measures taken to ensure the security of personal data;
• accounting of machine media of personal data, ensuring their storage;
• tracking the facts of unauthorized access to personal data and taking appropriate measures;
• recovery of personal data modified or destroyed as a result of unauthorized access to them;
• organization of a regime that prevents the possibility for unauthorized persons to gain unauthorized access to the premises where the personal database is located.
• control over the measures taken to ensure the security of personal data, the level of security of the personal data base.
6. Additional conditions that apply to visitors / users of the Clinic's website
6.1. The clinic has an Internet site located at uniclinic.com.ua (hereinafter - the Site).
6.2. Visitors / users of the Site have the right to provide the Clinic with information, including their personal data, for the purpose of using certain sections of the Site, if it is provided (will be provided) by the structure of the Site.
6.3. Personal data of visitors / users of the Site can be used by the Clinic to conduct research (including statistical) aimed at improving the quality of services, implementation of marketing programs, as well as to promote services in the market through direct contact with visitors / users through various means of communication. including, but not limited to: mailing, e-mail, telephone, facsimile, Internet; conducting electronic sms-surveys, monitoring the results of marketing campaigns, customer support, drawing prizes among visitors / users of the Site, monitoring the satisfaction of visitors / users of the Site, as well as the quality of services provided by the Clinic.
6.4. The visitor / user of the Site in accordance with the consent to the processing of personal data, agrees that, if necessary for the purposes specified in paragraph 6.3. The policy, his personal data provided to the Clinic may be transferred to third parties to whom the Clinic may entrust the processing of PD of the visitor / user of the Site on the basis of an agreement concluded with such persons, subject to the requirements of Ukrainian legislation when processing them, without additional notification of the subject of personal data on the transfer of personal data to a third party.
When transmitting the specified data of the visitor / user of the Site, the Clinic warns the persons receiving personal data that this data is confidential and may be used only for the purposes for which it was reported, and requires these persons to comply with this rule.
6.5. The consent of the visitor / user of the Site to the processing of his personal data may be revoked by sending a written application to the address of the location and place of business of the Clinic.
6.6. The Clinic has the right to send information, including advertising messages, to the e-mail and mobile phone of the visitor / user of the Site with his consent, expressed by taking actions that allow to reliably establish his will to receive messages. The visitor / user of the Site has the right to refuse to receive advertising and other information without explaining the reasons for refusal, informing the Clinic of his refusal, by sending a statement to the e-mail address: (hidden)
6.8. The clinic has the right to receive information about the IP address of the visitor / user of the Site (unique identifier of the device connected to the local network and / or the Internet). This information is not used to identify the visitor / user of the Site.
7. Rights of the personal data subject
7.1. The personal data subject has the right to:
• know about the sources of collection, location of their personal data, the purpose of their processing, location or place of residence (stay) of the owner or controller of personal data or give appropriate instructions to obtain this information to authorized persons, except as provided by law;
• receive information on the conditions for granting access to personal data, in particular information on third parties to whom his personal data is transferred;
• access to their personal data;
• receive no later than thirty calendar days from the date of receipt of the request, except as provided by law, an answer as to whether his personal data are processed, as well as receive the content of such personal data;
• make a reasoned request to the owner of personal data with an objection to the processing of their personal data;
• make a reasoned request to change or destroy their personal data by any owner and controller of personal data, if this data is processed illegally or is inaccurate;
• to protect their personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision or untimely provision, as well as to protect against the provision of information that is inaccurate or discredits the honor, dignity and business reputation of the physical persons;
• appeal to the Commissioner for Human Rights of the Verkhovna Rada of Ukraine or to the court with complaints about the processing of their personal data;
• apply legal remedies in case of violation of the legislation on personal data protection;
• make reservations regarding the restriction of the right to process their personal data during the consent;
• withdraw consent to the processing of personal data;
• know the mechanism of automatic processing of personal data;
• to protect against an automated decision that has legal consequences for him.
8. Final provisions
8.1. This Policy is posted by the Clinic on the Clinic's Website.
8.2. This Policy may be amended in accordance with the legislation in the field of processing and protection of personal data by posting a new version of the Policy on the Clinic's Website.
8.3. The personal data subject's consent to the processing of personal data is a confirmation of his / her acquaintance with the terms of this Policy and unconditional acceptance of its terms.
8.4. Personal data is included in the database of personal data owned by the Clinic, with the location of such personal data at the address of the location and place of business of the Clinic.
8.5. In case of questions and complaints from the subject of personal data, he can contact the Clinic by phone +38 (044) 599-54-05, by e-mail (hidden) or in another accessible and convenient way.