According to the current legislation of Ukraine, the processing and collection of any personal data by the owners of this website are regulated by the Law of Ukraine "On Personal Data Protection" and cannot be used otherwise.
By providing their personal data, users agree to these terms. They also confirm that they are familiar with the LAW OF UKRAINE On the Protection of Personal Data.
LAW OF UKRAINE ON PERSONAL DATA PROTECTION

Article 1. Scope of the Law

This Law regulates relations related to the protection of personal data during their processing.
This Law does not apply to activities related to the creation of databases and the processing of personal data in these databases:
by an individual - exclusively for non-professional personal or household needs;
by a journalist - in connection with the performance of his official or professional duties;
by a professional creative worker - for creative activity.

Article 2. Definitions

In this Law, the following terms are used in the following meanings:
personal data database - a named set of ordered personal data in electronic form and/or in the form of personal data files;
owner of the personal data database - a natural or legal person to whom, by law or with the consent of the subject of personal data, the right to process this data is granted, which approves the purpose of processing personal data in this database, establishes the composition of this data and the procedures for their processing, unless otherwise provided by law;
State Register of Personal Data Databases - a single state information system for collecting, accumulating and processing information on registered personal data databases;
consent of the subject of personal data - any documented, including written, voluntary expression of will of a natural person regarding the granting of permission to process his personal data in accordance with the formulated purpose of their processing;
depersonalization of personal data - removal of information that allows identifying a person;
processing of personal data - any action or set of actions carried out fully or partially in an information (automated) system and/or in personal data files, which are related to the collection, registration, accumulation, storage, adaptation, alteration, use and distribution (dissemination, implementation, transmission), depersonalization, destruction of information about a natural person;
personal data - information or a set of information about a natural person who is identified or can be specifically identified;
data manager of the personal data database - a natural or legal person to whom the owner of the personal data database or the law has granted the right to process this data;
subject of personal data - a natural person to whom personal data relate;

third party - any person, except the subject of personal data, the owner or administrator of the personal data database, and the authorized state body for personal data protection, to whom the transfer of personal data is made by the owner or administrator of the personal data database in accordance with the law.

Article 3. Legislation on Personal Data Protection

The legislation on personal data protection includes the Constitution of Ukraine, this Law, other laws and subordinate regulatory legal acts, international treaties of Ukraine, the binding force of which is approved by the Verkhovna Rada of Ukraine.

Article 4. Subjects of Relations Related to Personal Data

The subjects of relations related to personal data are:
the subject of personal data;
owner of the personal data database;
administrator of the personal data database;
third party;
authorized state body for personal data protection;
other state authorities and local self-government bodies, whose powers include the protection of personal data.
Enterprises, institutions, and organizations of all forms of ownership, state authorities or local self-government bodies, and individual entrepreneurs who process personal data in accordance with the law may be owners or administrators of personal data databases.
Only a state-owned or municipal enterprise that is under the jurisdiction of such a body can be the administrator of a personal data database whose owner is a state authority or local self-government body.

Article 5. Objects of Protection

Objects of protection are personal data processed in personal data databases. Personal data, except for depersonalized personal data, are restricted access information. The law may prohibit the classification of personal data of certain categories of citizens or their exhaustive list as restricted access information. Personal data of an individual who claims or occupies an elective position (in representative bodies) or a position of a civil servant of the first category do not belong to restricted access information, except for information determined as such by law.

Article 6. General Requirements for Personal Data Processing

The purpose of personal data processing must be formulated in laws, other regulatory legal acts, provisions, constituent or other documents regulating the activities of the owner of the personal data database and comply with the legislation on personal data protection. In case of a change in the specified purpose of personal data processing, the consent of the subject of personal data to the processing of their data must be obtained according to the changed purpose.
Personal data must be accurate, reliable, and updated if necessary. The composition and content of personal data must be appropriate and not excessive regarding the defined purpose of their processing. The volume of personal data that can be included in the personal data database is determined by the conditions of the subject's consent to personal data or according to the law.
The primary sources of information about an individual are documents issued in his/her name, documents signed by him/her, and information provided by the person. Personal data processing is carried out for specific and lawful purposes determined with the consent of the subject of personal data or in cases provided by the laws of Ukraine in the manner prescribed by law. Processing data on an individual without his/her consent is not allowed, except in cases determined by law and only in the interests of national security, economic well-being, and human rights. If the processing of personal data is necessary to protect the vital interests of the subject of personal data, personal data may be processed without his/her consent until obtaining consent becomes possible. Personal data is processed in a form that allows the identification of the individual to whom they relate for a period not exceeding that necessary according to their legitimate purpose. The use of personal data for historical, statistical, or scientific purposes may be carried out only in depersonalized form. The standard procedure for processing personal data in personal data databases is approved by the authorized state body for personal data protection. The procedure for processing personal data belonging to bank secrecy is approved by the National Bank of Ukraine.

Article 7. Special Requirements for Personal Data Processing

The processing of personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in political parties and professional unions, as well as data relating to health or sex life, is prohibited. The provisions of the first part of this article do not apply if the processing of personal data:

1. is carried out provided that the subject of personal data has given explicit consent to the processing of such data;
2. is necessary for exercising rights and fulfilling obligations in the field of labor relations in accordance with the law;
3. is necessary to protect the interests of the subject of personal data or another person in case of incapacity or limited legal capacity of the subject of personal data;
4. is carried out by a religious organization, a civic organization of ideological orientation, a political party, or a trade union, created in accordance with the law, provided that the processing relates exclusively to the personal data of the members of these associations or persons who maintain continuous contact with them in connection with the nature of their activities, and the personal data is not transferred to a third party without the consent of the data subjects;
5. is necessary for the establishment, exercise, or defense of legal claims;
6. is necessary for the purposes of health protection, for the provision of care or treatment, provided that such data is processed by a healthcare professional or another person in a health institution who is obligated to ensure the protection of personal data;
7. relates to accusations of committing crimes, court verdicts, the exercise by a state authority of powers defined by law in relation to the performance of tasks related to operational search activities or counter-intelligence activities, combating terrorism;
8. concerns data that has been made public by the subject of personal data.

Article 8. Rights of the personal data subject

Personal non-property rights to personal data, which every individual possesses, are inalienable and inviolable.
The subject of personal data has the right:

1. to know about the location of the personal data database containing their personal data, its purpose and name, the location and/or place of residence (stay) of the owner or manager of this database, or to issue a corresponding instruction for obtaining this information by persons authorized by them, except as provided by law;
2. to receive information about the conditions of access to personal data, including information about third parties to whom their personal data is transferred, contained in the relevant personal data database;
3. to access their personal data contained in the relevant database;
4. to receive no later than thirty calendar days from the date of the request, except as provided by law, a response as to whether their personal data are stored in the relevant personal data database, as well as to receive the content of their personal data that are stored;
5. to submit a reasoned demand with objections against the processing of their personal data by state authorities, local government bodies in the exercise of their powers provided by law;
6. to submit a reasoned demand for the modification or destruction of their personal data by any owner and manager of this database if these data are processed unlawfully or are inaccurate;
7. to protect their personal data from unlawful processing and accidental loss, destruction, damage due to deliberate concealment, non-provision, or untimely provision, as well as to protect against the provision of information that is inaccurate or defamatory to the honor, dignity, and business reputation of an individual;
8. to appeal to state authorities, local government bodies whose powers include the protection of personal data, concerning the protection of their rights regarding personal data;
9. to apply legal remedies in case of violation of the legislation on the protection of personal data.

Personal data of an individual who is limited in civil capacity or declared incapacitated is managed by their legal representative.

Article 9. Registration of Personal Data Databases

A personal data database is subject to state registration by making the appropriate entry by the authorized state body for personal data protection into the State Register of Personal Data Databases.
The provisions on the State Register of Personal Data Databases and the procedure for its maintenance are approved by the Cabinet of Ministers of Ukraine.
The registration of personal data databases is carried out on an application basis by notification.
An application for the registration of a personal data database is submitted by the owner of the personal data database to the authorized state body for personal data protection.
The application must contain:

1. a request for the inclusion of the personal data database in the State Register of Personal Data Databases;
2. information about the owner of the personal data database;
3. information about the name and location of the personal data database;
4. information about the purpose of processing personal data in the personal data database, formulated in accordance with the requirements of Articles 6 and 7 of this Law;
5. information about other controllers of the personal data database;
6. confirmation of the obligation to comply with the requirements for the protection of personal data established by legislation on personal data protection.

The authorized state body for personal data protection, in the manner approved by the Cabinet of Ministers of Ukraine:
notifies the applicant no later than the next working day from the date of receipt of the application about its receipt;
decides on the registration of the personal data database within ten working days from the date of receipt of the application.
The owner of the personal data database is issued a document of the established sample on the registration of the personal data database in the State Register of Personal Data Databases.
The authorized state body for personal data protection refuses the registration of the personal data database if the application for registration does not meet the requirements of the third part of this article.
The owner of the personal data database is obliged to notify the authorized state body for personal data protection about each change in the information required for the registration of the respective database, no later than ten working days from the day of such change.
The authorized state body for personal data protection, within ten working days from the day of receiving the notification about the change in the information required for the registration of the respective database, must decide on the mentioned change and notify the owner of the personal data database about it.

Article 10. Use of Personal Data

The use of personal data entails any actions by the owner of the database regarding the processing of these data, actions for their protection, as well as actions to grant partial or full rights of processing personal data to other subjects in relations associated with personal data, conducted with the consent of the subject of personal data or according to the law.
The use of personal data by the owner of the database is carried out if they create conditions for the protection of these data. The owner of the database is prohibited from disclosing information about the subjects of personal data, access to which is provided to other subjects in relations associated with such data.
The use of personal data by employees of subjects in relations associated with personal data must be carried out only in accordance with their professional or official duties or labor obligations. These employees are obliged to prevent the disclosure of personal data in any way, which was entrusted to them or became known in connection with the performance of professional, official, or labor duties. This obligation remains in effect after the termination of their activities related to personal data, except as provided by law.
Information about the personal life of an individual cannot be used as a factor confirming or refuting their business qualities.

Article 11. Grounds for the Right to Use Personal Data

The grounds for the right to use personal data are:

1. the consent of the subject of personal data to the processing of his or her personal data. The subject of personal data has the right, when giving consent, to make reservations regarding the restriction of the right to process his or her personal data;
2. permission for the processing of personal data granted to the owner of the personal data database according to the law exclusively for the exercise of his powers.

The owner of the personal data database may entrust the processing of personal data to the processor of the personal data database according to a contract in written form.
The processor of the personal data database may process personal data only for the purpose and within the scope defined in the contract.

Article 12. Collection of Personal Data

The collection of personal data is a component of the processing process that involves actions to select or organize information about an individual and enter it into the personal data database.
The subject of personal data is informed about their rights defined by this Law, the purpose of data collection, and the entities to whom their personal data are transferred, exclusively in written form, within ten working days from the day their personal data are included in the database.
Notification is not carried out if personal data are collected from publicly available sources.
Information collected about the subject of personal data, as well as information about their sources, is provided to this subject of personal data upon their request, except in cases established by law.

Article 13. Accumulation and Storage of Personal Data

Accumulation of personal data involves actions related to the combination and systematization of information about an individual or group of individuals or the entry of this data into a personal data database.
The storage of personal data involves actions to ensure their integrity and appropriate access regime.

Article 14. Distribution of Personal Data

The distribution of personal data involves actions related to the transfer of information about an individual from personal data databases with the consent of the subject of personal data.
The distribution of personal data without the consent of the subject of personal data or their authorized representative is allowed in cases defined by law and only in the interests of national security, economic well-being, and human rights.
The party distributing this data must ensure the compliance with the established regime for the protection of personal data.
The party receiving the personal data must take measures in advance to ensure the requirements of this Law are met.

Article 15. Destruction of Personal Data

Personal data in personal data databases are destroyed in accordance with the procedure established by law.
Personal data in personal data databases must be destroyed in the case of:
1) the expiration of the data retention period defined by the consent of the subject of personal data for processing these data or by law;
2) the termination of legal relations between the subject of personal data and the owner or processor of the database, unless otherwise provided by law;
3) the legal force of a court decision regarding the removal of data about an individual from the personal data database.

Personal data collected in violation of the requirements of this Law must be destroyed in personal data databases in the manner prescribed by law.
Personal data collected during the execution of operational search activities, counterintelligence activities, or counterterrorism efforts must be destroyed in personal data databases in accordance with legal requirements.

Article 16. Procedure for Access to Personal Data

The procedure for access to personal data of third parties is determined by the terms of consent given by the subject of personal data to the owner of the personal data database for processing these data, or in accordance with the requirements of the law.
Access to personal data is not provided to a third party if said party refuses to undertake the obligations to ensure the fulfillment of the requirements of this Law or is unable to ensure them.
A subject involved in relations related to personal data submits a request for access (hereinafter referred to as the request) to the personal data database owner.
The request specifies:
1) Surname, first name, patronymic, place of residence (location) and details of the document that identifies the physical person submitting the request (for an individual – applicant);
2) Name, location of the legal entity submitting the request, position, surname, first name, and patronymic of the person certifying the request; confirmation that the content of the request corresponds to the powers of the legal entity (for a legal entity – applicant);
3) Surname, first name, patronymic, and other information that allows identifying the physical person concerning whom the request is made;
4) Information about the personal data database concerning which the request is made, or information about the owner or manager of this database;
5) List of personal data being requested;
6) Purpose of the request.

The period for considering the request in terms of its satisfaction cannot exceed ten working days from the day of its receipt.
Within this period, the owner of the personal data database informs the person submitting the request whether the request will be satisfied or the respective personal data will not be provided, indicating the basis defined in the relevant legal act.

The request is satisfied within thirty calendar days from the day of its receipt, unless otherwise provided by law.

The subject of personal data has the right to receive any information about themselves from any subject involved in relations related to personal data, without stating the purpose of the request, except in cases established by law.

Article 17. Postponement or Denial of Access to Personal Data

Postponing access of the personal data subject to their personal data is not permitted.
Postponement of access to personal data for third parties is allowed if the necessary data cannot be provided within thirty calendar days from the date of the request. In this case, the total term for resolving the issues raised in the request cannot exceed forty-five calendar days.
Notification of the postponement is provided to the third party making the request in written form, with an explanation of the procedure for appealing such a decision.

The notification of postponement shall include:

1) The surname, name, and patronymic of the official;
2) The date of sending the notification;
3) The reason for the postponement;
4) The period within which the request will be satisfied.

Denial of access to personal data is permitted if access to them is prohibited by law.
The notification of denial shall include:

1) The surname, name, and patronymic of the official denying access;
2) The date of sending the notification;
3) The reason for the denial.

Article 18. Appeal of the Decision on Postponement or Denial of Access to Personal Data

The decision on postponement or denial of access to personal data may be appealed to the authorized state body for personal data protection, other state authorities, and local self-government bodies whose powers include the protection of personal data, or to court.
If the request is made by the subject of personal data regarding their own data, the burden of proving the legality of the denial of access in court lies with the owner of the personal data database to which the request was made.

Article 19. Payment for Access to Personal Data

Access of the personal data subject to data about themselves is provided free of charge.
Access of other subjects in relations associated with personal data to personal data of a specific individual or group of individuals may be subject to a fee under the conditions defined by this Law. The work related to the processing of personal data, as well as work on consulting and organizing access to the relevant data, is subject to payment.
The fee for services provided for access to personal data by state authorities is determined by the Cabinet of Ministers of Ukraine.
State authorities and local self-government bodies have the right to unhindered and free access to personal data in accordance with their powers.

Article 20. Amendments and Additions to Personal Data

Owners or administrators of personal data bases are obliged to make amendments to personal data based on a motivated written request from the subject of personal data.
The amendments to personal data may also be made upon the request of other subjects related to the personal data, provided there is consent from the subject of personal data or the amendment is made by a court decision that has entered into legal force.
Amendments to personal data that do not correspond to reality must be made immediately upon the identification of the discrepancy.

Article 21. Notification of Actions with Personal Data

The owner of a personal data database shall notify the subject of personal data within ten working days about the transfer of personal data to a third party, if required by the terms of their consent or otherwise not provided by law.
Notifications mentioned in the first part of this article are not made in cases of:

1. transferring personal data upon requests for the purposes of conducting operational search activities or counter-intelligence activities, fighting terrorism;
2. execution of their powers by state authorities and local self-government bodies as provided by law;
3. processing of personal data for historical, statistical, or scientific purposes.

The owner of a personal data database shall notify the subject of personal data within ten working days about the change or destruction of personal data or restriction of access to them, as well as the subjects related to the personal data to whom this data was transferred.

Article 22. Control over Compliance with Legislation on Personal Data Protection

Control over compliance with legislation on the protection of personal data within the powers provided by law is exercised by the following bodies:
1) the authorized state body for the protection of personal data;

2) other state authorities and local self-government bodies.

Parliamentary control over compliance with human rights for the protection of personal data is carried out by the Commissioner for Human Rights of the Verkhovna Rada of Ukraine in accordance with the law.

Article 23. The Authorized State Body for Personal Data Protection

The authorized state body for personal data protection is a central executive authority whose responsibilities include the protection of personal data, established in accordance with legislation.
The authorized state body for personal data protection:

1. ensures the implementation of state policy in the field of personal data protection;
2. registers databases of personal data;
3. maintains the State Register of personal data databases;
4. exercises control over compliance with the legislation on personal data protection within its powers, ensuring access to information related to the processing of personal data in the database, and to the premises where it is processed, in accordance with the law;
5. issues mandatory legal requirements (instructions) to eliminate violations of the legislation on personal data protection;
6. considers proposals, inquiries, appeals, demands, and complaints from individuals and legal entities;
7. organizes and ensures interaction with foreign entities related to personal data;
8. participates in the work of international organizations on personal data protection.

Article 24. Ensuring the Protection of Personal Data in Personal Data Databases

The state guarantees the protection of personal data.
Entities involved in personal data relations are obligated to ensure the protection of this data from unlawful processing and from unlawful access.
The responsibility for ensuring the protection of personal data in a database rests with the owner of that database.
The owner of a personal data database in electronic form ensures its protection in accordance with the law.
In state authorities, local government bodies, organizations, institutions, and enterprises of all forms of ownership, a structural unit or responsible person is designated to organize work related to the protection of personal data during its processing, in accordance with the law.
Individuals - entrepreneurs, including doctors with the appropriate license, lawyers, notaries personally ensure the protection of personal data databases they own, in accordance with legal requirements.

Article 25. Limitation on the Application of Certain Articles of this Law

The limitations on the rights provided for in Articles 8, 11, and 17 of this Law are implemented only in the interests of:
1) national security, economic well-being, and human rights;
2) protecting the rights and freedoms of individuals whose personal data are processed, or the rights of other subjects involved in personal data relations, as well as for the purpose of combating crime;
3) providing entities involved in personal data relations with aggregated anonymized information about personal data in accordance with the law.

Subjects involved in personal data relations exercise their powers within the limits established by the Constitution and laws of Ukraine.

Article 26. Financing Activities for the Protection of Personal Data

The financing of works and measures to ensure the protection of personal data is carried out at the expense of the State Budget of Ukraine and local budgets, funds of entities involved in personal data relations.

Article 27. Application of the Provisions of this Law

The provisions regarding the protection of personal data set forth in this Law may be supplemented or specified by other laws, provided that they establish requirements for the protection of personal data that do not contradict the requirements of this Law. Professional associations may develop corporate codes of conduct to ensure effective protection of personal data subjects' rights and to promote compliance with the law, taking into account the specifics of personal data processing in different fields.

Article 28. Liability for Violation of Personal Data Protection Legislation

Violations of the legislation on the protection of personal data entail liability established by law.

Article 29. International Cooperation

Cooperation with foreign entities related to personal data is regulated by the Constitution of Ukraine, this Law, other normative legal acts, and international treaties of Ukraine. If an international treaty of Ukraine, consent to be bound by which has been provided by the Verkhovna Rada of Ukraine, establishes rules other than those provided by Ukrainian legislation, the rules of the international treaty of Ukraine apply. The transfer of personal data to foreign entities related to personal data is carried out only under conditions that ensure the proper protection of personal data, with the appropriate permission, and in cases established by law or an international treaty of Ukraine, in the manner prescribed by legislation. Personal data cannot be disseminated for purposes other than those for which they were collected.

Article 30. Final Provisions

This Law shall come into force on January 1, 2011. Within six months from the day of entry into force of this Law, the Cabinet of Ministers of Ukraine is to:
- ensure the adoption of normative legal acts provided by this Law;
- ensure the alignment of its normative legal acts in accordance with this Law.