Personal Data Processing and Protection Policy

This document defines the procedures for collecting, storing, processing, and protecting personal data provided by users of the paganidesign.com.ua online store (hereinafter — the “Website”).
By providing their personal data on the Website during registration or when placing an order, the Buyer gives the Seller voluntary consent to process and use such data in accordance with the Law of Ukraine “On Personal Data Protection.”


Contents

  1. General Concepts and Scope of Application

  2. List of Personal Data Databases

  3. Purpose of Personal Data Processing

  4. Procedure for Personal Data Processing: Consent, Notification of Rights, and Actions Regarding Personal Data

  5. Location of Personal Data Databases

  6. Conditions for Disclosing Personal Data to Third Parties

  7. Personal Data Protection: Security Measures, Responsible Person, Employees with Access, Retention Period

  8. Rights of the Data Subject

  9. Procedure for Handling Requests from Data Subjects

  10. State Registration of Personal Data Databases


1. General Concepts and Scope of Application

1.1. Definitions:

  • Personal data database — a named collection of organized personal data in electronic form and/or in the form of card files.

  • Responsible person — an individual appointed to organize work related to personal data protection during processing, in accordance with the law.

  • Database owner — a natural or legal person authorized by law or consent of the data subject to process such data, determining the purpose, content, and procedures of data processing unless otherwise provided by law.

  • State Register of Personal Data Databases — a unified state information system for registering and processing information about personal data databases.

  • Publicly available sources of personal data — directories, address books, registries, lists, catalogs, or other systematic collections of open information. Social networks and internet resources where users leave personal data are not considered publicly available unless explicitly stated for free distribution.

  • Data subject consent — any documented voluntary expression of will by an individual to allow the processing of their personal data for a specified purpose.

  • Anonymization — removal of identifying information.

  • Personal data processing — any action or set of actions with personal data, automated or manual, including collection, registration, storage, adaptation, alteration, use, dissemination, anonymization, or destruction.

  • Personal data — information relating to an identified or identifiable natural person.

  • Data administrator — a person authorized to process personal data by the database owner or law.

  • Data subject — an individual whose personal data is being processed.

  • Third party — any person other than the data subject, database owner, administrator, or authorized state body who receives personal data according to the law.

  • Special categories of data — personal data revealing racial/ethnic origin, political, religious or philosophical beliefs, party or trade union membership, health, or sexual life information.

1.2. Scope
This Policy applies to the responsible person and employees of the Seller who directly process or have access to personal data in connection with their duties.


2. List of Personal Data Databases

The Seller owns the following databases:

  • Database of counterparties’ personal data.


3. Purpose of Personal Data Processing

The purpose is to implement civil law relations, provide and receive goods/services, and perform financial settlements according to the Tax Code of Ukraine and the Law of Ukraine “On Accounting and Financial Reporting in Ukraine.”


4. Procedure for Personal Data Processing

4.1. Consent must be voluntary and specific to the purpose of data processing.

4.2. Forms of consent:

  • Paper document with identifiable details.

  • Electronic document with identifiable details, preferably signed with an electronic signature.

  • Mark on an electronic page or file processed in an information system.

4.3. Consent is provided during the civil-law relationship formation.

4.4. Notification of inclusion in a database and rights under the Law of Ukraine “On Personal Data Protection” is provided at the time of forming the civil-law relationship.

4.5. Processing special categories of personal data is prohibited.


5. Location of Personal Data Databases

Databases are located at the Seller’s address.


6. Disclosure of Personal Data to Third Parties

6.1. Access is governed by the data subject’s consent or law.
6.2. Access is denied if the third party cannot ensure compliance with the law.
6.3–6.5. Requests for access are reviewed within 10 working days; fulfillment occurs within 30 calendar days.
6.6–6.8. Delays must be communicated in writing with reasons and deadlines.
6.9–6.11. Refusal to provide access must be justified and can be appealed in court.


7. Personal Data Protection

7.1. Database owner uses technical and organizational measures to prevent unauthorized access, loss, or alteration.
7.2–7.4. The responsible person organizes protection, ensures compliance, develops internal procedures, monitors adherence, and can access necessary documents.
7.5–7.7. Employees must comply with law, maintain confidentiality, and bear legal responsibility for violations.
7.8. Data is stored only as long as necessary, and no longer than consented.


8. Rights of Data Subjects

Data subjects have the right to:

  • Know the location and purpose of the database, its owner/administrator.

  • Access information about conditions for accessing their personal data.

  • Access their personal data.

  • Request correction, deletion, or protection of data.

  • Appeal to authorities or courts regarding their data protection rights.


9. Procedure for Handling Requests

9.1–9.5. Requests for personal data must include identifying details, database information, and the list of requested data.

  • Reviewed within 10 working days, fulfilled within 30 calendar days.

  • Access is free of charge.


10. State Registration of Personal Data Databases

State registration is performed in accordance with Article 9 of the Law of Ukraine “On Personal Data Protection.”


Contact for Personal Data Protection Queries:
Individual Entrepreneur Palamarchuk Vita Viktorivna
TIN / EDRPOU: 2972721440
Phone / Viber / Telegram: +38 (097) 034-53-99
Email: paganidesignua@gmail.com