This Privacy and Data Protection Policy (hereinafter the Policy) defines the regulation of the relationship between Legal IT Group LLC, incorporated under the laws of Ukraine, located at Ukraine, Kyiv, Pimonenka st., 13, 6A, office 32 (hereinafter the Company) and YOU (hereinafter the Data Subject) regarding the use of your personal data.
ALL DATA SUBJECTS ARE REQUIRED TO READ THIS POLICY TO UNDERSTAND HOW THE COMPANY COLLECTS AND PROCESSES PERSONAL DATA AND WHAT SECURITY MEASURES ARE BEING APPLIED.
While conducting its activities, the Company adheres all conditions and requirements stipulated by the current legislation of Ukraine, European legislation including but not limited to the General Data Protection Regulation as well as by other international legislative acts concerning data protection.
‘Personal data’ means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Special categories of personal data’ (sensitive data) means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
‘Data controller’ (controller) means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
‘Data processor’ (processor) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Data Subject’ means any living individual who is the subject of personal data are processed by the Company, including Visitors, independent contractors/employees and other stakeholders.
‘Visitor’ means Data Subject who has entered the Website with any purpose.
‘Services’ means legal services provided by the Company.
‘Website’ means https://www.legalitgroup.com/ website.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Profiling’ means any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyses or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behavior. This definition is linked to the right of the data subject to object to profiling and a right to be informed about the existence of profiling, of measures based on profiling and the envisaged effects of profiling on the individual.
‘Automated decision-making’ means an ability to make decisions by technological means without human involvement that produces legal effects concerning tha Data Subject or similarly significantly affects the Data Subject.
‘Personal data breach’ means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
‘Consent’ means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.
(a) Lawfulness, fairness and transparency
Lawfully – the controller identifies a lawful basis before to process the personal data (for example consent).
Fairly – in order to process fairly, the controller has to make certain information available to the data subjects as practicable. This applies whether the personal data was obtained directly from the data subjects or from other sources.
Transparently – any information and communication relating to the processing of the personal data be easily accessible and easy to understand, and that clear and plain language be used.
(b) Purpose limitation
The personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, not be considered to be incompatible with the initial purposes.
(c) Data minimization
The personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
(e) Storage limitation
The personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if only are implementated appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject.
(f) Integrity and confidentiality
The personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
− Websites’ content mostly viewed by the Visitors
− frequency of the connections to the Website
− software and hardware exploited to visit Website
− geography of Visitors
· to understand the manner how the visitors work with our website
· to provide customized services and better our content when collecting your browsing statistics
− requests made by the Visitors
− the information on software and hardware exploited to visit Website,
− IP address
− timing related to access the Website
|· to enhance the security of Website|
|− cookies||· to ensure technical functionality of the Website|
right to access. The Data Subjects have a right to know whether their personal data are being processed and if so, access such data.
right to rectification. If the personal data are inaccurate, the respective Data Subject is entitled to ask the Company to correct them indeed.
right to erasure or right to be forgotten The Data Subjects have a right to obtain from the Company the erasure of the Data subjects’ personal data without undue delay and the Company has the obligation to erase such personal data without undue delay.
right to restriction of processing. The Data Subjects have a right to limit processing of their personal data with several exceptions under the scope of the GDPR.
right to be informed. The Company obliged to inform Data Subjects what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information must be communicated concisely and in plain language.
right to data portability. The Data Subjects are permitted to obtain and reuse their personal data for their own purposes across different services. This right only applies to personal data that Data Subject has provided to the Company by way of the consent.
right to object. The Data Subjects can object to the processing of personal data that are being processed by the Company. The Company must stop processing personal data unless the Company can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the individual or if the processing is for the establishment or exercise of defense of legal claims.
right not to be subject to a decision based solely on automated processing. The Data Subjects have a right to object to any automated profiling that is occurring without consent. Herewith, the Data Subjects have a right their personal data are to be processed with the human involvement.
|Data Subject Request||Timescale|
|The right to be informed||When data is collected|
|The right of access||2 weeks|
|The right to rectification||2 weeks|
|The right to erasure||Without undue delay|
|The right to restrict processing||Without undue delay|
|The right to data portability||2 weeks|
|The right to object||On receipt of objection|