Regulations of SP Premier LLC on the collection, storage and processing of personal data

We hereby inform you that the information provided by you on the Internet website is included in the personal data database of «SP Premier» LLC (hereinafter referred to as the Company) for the following purposes:

  • Ensuring the implementation of civil legal relations, economic and tax relations, carrying out the functions, powers, and duties imposed on the Company in accordance with the current legislation of Ukraine regarding the protection of personal data;
  • Identifying the customer as a user of the Internet website is done to establish communication with the user, including the provision of services, payment processing, delivery of goods, conducting financial transactions, providing reporting, conducting accounting and management accounting, creating or implementing bonus programs, etc. It also involves sending mailings by mail, email, phone number, including sending commercial offers, notifications of promotions and news of the Company, and/or providing users with personalized recommendations, improving the quality of goods/services, creating ratings of goods and offers, analyzing user activity, conducting keyword searches, managing website traffic, analyzing and forecasting preferences and interests of users to create the most relevant and beneficial personalized offers and promotional offers. It includes conducting scientific research and analytical activities, sending informational and marketing mailings (company news, promotions, information about promotions, personalized recommendations, personal discounts, and offers) containing information about products and/or services, advertising, and commercial offers regarding such products and/or services, etc;
  • with the purpose of sending newsletters, commercial offers, notifications of promotions, loyalty programs, bonus programs, and/or sending messages about the functioning of the Company by mail, email, phone number, through the sending of informational messages, etc. Users have the right to unsubscribe from receiving informational and marketing newsletters at any time by adjusting the appropriate settings on the website;
  • In order to fulfill other obligations imposed by law on the Data Controller, and to protect the legitimate interests of the Data Controller or a third party to whom the personal data is disclosed.

PROVISIONS OF «SP PREMIER» LTD ON THE COLLECTION, STORAGE AND PROCESSING OF PERSONAL DATA

General provisions and definitions

The company does not process data related to race, national origin, political views, religious or other beliefs, or membership in public organizations. Information that characterizes the physiological peculiarities of users, based on which their identity can be established, is also not processed.

The processing of personal data is limited to the collection of the minimum amount of mandatory information necessary solely for the fulfillment of the user's request. In any case, when requesting non-mandatory information, the user is notified of this at the time of collecting such information. Non-mandatory information is provided by the user voluntarily and at their own discretion. The company uses this information for the purpose of improving its services, providing personalized offers to the user based on their preferences, and relying on the non-mandatory information provided by the user.

This Privacy Policy and Personal Data Processing Policy have been developed by LLC «SP Premier» (EDRPOU code: 43249320, address: Brovary, Zaliznychna Street 4, hereinafter referred to as the «Data Controller») in accordance with the current legislation of Ukraine, including, but not limited to, the Law of Ukraine «On Personal Data Protection» dated June 1, 2010, No. 2297-VI, and establishes the procedure for obtaining, collecting, storing, processing, using, ensuring the protection and disclosure of personal data (hereinafter referred to as «Data» and/or «Personal Data») through the website: www.sppremier.com, sppremier.com.ua, sppremier.net (hereinafter referred to as the «Website»). In this Policy, all definitions and terms are used in the meaning defined by the Law of Ukraine "On Personal Data Protection" dated June 1, 2010, No. 2297-VI.

By registering on the Website and/or authorizing, starting from the use without prior registration, the user gives permission and consent to the processing of their personal data on the conditions and in the manner set out below, as well as confirms familiarity with this Policy, its acceptance, and agreement with its content.

The term «User» (Buyer, Consumer) in this policy refers to any individual and/or legal entity that has access to the Website and uses its functions and services.

The Website may contain links to other websites (solely for informational purposes). When following a link to other websites, this Policy will not apply to those websites. Therefore, the Company recommends familiarizing yourself with the privacy and personal data policies of each website before providing personal data by which you can be identified.

USER RIGHTS

In accordance with Article 8 of the Law of Ukraine «On Personal Data Protection», a personal data subject has the right to:

  • to be informed about the location of the database containing their personal data, its purpose and name, and the location of its owner or controller;
  • to receive information about the conditions for granting access to personal data, including information about third parties to whom their personal data is transferred, which is contained in the personal data database;
  • to have access to their personal data contained in the respective personal data database;
  • to receive, within 30 calendar days from the date of the request, unless otherwise provided by law, a response regarding whether their personal data is stored in the respective personal data database, as well as to receive the content of their stored personal data;
  • to submit a motivated request to object to the processing of their personal data;
  • to submit a motivated request for the modification or deletion of their personal data by any owner or controller of the database if such data is processed unlawfully or is inaccurate;
  • to protect their personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision, as well as protection against the provision of information that is inaccurate or discredits the honor, dignity, and business reputation of the individual;
  • to address issues related to the protection of their rights regarding personal data to the authorities of state power, local self-government bodies empowered to protect personal data;
  • to apply legal remedies in case of violation of the legislation on personal data protection.

COMPOSITION AND CONTENT OF PERSONAL DATA

Data means any information directly or indirectly related to a particular User.

It can be:

  • name, surname, patronymic (if any), phone number, e-mail address, date of birth, presence of children, gender, hobbies, pets, presence of a car and its VIN number, language of communication, address of residence/location/delivery, information about the User's actions when using the Website, IP addresses, data on devices used by the User (device type, browser type, device operating system), message history (information contained in correspondence between the User and the Website administration, history from In particular: information about the User's passport data, identification code, etc.)

The list of personal data is not constant and mandatory for all Users but depends on the needs and preferences of the User themselves and the operations they perform on the Website.

Data also includes other information obtained from the Website on legal grounds from third parties and/or available from User profiles on social networks when registering on the Website using social media authentication services. In such cases, the User gives consent to the processing of information accessible from the respective social network accounts (profiles).

Users are responsible for all the information they post on public accounts. The User should be aware of all the risks associated with disclosing their address or information about their location. If the User chooses to authorize using a third-party authentication service such as Facebook, the Company may obtain additional profile or other information to which access is granted by such third party.

STORAGE PERIODS AND GROUNDS FOR DELETION OR DESTRUCTION OF PERSONAL DATA

Users can modify/delete their personal information, unsubscribe from email notifications, or withdraw their consent for data processing at any time. This can be done in their Personal Account or by sending a message to the email address: info@sppremier.com with the subject line «Personal Data».

In the event of inactivity in a User's account for a period exceeding three years, the Company reserves the right to delete the User's account, including all personal data stored in the account, which means that you will no longer be able to access it.

In case of inactivity in the User's account for a period exceeding three years, the Company reserves the right to delete the User's account, including all personal data stored in the account, which means that you will no longer be able to access it.

LOCATION OF PERSONAL DATA

Personal data of the Website Users is processed and protected on the Company's secure servers.

CONDITIONS OF DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

The Company may exchange data with its affiliated entities, acting on the basis of joint ownership, which may process and use the data for the purposes defined in this Policy.

ata disclosure occurs during registration on the Website, filling out a feedback form, or placing an order for goods/services by the User, to the extent necessary for the User's identification, order fulfillment, and processing, including proper payment for goods/services and providing necessary information to the User.

The Company may engage third-party providers of goods or services to fulfill an order. In such cases, these third-party providers do not have the authority to use the personal data obtained through the Website, except for order fulfillment purposes.

The Company may provide certain anonymized information and grant permission for the collection of such de-identified information directly on the website, using appropriate technologies (data that does not allow individual Users to be identified), to third-party service providers, trusted partners, or authorized researchers for marketing research, improving the effectiveness of advertising offers and campaigns, analytical activities, better understanding of advertisements, goods, and/or services that may interest Users, improving the overall quality and efficiency of goods/services, etc. The Company may also exchange data with providers of goods/services when conducting contests, promotions on the website to ensure the proper conduct of such contests, promotions. In such cases, the data is used and may be transferred to third parties for the purposes of conducting such contests, promotions, and determining the winners. In the event of winning, if the contests or promotions are conducted by providers of goods/services, such providers may independently contact Users regarding the conduct of contests, promotions, determining the winners, prize arrangements, etc.

The Company processes data on lawful and fair grounds. Data is not disclosed or disseminated to third parties without the consent of the User, except in cases provided for by the current legislation of Ukraine and solely in the interests of national security, economic well-being, and human rights, in particular, but not exclusively:

  • based on reasoned requests from state authorities entitled to request and obtain such data;
  • for the purposes of combating fraud and abuses on the Website.

In the event of the transfer of personal data specified in this section, informing the User about the transfer of their personal data remains at the discretion of the Company.

PROTECTION OF PERSONAL DATA

The owner of personal data is provided with system and software-technical means and communication tools that prevent loss, theft, unauthorized destruction, distortion, falsification, copying of information, and comply with the requirements of international and national standards.

Employees/authorized persons directly involved in the processing and/or having access to personal data in connection with the performance of their official (employment) duties are obliged to comply with the requirements of Ukrainian legislation in the field of personal data protection and internal documents on the processing and protection of personal data.

Employees/authorized persons who have access to personal data, including processing them, are obliged not to disclose, by any means, personal data entrusted to them or made known to them in connection with the performance of their professional, official, or employment duties. Such obligation continues after they cease their activities involving personal data, except as otherwise provided by law.

Personal data should not be stored longer than necessary for the purposes for which such data is stored, but in any case, not longer than the data retention period determined by this Policy with the User's consent.

To protect User accounts and their personal data from unauthorized access, two-factor authentication may be additionally used, which serves as an additional level of protection for User accounts.

Two-factor authentication is activated if the User's account has a verified phone number and at least one of the conditions listed below is met:

  • the account has a verified phone number;
  • a bank card is linked to the account;
  • there are available bonuses on the account balance;

When a user authorizes from an unknown device, two-factor authentication is triggered. Therefore, in addition to entering a password, it is also necessary to enter a one-time password, which is sent to the User's phone in the form of an SMS or Viber message, or an additional verification of trusted devices (the ID of the verified device/program) is performed. The same message contains information about the parameters for logging into his/her account:

  • date of the authorization attempt
  • IP device
  • type of client browser

In some cases, for example, if the User has made too many unsuccessful authorization attempts, an additional protection algorithm is triggered - the introduction of reCaptcha (to check that the User is not a robot).

This Regulation sets forth the internal policies and procedures for the collection, processing, use, disclosure of personal information or personal data when using the website https://www.sppremier.com, https://sppremier.com.ua, https://sppremier.net. The Data Owner has developed and implemented internal rules for working with personal data, including the procedure for deleting a number of data after deleting the User's personal account, the levels of access of the Company's internal employees to User data, and the secure procedure for exchanging such data within the Company. The Company regularly audits its security systems to identify opportunities to improve the secure storage and use of User data. The Company also complies with the requirements of the Standard Procedure for the Processing of Personal Data, approved by the Decree of the Verkhovna Rada of Ukraine No. 1/02-14 dated January 08, 2014, to the extent necessary for the personal data.

The user has the right to receive any information about himself/herself from any subject of relations related to personal data, without specifying the purpose of the request, except in cases established by law.

Access of the personal data subject (user) to data about himself/herself is free of charge.

The personal data subject (User) submits a request for access (hereinafter referred to as the request) to personal data to the personal data owner.

The request shall specify:

  • surname, name, patronymic, place of residence (place of stay) and details of the identity document of the personal data subject (user);
  • other information allowing to identify the identity of the personal data subject (user);
  • information about the personal data for which the request is made, or information about the owner or manager;
  • a list of requested personal data.

The period for studying the request for its satisfaction shall not exceed ten business days from the date of receipt. Within this period, the Personal Data Owner shall inform the User that the request will be granted or the relevant personal data shall not be provided, indicating the grounds specified in the relevant regulatory legal act. The request shall be satisfied within thirty calendar days from the date of receipt, unless otherwise provided by law.

AMENDMENTS TO THE REGULATIONS

The Company may from time to time unilaterally update this Regulation without notifying the User of such changes. The new version of the Regulations shall enter into force upon its posting on the online platform, unless otherwise provided by the new version of the Regulations. The current version of the Regulations is always available on the page at: https://sppremier.com.ua/privacy.

If any changes have been made to the Regulations with which the User does not agree, he/she is obliged to stop using the Website. The fact of continuing to use the Website is a confirmation of the User's consent and acceptance of the version of the Regulations.