1. General provisions
This personal data processing policy has been compiled in accordance with the requirements of the Constitution of Ukraine and the Law of Ukraine “On Personal Data Protection” dated 01.06.2010 No. 2297-VI (hereinafter referred to as the Law), and also in accordance with the General Data Protection Regulation (EU) 2016/679 dated 27.04.2016 (EU General Data Protection Regulation, hereinafter referred to as the GDPR) and other applicable European data protection legislation, collectively referred to as the Legislation, and determines the procedure for processing personal data and measures to ensure the security of personal data taken by Kyiv City Roastery LLC (hereinafter referred to as the Operator).
1.1. The Operator sets as its most important goal and condition for carrying out its activities the observance of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. The Operator’s policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may obtain about visitors to the website https://kyivcityroast.com.ua/ .
2. Basic definitions used in Pol and you .
2.1. Automated processing of personal data – processing of personal data using computer technology;
2.2. Blocking of personal data – temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data);
2.3. Website – a collection of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet at the network address https://kyivcityroast.com.ua/ ;
2.4. Personal data information system – a set of personal data contained in databases and technical means that ensure their processing;
2.5. Depersonalization of personal data – actions that result in the inability to determine without the use of additional information the belonging of personal data to a specific User or other personal data subject;
2.6. Processing of personal data – any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
2.7. Operator – a state body, municipal body, legal entity or individual that independently or jointly with other persons organizes (or) carries out the processing of personal data, and also determines the purpose of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data;
2.8. Personal data – any information relating directly or indirectly to a specific or identifiable User of the website https://kyivcityroast.com.ua/ ;
2.9. User – any visitor to the website https://kyivcityroast.com.ua/ ;
2.10. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
2.11. Dissemination of personal data – any actions aimed at disclosing personal data to an unspecified number of persons (transfer of personal data) or for familiarizing an unlimited number of persons with personal data, including publishing personal data in the media, posting on information and telecommunications networks or providing access to personal data in any other way;
2.12. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state, to a foreign individual or a foreign legal entity;
2.13. Destruction of personal data – any actions as a result of which personal data is irretrievably destroyed without the possibility of further restoration of the content of personal data in the personal data information system and (or) the material media of personal data are destroyed.
3. The Operator may process the following personal data of the User:
3.1. Surname, first name, patronymic;
3.2. E-mail address;
3.3. Telephone numbers;
3.4. The site also collects and processes anonymized data about visitors (including cookie files) using Internet statistics services (Yandex Metrics and Google Analytics, among others).
3.5. The data listed above are hereinafter combined under the general definition of Personal Data.
4. Purposes of processing personal data
4.1. The purpose of processing the User’s personal data is to inform the User by sending e-mails; clarifying order details.
4.2. The Operator also has the right to send the User notifications about new products and services, special offers and various events. The User can always refuse to receive informational messages by sending the Operator an email to kyivcityroast@gmail.com with the note “Refusal of notifications about new products, services, special offers”.
4.3. Depersonalized data of Users collected using Internet statistics services are used to collect information about Users’ actions on the site, to improve the quality of the site and its content.
5. Legal basis for processing personal data
5.1. The Operator processes the User’s personal data only if they are filled in and/or sent by the User independently through special forms posted on the website https://kyivcityroast.com.ua/ . By filling in the relevant forms and/or sending their Personal Data to the Operator, the User expresses their consent to this Policy.
5.2. The Operator processes depersonalized data about the User if this is permitted in the User’s browser settings (cookies and JavaScript technology are enabled).
6. Procedure for collection, storage, transfer and other types of processing of personal data The security of personal data processed by the Operator is ensured by implementing legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.
6.1. The Operator ensures the safety of personal data and takes all possible measures to prevent access to personal data by unauthorized persons.
6.2. The User’s personal data will never, under any circumstances, be transferred to third parties, except in cases related to the implementation of applicable legislation.
6.3. In case of detection of inaccuracies in personal data, the User can update them independently by sending a message to the Operator to the Operator’s email address kyivcityroast@gmail.com with the note “Update of personal data”.
6.4. The term of processing personal data is unlimited. The User may withdraw his consent to the processing of personal data at any time by sending a message to the Operator by e-mail kyivcityroast@gmail.com with the note “Withdrawal of consent to the processing of personal data”.
7. Cross-border transfer of personal data
7.1. Before commencing cross-border transfer of personal data, the operator is obliged to ensure that the foreign state to whose territory personal data is planned to be transferred ensures reliable protection of the rights of personal data subjects.
7.2. Cross-border transfer of personal data to the territory of foreign states that do not meet the above requirements may be carried out only if there is written consent from the personal data subject to the cross-border transfer of his or her personal data and/or the performance of a contract to which the personal data subject is a party.
8. Final provisions
8.1. The User may obtain any clarifications on all aspects related to the processing of his personal data by contacting the Operator by e-mail kyivcityroast@gmail.com.
8.2. This document will reflect all changes to the Operator’s Personal Data Processing Policy. The Policy is valid indefinitely until replaced by a new version.
8.3. The current version of the Policy is freely available on the Internet at https://kyivcityroast.com.ua/.
Suggested text: Our website address: https://kyivcityroast.com.ua/.
Comments
Suggested text: When visitors leave comments on the site, we collect the data displayed in the comments form, as well as visitors’ IP addresses and browser user agent string to help detect spam.
An anonymous string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar privacy policy is available here: https://automattic.com/privacy/. Once your comment is approved, your profile picture will be visible to the public in the context of your comment.
Media files
Suggested text: If you upload images to your site, you should avoid uploading images with embedded location data (EXIF GPS). Site visitors can download and extract any location data from images on your site.
Cookies
Suggested text: If you leave a comment on our site, you can enable the saving of your name, email address and website in cookies. This is for your convenience, so that you do not have to fill in your details again when you leave your next comment. These cookies will be stored for 1 year.
If you have an account on the site and you log in, we will set a temporary cookie to determine whether your browser supports cookies. The cookie does not contain any personal information and is deleted when you close your browser.
When you log in, we will also set several cookies to store your login information and screen preferences. Login cookies are stored for 2 days and screen preferences cookies are stored for 1 year. If you select “Remember me”, your login will be stored for 2 weeks. If you log out of your account, the login cookies will be deleted.
If you edit or publish an article, an additional cookie will be stored in your browser. This cookie does not contain any personal data and simply indicates the ID of the article you just edited. It expires in 1 day.
Embedded content from other websites
Suggested text: Articles on this site may contain embedded content (e.g. videos, images, articles, etc.). Embedded content from other sites behaves the same as if the user had visited the other site.
These sites may collect data about you, use cookies, embed third-party tracking, and monitor your interaction with that embedded content. In particular, they may track your interaction with the embedded content if you have an account and are logged in to that site.
Who we share your data with
Suggested text: If you request a password reset, your IP will be listed in the reset email.
How long do we keep your data?
Suggested text: When you leave a comment, it and its metadata are retained indefinitely. This allows us to automatically identify and approve each subsequent comment instead of keeping them in a moderation queue.
For users who register on our site (if any), we store the personal information they provide in their user profile. All users can view, edit, or delete their personal information at any time (except that they cannot change their username). Site administrators can also view and edit this information.
What rights do you have regarding your data?
Suggested text: If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are required to retain for administrative, legal or security purposes.
Where your data is sent
Suggested text: Visitor comments may be checked using an automatic spam detection service.
