Content
- Appointment
- Scope of application
- Policy provisions
3.1. applying appropriate precautions when processing personal data
3.2. compliance with applicable laws
3.3. privacy principles
3.4. updating the policy - Compliance with the policy
4.1. Effective Date
4.2. policy compliance assessment
4.3. compliance exceptions
4.4. non-compliance - Definition
- Appointment
Seaton Group Limited Liability Company (hereinafter referred to as Seaton Group LLC or the company) considers it its duty to protect the confidentiality of personal data of its employees, customers, business partners and others. For this purpose, the company has introduced a confidentiality program that allows implementing and maintaining high standards for the collection, use, disclosure, storage, protection, transfer of personal data, access to them and other types of their processing. This privacy policy defines the basis of such a program and describes the approach that the company follows when processing personal data.
- Scope of application
All employees, contractors, suppliers, consultants, and temporary employees of Siton Group LLC and its subsidiaries and affiliates ("Siton Group LLC employees") must comply with this policy.
This privacy policy applies to personal data processed by the company both electronically and manually (i.e. in printed form, on paper or analog media). This policy applies to any processing of personal data that is carried out by the company or at its request.
In addition to this Privacy Policy, personal data and business personal data are subject to the Council of Europe Convention on the Protection of Persons with regard to Automated Processing of Personal Data and the Law of Ukraine "On Personal Data Protection".
- Policy provisions
3.1. Applying appropriate security measures when processing personal data
This Privacy Policy is also intended to introduce appropriate safeguards regarding the processing of personal data entrusted to Siton Group LLC. This allows the company to share personal data globally when it is necessary to support the company's internal business processes or promote functionality and improvements to services and products.
3.2. Compliance with applicable legislation
The Company undertakes to comply with applicable laws and regulations on data protection and confidentiality of personal data.
If applicable data protection and privacy laws require a higher level of personal data protection than defined in this Privacy Policy, the requirements of the current data protection legislation will prevail. If applicable data protection and privacy laws establish a lower level of personal data protection than defined in this Privacy Policy, the requirements of this Policy will prevail.
If the company's employees have reason to believe that the applicable law prevents the company from fulfilling its obligations under the privacy policy, they must immediately notify the Director, Head of Security and Legal Department of Siton Group LLC. In the event of a conflict between the applicable law and this Privacy Policy, the Head of Security and the Legal Department of the Company are obliged to make a responsible decision on measures to eliminate such a conflict.
3.3. Privacy principles
The following are the general principles that establish the company's methods for processing, collecting, using, disclosing, storing, protecting, transferring, accessing, and other types of personal data processing.
- Good faith
The Company processes personal data in good faith, legally, reasonably and transparently.
- Goal Restriction
The Company collects personal data only for specific, clearly defined and legitimate purposes. Any further processing must be consistent with such purposes, unless the company has obtained the appropriate permission from the personal data subject or otherwise permitted by law.
- Commensurability
The Company processes only adequate, relevant and minimally sufficient personal data for the purposes of processing.
- Data integrity
The Company maintains the correctness, completeness and topicality of personal data at the level reasonably necessary for the purposes of processing.
- Storing and deleting data
The Company stores personal data in a form that makes it possible to identify its subject, no longer than is necessary to achieve the purposes for which the personal data was obtained, or other permitted purposes. In the future, the data will be eliminated, deleted, anonymized or removed from our systems.
- Data protection
The Company introduces appropriate and reasonable physical, technical and organizational measures to protect personal data from accidental or illegal destruction, accidental loss, alteration, unauthorized disclosure, use or access. The Company puts forward and establishes the following requirements for third parties that process personal data on behalf of the company(if such parties are involved):: (a) process personal data only for purposes that meet the company's processing objectives; (b) introduce appropriate physical, technical and organizational measures to protect personal data.
- Rights of personal data subjects
The Company processes personal data in a manner that ensures the rights of its subjects in accordance with applicable laws on the protection and confidentiality of personal data.
- Reporting
The Company introduces appropriate policies, processes, controls and other necessary measures that allow it to prove that the processing of personal data carried out by this Privacy Policy is in accordance with the applicable laws on the protection and confidentiality of personal data.
3.4. Updating this policy
The Company may periodically review and change its practices, policies and procedures for the protection and confidentiality of personal data, in particular this privacy policy. If significant changes are made, the company undertakes to::
- take reasonable steps to inform all divisions of Siton Group LLC, employees of Siton Group LLC, customers, business partners of the company and other data subjects affected by these changes about the changes.;
- publish appropriate notifications of changes on the relevant websites, both internal and external (depending on the nature of the changes).
- Compliance with the policy
The Company considers it its duty to ensure that all employees of the Company comply with this privacy policy. The Company's employees are required to comply with this policy.
4.1. Effective date of the policy
This policy is valid from the moment it is approved.
4.2. Policy compliance assessment
Compliance with this privacy policy is verified in a variety of ways, including reviewing reports generated by existing business tools, internal and external audits, self-assessment, and/or reviewing feedback provided to those responsible for the policy. The Company regularly monitors compliance with this policy. From time to time, the company checks the current state of compliance with this Privacy Policy and its compliance with the applicable laws on the protection and confidentiality of personal data.
4.3. Compliance exceptions
Any exception to the requirements of this Privacy Policy requires written approval from the Company's Security Manager and Legal Department.
Any exception records must be archived.
4.4. Non-compliance
Compliance with the company's policies is mandatory. Deviation from or non-compliance with the requirements of this policy, in particular attempts to circumvent the established policies or processes, bypassing processes, systems and data, or knowingly manipulating them, may lead to disciplinary measures (including dismissal), civil and legal actions, as well as criminal prosecution within the framework of Ukrainian legislation.
- Definition
This document contains the terms defined below.
| Term | Definition |
| Business Personal Data | Other than personal data, personal data that the company processes in the context of doing business. |
| Candidate LLC"Siton Group" | A person who is interested in employment opportunities at Siton Group LLC, and who may not have applied for a specific position.Note. For the purposes of this policy, the term "personal data" does not include information that may be obtained during any monitoring or surveillance of employees or candidates of Siton Group LLC, for example, during legitimate video surveillance of the premises of Siton Group LLC.Siton Group". |
| Employee of Siton Group LLC | These are employees and temporary employees.Note. Any reference in this Policy to an "employee or candidate of Seaton Group LLC" is intended only for the purposes of the policy's operation and is not intended and does not in any way indicate an employment relationship between the said "employee or candidate of Seaton Group LLC "and Seaton Group LLC. |
| Customers | Persons who are current, former or potential clients of the company or represent organizations that are its clients. |
| Personal data | Information concerning an employee or candidate of Seaton Group LLC who has been identified or can be identified, to the extent that this information was obtained by the company in the context of the actual or potential working relationship of the employee or candidate of the company with Seaton Group LLC. An employee or candidate of a company is someone who is "identifiable" if it is possible to identify him directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. The Company's personal data includes the following:: * identification data of an employee or candidate company of the company is data generated and / or collected solely for the purpose of identifying an employee of the company while performing his / her duties in Siton Group LLC; * contextual data of an employee or candidate partnership is data generated and / or collected that identifies or describes performance, compensation, or other similar data that provides additional information about the employee, their background, and family; * personal identification data of an employee or candidate the company is data generated and / or collected that identifies or describes identifiers that are not related to Siton Group LLC, related to bank, government and other accounts of employees or candidates. |
| Personal data | Any data relating to an individual ("data subject") that is identified or can be identified. A natural person who can be identified is a natural person who can be identified directly or indirectly, in particular by identifiers such as name, identification number, address, Internet identifier, or by one or more factors related to physical, physiological, genetic, mental, economic, cultural or social characteristics. the identity of this individual. |
| Processing of personal data | Any operation or set of operations performed on personal data at any time during its life cycle, including creating, collecting, recording, organizing, storing, adapting, modifying, retrieving, accessing, reviewing, verifying, using, disclosing in any way (for example, by transmitting, distributing, or providing access to personal data). otherwise), analyzing, reconciling, or combining data, or blocking, erasing, or destroying data. Processing is not limited to the use of automated tools or media types only. For the most part, the company "processes" personal data every time we or any of our third-party processors use, access or deal with personal data in any way. |
| Personal data protection and privacy laws | All applicable legal and regulatory requirements related to personal data protection and confidentiality, including, without limitation, all regional, national and local laws on privacy and personal data protection and related regulations that are amended, repealed, consolidated or replaced from time to time. |