CHARITY ORGANIZATION "CHARITY FUND "INCLUSIVE FOUNDATION "LIGHT IN YOU"
1. General provisions and scope of application.
2. Composition and content of personal data.
3. Purpose, limits, grounds and terms of personal data processing.
4. Location of personal data.
5. Terms of disclosure of personal data to third parties.
6. Protection of personal data.
7. Rights of the User (subject of personal data).
8. The procedure for handling requests from subjects of personal data (Users).
9. Deleting the User`s personal data.
10. Amendments to the Regulations.
1. General provisions and scope of application.
1.1. This Regulation on the Processing and Protection of Personal Data (hereinafter referred to as the "Regulation") has been developed by the CHARITABLE ORGANIZATION "CHARITABLE FOUNDATION 'INCLUSIVE FOUNDATION 'LIGHT IN YOU'" (hereinafter referred to as the "Organization" and/or the "Data Controller") in accordance with the current legislation of Ukraine, including, but not limited to, the Law of Ukraine "On the Protection of Personal Data" dated June 1, 2010, No. 2297-VI. It establishes the procedure for obtaining, collecting, storing, processing, using, ensuring the protection of, and disclosing personal data (hereinafter referred to as "Data" and/or "Personal Data").
1.2. By registering on the website https://lightinyou.org.ua/, authorizing, or attempting to participate in a charitable program without prior registration, or through data received from other governmental or non-governmental organizations about individuals who have lost their sight and require assistance, the User provides consent and unambiguous agreement to the processing of their personal data under the terms and conditions outlined below. The User also confirms their acknowledgment of this Regulation, acceptance of it, and agreement with its content.
1.3. In this Regulation, the Online Platform refers to the website https://lightinyou.org.ua/.
1.4. The owner of the Users' personal data is the CHARITABLE ORGANIZATION "CHARITABLE FOUNDATION 'INCLUSIVE FOUNDATION 'LIGHT IN YOU'".
1.5. All terms used in this Regulation are defined in accordance with the Law of Ukraine "On the Protection of Personal Data" dated June 1, 2010, No. 2297-VI.
1.6. The website may contain links to other websites (for informational purposes only). Upon following these links, this Regulation no longer applies to those websites. Therefore, the Organization recommends reviewing the privacy and personal data policies of each website before providing personal data that could identify you.
1.7. This Regulation is mandatory for implementation by the responsible person and employees of the CHARITABLE ORGANIZATION "CHARITABLE FOUNDATION 'INCLUSIVE FOUNDATION 'LIGHT IN YOU'" who directly process and/or have access to the personal data of beneficiaries and/or their family members, legal representatives, or users of the online platform in connection with the performance of their official duties.
2. Composition and content of personal data
2.1. "Data" refers to any information directly or indirectly related to a specific User. This may include: name, surname, patronymic (if applicable), phone number, email address, date of birth, presence of children, gender, hobbies, ownership of pets, ownership of a car and its VIN number, preferred language, address of residence/location/delivery, information about User actions while using the Website, IP address, details about the devices used by the User (device type, browser type, operating system), message history (information contained in correspondence between the User and the Organization), history of reviews or comments, other communication-related information, and any information voluntarily provided by the User in the registration form and/or when completing their profile on the Website, filling out a survey (via a questionnaire or otherwise), or information obtained during oral communication between the User and the Website administration. This also includes information provided during interactions, such as passport details, identification codes, and more. This list of personal data is not fixed or mandatory for all Users and depends on the User’s needs, preferences, and the operations they perform on the Website or during interaction with the Organization. "Data" also includes other information lawfully obtained by the Website from third parties and/or accessible from the User's social media profiles—if registration on the Website is done via social media authentication services. In such cases, the User consents to the processing of information available from their social media accounts (profiles).
2.2. Users are responsible for all information they post in publicly accessible accounts. The User must understand all risks associated with disclosing their address or precise location information. If the User chooses to log in to the Online Platform using a third-party authentication service, such as Facebook, the Organization may receive additional profile or other information accessible through that third-party service.
3. Purpose, limits, grounds and terms of personal data processing
3.1. Purpose of Personal Data Processing: Ensuring the implementation of civil-law relations, economic and tax relations, and performing the functions, powers, and duties assigned to the Organization under Ukrainian legislation. Identifying the client as a User of the Website, communicating with the User, including for providing services, processing payments, shipping, conducting financial transactions, providing reporting, maintaining accounting and management records, creating and implementing charitable programs, sending mailings (via mail, email, or phone), including offers of assistance, interaction notifications, event updates, and site news. This also includes providing financial assistance to Users, improving service quality, forming specialist and offer ratings, conducting keyword searches, managing website traffic, analyzing and predicting User preferences for personalized offers, conducting research and analytics, and sending informational and marketing materials (news, details on charitable programs, personalized recommendations, and offers). Sending mailings, notifications about programs, or updates regarding the Website’s functionality via mail, email, phone, or informational messages. Users may opt out of receiving informational and marketing communications through the Website’s settings at any time. Fulfilling other legal obligations imposed on the Data Controller, protecting the legitimate interests of the Data Controller, or third parties receiving personal data.
3.2. Basis for Personal Data Processing: The basis for processing the personal data of Online Platform Users is the User's consent, expressed by using the Online Platform. For Beneficiaries not using the Online Platform, the basis for processing is their signed consent to data processing.
3.3. Restrictions on Data Processing: The Organization does not process data related to racial or ethnic origin, political opinions, religious or other beliefs, or membership in public organizations. It also does not process physiological characteristics that allow identification of the User’s identity.
3.4. Data Processing Period: Personal data is processed indefinitely by any lawful means, including in information systems using automation tools or without them. The duration of data processing and storage is determined by the processing purposes and agreements concluded with Users, in compliance with Ukrainian legislation. Data is processed and stored as long as necessary to achieve the purposes outlined in section 3.1. The User has the right to request the cessation of processing and storage of their personal data or to delete their data from their account. Deleting a User account or submitting a request to cease processing and storing personal data will result in the immediate cessation of processing, storage, and deletion of such data by the Data Controller.
3.5. User Rights: Users can modify/delete their personal information, opt-out of receiving notifications, or withdraw consent to data processing at any time. This can be done via their account or by sending an email to office@lightinyou.org.ua with the subject line "Personal Data." Account deletion initiated by the User will follow the procedures defined in the User Agreement and Website Terms of Use.
3.6. Inactive Accounts: If a User account remains inactive for more than 5 years, the Organization reserves the right to delete the account, including all stored personal data. This deletion renders the account inaccessible. The procedure for deleting User data from internal databases is governed by the Organization’s internal policies. For inquiries about the grounds, conditions, or procedures for changing or deleting personal data, please contact the Online Platform’s official email with the subject line "Personal Data."
4. Location of personal data
4.1. Personal data of Users of the Online Platform are processed and protected on the servers of the Organization and/or specialized operators (providers) of communications.
5. Terms of disclosure of personal data to third parties
5.1. Data Sharing with Other Organizations The Organization may exchange Data with other organizations that process and use the Data for purposes specified in this Policy.
5.2. Data Disclosure for Order Processing Data may be disclosed when a User orders goods/services on the Website, limited to the extent necessary for User identification, order processing, and fulfillment (including ensuring proper payment transactions and financial service provision).
5.3. Engagement of Third-Party Providers The Organization may involve third-party providers of goods/services to execute charitable programs. In such cases, these third-party providers are not authorized to use the received personal data for purposes other than executing the charitable program.
5.4. Sharing Anonymized Data The Organization may share certain anonymized information or permit authorized researchers to collect such depersonalized information through appropriate technologies. This data, which does not allow individual User identification, is used for marketing research, enhancing the effectiveness of charitable campaigns (e.g., by offering more relevant proposals), analytical activities, etc.
5.5. Data Sharing During Promotions The Organization may share Data with providers of goods/services during contests, promotions, and campaigns to ensure their proper execution. In such cases, the Data is used and may be transferred to third parties solely for the purposes of conducting the contests, promotions, and campaigns, including identifying participants or winners.
5.6. Legal and Fair Processing of Data The Organization processes Data lawfully and fairly. Data is not disclosed to third parties or distributed without the User's consent, except in cases provided by Ukrainian law and only in the interests of national security, economic welfare, and human rights, including: Upon justified requests from government authorities authorized to request and receive such Data. For purposes of combating fraud and abuse.
5.7. Notification of Data Transfer In cases of personal data transfer as outlined in this section, notifying the User about the transfer of their personal data is at the Organization's discretion.
6. Protection of personal data
6.1. Prevention of Data Breaches The Data Controller must prevent losses, theft, unauthorized destruction, distortion, forgery, or copying of information and comply with international and national standards.
6.2. Obligations of Authorized Personnel Employees or authorized persons directly processing or accessing personal data as part of their duties are required to adhere to Ukrainian data protection legislation and internal regulations on data processing and security.
6.3. Confidentiality Obligations Authorized personnel must not disclose personal data entrusted to them or obtained during their duties, even after termination of their role, except as required by law.
6.4. Data Retention Period Personal data must not be retained longer than necessary for the purposes for which it was collected, and in any case, no longer than the period defined by this Policy or as agreed by the User.
6.5. Enhanced Account Security Measures Additional measures must be implemented to protect Users’ accounts and personal data from unauthorized access, providing an extra layer of security.
6.6. Internal Data Management Rules The Data Controller must develop and implement internal rules for handling personal data. These should include: Procedures for deleting certain data after interactions end. Levels of access for internal staff to User data. Secure procedures for internal data exchange. The Organization must regularly audit its security systems to identify and implement improvements in the secure storage and use of User data.
7. Rights of the User (subject of personal data)
7.1. Rights of the Data Subject (User) The User has the right to:
- Know the location of their personal data: Understand its purpose, the name, and location of the Data Controller or Processor, or delegate this inquiry to an authorized individual unless restricted by law.
- Access information on data sharing: Receive details about conditions for access to personal data, including information on third parties to whom the data is transferred.
- Access their personal data: Review, edit, or delete their personal data stored by the Organization.
- Control notifications: Manage notification preferences through the Online Platform settings.
- Receive confirmation of data storage: Obtain a response within 30 calendar days of a request (unless otherwise stated by law) on whether their personal data is being stored and access its contents.
- Object to data processing: Submit a motivated objection to the processing of their personal data by government or municipal authorities during the execution of their legal powers.
- Protect personal data: Safeguard their data from unlawful processing, accidental loss, destruction, or damage, including cases of deliberate concealment, delays in providing data, or provision of inaccurate or defamatory information.
- Seek redress: Address relevant state or local authorities for issues related to data protection and seek legal remedies if data protection laws are violated.
- Request termination of processing: Submit a request to the Organization to cease processing their personal data and to destroy the respective data.
8. Procedure for handling requests of the subject of personal data (User)
8.1. Right to Information: The User has the right to request any information about themselves from any party involved in personal data relations without specifying the purpose of the request, except as restricted by law.
8.2. Free Access: Access to personal data about the User is provided free of charge.
8.3. Procedure for Requesting Access: The User submits a request for access to personal data to the Data Controller. The request must include: Full name, residence address, and identification document details of the User; Additional details for identifying the User; Information about the personal data or the Data Controller/Processor; List of requested personal data.
8.4. Review Period: The Data Controller must review the request within 10 working days from the date of receipt.
8.5. Notification of Decision: Within the review period, the Data Controller informs the User whether the request will be granted or denied, specifying the legal basis for the decision.
8.6. Timeframe for Fulfillment: If granted, the request must be fulfilled within 30 calendar days of receipt, unless otherwise stipulated by law..
9. Deleting the User's personal data
9.1. The User's personal data may be deleted at the User's request by performing the following actions: - submission of a written request with a request to stop the processing of personal data to the e-mail office@lightinyou.org.ua with a note in the subject of the letter "Personal data"; - performing actions to delete the User's data.
9.2. Personal data of Users shall be deleted or destroyed in accordance with the procedure established in accordance with the requirements of the Law. In addition to the cases provided for in clause 9.1. Personal data of the User shall also be subject to deletion in the event of: - issuance of a relevant order by the Commissioner of the Verkhovna Rada of Ukraine for Human Rights (hereinafter referred to as the Commissioner) or officials of the Secretariat of the Commissioner of the Verkhovna Rada of Ukraine for Human Rights designated by him; - entry into force of a court decision on the deletion or destruction of personal data.
9.3. Users may withdraw their consent to the processing of Personal Data at any time. This can be done by sending a request to the e-mail address: office@lightinyou.org.ua with the subject line “Personal Data”. In this case, the Organization’s employees will consider such a request to delete personal data and delete the User’s personal data from the Organization’s information systems.
9.4. The destruction of Users’ personal data is carried out in a manner that excludes the further possibility of updating such personal data, as well as identifying the User.
10. Amendments to the Regulations
10.1. The Organization may from time to time unilaterally update these Regulations without notifying the User of such changes. The new version of the Regulations shall enter into force from the moment of its posting on the Online Platform, unless otherwise provided by the new version of the Regulations. The current version of the Regulations is always available on the page at: https:/lightinyou.org.ua/
10.2. If any changes have been made to the Regulations with which the User does not agree, he is obliged to stop using the charitable program or stop interacting with the Organization. The fact of continuing to use the charitable program or continuing to interact with the Organization is confirmation of the User's consent and acceptance of the relevant version of the Regulations.
Date of last revision: 08.02.2024