Пн-Пт: 8-21, Сб-Вс: 9-18 +38 (067) 242-62-40 +38 (044) 599-54-05 We speak English!
EN UA RU

Personal data processing policy

1. 1. General Provisions

1.1. This Privacy Policy (hereinafter – the Policy) was developed in accordance with the Law of Ukraine No. 2297-VI “On Personal Data Protection” as of June 1, 2010 № (hereinafter – the Law) and serves as an internal regulatory document of Universum Clinic LLC (hereinafter – the Clinic), which determines key areas of its activity in the field of

processing and protection of personal data.

1.2. The Policy was developed in order to implement the statutory requirements of Ukrainian law in the field of protection and processing of personal data and is aimed at protecting the fundamental rights and freedoms of a person and citizen in cases where the Clinic deals with processing of their personal data.

2. Purpose and Basic Conditions for Processing of Personal Data

2.1. The Clinic deals with processing of personal data in order to:

  • Enter into and perform agreements
  • Keep the users (including potential) of the Clinic’s services updated about the services rendered, discounts, promotions and other activities of the Clinic, as well as about changes in the services and operation of the Clinic
  • Conduct surveys to improve the quality of service
  • Improve the quality of service for the users (including potential) of the Clinic’s services
  • Implement additional programs to encourage the users of the Clinic’s services
  • Assist in finding employment in the Clinic, work progress in the Clinic
  • Train employees and encourage their career growth, record employees’ performance in terms of fulfillment of their duties, provide labor conditions, benefits and reimbursements due to employees according to applicable laws of Ukraine, ensure the fulfillment of contractual agreements with employees and social obligations to employees
  • Fulfill other purposes stipulated by internal regulations of the Clinic and current legislation of Ukraine.

2.2. The processing of personal data in the Clinic shall be carried out in compliance with the statutory requirements, namely:

  • The purpose of processing of personal data should be formulated in laws, other regulatory legal acts, regulations, constituent or other documents governing the activities of the personal data base owner, and comply with Ukrainian data protection laws
  • Personal data must be accurate, reliable, and, if necessary, updated on a regular basis
  • The composition and content of personal data must be appropriate and not excessive in relation to the specific purpose of their processing
  • The amount of personal data that can be included in the personal data base is determined by the terms of consent of the data subject or in accordance with the law
  • The processing of personal data is carried out for specific and legitimate purposes determined subject to consent of the data subject, or in cases provided for by the laws of Ukraine, in accordance with the statutory procedure
  • The processing of personal data of an individual is not allowed without their prior express consent, except to the extent permitted by applicable law, and only in the interests of national security, economic well-being and human rights
  • If the processing of personal data is necessary to protect the vital interests of the data subject, their personal data may be processed without their prior express consent until the moment when said consent becomes possible
  • Personal data shall be processed in a form that allows identification of the individual to whom they relate, within the time limit, no more than is necessary in accordance with their legitimate purpose.

2.3. The processing of personal data can be carried out using computer aids (computer-aided processing) or with direct human involvement without the use of computer aids (non-computer-aided processing).

2.4. When processing personal data, the Clinic shall provide the necessary conditions for the unobstructed exercise by the data subject of their personal non-property rights to their personal data.

Personal data of an individual, who is limited in civil capacity or who has been declared legally incapable, shall be disposed of by their legal representative.

2.5. The Clinic is not responsible for the accuracy and correctness of the information provided by the data subjects, visitors/users of the website www.uniclinic.com.ua.

3. 3. Personal Data Security

3.1. The principal task of ensuring the security of personal data during their processing in the Clinic is to maintain their integrity and protect them from unlawful processing, as well as from unauthorized access thereto.

3.2. The Clinic shall secure personal data in the personal data base through the use of the functionality of processing technology implemented in the information systems of the Clinic, as well as other security systems and facilities available in the Clinic.

3.3. Personal data security shall be provided at all stages of their processing and in all modes of operation of personal data processing systems, including during repair and maintenance work.

3.4. The responsibility for ensuring the security of personal data shall rest with the Clinic employees within their duties related to the processing and protection of personal data. The Clinic employees shall be allowed access to personal data only to the extent required for the fulfillment of their official duties.

3.5.The implementation of measures to ensure the security of personal data shall be carried out only by employees who have the necessary qualifications and experience.  The level of measures for the protection of personal data is determined by the state-of-the-art processing technology and information security facilities.

3.6. The HR policy of the Clinic provides for a thorough selection of personnel and motivation of employees, which allows eliminating or minimizing the possibility of their violation of personal data security.

4. Access to Processed Personal Data

4.1. Access to personal data processed by the Clinic shall be granted to persons authorized by the Clinic’s order, as well as to persons whose personal data are subject to processing.

4.2. Access of the Clinic’s employees to the processed personal data shall be exercised according to their official duties and the requirements of the internal regulations of the Clinic.

4.3. The order of access of the data subject to their personal data processed by the Clinic is determined in accordance with applicable laws of Ukraine and may be specified by the internal regulations of the Clinic.

4.4. When disclosing personal data to third parties under the agreements in place, the Clinic shall ensure mandatory compliance with the statutory requirements of Ukrainian law and the internal regulations of the Clinic related to personal data.

5. 5. Implemented requirements for the Protection of Personal Data

5.1. The Clinic shall take legal, organizational and technical measures (or cause their adoption) that are necessary and sufficient to ensure the performance of obligations stipulated by the Law of Ukraine “On the Protection of Personal Data” and its subordinate legislation in order to protect personal data from unlawful or accidental access thereto, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data.

5.2. The composition of the measures specified in para. 5.1. of this Policy, including their content and selection of personal data security facilities shall be determined and internal regulations on the processing and protection of personal data shall be approved (issued) by the Clinic on the basis of the statutory requirements of Ukrainian laws and regulations on the processing and protection of personal data.

5.3. Where provided for by law, the processing of personal data shall be carried out by the Clinic with the consent of the data subjects.

5.4. The Clinic shall rectify the discovered violations of the legislation on the processing and protection of personal data.

5.5. The Clinic shall cause its employees directly involved in the processing of personal data to familiarize themselves with the provisions of personal data legislation, including personal data protection requirements, this Policy and other internal regulations on the processing of personal data, and/or train said employees in the processing and protection of personal data.

5.6. The Clinic shall:

  • Evaluate the effectiveness of measures taken to ensure the security of personal data
  • Record computer-based data carriers and ensure their integrity
  • Track unauthorized access to personal data and take appropriate measures
  • Recover personal data modified or destroyed due to unauthorized access thereto
  • Organize a regime , that prevents unauthorized persons from having access to the premises where the personal data base is located.
  • Exercise control over measures taken to ensure the security of personal data and the level of security of the personal data base.

6. Supplementary Conditions Applicable to Visitors/Users of the Clinic’s Website

6.1. The Clinic has a website at: uniclinic.com.ua (hereinafter – the Website).

6.2. Any visitors/users of the Website may provide the Clinic with information, including their personal data, in order to use certain sections of the Website if provided (will be provided) for by the structure of the Website.

6.3. When providing the Clinic with information referred to in para. 6.2. of this Policy, provided such information contains personal data, any visitor/user of the Website thus agrees to the processing of the personal data provided (the provision of information shall be deemed to be an automatic expression of consent). Processing includes collection, recording, organization, accumulation, storage, update (refreshment, modification), retrieval, use, distribution (including disclosure on the territory of Ukraine and cross-border disclosure), depersonalization, blocking, destruction of personal data, as well as disclosure to the Clinic’s counterparties.

6.4. The Clinic may use personal data of visitors/users of the Website in order to conduct research (including statistical) aimed at improving the quality of services, implementing marketing programs, as well as promoting services on the market through direct contacts with visitors/users using various means of communication, including but not limited to postal mailing, e-mail, telephone, facsimile, the Internet; electronic SMS-surveys, monitoring of the results of sales promotions, customer support, carrying out of prize draws among visitors/users of the Website, monitoring of satisfaction of visitors/users of the Website and the quality of services provided by the Clinic.

6.5. To achieve the goals specified in para. 6.4. of this Policy, personal data may be processed for 50 years.

6.6. In accordance with the procedure set forth in para. 6.3. of this Policy, any visitor/user of the Website agrees that, if necessary for the implementation of the objectives referred to in para. 6.4. of this Policy, their personal data provided to the Clinic may be disclosed to third parties whom the Company may entrust the processing of personal data of the visitor/user of the Website on the basis of the agreement concluded with the said third parties subject to compliance of the said third parties with the statutory requirements of Ukrainian laws on the confidentiality and security of personal data when processing personal data.

When disclosing the aforementioned personal data of the visitor/user of the Website, the Clinic shall notify any third parties receiving personal data that the said data are confidential and can only be used for the purposes for which they are disclosed, as well as cause the said third parties to abide by this rule.

6.7. Any visitor/user of the Website who has agreed to the processing of their personal data may withdraw their consent by sending a written application to the Clinic at: 4 Volodymyra Vynnychenka Str., Kyiv 04053, Medical Center “UNIVERSUM CLINIC”.

6.8. The Clinic may send informational, including advertising messages, to the e-mail address and mobile telephone number of the visitor/user of the Website subject to their consent expressed through the actions performed by them, allowing the Clinic to reliably determine the will of the visitor/user of the Website to receive the said messages. Any visitor/user of the Website may refuse to receive promotional and other information without giving any reason by notifying the Clinic of their refusal through the sending of an appropriate application to the e-mail address of the Clinic: med@uniclinic.com.ua.

6.9. By sharing their e-mail address and telephone number with the Clinic, the visitor/user of the Website agrees to the use of the above communication facilities by the Clinic, as well as by third parties engaged by the Clinic for the purpose of fulfilling its obligations to the visitors/users of the Website, in order to distribute promotional and informational mailings containing information about discounts, upcoming and existing promotions and other events of the Clinic, surveys to improve the quality of service, as well as other information directly associated with the fulfillment by the Clinic of its obligations to the visitors/users of the Website.

6.10. The Clinic is entitled to use cookies (cookies are service information sent by the web server to the user’s computer to be stored in the browser; they are used to store data that are specific to the given user and used by the web server for various purposes). Cookies contain no sensitive information. When accepting the terms of this Policy, any visitor/user of the Website thus agrees to the collection, analysis and use of cookies, including by third parties for the purposes of generating statistics and optimizing advertising messages.

6.11. The Clinic may receive information on the IP address of the visitor/user of the Website (IP is the unique identifier of the device connected to the local network and/or the Internet). This information is not used to identify the visitor/user of the Website.

7. Final Provisions

7.1. This Policy is posted by the Clinic on the Clinic’s Website.

7.2. This Policy may be amended by the Clinic at its sole discretion without prior notification of the data subjects and/or visitors/users of the Website. The Policy, as amended and supplemented, is posted on the Clinic’s Website.

7.3. The fact of registration of the data subject and/or visitor/user on the Clinic’s Website, or the fact of completion of a feedback form, as well as other use of the Website confirms that the terms of this Policy have been agreed to and accepted unconditionally.

7.4. Should the data subject and/or visitor/user of the Website have any questions and complaints, they can contact the Clinic at +38 (044) 599-54-05, via e-mail med@uniclinic.com.ua or any other means of communication at their discretion.

Consultation
ONLINE