Main Data protection

Data protection

Notification in pursuance of the requirements of the Law of Ukraine "On Personal Data Protection".

1. Brief information on data protection.

General information.

The following information is intended for easy reference to what happens to your personal data when you visit our website.

What is personal data?

The Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”) defines personal data as “any information relating to an identified or identifiable individual (“data subject”)”; an identifiable individual is a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, intellectual, economic, cultural or social identity of that individual. As a customer of the Bank, you are a “data subject”. This means that any personal data that can be used to identify you personally and relating to you as a data subject is protected by data protection law.

Detailed information on data protection can be found in this Data Protection Agreement, which explains how and what data we collect and for what reason we use them.

Collection of data on our website.

How do we collect your data?

One of the methods of data collection is when you tell us all the information. Other data is collected automatically by our IT systems. Most of them are technical data (for example, Internet browser, operating system or access time to the website). This automatic process is activated as soon as you reach our site.

Why do we use your data?

Some data is collected to make our site completely and easily accessible to you. Other data can be used to analyse user behaviour.

What are your data rights?

You have the right to receive information about the origin and the recipients of your personal data and the purposes for which they were collected at any time. You also have the right to request correction, blocking or deletion of data (taking into account postponement of execution). You can contact us on these and other issues related to data protection using the coordinates specified in this Agreement.

Analysis’ and third-party tools.

Your surfing behaviour can be analysed statistically when you visit our website. This is mainly done with the help of cookies and so-called analytical programs. Your surfing behaviour is usually analysed anonymously, in the sense that the behaviour of surfing cannot be traced back to you individually. You can object to such an analysis or prevent it without using certain tools.

Cookies

Some websites use so-called cookies. They do not damage your computer and do not contain viruses. They serve to make our offer more friendly, efficient, and safe. Cookies are small text files that are stored both on your computer and in your browser. Most of the cookies we use are so-called session cookies that are automatically deleted at the end of your visit to the website. Other cookies remain on your terminal until you delete them. These cookies allow us to recognize your browser the next time you visit. You can set your browser to notify you of the presence of cookies and make sure that you only allow cookies in certain cases, so that you accept them for certain occasions, that you completely exclude them or automatically delete them when you close the browser. Deactivating cookies can mean that the functionality of the website is limited. Website administrators have a legitimate interest in storing cookies to ensure technically impeccable and optimized service delivery.

Server Log Files

The website automatically collects and stores information in the so-called server log files (files: browser type and browser version, the operating system used. URL of the referrer, host name for access to the computer, time of day of the server request, IP address), which your browser automatically sends to us. This data is not combined with other data sources.

SSL or TLS encryption.

For security reasons and to protect the transmission of sensitive content, this site uses SSL or TLS encryption. You can recognize the encrypted connection from the fact that the address bar of the browser switches from “http: //” to “https: //” and from the lock icon in your browser line. If and when SSL or TSL encryption is activated, the data you send to us cannot be read by third parties. Payments via usual methods of payment (Visa / MasterCard, direct debiting) are made in each individual case using an encrypted SSL or TLS connection. You can recognize the encrypted connection from the fact that the address bar of the browser switches from “http: //” to “https: //” and from the lock icon in your browser line. The effect of encrypted communication is that the payment data that you transmit to us cannot be read by third parties.

2. General and mandatory information on data protection

We take your personal data very seriously: in strict confidentiality and in accordance with the provisions of the Personal Data Protection Act and this Data Protection Agreement, taking into account the requirements of the GDPR.

It should be noted that the transmission of data on the Internet (for example, for e-mail communication) may include security gaps. Complete and absolute protection of data from third-party access is impossible.

The withdrawal of your consent to the processing of data.

Many data processing events are possible only with your explicit consent. You can at any time withdraw the consent that you have already given; while it is necessary to take into account the legislative requirements for the mandatory storage of personal data that are used for identification in the conduct of financial transactions, and the implementation of the recall can occur with a delay in time.

The right to data portability.

You have the right to receive data that we process automatically by means of your consent or in the performance of a contract issued to you or a third party in a commonly used and machine-readable format. If you need data that will be transferred directly to another responsible facility, this will only be done where technically feasible.

Information, blocking, deletion.

In accordance with applicable statutory provisions, you have the right to information about your stored personal data, its source and recipients, and the purpose of processing the data and, if necessary, the right to correct, block or delete the specified data (the implementation may occur with a delay in time) at any time.

3. Collection and processing of data

Data processing (client and contract data)

We collect, process, and use personal data only where it is necessary to provide services. The collected data of the client can be deleted after the termination of the contract or the termination of business relations in view of performance of legislative norms on their storage.

Data transmission when concluding a service contract and digital content

We transfer personal data to third parties only if it is necessary to fulfil the contract (agreement). Data is not transmitted beyond the above limit or is transmitted only where you directly agreed to such a transfer. Your data is not sent to third parties, for example, for promotional purposes, without your explicit consent.

4. Contact details.

Data Protection Officer:

Head of the Information Security Department of the Security Directorate — Viacheslav Nikolaevich Zakharchenko, e-mail: v.zakharchenko@sbrf.com.ua, phone: +38(044) 594-71-58.

5. Comtact details of the authorized representative of the Bank in the territory of the European Union on the protection of personal data:

COMPLIANCE CONTROL OÜ

Address:  Pronski 5-2, Tallinna linn, Harju maakond, 10124,

Email: dpo@compliance-control.eu

Telephone number: +38 044 332 01 17

Website: https://compliance-control.eu/

Information Security Consultant:

Olga Sachenko