This Privacy Policy (hereinafter - the “Policy”) applies to the processing of personal data that may be obtained by the business entity CONSCIOUS BUSINESS RETREAT CENTRE LIMITED LIABILITY COMPANY (РЕТРИТ-ЦЕНТР УСВІДОМЛЕНОГО БІЗНЕСУ) (Unified State Register of Enterprises and Organizations of Ukraine code 40828665), registered and operating in accordance with the legislation of Ukraine, from individuals (personal data subjects) on the basis of the Constitution of Ukraine and the Law of Ukraine “On Personal Data Protection” dated 01.06.2010 No. 2297-VI (hereinafter - the “Law”), as well as the General Data Protection Regulation (EU) 2016/679 of 27.04.2016 (EU General Data Protection Regulation, hereinafter - the “GDPR”) and other applicable European data protection legislation, hereinafter collectively referred to as the “legislation”.
You are not obliged to provide your personal data; however, failure to do so makes it impossible for us to provide you with our services.
The owner (controller) and manager (processor) of the personal data is the business entity LLC “RETREAT-CENTER OF CONSCIOUS BUSINESS” (РЕТРИТ-ЦЕНТР УСВІДОМЛЕНОГО БІЗНЕСУ), EDRPOU code 40828665, address: 08124, Kyiv region, Buchansky district, Khmilna village, 95-A Kucherova Street.
The right of access to personal data is granted only to a responsible or authorized person of the owner, subject to the obligation not to disclose in any manner any personal data that have been entrusted to such person or that have become known to them in connection with the performance of professional, official, contractual, or employment duties.
1. TERMS
Personal data: information or a set of information about an individual who is identified or may be identified.
Personal data subject: an individual in respect of whom, in accordance with applicable legislation, the collection and processing of their personal data are carried out.
Consent of the personal data subject: the voluntary expression of will of an individual (provided that they have been properly informed) granting permission for the processing of their personal data in accordance with the purpose of processing defined in Section 2 of this Policy, expressed in written form or in a form that allows their granting of consent to be inferred. The consent of the personal data subject may be granted by means including, but not limited to, completing a form on the website
https://www.consciousness.com.ua/ (hereinafter referred to as the “Website”).
Depersonalization of personal data: the removal of information that enables the direct or indirect identification of a person.
Owner (controller): a natural or legal person who determines the purpose of personal data processing, establishes the composition of such data and the procedures for their processing, unless otherwise provided by legislation.
Manager (processor) of personal data: a natural or legal person who is the owner of personal data or who is granted the right by legislation to process such data on behalf of the owner.
Processing of personal data: any action or set of actions such as collection, registration, accumulation, storage, adaptation, alteration, updating, use and dissemination (realization, transfer), depersonalization, destruction of personal data, including with the use of informational (automated) systems.
Third party: any person, except for the personal data subject, the owner or the manager of personal data, and the Commissioner for Human Rights of the Verkhovna Rada of Ukraine, to whom personal data are transferred by the owner or manager.
2. PURPOSE AND OBJECTIVES
We process your personal data only if one of the conditions specified in Article 6 of the GDPR has been met, including but not limited to the following:
· you have given consent to the processing of personal data, or;
· the processing is necessary for the provision of services to you, or;
· such processing is required by the legislation of EU Member States if we cooperate with EU residents.
The purpose of collecting and processing personal data is to provide personal data subjects with access to materials on the Owner’s Website, to fulfill the terms of the User Agreement, to ensure the quality of service provision, and to protect the lawful rights and interests of the personal data owner.
The purpose of personal data processing may change as a result of amendments to agreements concluded with the personal data subject, changes in the Owner’s activities, or changes in the legislation of Ukraine and/or the EU regarding personal data protection.
3. COMPOSITION AND CONTENT OF PERSONAL DATA
Personal data include information obtained through the Website from the personal data subject for the purpose of the Owner providing its services.
The Owner processes personal data provided by users of the Website, which may include, in particular but not limited to, the following data:
· first name, last name, and patronymic (if applicable);
· email address;
· contact telephone number;
· IP address;
· internet service provider;
· data regarding the version of your browser software;
· information about the operating system;
· information about the website you use to visit us;
· duration of your visit to our Website and navigation paths on our Website.
The Owner may, at any time and without prior notice or obtaining a separate agreement, modify the scope and content of the personal data being processed (whether by increasing or decreasing it).
4. RIGHTS OF THE PERSONAL DATA SUBJECT
The rights of personal data subjects in accordance with the legislation of Ukraine and the EU General Data Protection Regulation 2016/679 include the right to:
· know the sources of collection, the location of their personal data, the purpose of processing, the location or place of residence (stay) of the owner or manager of personal data, or to give an appropriate authorization to authorized persons to obtain this information, except in cases established by law;
· obtain information about the conditions for granting access to personal data, including information about third parties to whom their personal data are transferred;
· access their personal data;
· receive, no later than thirty calendar days from the date of receipt of the request (except in cases provided by law), a response regarding the processing of their personal data, as well as receive the content of such personal data;
· submit a reasoned request to the personal data owner objecting to the processing of their personal data;
· submit a reasoned request to any owner or manager of personal data to amend or destroy their personal data if such data are processed unlawfully or are inaccurate;
· have their personal data protected from unlawful processing and from accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision of such data, as well as protection from the provision of information that is inaccurate or defames the honor, dignity, or business reputation of an individual;
· lodge complaints regarding the processing of their personal data with authorized bodies or with a court;
· apply legal remedies in the event of violations of legislation on personal data protection;
· make reservations regarding the restriction of the right to process their personal data when providing consent;
· withdraw consent to the processing of personal data;
· know the mechanism of automatic processing of personal data;
· be protected from an automated decision that has legal consequences for them;
· receive from the controller confirmation of the fact of personal data processing, access to personal data, and information, where possible, about the period during which personal data are expected to be stored, or, if this is impossible, the criteria used to determine such a period;
· send a request to the controller regarding the rectification or erasure of personal data or the restriction of processing of personal data relating to the data subject, and to object to such processing;
· if personal data are transferred to a third country or an international organization, be informed about the appropriate safeguards in accordance with Article 46 GDPR concerning such transfer;
· have inaccurate personal data concerning them rectified by the controller without undue delay. In view of the purposes of processing, the data subject shall have the right to have incomplete personal data completed, including by providing an additional statement.
5. PERIOD OF STORAGE AND DELETION OF PERSONAL DATA
The personal data of the subject are stored for the duration of the User Agreement.
Personal data shall be deleted on the following grounds:
· expiration of the storage period established by this Policy, the User Agreement, or legislation;
· expiration of the term of the User Agreement, unless otherwise provided by legislation or the User Agreement;
· issuance of an appropriate order by the Commissioner for Human Rights of the Verkhovna Rada of Ukraine or by designated officials of the Secretariat of the Commissioner for Human Rights of the Verkhovna Rada of Ukraine, or by another foreign authority vested with personal data protection powers;
· entry into legal force of a court decision ordering the deletion or destruction of personal data;
· personal data collected in violation of legislative requirements that are subject to deletion or destruction in accordance with the procedure established by law;
· personal data collected during the performance of tasks related to operational-search or counterintelligence activities, or the fight against terrorism, which are to be deleted or destroyed in accordance with legislative requirements.
The owner/manager of personal data retains the right to use personal data after the expiration of the storage period, provided that such data are depersonalized and may be used for historical, statistical, or scientific purposes.
6. ENSURING THE PROTECTION OF PERSONAL DATA
The owner/manager of personal data is obliged to ensure the protection of such data from accidental loss or destruction, from unlawful processing, including unlawful destruction or access to personal data.
The owner/manager of personal data takes all necessary measures aimed at ensuring the maximum level of protection of personal data, but does not guarantee absolute security of information transmitted through the use of the Internet or stored in our databases from unlawful actions of third parties, such as hacker attacks.
It is important that the personal data subject, by giving consent to the processing of personal data, understands and agrees that the data entered into the form on the Website (hereinafter - “registration data”) constitute sufficient and necessary information.
Unless the personal data subject proves otherwise in the manner prescribed by law, any actions performed using the registration data shall be considered as actions performed by the personal data subject to whom such registration data belong.
7. ACCESS OF THIRD PARTIES TO PERSONAL DATA
The procedure for third-party access to personal data is determined by the terms of this Policy and, accordingly, by the consent of the personal data subject to the processing of such data granted to the personal data owner, or in accordance with the requirements of applicable legislation.
Access to personal data shall not be granted to a third party if such person refuses to assume obligations to ensure compliance with legislative requirements or is unable to ensure such compliance.
Third-party access to personal data is necessary for the performance of the conditions of the Agreement to which the personal data subject is a party.
Including, but not limited to, third-party access to personal data is carried out for the purpose of fulfilling the terms of the Agreement. Such third parties may be granted access to personal data only to the extent required for the fulfillment of specific obligations under the Agreement.
The procedure for access of state authorities (including but not limited to law enforcement bodies, fiscal and tax authorities) and local self-government bodies to personal data of subjects is determined by applicable legislation.
8. USE OF “COOKIES” FILES
The Website uses “cookies” to ensure technical functionality, to configure the Website directly for users, and to improve its operation.
If necessary, you may follow the link and become familiar with the Cookie Use Policy in detail.
9. FINAL PROVISIONS
We reserve the right to change security and personal data protection measures at any time, especially if such changes become necessary due to technical modifications. In such cases, we will also properly adapt our Policy.
Please always pay attention to and review the most up-to-date version of our Policy.