This Privacy Policy, hereinafter referred to as the Policy, applies to the processing of personal data that the DEPO MUSIC website can receive from individuals (personal data subjects) on the basis of the Constitution of Ukraine and the Law of Ukraine “On the Protection of Personal Data” dated 01.06.2010 No. 2297-VI (hereinafter - the Law), as well as the General Data Protection Regulation (EU) 2016/679 of 04/27/2016 (EU General Data Protection Regulation, hereinafter - GDPR) and other applicable European data protection laws, collectively referred to as hereinafter referred to as the Legislation.
This Privacy Policy is designed to tell you:
- what is personal data;
- what personal data we collect;
- how and why we use them;
- to whom we transfer your personal data;
- how we protect the confidentiality of your personal data;
- how to contact us and to whom to contact if you have questions regarding the processing of your personal data.
We process your personal data only if one of the conditions specified in Article 6 of the GDPR is fulfilled, including, but not exclusively:
- You have consented to the processing of your personal data;
- processing is necessary in order to provide you services;
- Such processing is required by the laws of the countries in which you are located.
We take the security of personal data of our customers, potential customers and other persons who contact us seriously, therefore we strive to protect the confidentiality of your personal data. The administration undertakes to take all necessary measures to prevent the abuse of your personal data that becomes known to us. We will process your personal data in strict accordance with the requirements of the applicable law and only if there are legal grounds for such processing.
You are not required to provide us with personal data, but without certain information about you, we will not be able to provide you with some of our services. In the event that we control the methods of collecting your personal data and determine the purposes for which this personal data is used, the Administration is a “personal data controller” for the purposes of GDPR and other applicable European data protection laws, as well as an “owner of personal data” in the understanding The law.
1. Terms and definitions
Personal data - information or a collection of information about an individual who is identified or can be specifically identified (User);
Special categories of personal data are the so-called “sensitive” personal data that can harm the data subject at work, in an educational institution, in the living environment, or can lead to its discrimination in society. For example, this is personal data that contains information about racial origin, political or religious beliefs, union membership, health status, sex life, biometric or genetic data. In the terminology of Ukrainian legislation, this is such personal data, the processing of which carries a particular risk to the subjects of personal data;
A personal data subject is a natural person to whom personal data relates and which can be identified by this personal data, or which has already been identified;
Processing personal data - any action or set of actions, such as collecting, registering, accumulating, storing, adapting, changing, restoring, using and distributing (disseminating, selling, transmitting), depersonalizing, destroying personal data, including using information ( automated) systems;
Distribution of personal data - actions to transfer information about an individual with the consent of the subject of personal data;
Use of personal data - any actions of the Administration to process this data, actions to protect them, as well as actions to provide partial or full right to process personal data to other subjects of relations related to personal data, performed with the consent of the subjects of personal data or in accordance with the legislation of Ukraine ;
Anonymization of personal data - the seizure of information that allows directly or indirectly to identify a person;
User - a personal data subject, any competent individual who has joined this Policy in his own interests to improve his qualifications or skills as a financial specialist, who has registered in the online service https://depomusic.com/ via the Internet;
Personal Account - a section of the online service, access to which the User is carried out after registering in the online service https://depomusic.com/ and entering a unique login and password. The personal account contains the User’s personal data and is intended for viewing and managing the available functionalities of the online service;
Registration - the User’s actions to fill out and submit the registration form posted on the online service, which, if the Administration has no objections to registration, result in the provision of access to the Personal Account;
Authorization - the introduction by the User of his username and password to enter his Personal Account in the online service, or authorization through social networks;
Policy - this Privacy Policy located at https://depomusic.com/terms/confidentiality;
A personal data processor is an individual or legal entity that, on the basis of instructions (directions, instructions), the controller processes personal data for the controller. The personal data processor is the “personal data manager” in the terminology of Ukrainian legislation;
2. General Provisions
2.1. The policy applies to all your personal data that may be obtained by us in the process of using your online service. This Policy applies to personal data obtained both before and after the entry into force of this Policy.
2.2. The purpose of the Policy is to bring to you the necessary information to evaluate what personal data and for what purposes are processed by us, the methods of their processing and security.
2.3. When using the online service, you, having informed the Administration of your personal data, including through third parties, acknowledge your consent to the processing of your personal data in accordance with this Policy.
2.4. In case of disagreement with the terms of this Policy, you must stop using the online service.
2.5. Consent to the processing of personal data may be revoked by the subject of personal data. In case of withdrawal by the subject of personal data of consent to the processing of personal data, the Administration has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Legislation.
2.6. The site administration does not verify the accuracy of the personal data provided by the User, does not have the ability to evaluate its legal capacity. However, the Administration proceeds from the fact that the User acts in good faith, prudently, provides reliable and sufficient personal data and makes all necessary efforts to maintain such data up to date, and does not violate the rights of third parties.
2.7. By agreeing to the terms of this Policy, you confirm that at the time of collecting personal data you are notified of the persons to whom personal data is transferred, the content and purposes of collecting personal data. You confirm (guarantee) that the personal data that is transferred to us for processing is transferred with the consent of the owners of personal data and within the framework of the Legislation.
2.8. The administration, having received personal data from the User, does not undertake to inform the entities (their representatives) whose personal data was transferred to him about the start of processing personal data, since it is the obligation to inform accordingly when concluding a contract with the subject of personal data and / or obtaining consent to such a transfer is borne by the User who transmitted the personal data.
2.9. The processing of your personal data is carried out in accordance with the requirements of the Law. The processing of personal data of persons located in the EU or who are EU citizens is regulated, in particular, by the General Data Protection Regulation of the EU 2016/679 (hereinafter - “GDPR”). Also, laws of other countries may establish additional requirements.
2.10. This Policy applies to all information that the Administration can receive about the User when he uses the online service, as well as during the implementation of the Administration of any agreements and contracts with the User.
2.11. This Policy is an internal document of the Administration.
2.12. The controller of personal data is released from liability for consequences that have arisen in connection with the processing of personal data by him, if he is not responsible for the event that led to the onset of such consequences.
You also agree that the Owner of personal data has the right to provide access and transfer your personal data to third parties without any additional messages, only if the purpose of their processing does not change and only in cases stipulated by this Privacy Policy and / or the legislation of Ukraine.
No one under the age of 18 must provide us with personal information through the Online Service. We do not collect purposefully personal information of persons under the age of 18. Parents and guardians should constantly monitor their children's related activities.
3. Composition of personal data
3.1. To carry out its activities and to fulfill its obligations, the Administration processes the User’s personal data provided to him during registration on the website https://depomusic.com/ and stored in his personal account.
3.2. The User’s personal data includes: last name, first name, middle name, email address, mobile / landline phone number, country of residence, place of work, position, date of birth.
We ask you to provide only those personal data that are necessary to provide the service you have chosen, receive a newsletter or respond to your special request / claim. At the same time, if you decide to tell us additional personal data, we will also be able to process them with the necessary level of protection.
3.3. The administration has the right to establish requirements for the composition of personal data, which must be provided when using the online service. If certain information is not marked by the Administration as mandatory, its provision or disclosure is carried out by the User at his discretion.
3.4. Data that is automatically transmitted to the Administration when the User uses the online service using the software installed on the device: IP address, browser information and the type of device operating system, technical specifications of equipment and software, date and time of access to the online service.
4. Grounds and purpose of processing personal data
4.1. The grounds for the processing of personal data is:
1) the consent of the subject of personal data to the processing of his personal data by the Administration;
2) the conclusion and execution of an agreement, one of the parties of which is the subject of personal data or which is concluded in favor of the subject of personal, or for the implementation of activities preceding the conclusion of the contract at the request of the subject of personal;
3) the need for the Administration to fulfill the requirements stipulated by the Legislation.
4.2. The purpose of processing personal data is:
⦁ implementation of the functions assigned to the Administration in accordance with the legislation of Ukraine and the GDPR;
⦁ collection, storage and processing of personal data obtained in the online service under the Law and the GDPR;
⦁ for sending commercial (marketing) notifications to the User containing additional information about services, current promotions and special offers regarding services provided by the Administration through an online service.
⦁ identification of the subject of personal data when using the online service;
⦁ communication with the subject of personal data, if necessary, including sending proposals, information materials, messages, information and requests, advertising, as well as processing requests of the subject of personal data;
⦁ improving the quality of the online service, ease of use, developing new functionalities and improving the quality of service;
⦁ improving the professional skills and qualifications of the User;
⦁ conducting statistical and other studies based on anonymized data;
⦁ fulfillment by the Administration of contractual and other obligations to the User under transactions concluded between the Administration and the User or third parties in the interests of the User.
5. The basic principles of personal data processing
5.1. The processing of personal data by the Administration is based on the principles of:
5.1.1. The legitimacy of the purposes and methods of processing personal data;
5.1.2. The integrity of the Administration, as the owner of personal data, is achieved by fulfilling the requirements of the legislation of Ukraine regarding the processing of personal data;
5.1.3. Achieving specific, predetermined goals for the processing of personal data;
5.1.4. Correspondence of the purposes of processing personal data to the goals predetermined and declared during the collection of personal data;
5.1.5. Correspondence of the list and volume of processed personal data, as well as methods of processing personal data to the stated purposes of processing;
5.1.6. The reliability of personal data, its sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes of processing personal data;
5.1.7. Ensuring during the processing of personal data the accuracy of personal data, their adequacy, and, if necessary, relevance in relation to the purposes of processing personal data.
5.1.8. Inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
5.1.9. Storage of personal data in a form that allows you to determine the subject of personal data, no longer than the purpose of their processing requires.
5.1.10. The processed personal data is subject to destruction or depersonalization to achieve the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by the legislation of Ukraine and the GDPR.
5.1.11. We must also consider periods for which we may need to store your personal data in order to fulfill our legal obligations to you or the regulatory authorities.
5.1.12. Over time, we can minimize your personal data that we use, or we can even make your data anonymous so that it can no longer be associated with you personally. In this case, we will be able to use this information for statistical or other purposes without further notification to you, since such information ceases to be personal data.
5.2. The processing of personal data is carried out by the Administration for statistical or other research purposes, subject to the mandatory depersonalization of personal data.
5.3. The administration does not process personal data regarding racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, criminal convictions, or data related to health, sex, biometric and genetic data.
5.4. The processing of personal data is subject to the conditions defined by the legislation of Ukraine and the GDPR.
6. Terms of processing personal data
6.1. The terms for processing personal data are determined based on the purposes of processing, but no longer than is determined by the Legislation.
6.2. Personal data whose processing (storage) period has expired must be destroyed or anonymized, unless otherwise provided by law. The storage of personal data is carried out in a form that allows you to determine the subject of personal data, no longer than what is required by the purpose of processing personal data, if the storage period for personal data is not established by the Law. The processed personal data is subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by the Law. We must also take into account periods for which we may need to store your personal data in order to fulfill our legal obligations to you or the regulatory authorities (in accordance with EU Regulation 261/2004).
6.3. Over time, we can minimize your personal data that we use, or we can even make your data anonymous so that it can no longer be associated with you personally. In this case, we will be able to use this information without further informing you.
7. The circle of persons admitted to the processing of personal data by the Administration
7.1. To achieve the objectives of this Policy, only those employees of the Administration who are assigned such an obligation in accordance with their official (labor) duties are allowed to process personal data. Access to other employees may be granted exclusively in cases provided by law. The administration guarantees confidentiality and security of personal data from its employees during their processing.
7.2. The administration has the right to transfer personal data to third parties in the following cases:
- the personal data subject has expressed his consent in writing to such actions;
- the transfer is provided for by Ukrainian or other relevant legislation within the framework of the procedure established by law. Moreover, access to personal data to a third party is not provided if the specified person refuses to assume obligations to ensure compliance with the requirements of the Law or cannot provide them.
7.3. The administration has the right to entrust the processing of personal data to a third party with the consent of the subject of personal data, unless otherwise provided by the legislation of Ukraine, on the basis of an agreement concluded with a third party, the condition of which is confidentiality and non-disclosure of personal data.
7.4. Representatives of state authorities (including regulatory, supervisory, law enforcement and other bodies) get access to personal data processed by the Administration in the amount and manner specified by the Legislation.
8. Implementation of the protection of personal data
8.1. The activities of the Administration for the processing of personal data in information systems are inextricably linked with the protection of the confidentiality of the information received by the Administration, if this does not contradict the current legislation.
8.2. The personal data protection system includes organizational and (or) technical measures defined taking into account current threats to the security of personal data and information technologies used in information systems. The administration is updating these activities with the advent of new technologies, if necessary.
8.3. The exchange of personal data during their processing in information systems is carried out through communication channels protected by technical means of information protection.
8.4. When processing personal data in information systems, the Administration provides:
⦁ measures aimed at preventing unauthorized access to personal data and (or) transferring it to persons who do not have access to such information;
⦁ timely detection of unauthorized access to personal data;
⦁ preventing the impact on the technical means of automated processing of personal data, as a result of which their functioning may be impaired;
⦁ the possibility of immediate recovery of personal data modified and destroyed due to unauthorized access to them;
⦁ continuous monitoring of the level of security of personal data.
8.5. Regarding personal information, confidentiality is maintained, except when the technology of the online service or the settings of the software used by the User provide for an open exchange of information with other Users of the online service or with any Internet users.
8.6. The administration implements the following requirements of the legislation of Ukraine in the field of personal data:
⦁ requirements for the confidentiality of personal data;
⦁ requirements for ensuring the implementation by the subject of personal data of their rights;
⦁ requirements to ensure the accuracy of personal data, and, if necessary, relevance to the purposes of processing personal data (with the adoption (ensuring adoption) of measures to delete or clarify incomplete or inaccurate data);
⦁ requirements for the protection of personal data from unlawful or accidental access to it, destruction, distortion, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
⦁ other requirements of the Law.
8.7. In accordance with the Law, the Administration independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations stipulated by the legislation in the field of personal data from unauthorized or illegal processing and from unintentional loss, destruction or damage.
The administration adheres to the principle of minimizing personal data. We process only the information about you that we need, or the information that you, by your consent, provide more than the limits of the necessary processing. In addition, we have configured all the online service interfaces and applications for the provision of services so that the highest possible confidentiality is maintained, the settings of which can be adjusted at our discretion. When transferring personal data to government bodies, we always use the most secure and proven ways of transferring such data.
8.8. Cookies and other tracking technologies.
Cookies are small text files that store sites on your computer or mobile devices the moment you start using them. Thus, the site will temporarily remember your advantages and actions that you performed, including so that you do not need to re-enter this data. Our cookies by themselves do not identify an individual user, but only the computer or mobile device that you use.
Cookies and other tracking technologies in our online service can be used in various ways, for example, to operate an online service, to analyze traffic or for advertising purposes. Cookies and other tracking technologies we use, in particular, to improve the quality and effectiveness of our services.
For more information on what cookies are, how they work, how to manage them, or how to delete them, go to www.allaboutcookies.org.
We inform you that you can configure the prohibition of cookies and other tracking technologies in the settings of some Internet browsers. At the same time, you should understand that if you disable some cookies, the functionality of the online service may be limited and you will not be able to use all its advantages, and some pages may not work correctly.
9. Rights of the subject of personal data
9.1. The rights of personal data subjects in accordance with the legislation of Ukraine:
9.1.1. To know about the sources of collection, the location of your personal data, the purpose of their processing, the location of the personal data manager or give an appropriate order to receive this information to authorized persons, except as otherwise provided by law.
9.1.2. Receive information about the conditions for providing access to personal data, including information about third parties to whom his personal data is transmitted.
9.1.3. To access your personal data.
9.1.4. Receive no later than thirty calendar days from the date of receipt of the request, with the exception of cases provided for by the Law, an answer about whether his personal data is processed, and which ones.
9.1.5. Submit a reasoned request to the Administration for an objection to the processing of their personal data.
9.1.6. Submit a reasoned request to change or destroy your personal data if the data is processed illegally or is unreliable.
9.1.7. To protect their personal data from illegal processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision thereof, as well as to protect against the provision of information that is inaccurate or discredit the honor, dignity and business reputation of an individual.
9.1.8. To appeal to the Administration of the Verkhovna Rada of Ukraine for Human Rights or to the court with complaints about the processing of their personal data.
9.1.9. Use legal remedies in case of violation of the legislation on the protection of personal data.
9.1.10. Make reservations about restricting the right to process your personal data when giving consent.
9.1.11. Withdraw consent to the processing of personal data.
9.1.12. Familiarize yourself with the mechanism for automatic processing of personal data.
9.1.13. To protect against an automated solution that has legal consequences for him.
9.1.14. The administration has the right to entrust the processing of personal data to a third party with the consent of the subject of personal data, unless otherwise provided by the legislation of Ukraine, on the basis of an agreement concluded with a third party, the condition of which is confidentiality and non-disclosure of personal data.
9.1.15. Representatives of state authorities (including regulatory, supervisory, law enforcement and other bodies) get access to personal data processed by the Administration in the amount and manner determined by the legislation of Ukraine.
9.2. Other rights of personal data subjects in accordance with the GDPR:
In addition to the Ukrainian legislation on the protection of personal data, the Administration is attentive to ensuring your rights established by the GDPR.
9.2.1. Right to information.
We are ready to provide data subjects with information about which of their personal data we process.
If you have a desire to find out what your personal data we process, you can make a request for this information at any time, including by contacting the Administration. The list of data that we must provide you with can be found in Articles 13 and 14 of the GDPR. At the same time, when applying, you must tell us your specific requirements so that we can legally consider your request and give an answer.
Please note that if we are unable to verify your identity by exchanging electronic messages or during your phone call, or in case of reasonable doubts about your identity, we may ask you to provide an identification document, including by personal appearance at the address of the location of the Administration. Only in this way can we avoid disclosing your personal data to a person who can impersonate you.
We will process requests as soon as possible, but at the same time, we ask you to remember that providing a complete and legitimate answer regarding personal data is a complex process that can take up to a month.
9.2.2. The right to correct data in you.
If you find that some of the personal data that we process about you is incorrect or outdated, please let us know. In this case, we may ask you to PROVIDE an identity document, including by personal appearance at the address of the Administration.
If you want to correct the personal data that is processed by us, you can carry out the correction yourself by logging into your personal account in the online service or by contacting the Administration.
In some cases, we will NOT be able to change your personal data. In particular, such a case may be when your personal data has already been used in the process of fulfilling the contract and / or it is contained in a tax document, which was executed in accordance with the Tax legislation.
9.2.3. Withdrawal of consent to the processing of personal data and the right to oblivion
If the Administration processes your personal data on the basis of consent to the processing of personal data (in particular, for the purpose of marketing / advertising mailings), further processing can be stopped at any time. It is enough to withdraw consent to such processing.
You can also use your right to oblivion. In the cases provided for in Article 17 of the GDPR, the Administration will destroy your personal data that it processes, with the exception of personal data, which we will be required to maintain in accordance with the requirements of the law.
Also in this case, for security reasons, the Administration may ask you to provide an identity document, including directly at the address of the Administration.
10. Place of storage of personal data
The administration has a large database of personal data. To ensure their safety, we use the cloud services of DigitalOcean, LLC. Data is located in data centers in Frankfurt, Germany.
11. Change in privacy policy
11.1. This Policy may be amended or terminated by the Administration unilaterally without prior notice to the Users, including if required by applicable law. The new version of the Policy comes into force from the moment it is posted on the online service, unless otherwise provided by the new version of the Policy. Therefore, we ask you to visit the online service https://depomusic.com/ to make sure that you have relevant information.
12. Who can you contact to protect your personal data
12.1. If you have any questions, comments, complaints or suggestions regarding the protection and processing of personal data, you can contact the site administration via the contact form.
Be sure to include in your correspondence your first name, last name, email address, as well as detailed questions, comments, complaints, or requirements.
12.2. The administrative body for the protection of personal data in Ukraine is the Office for the Protection of Personal Data of the Secretariat of the Commissioner of the Verkhovna Rada of Ukraine for Human Rights. You can contact him with complaints or suggestions if you think that your rights have been violated in connection with the processing of personal data.