Privacy policy
PRIVACY AND PERSONAL DATA PROTECTION POLICY
This Privacy and Personal Data Protection Policy (hereinafter - "Policy") has been developed and implemented by Adaptis (hereinafter - "Adaptis", "we", "us", "our"), the owner and operator of the website adaptis.com (hereinafter - "Website"), and the services provided through the Website (hereinafter - "Services").
We are committed to ensuring the protection of the privacy and security of your personal data in accordance with the requirements of the Law of Ukraine "On Personal Data Protection" dated 01.06.2010 № 2297-VI (as amended), other applicable regulatory legal acts of Ukraine in the field of data protection, and taking into account the provisions of the European Union General Data Protection Regulation (GDPR), which may apply to our activities.
This Policy applies to all users of the Website and Services, including, but not limited to, website visitors, registered users, clients, and other persons whose personal data we process.
Please read this Policy carefully. Your use of the Website and/or Services, as well as any other interaction with us that involves the provision of personal data, constitutes your unconditional consent to the collection, processing, use, and disclosure of your information in accordance with the terms of this Policy. If you do not agree with this Policy, please refrain from using the Website and Services.
1. General Concepts and Scope
1.1. Definition of terms:
• Personal Data Database – a named collection of ordered personal data in electronic form and/or in the form of personal data card files.
• Responsible Person – a designated person who organizes work related to the protection of personal data during their processing, in accordance with the law.
• Owner of the Personal Data Database – a natural or legal person who, by law or with the consent of the personal data subject, has been granted the right to process this data, who approves the purpose of processing personal data in this database, establishes the composition of this data, and the procedures for its processing, unless otherwise provided by law. In this case – the owner of the "Adaptis – mounting and powering solutions for Starlink terminals" Website.
• State Register of Personal Data Databases – a unified state information system for collecting, accumulating, and processing information about registered personal data databases.
• Publicly Accessible Sources of Personal Data – directories, address books, registers, lists, catalogs, other systematized collections of open information containing personal data, placed and published with the knowledge of the personal data subject. Social networks and Internet resources where personal data subjects leave their personal data are not considered publicly accessible sources of personal data (except in cases where the personal data subject has explicitly indicated that the personal data is placed for the purpose of its free dissemination and use).
• Consent of the Personal Data Subject – any documented, voluntary expression of will of an individual regarding permission for the processing of their personal data in accordance with the stated purpose of their processing.
• Anonymization of Personal Data – removal of information that allows identification of an individual.
• Processing of Personal Data – any action or set of actions performed wholly or partially in an information (automated) system and/or in personal data card files, related to the collection, registration, accumulation, storage, adaptation, modification, renewal, use and dissemination (distribution, sale, transfer), anonymization, destruction of information about an individual.
• Personal Data – information or a set of information about an individual who is identified or can be specifically identified.
• Administrator of the Personal Data Database – a natural or legal person who has been granted the right to process this data by the owner of the personal data database or by law. A person entrusted by the owner and/or administrator of the personal data database with performing technical work with the personal data database without access to the content of the personal data is not an administrator of the personal data database.
• Personal Data Subject – an individual regarding whom, in accordance with the law, their personal data is processed.
• Third Party – any person, except for the personal data subject, the owner or administrator of the personal data database, and the authorized state body for personal data protection, to whom personal data is transferred by the owner or administrator of the personal data database in accordance with the law.
• Special Categories of Data – personal data about racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and trade unions, as well as data related to health or sexual life.
• Adaptis – Adaptis Limited Liability Company, its authorized Partners, who are the owners of personal data databases processed using the adaptis.com website.
1.2. This Regulation is mandatory for application by the responsible person and employees, Adaptis Partners, who directly process and/or have access to personal data in connection with the performance of their official duties when receiving and processing orders using the Website.
2. List of Personal Data Databases
2.1. Adaptis is the owner of the following personal data databases:
• Customer/Counterparty Personal Data Database.
• Web User Personal Data Database (includes data collected using Cookies and analytical tools).
3. Purpose of Personal Data Processing
3.1. The purpose of personal data processing is:
• Ensuring the implementation of civil law relations, providing, receiving, and making payments for purchased goods and services in accordance with the Civil Code of Ukraine, Commercial Code of Ukraine, Tax Code of Ukraine, Law of Ukraine "On Accounting and Financial Reporting in Ukraine".
• Identification of the Website and Services user.
• Communication with users regarding orders, inquiries, and information about Services.
• Formation and completion of orders, their processing and delivery.
• Ensuring the functioning, improvement, and personalization of the Website and Services.
• Conducting analysis of Website usage, understanding user interaction to optimize Services.
• Sending marketing, advertising, and promotional materials (with the consent of the data subject or on the basis of a legitimate interest).
• Detection, investigation, and prevention of fraudulent, illegal, or harmful activities.
• Compliance with the requirements of current legislation of Ukraine and international legal procedures.
• Ensuring compliance with the Terms of Service.
• Protection of the legitimate interests, rights, and property of Adaptis, as well as the rights and safety of our users and third parties.
4. Procedure for Personal Data Processing: Obtaining Consent, Notification of Rights and Actions with Personal Data of the Personal Data Subject
4.1. The consent of the personal data subject must be a voluntary expression of will of an individual regarding permission for the processing of their personal data in accordance with the stated purpose of their processing.
4.2. Consent of the personal data subject can be provided in the following forms:
• A document on paper with details that allow identifying this document and the individual.
• An electronic document that must contain details that allow identifying this document and the individual. It is advisable to certify the voluntary expression of will of an individual regarding permission for the processing of their personal data with the electronic signature of the personal data subject.
• A mark on an electronic page of a document or in an electronic file processed in an information system based on documented software and technical solutions.
• Performing certain actions that confirm the fact of familiarization with this Policy and granting consent to the processing of personal data (for example, placing an order, making a payment, etc.).
• An individual who provides personal data is solely responsible for the accuracy of the data provided by them both for the purpose of their identification (verification) and for the purpose of granting consent to the processing of personal data in accordance with this Regulation.
4.3. The consent of the personal data subject is provided during the formalization of civil law relations in accordance with current legislation or the intentions to formalize such relations (including for the purpose of gaining access to Adaptis product catalogs or placing a pre-order, reserving certain products, requesting a price offer for them, etc.).
4.4. Notification of the personal data subject about the inclusion of their personal data in the personal data database, rights defined by the Law of Ukraine "On Personal Data Protection", the purpose of data collection, and persons to whom their personal data is transferred, is carried out during the formalization of civil law relations in accordance with current legislation.
4.5. Processing of special categories of data (personal data about racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and trade unions, as well as data related to health or sexual life) is prohibited.
5. Location of Personal Data Databases
5.1. The personal data databases specified in Section 2 of this Policy are located at the address of Adaptis. Some data may be stored on the servers of personal data administrators (e.g., Shopify, cloud storages), which may be located outside of Ukraine, subject to the conditions for cross-border data transfer (see Section 8).
6. Conditions for Disclosure of Personal Data to Third Parties
6.1. The procedure for access to personal data by third parties is determined by the terms of the personal data subject's consent, granted to the personal data owner for the processing of this data, or in accordance with the requirements of the law.
6.2. Access to personal data is not granted to a third party if the said person refuses to undertake obligations to ensure compliance with the requirements of the Law of Ukraine "On Personal Data Protection" or is unable to ensure them.
6.3. The subject of relations related to personal data submits a request for access (hereinafter - request) to personal data to the owner of personal data.
6.4. The request shall specify:
• Last name, first name, and patronymic, place of residence (stay), and details of the document identifying the individual submitting the request (for an individual - applicant).
• Name, location of the legal entity submitting the request, position, last name, first name, and patronymic of the person certifying the request.
• Confirmation that the content of the request corresponds to the powers of the legal entity (for a legal entity - applicant).
• Last name, first name, and patronymic, as well as other information that allows identifying the individual for whom the request is made.
• Information about the personal data database for which the request is submitted, or information about the owner or administrator of this personal data database.
• List of requested personal data.
• Purpose and/or legal grounds for the request.
6.5. The term for reviewing the request for its satisfaction cannot exceed ten working days from the date of its receipt. Within this period, the owner of the personal data database informs the person submitting the request that the request will be satisfied or that the relevant personal data is not subject to provision, indicating the grounds specified in the relevant regulatory legal act. The request is satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.
6.6. Postponement of access to personal data by third parties is allowed if the necessary data cannot be provided within thirty calendar days from the date of receipt of the request. In this case, the total period for resolving issues raised in the request cannot exceed forty-five calendar days.
6.7. The notification of postponement is brought to the attention of the third party who submitted the request in writing with an explanation of the procedure for appealing such a decision.
6.8. The notification of postponement shall specify:
• Last name, first name, and patronymic of the official.
• Date of sending the notification.
• Reason for postponement.
• Period within which the request will be satisfied.
6.9. Refusal of access to personal data is allowed if access to it is prohibited by law.
6.10. The notification of refusal shall specify:
• Last name, first name, patronymic of the official refusing access.
• Date of sending the notification.
• Reason for refusal.
• 6.11. A decision on postponement or refusal of access to personal data may be appealed to court.
7. Personal Data Protection: Methods of Protection, Responsible Person, Employees Directly Processing and/or Having Access to Personal Data in Connection with the Performance of Their Official Duties, Personal Data Storage Period
7.1. Adaptis is equipped with systemic and software-technical means and communication tools that prevent losses, theft, unauthorized destruction, distortion, forgery, copying of information and comply with the requirements of international and national standards.
7.2. The Responsible Person organizes work related to the protection of personal data during their processing, in accordance with the law. The Responsible Person is determined by the order of the Owner of the personal data database (Adaptis). The duties of the responsible person regarding the organization of work related to the protection of personal data during their processing are specified in the job description.
7.3. The Responsible Person is obliged to:
• Know the legislation of Ukraine in the field of personal data protection.
• Develop procedures for access to personal data by employees in accordance with their professional or official or labor duties.
• Ensure that Adaptis employees comply with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regulating Adaptis' activities regarding the processing and protection of personal data in personal data databases.
• Develop a procedure (process) for internal control over compliance with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regulating Adaptis' activities regarding the processing and protection of personal data in personal data databases, which, in particular, should contain norms regarding the periodicity of such control.
• Inform Adaptis about violations by employees of the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regulating Adaptis' activities regarding the processing and protection of personal data in personal data databases no later than one working day from the moment such violations are detected.
• Ensure the storage of documents confirming the personal data subject's consent to the processing of their personal data and notification of the said subject about their rights.
7.4. For the purpose of fulfilling their duties, the Responsible Person has the right to:
• Receive necessary documents, including orders and other administrative documents issued by Adaptis, related to the processing of personal data.
• Make copies of received documents, including copies of files, any records stored in local computer networks and autonomous computer systems.
• Participate in the discussion of their duties related to the organization of work on personal data protection during their processing.
• Submit proposals for improving activities and perfecting work methods, submit comments and options for eliminating identified shortcomings in the process of personal data processing.
• Receive explanations on issues of personal data processing.
• Sign and endorse documents within their competence.
7.5. Employees who directly process and/or have access to personal data in connection with the performance of their official (labor) duties are obliged to comply with the requirements of the legislation of Ukraine in the field of personal data protection and internal documents regarding the processing and protection of personal data in personal data databases.
7.6. Employees who have access to personal data, including those who process it, are obliged not to disclose in any way personal data entrusted to them or which became known in connection with the performance of professional or official or labor duties. Such an obligation remains valid after they cease activities related to personal data, except in cases established by law.
7.7. Persons who have access to personal data, including those who process it, in case of violation of the requirements of the Law of Ukraine "On Personal Data Protection", are liable according to the legislation of Ukraine.
7.8. Personal data should not be stored longer than necessary for the purpose for which such data is stored, but in any case not longer than the data storage period determined by the personal data subject's consent to the processing of this data. We retain data for as long as necessary to maintain your account and provide Services, comply with legal obligations (e.g., tax, accounting), resolve disputes, and enforce our agreements and policies, as well as for other legitimate purposes of which we will inform you.
8. Cross-Border Transfer of Personal Data
We may carry out cross-border transfers of your personal data, i.e., transfer them to subjects of relations related to personal data (administrators, third parties) located outside the territory of Ukraine. Such transfer may occur, in particular, in connection with the use of cloud data storage, email distribution services, analytical tools, or online sales platforms (e.g., Shopify), whose servers may be located in other countries (e.g., USA, EU countries).
We guarantee that such cross-border data transfer is carried out only under the condition of ensuring an adequate level of personal data protection, in accordance with the requirements of the Law of Ukraine "On Personal Data Protection", and taking into account the GDPR norms for users from the European Economic Area (EEA). We apply the following mechanisms to ensure adequate protection:
• Adequacy Decision
Transfer to countries for which the European Commission has adopted a decision on ensuring an adequate level of data protection.
• Standard Contractual Clauses (SCCs)
We enter into agreements with data recipients that contain Standard Contractual Clauses approved by the European Commission, which are binding on the parties to the agreement and guarantee an adequate level of protection of your rights.
• Your Explicit Consent
In cases where there are no other legal grounds for transfer, we may perform cross-border transfer with your voluntary and informed consent.
• Other Lawful Mechanisms
We may rely on other data transfer mechanisms provided by current legislation of Ukraine and international norms.
9. Kids Data
The Website Services are not intended for use by persons under the age of 18. We do not knowingly collect personal data from children. If you are a parent or legal guardian of a child and believe that your child has provided us with personal data, please contact us immediately using the contact details provided below to delete such data.
10. Rights of the Personal Data Subject
10.1. The personal data subject has the right to:
• Know the location of the personal data database containing their personal data, its purpose and name, location and/or place of residence (stay) of the owner or administrator of this database, or give an appropriate instruction to authorized persons to obtain this information, except in cases established by law.
• Receive information about the conditions for granting access to personal data, including information about third parties to whom their personal data contained in the relevant personal data database is transferred.
• Access their personal data contained in the relevant personal data database.
• Receive a response within no more than thirty calendar days from the date of receipt of the request, except in cases provided by law, whether their personal data is being processed, and also receive the content of such personal data.
• Submit a motivated objection to the owner of personal data against the processing of their personal data.
• Submit a motivated request for the modification or destruction of their personal data to any owner and administrator of personal data if this data is processed unlawfully or is inaccurate.
• Protect their personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision, or untimely provision, as well as protection from the provision of inaccurate or defamatory information about the individual.
• Lodge complaints about the processing of their personal data with the Commissioner or the court.
• Apply legal remedies in case of violation of legislation on personal data protection.
• Make reservations regarding the limitation of the right to process their personal data when giving consent.
• Withdraw consent to personal data processing.
• Know the mechanism of automated processing of personal data.
• Protection from an automated decision that has legal consequences for them.
Manage communication settings: You can opt out of receiving promotional emails at any time by using the "unsubscribe" option contained in these emails. Important: opting out of promotional mailings does not affect the receipt of non-promotional messages related to your account or orders.
To exercise any of these rights, you can contact us using the contact details provided in Section 14 of this Policy. We will not discriminate against you for exercising these rights. Additional information (e.g., email address or account information) may be required to verify your identity. In case a request is submitted by an authorized agent, we may require confirmation of your agent's authority and/or your direct verification. We will process your request within the timeframes established by law.
11. Procedure for Handling Personal Data Subject Requests
11.1. The personal data subject has the right to receive any information about themselves from any subject of relations related to personal data, without specifying the purpose of the request, except in cases established by law.
11.2. Access of the personal data subject to data about themselves is free of charge.
11.3. The personal data subject submits a request for access (hereinafter - request) to personal data to the owner of the personal data database. The request shall specify:
• Last name, first name, and patronymic, place of residence (stay), and details of the document identifying the personal data subject.
• Other information that allows identifying the personal data subject.
• Information about the personal data database for which the request is submitted, or information about the owner or administrator of this database.
• List of requested personal data.
11.4. The term for reviewing the request for its satisfaction cannot exceed ten working days from the date of its receipt. Within this period, the owner of the personal data database informs the personal data subject that the request will be satisfied or that the relevant personal data is not subject to provision, indicating the grounds specified in the relevant regulatory legal act.
11.5. The request is satisfied within thirty calendar days from the date of its receipt, unless otherwise provided by law.
12. Complaints
If you have any complaints regarding the processing of your personal data, please contact us using the contact details provided in Section 14 of this Policy. We will make every effort to resolve your complaint. If you are not satisfied with our response, you may have the right to file a complaint with the Commissioner for Human Rights of the Verkhovna Rada of Ukraine or another relevant personal data protection authority in your jurisdiction.
13. International Users
Please note that your personal data may be transferred, stored, and processed outside your country of residence. The processing of your data may also be carried out by personnel and third-party service providers and partners in these countries. In the event that your personal data is transferred outside the European Economic Area (EEA) or the United Kingdom, we will rely on recognized transfer mechanisms, such as the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the United Kingdom, unless otherwise provided by law (e.g., if the destination country has an adequate level of data protection).
14. Contacts
For any questions regarding our privacy practices, this Policy, or to exercise your rights, please contact us:
• Email: welcome@adaptis.com
• Postal address: 1 Arkhitektora Verbytskoho St., office 20, Kyiv, 02091, Ukraine
