on the processing and protection of personal data of the All-Ukrainian Non-Governmental Organization “Ukrainian Bar Association”
1. General provisions and scope
All-Ukrainian NGO “Ukrainian Bar Association” (hereinafter – “Association”) respects the rights related to personal data obtained in the course of its activities from personal data holders and seeks to protect them.
This Regulation determines ways of collecting, processing, using and protecting personal data, including (but not limited to) data on:
- visitors of websites, mobile applications and other online resources of the Association (hereinafter referred to as “the Site”);
- candidate members, members and honorary members of the Association;
- participants of events, moderators and speakers at such events organized or co-organized by the Association;
- persons who participated in the polls of the Association;
- individuals and legal entities which cooperated with the Association within the framework of its activities (suppliers of goods and services);
- any other third parties whose personal data was obtained in the course of cooperation with the Association.
This Regulation is mandatory for the authorized person (as defined below) and employees of the Association who are directly processing and/or have access to personal data in connection with the performance of their duties;
In this Regulation, the following terms shall have the meaning herewith attached to them:
Base of personal data – means a named aggregate of organized personal data in electronic form and/or in a form of a filing system;
Authorized person – defined person among the employees of the Secretariat of the Association who organizes work related to the protection of personal data in the course of their collection and processing;
Controller of personal data – the Association that has obtained a right to processing of such data according to the law or to the consent of the personal data subject, which approves the purpose of the processing of personal data in the base of personal data, establishes the content of this data and the procedures for its processing, in case other is prescribed by legislation;
Publicly available sources of personal data – directories, address books, registers, lists, catalogs, other systematic collections of open information containing personal data, posted and published with the knowledge of the Subject (as defined below);
The Law – the Law of Ukraine “On Protection of Personal Data” No. 2297-VI of June 1, 2010 (as amended);
Personal data subject’s consent – means a voluntary declaration of will by an individual provided he or she has been properly informed, to grant permission to process his/her personal data in accordance with the purpose of processing stated in a written or any other form that allows to conclude that the permission has been granted;
Processing of personal data – means any operation or set of operations such as collection, registration, accumulation, storage, adaptation, alteration, updating, use and dissemination (distribution, sale, transfer), depersonalization, destruction of personal data about members, candidate members and associate members of the Association, and also participants of events, moderators and speakers at the UBA events;
Personal data mean information or aggregate information about a Subject who is identified or may be identified solely or jointly with other information available to the Association, including from publicly available sources of personal data;
Processor of personal data – means a natural person or legal entity that obtained the right to process such data on behalf of the controller of personal data or according to the law;
Personal data subject(hereinafter – the Subject) – means a member of the Association, candidate member or associate member, participant, moderator or speaker at the Association’s events, or any other person, whose personal data are processed by the Association according to its goals and purpose of processing, defined by this Regulation.
2. This Regulation defines:
- who is the owner and manager of the data in accordance with this policy and how the Subject can contact the Association;
- the purpose of collecting and processing Personal Data of the Subject by the Association;
- ways of obtaining personal data of the Subject by the Association;
- ways of using personal data of the Subject by the Association;
- terms of storage of personal data of the Subject by the Association;
- means of transfer by the Association of personal data of the Subject to third parties;
- the rights of the Subject regarding his personal data;
- introducing amendments to the Regulation.
3. Purpose of the collection and processing of personal data
The Association collects and processes personal data for the purpose of:
- registration, accumulation, storage and updating of the information about the members, candidate members and associate members of the Association, participants, moderators or speakers at the Association’s events, as well as other third parties;
- obtaining information on the professional activities of the Association by the Subjects;
- interaction with Subjects for the purpose of establishing contacts for obtaining methodological or organizational assistance in the implementation of projects and for the development of the legal profession as a whole;
- receiving assistance to protect the legitimate rights and interests of the Association;
- realization of the goals and tasks stipulated by the constituent documents of the Association.
4. Owner of personal data
The Association is the owner of personal data of the Subject within the meaning of Article 1 of the Law.
In case of any questions or doubts regarding handling of the Subject’s personal data by the Association, please e-mail at the following address: firstname.lastname@example.org, or use other contact information posted on the Site.
The official address of the Association: 6 Khreschatyk Street, office 2, Kyiv, Ukraine.
5. Information that the Association may collect about the Subject
The Association may collect and process the following personal data of the Subject:
- in the course of activities, including through the Site;
- in the course of communication with the Association by e-mail or other means of communication;
- when registering to attend the events of the Association or upon request of the Association;
- when the Subjects sends requests for the receipt of the Association’s e-Newsletter, as well as when the Subject receives it;
- in the course of sending replies to requests for information from the Association.
The personal data that the Association may collect and process includes, but is not limited to:
- the name of Subject, the name of the organization in which the Subject currently works or worked, the position;
- postal address, e-mail and contact phone numbers;
- information on the transfer of charitable contributions for the participation in the Association’s activities and membership in the organization;
- information about Site visits;
- information about the materials and messages that the Association sends to the Subject electronically;
- information provided by the Subject for the purposes of visiting the Association’s events;
- identification and background information provided by the Subject or collected as part of the Association’s operational processes.
6. Obtaining information of the Subject
6.1. The personal data that the Subject provides to the Association
The Association collects and processes personal information of the Subject as part of the Association’s operational processes, as well as for organizing the Association’s events and activities.
6.2. Information that the Association may collect automatically
When visiting the Association website, certain information is automatically collected that does not provide for the identification of the Subject. This information may include:
6.2.1. Views statistics
The Association collects information about the sections of the Site, which are mainly viewed by visitors, the frequency of connections to the Site, software and hardware used to visit the Site, the visitor’s geography. This information allows the Association to understand how visitors interact with the Site.
6.2.2. Log registers
The hosting company of the Association can record requests made by visitors to the Site, information about the software and hardware used to visit the Site, assignment of the IP address, and time associated with the access. The Association uses this information to improve the security of the Site.
6.2.3. Cookie file
A cookie is a text string that the Site transmits to the browser cookie on the Subject’s computer so that the Site could remember the Subject setting. The association uses cookie data to analyze user behavior and improve user experience. A subject can turn off cookies using browser settings.
6.3. Information that the Association collects from other sources
The Association may receive information about the Substance from other sources (including from publicly available sources of personal data), as well as from third parties that help:
- update, expand and analyze the Association’s records;
- identify individuals interested in membership in the Association;
- avoid or detect fraud.
The Association may also receive information about the Subject from social networking platforms, including but not limited to, when the Subject interacts with the Association on these platforms or accesses the Association’s social media content. The information that the Association may receive is governed by the confidentiality settings and procedures of the relevant social network, which the Association advises to familiarize yourself with.
7. Use of information about the Subject
The Association collects and processes personal data of the Subject in various ways, including through the use of the Site. The Association uses the following information for:
- answers to the Subjects’ questions about the events and projects implemented by the Association, concerning the admission to the Association and its activities;
- improvement of the Site.
8. Storing of personal data
The Association will store the collected personal data to the extent necessary for the purpose of processing specified in this Regulation.
To determine the appropriate term of storage, the Association will consider the scope and nature of the data collected, including the special categories of personal data as defined in Article 7(1) of the Law, the potential risk of harm from unauthorized use or disclosure and the purposes for which the Association processes personal data.
After the expiration of the term of storage, the collected personal data will be destroyed in accordance with the safety rules.
9. Transfer of personal data to third parties
The Association may transfer personal data of the Subject to third parties, including:
- IT Providers of the Association, including cloud management services;
- Third parties involved in the preparation or organization of meetings, events or seminars organized or co-organized by the Association.
Where necessary or for the reasons set forth in this Regulation, personal data may also be provided to public authorities and local governments, courts, government agencies and law enforcement agencies.
The Association does not sell, rent or lease, and does not provide the personal data of the Subjects for commercial purposes in any other way.
10. Rights of the Subject
Subject has a right to:
- request access to their personal data and learn about their processing;
- request a correction of their personal data;
- request to destroy their personal data;
- require a restriction on the processing of the personal data;
- to object to the processing of their personal data;
- withdraw the consent (if provided) to the processing of the personal data of the Subject;
- file a complaint against processing of the personal data by the Association. Contact information of the local supervisory authority can be obtained at http://www.ombudsman.gov.ua/uk/page/applicant/.
The Subject may use its other rights in accordance with the legislation on the protection of personal data.
If personal data are being deleted at the request of the Subject, the Association will only store copies of the information necessary to protect the legitimate interests of the Association or third parties, resolving disputes or executing any agreement that the Subcontract has entered into with the Association.
11. Information processing for minors
The site is not targeted and is not intended for persons under the age of 18.
If a Subject is under the age of 18, he must not provide the Association with personal data without the consent of parents, tutor, trustee or tutorship and guardianship authority.
In case of identification by the Association of personal data of subjects under the age of 18 such personal data will be deleted promptly.
The site may contain links to third-party websites. The Association is not responsible for the content and practice of ensuring the confidentiality of such websites.
13. Authorized person of the Association
An authorized person organizes work related to the protection of personal data when processed in accordance with the law.
The Authorized person is determined by the Executive Director of the Association.
The Authorized person shall:
- know the legislation in the field of personal data protection;
- ensure that the Secretariat staff complies with the requirements of the legislation on personal data protection, this Regulation and other personal data documents that the Association may take from time to time;
- inform the Association’s management about the violations by employees of the requirements of the Ukrainian legislation in the area of personal data protection, this Regulation and other personal data documents that the Association may take from time to time not later than 1 (one) business day after the detection of such violations.
In order to fulfill hisher duties, an authorized person shall have the right to:
- make copies of received documents, including copies of files, any records stored in local area networks and autonomous computer systems;
- access to all premises, documents, means of telecommunication of the Association;
- to participate in the discussion of issues related to the protection of personal data;
- engage with other staff of the Secretariat and the Association in the performance of their duties to organize work related to the protection of personal data in their processing.
Employees who have access to and processing personal data are obliged not to disclose in any way the personal data they have been entrusted with, or who became aware of, in the course of performance of professional or service or employment duties.
Persons having access to personal data, including processing them, in case of violation of the requirements of the legislation on the protection of personal data bear the responsibility provided for by the current legislation.
14. Introducing amendments to this Regulation
The Regulation is approved by the Board.
The Association reserves the right, under the decision of the Board, to make amendments and additions to this Regulation.
The Association recommends that Subjects periodically review the Site’s page, which contains information on the processing and protection of personal data.
In case of making any significant changes to this Regulation, the Association will notify the Subject respectively by posting a notice of changes on the Site.