JOINT STOCK COMPANY INTERNATIONAL INVESTMENT BANK in compliance with the legislation of Ukraine notifies about the procedure applied in the Bank for processing and protection of personal data and the rights of personal data subjects.
JSC IIB (hereinafter - the Bank) provides processing and protection of personal data in compliance with the Law of Ukraine "On Personal Data Protection", the Law of Ukraine "On Banks and Banking" and other laws and regulations of Ukraine.
- ensuring the implementation of labor relations, tax relations and relations in the field of accounting and tax accounting in accordance with the Labor Code of Ukraine, the Tax Code of Ukraine, Laws of Ukraine "On Remuneration" and "On Accounting and Financial Reporting in Ukraine", JSC IIB
- ensuring the implementation of legal relations in the field of banking services in accordance with the license, permit and other activities provided by the National Bank of Ukraine in the manner prescribed by applicable law;
- carrying out securities trading activities in accordance with the Laws of Ukraine "On Securities and Stock Market", "On Joint Stock Companies", Rules (conditions) of securities trading activities: brokerage, dealership, underwriting, securities management (approved by the decision State Commission on Securities and Stock Market dated 12.12.2006 №1449), Charter of JSC IIB;
- ensuring and conducting the Bank's business activities in accordance with the Commercial Code of Ukraine, the Civil Code of Ukraine, the Tax Code of Ukraine, the Law of Ukraine “On Accounting and Financial Reporting in Ukraine”, the Bank's Charter.
Control over compliance with the legislation on personal data protection is provided in accordance with the requirements of the legislation (Article 2 of the Law of Ukraine "On Personal Data Protection") - the Commissioner for Human Rights of the Verkhovna Rada (Address: 21/8, Institutska St., Kyiv, 01008www.ombudsman.gov.ua) and courts.
On issues of access to personal data and protection of personal data in the Bank - Head of Information and Technical SecurityTaranenko G Konstantin Konstantin.Taranenko@ii-bank.com.ua Address: 16, Lavrska Street, Kyiv, Ukraine, 01015
- know about the sources of collection, location of their personal data, the purpose of their processing, location or residence (stay) of the owner or controller of personal data or give a corresponding order to obtain this information to authorized persons, except as provided by law;
- receive information on the conditions for granting access to personal data, in particular information on third parties to whom his personal data is transferred;
- access to their personal data;
- receive no later than thirty calendar days from the date of receipt of the request, except as provided by law, an answer as to whether his personal data are processed, as well as receive the content of such personal data;
- make a reasoned request to the owner of personal data with an objection to the processing of their personal data;
- make a reasoned request to change or destroy their personal data by any owner and controller of personal data, if this data is processed illegally or is inaccurate;
- to protect their personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision or untimely provision, as well as to protect against the provision of information that is inaccurate or discredits the honor, dignity and business reputation of the physical persons;
- file complaints about the processing of their personal data with the Commissioner or the court;
- apply legal remedies in case of violation of the legislation on personal data protection;
- make reservations regarding the restriction of the right to process their personal data during the consent;
- withdraw consent to the processing of personal data;
- know the mechanism of automatic processing of personal data;
- to protect against an automated decision that has legal consequences for him.
- The grounds for the right to personal data processing are the written consent of the personal data subject to the processing of his personal data, provided to the Bank in accordance with the requirements of the legislation of Ukraine or in another form, which allows to conclude on its provision.
- Consent in writing in the form of a statement of the personal data subject, signed by the personal data subject and stored in the Bank throughout the processing of personal data of the specified personal data subject. Consent may also be given by including the relevant clause in the contract (including a questionnaire, questionnaire, etc.).
- The owner of personal data provides the personal data subject in writing with information on the purpose of personal data processing until the consent of the personal data subject is obtained.
- The owner of personal data retains personal data for no longer than necessary for the purpose of their processing, unless otherwise provided by law.
- The procedure for third party access to personal data is determined by the terms of the written consent of the personal data subject provided to the Bank as the owner of personal data for the processing of such data, or in accordance with the Law of Ukraine "On Personal Data Protection".
- Access to personal data is not granted to a third party if he / she refuses to undertake to ensure compliance with the requirements of the Law of Ukraine “On Personal Data Protection” and / or is unable to provide them.
- Receipt of personal data by a third party is carried out on the basis of a request for access to personal data, which must specify:
- surname, name and patronymic, place of residence (location) and details of the document certifying the natural person submitting the request (for the natural person - the applicant);
- name, location of the legal entity (actual address) submitting the request, position, surname, name and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the powers of the legal entity (for the legal entity - the applicant);
- surname, name and patronymic, as well as other information that allows to identify the personal data subject (individual) in respect of which the request is made;
- information about the personal data base in respect of which the request is submitted, or information about the owner of this database;
- list of personal data requested;
- purpose and / or legal basis for the request.