site-logo
0 800 300 545

ukrposhta@ukrposhta.ua

contact center

Home Market Pharmacy Tracking Post offices Career

Personal data processing policy

1. General provisions.

1.1. The provision of services by JSC “Ukrposhta” (hereinafter referred to as the Company), including financial services, taking into account payment services, involves the processing of personal data of users of such services (including persons whose data is provided by users who order the Company's services to the extent necessary to provide the relevant service) and individuals whose personal data is specified in written service agreements concluded with the Company. The Company considers it a priority to process personal data exclusively on the grounds and in the manner specified by the legislation of Ukraine.

1.2. The purpose of the Policy on the general principles of processing personal data of users of the services of JSC “Ukrposhta” (hereinafter referred to as the Policy) is to ensure an adequate level of accessibility and transparency of the personal data processing process in the course of the Company's economic activities.

1.3. The Policy is based on the current legislation of Ukraine and the provisions of the ISO series of international standards for the protection of personal data in the field of postal services and other legislation of Ukraine in the field of services provided by the Company.

2. Scope and duration of the Policy.

2.1. The Policy is mandatory for application within the Company as part of the personal data processing procedure and applies to all processes related to the provision of services by the Company that involve the processing of personal data of data subjects.

2.2. The term of the Policy is not limited. The Company ensures that timely changes are made to the Policy and informs about them by posting the updated version on the Company's official website.

3. Purpose of personal data processing.

3.1. The purpose of personal data processing by the Company is to provide quality services to users of such services (personal data subjects) and to process information that constitutes a service consumption profile.

4. Principles of personal data processing.

4.1. Transparency of the personal data processing process:

  • The policy is published on the Company's official website http://www.ukrposhta.ua and is available for review.

The grounds for processing personal data are:

  • performance of the Company's duties as provided for by law;
  • a legal transaction to which the data subject is a party or which is concluded in his/her favor;
  • the consent of the data subject to the processing of his/her personal data;
  • protection of the legitimate interests of the Company, except in cases where the need to protect the fundamental rights and freedoms of the personal data subject in connection with the processing of their data outweighs such interests.

The terms of processing and storage of personal data are determined taking into account the specifics of the processes of providing specific services of the Company, including the terms of storage of financial documents, reporting, etc., provided for by regulatory legal acts.

4.2. Accessibility of personal data.

Personal data is accessible to the subject of such data, access to which is provided in accordance with the procedure established by the legislation on the protection of personal data.

4.3. Grounds for processing personal data.

The Company processes the personal data of data subjects for the purpose of providing them with quality services, including postal services, on the basis of:

  • the consent of the data subject to the processing of their personal data;
  • permission to process personal data granted to the personal data owner (the Company) in accordance with the law exclusively for the exercise of its powers;
  • the conclusion and execution of a legal transaction (in particular, contracts for the provision of services (public offers, etc.)), to which the personal data subject is a party or which is concluded in favor of the personal data subject or for the implementation of measures preceding the conclusion of a legal transaction at the request of the personal data subject;
  • the need to fulfill the obligations of the personal data controller (the Company) provided for by law, in particular the Law of Ukraine “On Postal Services,” etc.

4.4. Consent of the personal data subject.

The subject may voluntarily give the Company consent to process their personal data for the purpose of receiving advertising and informational materials, in the case of registration on the web resource/mobile application or for another purpose specified by the Company. The subject's consent to the processing of their personal data must be voluntary and informed. Consent may be given by the subject in writing or electronically, which allows to conclude that it has been given. Documents (information) confirming the subject's consent to the processing of their personal data are stored by the Company for the duration of the processing of such data. 

The procedure for third parties to access the personal data of users of the Company's services is determined by the terms and conditions of the Company's services, the consent of the personal data subject given to the Company for the processing of such data, with the exception of the conditions specified by the current legislation and regulatory acts of the state.

5. Features of processing and determining personal data.

5.1. Types of personal data processing.

Personal data in the Company is processed using automation tools or without using such tools, taking into account the specifics of the processes of providing services by the Company, the level of automation of such processes, and/or circumstances that may interfere with automated data processing.

5.2. Identification of personal data subjects when using the Company's web resources/mobile applications.

Users who use the Company's web resources/mobile applications are subjects of personal data only from the date of their registration on the web resource/mobile application and giving consent to the processing of their personal data.

5.3. Processing of personal data of subjects who receive the Company's services.

Legal entities are not subjects of personal data.

The processing of personal data of users of the Company's services (natural persons) is carried out in accordance with this Policy and the law.

5.4. Use of personal data subject information.

Information obtained from users of the Company's services (personal data subjects) is used for:

  • creating an account that uses the Company's information resources (web resources/mobile applications);
  • providing the service or function requested by the user;
  • communicating with users to inform them about personalized unique offers and promotions of the Company;
  • assessing and analyzing market demand, products/services, and services of the Company;
  • effective customer service;
  • ensuring updates and technical support for services, including the mobile application;
  • other purposes to the extent necessary for the Company to provide quality services.

5.5. Restrictions on the further transfer (dissemination) of personal data.

The Company may transfer information received from service users in the course of providing services to third parties for the purpose of proper performance of its duties, in accordance with the requirements of the law. The transfer of personal data is possible only on a contractual basis, provided that it is properly stored and protected by the third party, and that the third party's responsibility for ensuring the proper protection of personal data is clearly defined, except in cases expressly provided for by law.

The transfer of personal data to foreign entities for processing abroad is carried out in compliance with the conditions set forth in Article 29 of the Law of Ukraine “On the Protection of Personal Data” (hereinafter referred to as the Law).

The Company may disclose personal data without the consent of the data subject or his/her authorized representative in cases specified by law and only (if necessary) in the interests of national security, economic well-being, and human rights.

6. Rights and obligations of the personal data subject.

6.1. Rights and obligations of the user of the Company's services – the personal data subject:

  • The personal data subject has the right to receive information about the procedure for processing their personal data, as well as other rights specified in Article 8 of the Law;
  • The personal data subject is obliged to act in accordance with the requirements of the law.

The Company is not responsible for violations of personal data protection legislation by users of the Company's services, including the dissemination of personal data of persons on whose behalf and in whose interests they receive the Company's services.

6.2. The right to correct, destroy, or block access to personal data.

The subject of personal data has the right to correct or delete (in whole or in part) information about them in the Company's information systems/resources free of charge in accordance with the procedure determined by the Company, if it is incorrect, inappropriate, or excessive, or if it is stored for longer than is necessary to provide the relevant services, taking into account the specifics of the provision of services and/or storage periods. If the deletion of such data is technically impossible or not provided for by law, such data shall be protected from processing by blocking access to it or by other technically possible means.

6.3. Right of access to personal data.

The subject of personal data has the right to access data about themselves.

The subject of personal data has the right to submit a request for access to their personal data.

The request shall be made in accordance with Article 16 of the Law.

The Company shall take the necessary measures to clarify all the circumstances set out in the request.

6.4. Appeal against a decision to defer or refuse access to personal data.

Appeals against decisions to delay or deny access to personal data shall be made in accordance with Article 18 of the Law.

6.5. Withdrawal of consent to the processing of personal data.

The subject of personal data has the right to withdraw consent to the processing of personal data by submitting a written request.

In case of withdrawal of consent to the processing of personal data provided during registration in the personal account, such personal account shall be blocked and deleted;

The user of the Company's services cannot withdraw consent to the processing of his/her personal data if such data is processed by the Company on the basis of the law and/or a relevant legal transaction.

7. Processing, deletion/depersonalization, and protection of personal data.

7.1. The processing and protection of personal data in the Company is based on a risk-oriented approach to prevent, detect, and eliminate threats of unauthorized access to personal data and/or its unlawful processing.

7.2. The CEO of the Company shall determine the persons and/or structural units responsible for the protection of personal data in accordance with the law and this Policy.

7.3. The deletion and/or depersonalization of personal data of personal data subjects among users of the Company's services is ensured by the Company's units responsible for the processing and storage of personal data, in accordance with the requirements of current legislation on the protection and processing of personal data, including taking into account the requirements of legislation on financial monitoring, operational-investigative and/or counterintelligence activities

The deletion and/or depersonalization of personal data of personal data subjects among users of the Company's services is carried out in the following cases:

  • a reasoned request from a personal data subject among the users of the Company's services, drawn up and submitted in accordance with the Law of Ukraine “On the Protection of Personal Data” with confirmation of receipt of services, the provision of which involves the processing of personal data;

The deletion and/or depersonalization of personal data of personal data subjects among users of the Company's services is carried out only in the case of confirmation by such subjects of the receipt of specific services that involve the processing of personal data within the scope of the provision of such services.

7.4. The Company cooperates with state authorities and officials responsible for the protection of personal data in Ukraine in accordance with the requirements of the law.

Cookies and privacy policy

Ukrposhta website uses cookies to help us make the site faster, more convenient and more functional. By continuing to browse this site you agree to our use of cookies.
Learn more at the Privacy Policy page.