Privacy Policy
The present Privacy Policy, hereinafter named as the Policy, applies to the processing of personal data that the privately-operated company Fialan may receive from individuals (personal data subjects) on the basis of the Constitution of Ukraine and the Law of Ukraine "On Protection of Personal Data" dated on 01.06.2010 No. 2297-VI (hereinafter - the Law), as well as the General Regulations on Data Protection 2016/679 of 27.04.2016 (EU General Data Protection Regulation, hereinafter - GDPR), and other applicable European data protection legislation, collectively named as the "Legislation."
Privacy Policy is designed to inform Consumers about:
- what is personal data;
- what kind of personal data we collect;
- how and why we use this information;
- who we transfer all the personal data to;
- how we protect the privacy of Consumers’ personal data;
- how to contact us;
- whom to contact if you have any questions regarding the processing of your personal data.
We process your personal data only if one of the conditions specified in Article 6 of the GDPR is met, including but not limited to:
- you have agreed to the processing of your personal data;
- data processing is required for the purpose of Consumers’ service provision;
- data processing is required by the laws of the countries where Consumers are located.
We have strong views on the security of personal data of our Consumers, potential Clients and other individuals who have contacted us and are interested in the matter of collaboration. So, we strive to protect the privacy of your personal data. The Administration is committed to assume all necessary measures to prevent the irregularities when it comes to Consumers’ personal data which becomes known to us. We will process your personal data in strict compliance with the requirements of the applicable Law and only if there are legal grounds for such processing take place.
You are not obliged to provide us with your personal data, but without certain information about you we will not be able to render some of our available services. In case we control the ways of collecting your personal data and determine the purposes for which this personally identifiable information is used, the Administration becomes the "personal data controller" for the purposes of GDPR and other applicable European data protection legislation, as well as the "owner of personal data" in the understanding of the Law.
Terms and Definitions
- Personal data - information or totality of information about an individual that is identified or can be specifically identified (User / Consumer);
- Special categories of personal data are so-called "sensitive" totality of information which can harm the data subject at work, while studying in the educational establishment, on their place of living, or can lead to the User’s discrimination in society. For example, these are personal data that contain information about racial origin, political or religious views, union membership, health condition, sex life, biometric or genetic data. In the terminology of Ukrainian legislation, this personal data is notable with its strict requirement for delicate processing. This kind of information brings a special risk for personal data subjects;
- Personal data subject is an individual who personal data relates to. This person can be identified from the specified personal data, or has already been identified;
- Administration of the website (Administration and also in the text We, Us) is Fialan privately-operated enterprise. Our registration address: 68001, Odessa Region, Chernomorsk, Korabelnaya St., 3A; date of registration: 12.07.2007, record number: 1 554 102 0000 001880;
- Personal data processing - any action or set of actions related to data such as collection of information, its registration, accumulating, storage, adaptation, modification, restoration, usage and distribution (implementation, transfer), depersonalization, destruction of personal data, including using information (computer-aided) systems;
- Distribution of personal data - actions of information transmission. Personal data about the individual is transferred with the consent of the personal data subject;
- Use of personal data (personal data usage) - any actions of the Administration to process specified data, reactions and efforts to protect given information, as well as actions related to the partial or full right to process personal data to other parties and agents. Use of personal data takes place with the consent of personal data subjects or in accordance with the Ukrainian legislation;
- Depersonalization of personal data – the process of information extraction that allows Administration and other parties of relations to identify a person in the direct or indirect manner;
- User (Consumer, Client) is a subject of personal data. User is considered any legally competent individual who has joined this Policy to his own interests and advantages.
- Authorization procedure - the process of user identification (recognition) in the application, according to the data specified during authorization and the following procedure of ID assigning to request the server.
- Goods (Freight, Cargo) - material assets and product items from the moment of acceptance for transportation from the shipper to the moment of delivery to the recipient of goods.
- Delivery of goods (Shipping) - a delivery service for shipping of goods from the address of dispatch to the required arrival address of the goods (recipient address).
General Conditions
- The Policy applies to all your personal information that may be obtained by Us during your application usage. This Policy applies to Users’ personal data obtained both before and after the implementation of the current Policy.
- The purpose of the Policy is to provide Consumers with the necessary information. This data helps to understand our way of actions related to Users’ personal data, our purposes of personal data processing. The Policy provides you with answers on the questions how the personal data is processed in the application and how Fialan ensures security.
- While using the application, Users provide the Administration and accompanying third parties with their personal data. In this case, the consent to the processing of Consumers’ personal data in accordance with this Policy is meant in default.
- In case of disagreement with the terms of the Fialan Policy, Users are obliged to stop using the application.
- Consent to personal data processing may be revoked by the personal data subject. In case the personal data subject cancels the consent to personal data processing, the Administration has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Legislation.
- Administration of the website does not check the authenticity of personal data provided by the User, does not have the opportunity to evaluate Consumer’s legal capacity. However, the Administration assumes that the User acts in good faith, prudently, provides reliable and sufficient personal data and makes all necessary efforts to maintain such data in an up-to-date state. Users of the Fialan application do not violate the specified regulations and do not infringe rights of third parties.
- Having agreed to the terms of this Policy, User confirms that at the time of collection of personal data he is notified of the agents and parties who the personal data are transferred to. Users are informed about the content and purposes of the procedure of personal data collection. Consumers confirm (guarantee) that all the submitted personal data details for processing has been transferred with the consent of the owners of personal data and within the framework of the Legislation.
- Having received personal data from the User, Administration, does not assume the obligation to inform the subjects (their representatives) who provided the Company with their personal data. Administration does not accept the obligation to notify Users about the beginning of personal data processing, since the individual who has provided his personal data has all the liabilities to carry out the corresponding information when concluding an agreement with the Fialan company.
- The processing of your personal data is carried out in accordance with the requirements of the Law. This procedure is regulated, in particular, by the General Regulation on Data Protection of the EU 2016/679 (hereinafter - "GDPR") for individuals located in the EU (EU citizens). It is worth noting that the legislation of other countries may establish additional requirements.
- The ongoing Policy applies to all the pieces of Users’ personal information that the Administration may obtain when using the application, as well as during the course of the execution of any agreements provided by the Administration (contracts, accords, agreements with Users).
- This Policy is an internal document of the Administration.
- The Personal Data Controller shall be released from the responsibility for consequences arising in connection with the procedure of personal data processing if the designated person is not liable for the event resulting in such consequences.
You also agree that the Company after the Users’ personal data provision takes place has the right to provide access and transfer all the specified information to third parties without any additional notifications. It can be upon conditions if the purpose of the action of the personal data processing is not changed and if all the ongoing procedures are stipulated by this Privacy Policy and/or the legislation of Ukraine.
No one under the legal age (age of 18) should provide Us with personal information through the application. We do not purposefully collect personal data of underage individuals (citizens under 18 years). Parents, care-takers, and guardians must constantly monitor the Internet activities and other online operations of their children.
Content of Personal Data
- Administration processes Users’ personal data provided on the stage of Consumers’ registration in the application. The further storage of information is required. Administration uses the personal data of individuals to carry out all the needful professional activities. Administration is obliged to fulfill all the specified obligations.
- Personal data provided by the User should include:
- information about Consumers’ visits and the use of this application, including the source of links, the duration of each online visit, the navigation paths of the application;
- information Users enter while creating a profile on Our app, such as first and last names, profile photos, IP addresses;
- information such as name and email address that is required to set up a subscription to Our emails and/or newsletter;
- information you enter when using the services available in the Fialan application;
- information that is generated when using Our application including when, how often, and under what circumstances Users use it;
- information related to goods and services - everything Consumers buy, order, ask, are interested about. This data includes Users’ name, country and city (location), phone number, email address, supplementary personal details for calculating shipping costs;
- information you post on Our app with the intention of publishing it on the Internet. This data includes your username (nickname), profile photos;
- information contained in any email letters Users send Us;
- any other personal data Users send Us (mention in messages, write down in letters, on the website, inform in any possible way).
Before making personal information of another person public, you must obtain the consent of that individual both to disclose and process any data and private details in accordance with this Policy.
- Administration has the right to establish requirements for the content of personal data. Users must provide specified information while using the application. If certain data is not marked by the Administration as mandatory, it shall be made available or disclosed by Users at their discretion.
- There is data that is automatically transferred to the Fialan Administration while Consumers use the application. All the pieces of information are got and passed with the help of software installed on the device. Administration gets the following data automatically: IP address, the operating system (OS) type of the device, technical characteristics of Users’ equipment and software, date and time of access to the application.
- As part of the professional activities in terms of Our application, Administration can collect certain information using advertising IDs and analytical services.
- We can allow third parties (such as analytic service providers) to collect information in default. The Users’ personal data they collect is the protection subject according to the current privacy policies of these third parties.
Grounds and Purposes of Personal Data Processing
- The grounds for processing personal data are:
- consent of the personal data subject to processing of his personal data by the Administration;
- completion and execution of a contract, where one of the parties is a personal data subject;
- completion and execution of the contract that is concluded in favor of the subject;
- the request of the personal data subject;
- the obligation of the Administration to comply with the requirements stipulated by the Legislation.
- The purpose of personal data processing is:
- performance of the functions and duties assigned to the Administration in accordance with the legislation of Ukraine and GDPR;
- collection, storage, and processing of personal data obtained in the application within the framework of the Legislation and GDPR;
- sending to the User commercial (marketing) notifications containing additional information about services, current promotions, and special offers related to available services provided by the Administration using the application;
- identification of the personal data subject while using the application;
- communication with the personal data subject if necessary (including sending offers, information materials, messages, news and inquiries, advertising, as well as processing requests of the personal data subject);
- improving the quality of the application, its usability; developing new functionality and upturn the quality of Fialan services and Customer care;
- conducting of the statistical and other studies based on collected anonymized data;
- performance of contractual and other obligations towards the User by the Administration on the ground of concluded agreements between the Administration and the User (or third parties in the interests of the Consumer).
- The grounds for processing personal data are:
Basic Principles of Personal Data Processing
- Personal data processing by the Administration is carried out on the basis of the following principles:
- Legality of purposes and methods of personal data processing;
- Reliability of the Administration as the owner of personal data is achieved by fulfilling the requirements of Ukrainian legislation regarding the processing of personal data;
- Achievement of specific, predetermined goals of personal data processing;
- Compliance of personal data processing purposes with the goals predetermined and declared for the procedure of personal data collection;
- Correspondence of the list and scope of processed personal data, as well as methods of processing personal data with the stated purposes of processing;
- Reliability of personal data, completeness of information for the purposes of processing, inadmissibility of processing personal data redundant to the purposes of processing personal data;
- Accuracy of personal data assurance on any stage of personal data processing, completeness of information, and if necessary relevance to the purposes of personal data processing.
- Prohibition of merging databases that contain personal data processed for purposes incompatible with each other;
- Storage of personal data in a form that allows Administration to determine the subject of personal data, but no longer than the purposes of processing require;
- Personal data processed shall be destroyed or depersonalized upon achievement of the processing purposes. Information annulment takes place in case of loss of the necessity to achieve any earlier specified goals, unless otherwise provided by the legislation of Ukraine and GDPR.
- Administration also considers periods which require retaining of Users’ personal information in order to meet all the legal obligations towards Consumers or regulatory authorities.
- As the time is extended, we can minimize your personal data content to use or even make your data anonymous. In this case, we will be able to use this information for statistical or other purposes without any notifications, since such information is not considered Users’ personal data anymore.
- Processing of personal data is carried out by Administration for statistical or other research purposes. This information is always depersonalized.
- Administration does not process personal data related to racial or ethnic origin, political, religious or other beliefs, political party membership and other forms of membership, previous convictions, and private data details related to health, sexual life, biometric and genetic information.
- Processing of personal data is carried out in compliance with the conditions specified by the Ukrainian legislation and GDPR.
- Personal data processing by the Administration is carried out on the basis of the following principles:
Personal Data Processing Terms
- The terms of personal data processing are settled according to the purposes of processing but not longer than it is determined by the Legislation.
- Personal data with expired processing (storage) period must be destroyed or depersonalized, unless otherwise specified by the Law. Storage of personal data is carried out in the form that allows to define the subject of personal data but no longer than the purposes of personal data processing require. It is worth noting that this regulation is actual if the period of personal data storage is not specified by the Law. Processing personal data shall be destroyed or depersonalized if all the purposes of the processing procedure were achieved or in case these goals lost their applicability, unless otherwise is not specified by the Law. Administration also considers periods which require retaining of Users’ personal information in order to meet all the legal obligations towards Consumers or regulatory authorities. (in accordance with 261/2004 EU Regulation).
- As the time is extended, we can minimize your personal data content to use or even make your data anonymous. In this case, we will be able to use this information for statistical or other purposes without any notifications, since such information is not considered Users’ personal data anymore.
- If your account has not been active for more than 24 months, we reserve the right to delete your profile including all personal information stored in it. It means that you will not be able to access and use it.
Quarters Admitted to Personal Data Processing by the Administration
- To achieve the purposes of this Policy, only those representatives of the Administration who are entrusted with such an obligation in accordance with their official (labor) duties are allowed to process personal data. Access of other Administration representatives and third parties may be issued only in the cases stipulated by the Law. Administration ensures that its executives maintain confidentiality and ensure the security of personal data when it is processed.
We may disclose your personal information to any of our executives, officers, insurers, professional advisers, agents, suppliers or subcontractors, and other parties if it is necessary for the purposes set in the current Policy.
We may disclose your personal information to any member of our group of companies (including our affiliated companies, our final holding company, and all its related organizations) within reasonable limits necessary for the purposes set in the current Policy.
- Administration has the right to transfer personal data to third parties in the following cases:
- the subject of personal data expressed his consent to such actions in writing form;
- transfer is allowed by Ukrainian legislation or other relevant regulations within the procedure established by Law. At the same time, access to personal data is not issued to a third party if the specified person refuses to undertake obligations and to ensure compliance with the requirements of the Law. If these quarters cannot provide compliance with the specified regulations, we refuse to provide them personal data of Our Consumers.
- Administration has the right to entrust the processing of personal data to a third party with the consent of the personal data subject, unless otherwise is not specified by the legislation of Ukraine. The procedure takes place on the basis of a contract concluded with a third party. The key condition of the agreement is the observance of confidentiality and non-disclosure of personal data.
- Representatives of public authorities (including, the controlling, supervisory, law enforcement and other authorities), get access to processing personal data by Administration in scope and an order determined by the Legislation.
- The information we collect may be stored, processed and transmitted between any countries in which we operate so that we may use the information in accordance with the current Policy.
- The information we collect can be transmitted to the following countries that do not have data protection laws similar to those in force in the European Economic Area: the United States of America, Russia, Japan, China and India.
- The personal information you publish on Our app or provide for publication on Our application can be accessed online worldwide. We cannot prevent others from using or misusing available data on the Internet.
- To achieve the purposes of this Policy, only those representatives of the Administration who are entrusted with such an obligation in accordance with their official (labor) duties are allowed to process personal data. Access of other Administration representatives and third parties may be issued only in the cases stipulated by the Law. Administration ensures that its executives maintain confidentiality and ensure the security of personal data when it is processed.
Implementation of Personal Data Protection
- The activities of the Administration in personal data processing in information systems are inextricably connected with the protection by the Administration of the confidentiality of the received information if these aspects do not contradict the current Legislation.
- The personal data protection system includes organizational and (or) technical measures. The current threats to the security of personal data and information technologies used in information systems are taking into account as well. Administration is updating these activities with new technologies as applicable.
- The exchange of personal data during its processing in information systems is carried out through communication channels protected by technical means of data protection.
- While personal data processing takes place in information systems, Fialan Administration is obliged to ensure:
- implementation of measures aimed to prevent unauthorized access to personal data and/or their transfer to quarters who do not have the right to access such information;
- timely detection of unauthorized access to Users’ personal data;
- preventing the negative impact on the technical means of automated personal data processing that may disrupt some functions of the app;
- possibility of immediate personal data restoration; reductive assistance when it comes to modified and destroyed information caused by the fact of unauthorized access to the stored data;
- constant monitoring of the security level of personal data.
- Personal information shall be kept confidential unless the technology of the application or the software configuration used by the Consumer provides for the open exchange of information with other Users of the application or with any other unauthorized Internet users (surfers).
- Administration implements the following requirements of Ukrainian legislation in relation to the personal data processing procedure:
- privacy requirements for personal data;
- requirements to ensure the personal data subject with implementation of his/her rights;
- requirements to ensure the accuracy of personal data, and if necessary relevance to the purposes of personal data processing (with the adoption of measures to delete or clarify incomplete or inaccurate data);
- requirements for personal data protection from hacking or accidental access to it, destruction, distortion, blocking, copying, provision, distribution of personal data;
- requirements for personal data protection from other illegal actions in relation to personal data;
- other statutory requirements (legalities).
- In accordance with the Law, the Fialan Administration shall independently determine the content and the specified list of measures necessary and sufficient to ensure the fulfillment of the obligations stipulated by the legislation in relation to personal data from unauthorized or illegal processing and from unintentional loss, destruction or damage of information.
Administration adheres to the principle of minimizing personal data. We process only the information on Our Consumers that we need or the data that Our Clients agree to provide supplementary, in excess of the necessary processing limits. In addition, we have done all necessary settings to provide services through the absolutely safe application when it comes to personal data processing. The maximum possible confidentiality is kept; main and additional options can be adjusted at discretion of Users. While personal data transmission to public authorities takes place, we always use the most secure and verified ways to transfer such sensitive information.
Rights of personal data subject
- Rights of personal data subjects in accordance with the legislation of Ukraine:
- Be aware of the sources of collection, location of their personal data, the purpose of their processing, the location of the personal data manager, and give an appropriate order to receive this information to authorized persons, except in cases specified by the Law.
- Obtain information about the conditions for providing access to personal data, including information about third parties who personal data is transmitted to.
- Provide access to personal data.
- Receive a response on whether and which personal data is processed. The answer should be given not later than thirty calendar days from the date of receipt of the request, except any cases specified by the Law.
- Form a reasoned requirement to the Fialan Administration related to the objection concerning personal data processing.
- Form a reasoned demand to modify or destroy personal data if the information is processed illegally or is unreliable.
- Protect personal data from illegal processing and accidental loss, destruction, damage on the concealment grounds, rejection of provision or untimely provision of private information. Protect personal data against the provision of information that is unreliable or debasing of the honor, dignity, and business reputation of an individual.
- File complaints about the processing of their personal data to the Administration, to the Verkhovna Rada Commissioner for Human Rights, or to the court.
- Apply legal remedies in case of violation of personal data protection legislation.
- Make reservations on the restriction of the right to process personal data when consent is issued.
- Revoke consent to personal data processing.
- Be up to date with the mechanism of automatic personal data processing.
- Protect personal data from an automated solution that has legal consequences for it.
- Administration has the right to entrust the personal data processing to a third party with the consent of the personal data subject, unless otherwise specified by the legislation of Ukraine. This procedure takes place on the basis of a contract concluded with a third party. The key condition of the current agreement is the observance of confidentiality and non-disclosure of personal data.
- Representatives of state authorities (including those controlling, supervising, law enforcement and other quarters) shall have access to personal data processed in the Administration in the scope and manner specified by Ukrainian legislation.
- Other rights of personal data subjects in accordance with GDPR:
n addition to the Ukrainian legislation on personal data protection, the Administration is attentive to the aspect of enforcement of Users’ rights established by the GDPR.
- Right to information.
We are ready to provide data subjects with information about which of their personal data We process.
If you wish to know what personal data we use for the processing procedure, you will be able to make a request for this information at any time, including by contacting the Administration. The list of data we need Our Consumers to provide Users can find in the GDPR articles number13 and 14. At the same time, Users must inform Us about their specific requirements so that the Administration is able to legally consider all the requests and provide a timely response.
Please note that in case We are not able to establish Users’ identity by email verification, with the help of telephone calls or SMS, or in the event of other reasonable doubts on Consumer’s identity, Administration may request an individual to provide an identity document. Sometimes appearance in person to the registration address of the Fialan Administration is required to establish an individual’s identity. We can avoid publicizing your personal data to someone who tries to impersonate you only this reliable way.
We will process all the Users’ requests as soon as possible, but at the same time we ask you to remember that providing full and legal answers related to personal data is a complex procedure that can last up to a month.
- The right to data correction
If Users found that some of the personal data We have been processing is incorrect or out of date, please let Our Administration know. In this case, we may ask you to PROVIDE an identity document. In some cases, appearance in person to the registration address of the Fialan Administration is required to establish an individual’s identity.
If someone wants to correct personal data that is processed by Us, Users can make any corrections themselves by logging into your personal account in the application or contacting the Administration representatives.
In some cases, we will NOT be able to change your personal information. In particular, such a case may be when your personal data has already been used for the contract execution purposes and/or some personal information details are contained in the tax document which was drawn up in accordance with the Tax Law.
- Revocation of consent to personal data processing and the right to dereliction of duties
If the Administration processes User’s personal data on the basis of consent to processing personal data (in particular, for marketing/advertising purposes), further processing can be stopped at any time. It is enough to cancel consent to such processing.
Users can also invoke their rights to dereliction. In the cases specified in the GDPR Article number 17, the Administration will destroy all User’s personal data in process with the exception of those information details which We will be obliged to preserve in accordance with the requirements of the Law.
Also in this case, the Administration may request Users to provide an identity document for security reasons. In some cases, appearance in person to the registration address of the Fialan Administration is required to establish an individual’s identity.
- Right to information.
- Rights of personal data subjects in accordance with the legislation of Ukraine:
Location of Personal Data Storage
Administration has a personal database. To ensure security of Users’ personal information, We use Hetzner's cloud services. Data is located in the data centers in Germany.
Privacy Policy Changes
- The current Policy may be changed or terminated unilaterally by the Administration without prior notice to Users including the applicable law requires these amendments. The new version of the Policy shall come into force from the moment of its placement in the application. Therefore, we ask Users to check the current Policy to ensure that they have up-to-date information.
Personal Data Protection – Whom Should Users Address to?
- If you have questions, comments, complaints, or wishes regarding the protection and processing of personal data, you can contact the Director of the Fialan company. Postal address: 68001, Odessa region, Chernomorsk, Korabelnaya street, 3А.
Be sure to specify your first name, last name, email address, and detailed questions, comments, complaints, or requirements in your letter.
- The administrative body for the protection of personal data in Ukraine is the Office for the Protection of Personal Data of the Secretariat of the Verkhovna Rada Commissioner for Human Rights. You can contact him with complaints or suggestions if you presume that your rights relating to the personal data processing have been violated.
- If you have questions, comments, complaints, or wishes regarding the protection and processing of personal data, you can contact the Director of the Fialan company. Postal address: 68001, Odessa region, Chernomorsk, Korabelnaya street, 3А.