-
GENERAL PROVISIONS
- This Personal Data Protection Policy (hereinafter the “Policy”) defines the principles, rules, and organizational measures governing the processing and protection of personal data in the activities of the PUBLIC BUSINESS ASSOCIATION “DIIA CITY RESIDENTS ASSOCIATION” (hereinafter the “Business Association”).
- This Policy has been developed in accordance with the Law of Ukraine “On Personal Data Protection”, other applicable laws and regulations of Ukraine, as well as taking into account the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) to the extent applicable to the activities of the Business Association, in particular in cases of interaction with foreign individuals, donors, partners, or visitors of events and/or the Business Association’s website.
- The purpose of this Policy is to ensure a secure environment and proper organization of personal data processing, as well as to manage risks associated with the processing of personal data.
- The Business Association is a non-profit organization. This Policy is of an internal, preventive, and organizational nature and is not intended to establish any additional obligations beyond those provided for by the legislation of Ukraine.
- This Policy is applied in conjunction with other internal documents of the Business Association and does not contradict them.
- This Policy applies to personal data processed in paper form, in information systems, or using automated and/or non-automated means.
- The transfer of personal data to third parties without the consent of the Personal Data Subject is permitted only in cases provided for by the applicable legislation of Ukraine.
-
TERMS AND DEFINITIONS
- The terms “personal data”, “processing of personal data”, “personal data subject”, “controller”, and “processor” are used in the meanings defined by the Law of Ukraine “On Personal Data Protection”.
- Where GDPR applies, the relevant terms shall be interpreted in accordance with its provisions, provided that there is no conflict with the legislation of Ukraine.
- SCOPE OF APPLICATION
- This Policy applies to:
- governing bodies of the Business Association;
- officers of the Business Association;
- employees;
- individuals engaged in the activities of the Business Association on a contractual basis;
- individuals acting on behalf of or in the interests of the Business Association.
- This Policy applies to the processing of personal data of members of the Business Association, donors, partners, counterparties, event participants, and users of the Business Association’s website exclusively within the scope of the statutory activities of the Business Association.
-
PRINCIPLES OF PERSONAL DATA PROCESSING
- Personal data processing within the Business Association is carried out in accordance with the following principles:
- lawfulness, fairness, and transparency;
- specified and legitimate purposes of processing;
- data minimization;
- accuracy and relevance of data;
- storage limitation;
- ensuring an appropriate level of security and confidentiality.
-
PURPOSES AND LEGAL GROUNDS FOR PERSONAL DATA PROCESSING
- Personal data are processed by the Business Association for the following purposes:
- ensuring the statutory activities of the Business Association;
- membership administration;
- organization and implementation of events and projects;
- communication with members, partners, donors, and other interested parties;
- compliance with the requirements of Ukrainian legislation;
- operation and analytics of the Business Association’s website.
- The legal grounds for personal data processing include:
- consent of the personal data subject;
- necessity for the performance of a contract or other transaction;
- compliance with legal obligations;
- legitimate interests of the Business Association, provided that such interests do not override the rights and freedoms of the personal data subject.
-
CATEGORIES OF PERSONAL DATA
- The Business Association may process the following categories of personal data:
- identification and contact data (name, email address, phone number, etc.);
- organizational and professional information;
- technical and analytical data related to the use of the website;
- other data voluntarily provided by the personal data subject.
-
PERSONAL DATA PROCESSING ON THE WEBSITE AND COOKIES
- When visiting the Business Association’s website without the use of cookies, the server may automatically collect technical information, including IP address, User-Agent, browser language, device type, date and time of visit, pages viewed, and referrer.
- Through contact forms (including Contact Form 7), the Business Association collects personal data solely subject to the user’s consent provided through an explicit affirmative action (by selecting the relevant checkbox).
- The website uses web analytics and marketing tools, including:
- Google Analytics (GA4) – collects cookies _ga, _gid, IP address (partially or fully), website usage behavior, geolocation data, device type and operating system, and traffic sources;
- Meta (Facebook Pixel) – collects the _fbp cookie, user actions, and data for retargeting purposes;
- Autoptimize – website caching and performance optimization.
- Analytical and marketing cookies are used exclusively upon obtaining the user’s prior consent in accordance with the requirements of GDPR and ePrivacy legislation.
- Detailed terms regarding the use of cookies are set out in a separate Cookies Policy of the Business Association.
-
RIGHTS OF PERSONAL DATA SUBJECTS
- Personal data subjects have the rights provided for by the legislation of Ukraine, including the right to access, rectify, erase personal data, restrict processing, and withdraw consent.
- Where GDPR applies, personal data subjects also enjoy the rights granted under the GDPR.
- For any questions regarding this Policy, personal data subjects may contact the Business Association at: info@diiacityunited.org.
-
PROTECTION AND STORAGE OF PERSONAL DATA
- The Business Association implements appropriate organizational and technical measures to protect personal data against unauthorized access, loss, or disclosure.
- Personal data are stored no longer than is necessary to achieve the purposes of processing or to comply with legal requirements.
-
PERSON RESPONSIBLE FOR PERSONAL DATA PROTECTION
- Overall responsibility for the protection of personal data processed by the Business Association rests with the Director of the Business Association.
- The Director’s responsibilities in the field of personal data protection include:
- monitoring compliance with this Policy and applicable legislation;
- organizing and coordinating personal data processing activities;
- informing employees, members, and counterparties about personal data processing principles;
- identifying and responding to personal data protection incidents;
- ensuring the accuracy and secure storage of personal data;
- providing consultations to personal data subjects and handling their requests and inquiries.
- The Business Association reserves the right to appoint a dedicated Data Protection Officer (DPO) in the future if the scope of data processing or legal requirements so necessitate.
-
FINAL PROVISIONS
- This Policy enters into force on the date of its approval.
- This Policy shall be reviewed in the event of changes in legislation or significant changes in the activities of the Business Association.
- This Policy is an internal document of the Business Association and shall be applied in compliance with the requirements of the legislation of Ukraine.
