Політика конфіденційності R3D3

Limited Liability Company ‘r3d3’ (USREOU code 45311259) (hereinafter referred to as ‘r3d3’, LLC, collects, processes, stores, and uses personal data of visitors, users, and clients of the website of ‘r3d3’, LLC (hereinafter referred to as the Client and/or Clients), in pursuance of the Law of Ukraine On Personal Data Protection and the current legislation of Ukraine.

1. Terms and Definitions

Personal Data Base is a named set of ordered personal data in electronic form and/or in the form of personal data files.

Responsible Person shall mean is a designated person who organizes work related to the protection of personal data during their processing, in accordance with the law.

Owner of the Personal Data Base shall mean an individual or legal entity that is granted the right to process this data by law or by the consent of the personal data subject, which approves the purpose of processing personal data in this database, establishes the composition of this data and the procedures for their processing, unless otherwise specified by the current legislation of Ukraine.

The State Register of Personal Data Bases is the unified state information system for the collection, accumulation, and processing of information about registered personal data bases.

Publicly Available Sources of Personal Data shall mean directories, address books, registers, lists, catalogues, other systematic collections of open information that contain personal data posted and published with the knowledge of the personal data subject.

Social networks and Internet resources in which the personal data subject leaves its personal data are not considered to be publicly available sources of personal data (unless the personal data subject expressly states that personal data is posted for the purpose of their free dissemination and use).

Consent of the Personal Data Subject shall mean any documented, voluntary expression of the will of an individual to grant permission for the processing of its personal data in accordance with the stated purpose of processing.

Depersonalization of Personal Data is the removal of information that makes it possible to identify a person.

User shall mean an identifiable and non-identifiable individual who interacts with the Website.

Clients shall mean individuals and legal entities, other than citizens of the Russian Federation and/or legal entities registered in the Russian Federation, who visit and use the ‘r3d3’, LLC website, use services and bots on the ‘r3d3’, LLC website, and provide access to their personal data.

Personal Data Processing shall mean any action or set of actions performed in whole or in part in an information (automated) system and/or in personal data files related to the collection, registration, accumulation, storage, adaptation, modification, renewal, use, and dissemination (distribution, sale, transfer), depersonalization, destruction of information about an individual.

Personal Data shall mean information or a set of data about an individual that is identified or can be specifically identified.

Administrator of the Personal Data Base shall mean an individual or legal entity that is granted the right to process this data by the owner of the personal data base or by the current legislation of Ukraine.

A person who is entrusted by the owner and/or administrator of the personal data base to carry out technical work with the personal data base without access to the content of personal data is not an administrator of the personal data base.

Website of ‘r3d3’, LLC shall mean an Internet page at: https://r3d3.bot, which belongs to ‘r3d3’, LLC on the basis of the right of ownership.

Personal Data Subject shall mean an individual in respect of whom personal data is processed in accordance with the law.

Third Party shall mean any person, except for the personal data subject, the owner or administrator of the personal data base and the authorized state body for personal data protection, to which the owner or administrator of the personal data base transfers personal data in accordance with the law.

Special Categories of Data shall mean personal data on racial or ethnic origin, political, religious, or philosophical beliefs, membership in political parties and trade unions, as well as data relating to health or sexual life.

2. Consent of the Client (Personal Data Subject) to this Privacy Policy, Obligations of ‘r3d3’, LLC, and Personal Data Processing Procedure

‘r3d3’, LLC shall act as the owner and administrator of the Client’s personal data.

‘r3d3’, LLC does not collect or process personal data provided by persons under the age of 16.

‘r3d3’, LLC does not collect or process such categories of personal data as data on racial or ethnic origin, political, religious, or philosophical beliefs, membership in political parties and trade unions, criminal convictions, as well as data relating to the health, sexual life, biometric or genetic data of Clients (hereinafter referred to as Sensitive Personal Data).

‘r3d3’, LLC undertakes to provide all available measures for the protection of personal data of Clients, taking into account the provisions of the current legislation of Ukraine on the protection of personal data.

By visiting and/or using the website of ‘r3d3’, LLC, the Client agrees to this Privacy Policy and grants its consent to the collection, processing, storage, disclosure, and transfer of its personal data in the manner prescribed by the Law of Ukraine On Personal Data Protection.

The consent of the personal data subject shall be the voluntary expression of will of an individual to grant permission for the processing of its personal data in accordance with the stated purpose of processing.

The consent of the personal data subject shall be provided by accepting the Public Offer Agreement on Using the Website of ‘r3d3’, LLC, posted on the Website of ‘r3d3’, LLC.

This Privacy Policy informs the Client (personal data subject) about the inclusion of its personal data in the personal data base of ‘r3d3’, LLC and the purpose of collecting personal data in accordance with the terms of the Law of Ukraine On Personal Data Protection.

3. Categories, Location, and Purpose of Processing of Personal Data

Depending on how Clients use the Website, the scope, method, purpose, and legal grounds for collecting and processing personal data may vary.

‘r3d3’, LLC collects and processes the following categories of personal data of Clients:

- Full name of the Client.

- Mobile phone number of the Client.

- Email of the Client.

- City and country of residence of the Client.

- Data of the Client’s login to the Website.

- Cookies and technical data for the Website.

- Other personal data that may be provided by the Client voluntarily and on its own initiative and that cannot be deleted by ‘r3d3’, LLC without destroying other information and/or personal data that must be stored by ‘r3d3’, LLC in accordance with the requirements of the current legislation of Ukraine, and in order to protect the rights and legitimate interests of ‘r3d3’, LLC.

In relation to personal data on bank payment cards (name of the owner, number, expiration date, and CVV code), ‘r3d3’, LLC acts solely as the owner of personal data, while determining the purpose and methods of processing personal data. In order to process such categories of personal data, ‘r3d3’, LLC attracts specialized payment service providers, who act as owners and administrators of personal data, who have exclusive access to the processing of such personal data.

‘r3d3’, LLC also collects anonymized data that is not personal data—‘r3d3’, LLC cannot independently identify the Client. Anonymized data shall be collected and processed in a consolidated form and used for marketing research and analytics.

‘r3d3’, LLC collects and processes personal data of the Website Clients on the following legal grounds:

- Consent to the collection and processing of personal data.

- Fulfilment of contractual obligations of ‘r3d3’, LLC.

- Compliance with the requirements of the current legislation of Ukraine, which apply to ‘r3d3’, LLC.

- Legitimate interest of ‘r3d3’, LLC.

‘r3d3’, LLC collects and processes personal data of the Website Clients in accordance with the following purpose:

- Creation of an account on the Website.

- Granting access to the Website to the Client.

- Ordering services from ‘r3d3’, LLC, order management, provision of services by ‘r3d3’, LLC.

- Tracking the Clients’ preferences in order to provide personalized information about the services of ‘r3d3’, LLC.

- Providing answers to the Client’s search and information requests for the services of ‘r3d3’, LLC.

- Ensuring the Client’s participation in surveys, promotions, loyalty programmes of ‘r3d3’, LLC.

- Managing the subscription to the newsletter on the services of ‘r3d3’, LLC.

- Use of feedback forms on the Website.

- Ensuring the exchange of information with the Website.

- Conducting market research and trend analysis to improve the services of ‘r3d3’, LLC.

- Improvement of the Website operation.

- Providing information on the services of ‘r3d3’, LLC.

- Protection against possible claims of the Client within the limitation period established by the current legislation of Ukraine for this type of claims.

- Legitimate interest of ‘r3d3’, LLC.

The purpose of processing personal data in the system is to store and maintain data of counterparties and Clients in accordance with Articles 6 and 7 of the Law of Ukraine On Personal Data Protection.

The purpose of personal data processing is to ensure the implementation of civil law relations, the provision/receipt and settlement of payments for purchased services in accordance with the Tax Code of Ukraine, the Law of Ukraine on Accounting and Financial Reporting in Ukraine.

The personal data specified in this Section 3 shall be located at the registered address of ‘r3d3’, LLC.

4. Personal Data Protection

This Privacy Policy of ‘r3d3’, LLC confirms that the owner of the Clients’ personal data base is equipped with system, software, hardware, and communication tools that prevent loss, theft, unauthorized destruction, distortion, forgery, copying of information and meet the requirements of international and national standards.

This Privacy Policy is mandatory for use by the responsible person and employees of ‘r3d3’, LLC, who directly process and/or have access to personal data of Clients in connection with the performance of their official duties.

The Responsible Person organizes work related to the protection of personal data during their processing, in accordance with the law. The Responsible Person is determined by the order of the Owner of the Personal Data Base.

The duties of the Responsible Person regarding the organization of work related to the protection of personal data during their processing are indicated in the job description.

The Responsible Person is obliged to do the following:

- To know the legislation of Ukraine in the field of personal data protection.

- To develop procedures for accessing personal data of employees in accordance with their professional, official, or work duties.

- To ensure that the employees of the owner of the personal data base comply with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regulating the activities of the owner of the personal data base regarding the processing and protection of personal data in the personal data bases.

- To develop an order of (procedure for) internal control over compliance with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regulating the activities of the Owner of the Personal Data Base regarding the processing and protection of personal data in the personal data bases, which, in particular, should contain rules on the frequency of such control.

- To inform the owner of the personal data base about the facts of violations by the employees of the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regulating the activities of the owner of the personal data base regarding the processing and protection of personal data in the personal data bases no later than one (1) working day from the date of detection of such violations.

- To ensure the storage of documents confirming the provision by the personal data subject of consent to the processing of its personal data and notification of the specified subject of its rights.

In order to perform its duties, the Responsible Person shall have the right to do the following:

- To receive the necessary documents, including orders and other administrative documents issued by the owner of the personal data base related to the processing of personal data.

- To make copies of the received documents, including copies of files, any records stored in local computer networks and autonomous computer systems; participate in the discussion of its duties of organizing work related to the protection of personal data during processing.

- To submit proposals for improving activities and working methods, to submit comments and options for eliminating the identified shortcomings in the process of personal data processing.

- To receive explanations on the processing of personal data.

- To sign and initial documents within the limits of their competence.

The employees who directly process and/or have access to personal data in connection with the performance of their official (labour) duties are obliged to comply with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regarding the processing and protection of personal data in the personal data bases.

Employees who have access to personal data, including those who process personal data, are obliged not to disclose in any way personal data that has been entrusted to them or that has become known to them in connection with the performance of their professional, official, or labour duties. Such obligation shall be valid after the termination of their activities related to personal data, except as established by law.

In case persons who have access to personal data, including those who process personal data, violate the requirements of the Law of Ukraine On Personal Data Protection, they shall be liable in accordance with the legislation of Ukraine.

Personal data shall not be stored longer than is necessary for the purpose for which such data is stored, but in any case not longer than the data retention period determined by the consent of the personal data subject to the processing of this data.

5. Terms of Disclosure of Information about Clients’ Personal Data to Third Parties

The procedure for access of third parties to personal data of Clients shall be determined in accordance with the requirements of the current legislation of Ukraine.

Access to personal data of Clients is not provided to a third party if the said party refuses to undertake obligations to ensure compliance with the requirements of the Law of Ukraine On Personal Data Protection or is unable to ensure them.

The subject of relations related to the Clients’ personal data shall submit a request for access (hereinafter referred to in Section 5 of this Privacy Policy as the Request) to the personal data to the owner of the personal data base.

The request should include:

- First, middle, and last name, place of residence (location), and details of a personal identification document of an individual who submits the request (for individual applicants).

- Name and registered address of a legal entity submitting the request, position and first, middle, and last name of a person certifying the request; confirmation that the content of the request is consistent with the powers and authorities of the legal entity (for corporate applicants).

- First, middle, and last name and other information which makes it possible to identify an individual with respect to whom the request is filed.

- Information about the category of personal data in respect of which the request is submitted, or information about the owner or administrator of this database.

- The requested personal data list.

- Purpose of request.

The request cannot be considered for more than ten (10) working days from the date of its receipt.

During this period, the owner of the personal data base shall inform the person submitting the request that the request will be granted or the relevant personal data are not subject to provision, while indicating the grounds specified in the relevant regulatory legal act.

The request shall be satisfied within thirty (30) calendar days of the day of its receipt, unless otherwise provided by law.

All employees of the owner of the personal data base are obliged to comply with the requirements of confidentiality regarding personal data and information on securities accounts and securities circulation.

The postponement of access to personal data of third parties shall be allowed if the necessary data cannot be provided within thirty (30) calendar days of the day of receipt of the request. In this case, the total period for resolving the issues raised in the request may not exceed forty-five calendar days.

The notice of postponement shall be brought to the attention of the third party who submitted the request, in writing, while explaining the procedure for appealing such a decision.

The notice of postponement shall indicate:

- Full name of the official.

- The date of the notice.

- The reason for the postponement; the period within which the request will be granted.

Denial of access to personal data is allowed if access to them is prohibited in accordance with the current legislation of Ukraine.

The notice of denial shall indicate:

- Full name of the official who denies access.

- The date of the notice; reason for denial.

The decision to postpone or deny access to personal data may be appealed to the authorized state body for personal data protection, other public authorities and local governments, whose powers include the protection of personal data, or to the court.

6. Dealing with Requests of the Personal Data Subject

The personal data subject has the right to receive any information about itself from any subject of relations related to personal data, without specifying the purpose of the request, except as established by law.

Access of the personal data subject to data about itself shall be free of charge.

The personal data subject shall submit a request for access (hereinafter referred to in Section 6 of this Privacy Policy as the Request) to the personal data to the owner of the personal data base.

The request should include:

- First, middle, and last name, place of residence (location), and details of the personal data subject’s identification document.

- Other information that makes it possible to identify the personal data subject.

- Information about the personal data base in respect of which the request is submitted, or information about the owner or administrator of this data base.

- The requested personal data list.

The request cannot be considered for more than ten (10) working days from the date of its receipt.

During this period, the owner of the personal data base shall inform the personal data subject that the request will be granted or the relevant personal data are not subject to provision, while indicating the grounds specified in the relevant regulatory legal act.

The request shall be granted within thirty (30) calendar days of the day of its receipt, unless otherwise provided by the current law of Ukraine.

7. Rights of a Personal Data Subject

The personal data subject has the right to the following:

- To know about the location of the personal data base containing its personal data, its purpose and name, location and/or place of residence (stay) of the owner or administrator of this data base, or give the appropriate instructions to obtain this information to its authorized persons, except as provided by law.

- To be informed of the terms of accessing the personal data, namely, the information on third parties to which its personal data contained in the relevant personal data base are disclosed.

- To access its personal data contained in the relevant personal data base.

- To be informed, no later than thirty calendar days of receipt of the request, except as provided by law, whether its personal data are stored in the relevant personal data base, as well as be informed of the content of its personal data so stored.

- To submit a reasoned request with an objection to the processing of its personal data by public authorities, local governments in the exercise of their powers provided for by law; submit a reasoned request to change or destroy its personal data by any owner and administrator of this data base, if these data are processed illegally or are unreliable.

- To have its personal data protected against unauthorized processing, accidental loss and destruction, and damage in connection with intentional concealment, failure to provide or timely provide the same, as well as to be protected against provision of information that is unreliable or discredits the honour, dignity, and business reputation of an individual.

- To apply to public authorities, local government bodies whose duties include personal data protection for the protection of its rights to the personal data.

- To resort to legal remedies if personal data protection laws are violated.

8. State Registration of the Personal Data Base of the Clients of ‘r3d3’, LLC

State registration of the personal data base of the Clients of ‘r3d3’, LLC is carried out in the manner prescribed by the Law of Ukraine On Personal Data Protection.

9. Details of ‘r3d3’, LLC

Limited Liability Company ‘r3d3’

USREOU code 45311259

Registered address: 8 Literaturna Str., office 8, Odesa City, Odesa Region, 65016

Contact information:

E-mail: [email protected]

Website: https://r3d3.bot