Privacy Policy Content
- Purpose
- Scope of application
- Policy provisions
3.1 Application of appropriate precautions when processing personal data
3.2 Compliance with applicable legislation
3.3 Privacy principles
3.4 Policy Update
- Compliance with the policy
4.1 Effective date
4.2 Policy Compliance assessment
4.3 Exceptions to compliance
4.4 Non-compliance
- Definition
Purpose
“Seeton Group” Limited Liability Company (hereinafter – Seeton Group LLC or Company) considers it its duty to protect the privacy of its employees, customers, business partners and other persons. For this purpose, the Company has implemented a privacy program that allows implementing and maintaining high standards for the collection, use, disclosure, storage, protection, transfer of personal data, access to them and other types of their processing. This Privacy Policy defines the basics of such a program and describes the approach that the company follows when processing personal data.
- Scope of application
The requirements of this policy must be met by all employees, contractors, suppliers, consultants, temporary employees of “Seeton Group” LLC and its subsidiaries and affiliates (“Employees of “Seton Group” LLC”). This Privacy Policy applies to personal data processed by the company both electronically and manually (i.e. in hard copy, on paper or analog media). This policy applies to any processing of personal data carried out by the Company or at its request.
In addition to this Privacy Policy, personal data and business personal data are subject to the Council of Europe Convention on the protection of persons in connection with automated processing of personal data and the law of Ukraine “On personal data protection”.
- Policy provisions
3.1 Application of appropriate precautions when processing personal data This Privacy Policy is also intended to take appropriate precautions when processing personal data entrusted to “Seaton Group” LLC. This allows the company to share personal data globally when necessary to support the company’s internal business processes or promote functionality and improvements to services and products. 3.2 Compliance with applicable legislation The Company undertakes to comply with applicable laws and regulations regarding data protection and privacy of personal data. If the applicable data protection and privacy laws require a higher level of personal data protection than defined in this Privacy Policy, the requirements of the current personal data protection legislation take precedence. If the applicable data protection and privacy laws establish a lower level of personal data protection than defined in this Privacy Policy, the requirements of this Зolicy take precedence. If employees of the Company have reason to believe that the applicable law prevents the Company from fulfilling its obligations under the Privacy Policy, they must immediately notify the Director, Head of security and Legal Department of “Seeton Group” LLC. In the case of a conflict between the applicable law and this Privacy Policy, the head of security and the legal department of the company are required to make a responsible decision on measures to resolve such a conflict. 3.3 Privacy principles The general principles that establish the company’s methods of processing, collecting, using, disclosing, storing, protecting, transmitting, accessing, and other types of personal data are set out below.
- Good faith
The company processes personal data in good faith, legally, reasonably and transparently.
- Limitation of purpose
The company collects personal data only for specific, explicitly defined and legal purposes. Any further processing must comply with such purposes, except in cases where the company has obtained the appropriate permission of the personal data subject or is otherwise permitted by law.
- Proportionality
The company processes only adequate, relevant and minimally sufficient personal data for the purposes of processing.
- Data integrity
The company maintains the correctness, completeness and relevance of personal data at the rationally necessary level for the purposes of processing.
- Data storage and deletion
The company stores personal data in a form that allows identifying their subject, no longer than necessary to achieve the purposes for which the personal data was obtained, or other permitted purposes. In the future, the data will be liquidated, deleted, anonymized or removed from our systems.
- Data protection
The company implements appropriate and justified physical, technical and organizational measures to protect personal data from accidental or illegal destruction, accidental loss, modification, unauthorized disclosure, use or access. The company imposes and establishes in the agreement the following requirements for third parties that process personal data on behalf of the company (if such parties are involved): (a) process personal data only for purposes that meet the company’s processing purposes; (b) implement appropriate physical, technical and organizational measures to protect personal data.
- Rights of personal data subjects
The company processes personal data in a way that ensures the rights of its subjects in accordance with the applicable laws on the protection and privacy of personal data.
- Reporting
The company implements appropriate policies, processes, means of control and other necessary measures that allow it to prove that the processing of personal data, carried out, complies with this Privacy Policy and the applicable laws on the protection and privacy of personal data. 3.4 Policy Update The company may periodically review and change its practices, policies and procedures for the protection and privacy of personal data, in particular this Privacy Policy. In the case of significant changes, the Company undertakes to:
- take reasonable measures to notify all divisions of “Seeton Group” LLC, employees of “Seeton Group” LLC, customers, business partners of the company and other data subjects affected by these changes;
- publish appropriate notifications about changes on the relevant websites, both internal and external (depending on the nature of the changes).
- Compliance with the policy
The company considers it its duty to ensure that all employees of the company comply with this Privacy Policy. Employees of the company are required to comply with this policy. 4.1 Policy effective date This policy is effective from the moment of its approval. 4.2 Policy Compliance assessment Compliance with this Privacy Policy is verified by various means, including analysis of reports generated by existing business tools, internal and external audits, self-assessment, and/or review of feedback provided to those responsible for the policy. The company regularly monitors compliance with the requirements of this policy. Periodically, the company checks the current state of compliance with this Privacy Policy and its compliance with the applicable laws on the protection and privacy of personal data. 4.3 Exceptions to compliance Any exception to the requirements of this Privacy Policy requires approval from Head of security and Legal Department of the company in writing. Any exception records must be archived. 4.4 Non-compliance Compliance with the Company’s policies is mandatory. Deviation from the requirements of this policy or their non-compliance, in particular attempts to avoid the implemented policies or processes, bypassing processes, systems and data or deliberately manipulating them, may lead to disciplinary measures (including dismissal), civil and legal claims, as well as referral to criminal prosecution within the limits of the legislation of Ukraine.
- Definition
This document contains the terms defined below.
Term | Definition |
Business personal data | Different from personal data, personal data that the Company processes in the context of business operations. |
Candidate of “Seeton Group” LLC | A person interested in employment opportunities in “Seeton Group” LLC who may not have applied for a specific position. Note. For the purposes of this policy, the term “personal data” does not include information that may be obtained during any monitoring or surveillance of employees or candidates of “Seeton Group” LLC, for example, during legal video surveillance of the premises of “Seeton Group” LLC. |
Employee of “Seeton Group” LLC | These are employees and temporary employees. Note. Any reference in this Policy to “employee or candidate of “Seeton Group” LLC” is intended only for the purposes of the functioning of the Policy and is not intended and in no way indicates the employment relationship between the mentioned ” employee or candidate of “Seeton Group” LLC and “Seeton Group” LLC”. |
Customers | Individuals who are current, former, or potential customers of the company or represent organizations that are its customer. |
Personal data | Information concerning an employee or candidate of “Seeton Group” LLC who has been identified or can be identified, within the limits to which this information was obtained by the company in the context of the actual or potential working relationship of the employee or candidate of the company with “Seeton Group” LLC. An employee or candidate of a Company is one who is “identifiable” if it is possible to identify him directly or indirectly, in particular by referring to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. The Company’s personal data includes the following:: · identification data of an employee or candidate-company of the Company – is data generated and/or collected solely for the purpose of identifying an employee of the company during the performance of his duties in “Seeton Group” LLC; · contextual data of an employee or candidate of the Company – is data generated and/or collected that identifies or describes performance, compensation, or other similar data that provides additional information about the employee, their background, and family; · personal identification data of an employee or candidate of the Company – is data generated and/or collected that identifies or describes identifiers that do not belong to “Seeton Group” LLC associated with bank, government and other accounts of employees or candidates. |
Personal data | Any data relating to an individual (the “data subject”) who has been identified or is likely to be identified. A individual who can be identified should be understood as an individual who can be identified directly or indirectly, in particular by identifiers such as the name, identification number, address, internet identifier, or by one or more factors concerning the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. |
Personal data processing | Any operation or set of operations performed on personal data at any time during its life cycle, in particular the creation, collection, recording, ordering, storing, adapting, modifying, extracting, accessing, reviewing, reconciling, using, disclosing in any way (for example, by transmitting, distributing, or otherwise providing access to data), analyzing, reconciling or combining data, or blocking, erasing, or destroying data. Processing is not limited to the use of automated means or types of media. Generally, the Company “processes” personal data whenever we or any of our third-party processors use, access, or otherwise deal with personal data. |
Laws on the protection and privacy of personal data | All applicable legal and regulatory requirements related to personal data protection and privacy, including, without restrictions, all regional, national and local laws on privacy and protection of personal data and relevant regulations that are changed, repealed, consolidated or replaced from time to time. |