Privacy policy

1. General provisions and scope

1.1. This Personal Data Processing and Protection Policy (hereinafter – the “Policy”) is adopted by Private Entrepreneur (FOP) Chernetskyi Oleksandr Mykolaiovych, Unified State Register code 3166815273 (hereinafter – the “Data Controller”), in accordance with the applicable laws of Ukraine, including but not limited to the Law of Ukraine “On Personal Data Protection” No. 2297-VI of 1 June 2010. The Policy defines the procedure for obtaining, collecting, accumulating, storing, processing, using, protecting and disclosing personal data (hereinafter – the “Data” or “Personal Data”) through the website kuko.com.ua (hereinafter – the “Website”) and/or related services and tools.

1.2. By registering on the Website kuko.com.ua or logging in, starting to use the online store, or attempting to place an order without prior registration, the User (Customer) grants permission and explicit consent to the processing of his/her personal data on the terms and in the manner specified in this Policy, and confirms that he/she has read, understood and agreed to the Policy.

1.3. The owner and controller of the Users’ personal data is Private Entrepreneur (FOP) Chernetskyi Oleksandr Mykolaiovych, Unified State Register code 3166815273.

1.4. Terms used in this Policy have the meaning given to them in the Law of Ukraine “On Personal Data Protection” No. 2297-VI of 1 June 2010.

1.5. The Website may contain links to other websites (for information purposes only). This Policy does not apply to such websites. The Data Controller recommends that you familiarize yourself with the privacy and personal data processing rules of each such website before providing any personal data.

1.6. This Policy is mandatory for the responsible person and employees of the online store who directly process and/or have access to personal data of users of the Website kuko.com.ua in connection with the performance of their official duties.

2. Scope and content of personal data

2.1. “Data” means any information that directly or indirectly relates to a specific User. Such information may include, in particular:

  • first name, surname, patronymic (if any);
  • phone number;
  • e-mail address;
  • date of birth, gender;
  • residential, contact and/or delivery address;
  • information about the presence of children, pets, a car and its VIN number (if provided by the User);
  • preferred communication language;
  • information about the User’s actions when using the online store;
  • IP address, information about the User’s device and software (device type, browser type, operating system);
  • history of messages and correspondence between the User and the online store administration;
  • other personal data, including details of identity documents, registration and tax data, and, where necessary, passport details, tax identification number and other data required for proper performance of contractual obligations and/or compliance with legal requirements.

The above list of personal data is not fixed or mandatory for all Users and depends on the operations that the User performs in the online store and on the data that he/she provides voluntarily.

Data also include other information lawfully obtained by the online store from third parties and/or information that becomes available from the User’s profiles in social networks when the User registers or logs in using social network authentication services. In this case, the User consents to the processing of information available from the relevant social network accounts (profiles).

2.2. Users are responsible for all information posted by them in publicly accessible accounts. The User must be aware of the risks associated with publishing his/her address or other information on his/her exact location. When logging in to the Website via third-party authentication services (for example, Facebook and others), the Data Controller may receive additional profile information that such third parties make available.

3. Purposes, scope, legal grounds and terms of personal data processing

3.1. Personal data are processed for the following purposes:

  • to ensure the implementation of civil, commercial, tax and other legal relations, and to enable the Data Controller to exercise its functions, powers and obligations in accordance with the applicable legislation of Ukraine;
  • to identify the customer as a User of the online store in order to contact him/her, provide services, process payments, accept and process orders, ship goods, execute settlements, keep accounting and management records;
  • to create and implement bonus and loyalty programs, prize draws and promotions, to carry out marketing and information mailings by post, e-mail, phone, in messengers, including for sending commercial offers, information about promotions and news of the online store, as well as to provide Users of the online store with financial services;
  • to analyze and improve the operation of the online store, its services, content and functionality, and to personalize product and offer displays;
  • to send newsletters, commercial offers, information about promotions, loyalty and bonus programs and/or notifications about the functioning of the online store. The User may at any time opt out of receiving information and marketing mailings via the personal account settings on the Website kuko.com.ua or by using the unsubscribe link in an e-mail;
  • to fulfil other obligations of the Data Controller provided for by law, as well as to protect the legitimate interests of the Data Controller or third parties to whom personal data may be transferred.

3.2. The legal grounds for processing the User’s personal data are the User’s consent expressed by using the Website and/or the online store, including by ticking a box in the relevant forms, as well as the conclusion and performance of contracts between the User and the Data Controller.

3.3. The Data Controller does not process personal data relating to racial or ethnic origin, political opinions, religious or other beliefs, membership in public organizations, as well as data describing physiological characteristics on the basis of which a person can be identified, unless such processing is directly required by applicable law.

3.4. Personal data are processed in the scope and for the time necessary to achieve the purposes of processing specified in this Policy and/or for the period required by applicable law and contracts concluded with Users. Processing may be carried out using automated systems or without such systems. Personal data are stored until the purposes of processing have been achieved and/or until the User withdraws his/her consent, unless a longer storage period is required by law.

3.5. The User has the right at any time to change/update his/her personal data, delete them, restrict processing and to withdraw consent to the processing of personal data. Such actions may be carried out through the functionality of the personal account on the Website or by contacting the Data Controller by e-mail at: support@kuko.com.ua with the subject line “Personal data”.

3.6. The online store may delete the User’s account if there has been no activity by the User for a long period of time (in particular, more than one year). In this case, personal data are deleted or anonymized to the extent necessary to achieve the processing purposes and comply with legal requirements.

4. Location of personal data

4.1. Personal data of Users of the Website are processed and stored in personal data databases located on technical facilities owned by the Data Controller and/or authorized parties engaged by him, which ensure an appropriate level of personal data protection in accordance with the legislation of Ukraine.

5. Conditions for disclosure of personal data to third parties

5.1. The Data Controller may transfer Data to its affiliates (companies under joint ownership or control) that process and use Data for the purposes defined in this Policy.

5.2. Data are disclosed when the User orders goods/services in the online store to the relevant sellers/providers of such goods/services to the extent necessary to identify the User, execute and process the order (including for payment processing and provision of financial services).

5.3. The Data Controller may engage third-party suppliers of goods/services to fulfil an order. Such suppliers may not use the personal data obtained via the Website for any purposes other than fulfilling the respective order.

5.4. The Data Controller may transfer certain anonymized (non-identifying) information and/or allow such information to be collected directly on the Website by third-party service providers, partners or authorized researchers for marketing, statistical and analytical purposes, to improve the effectiveness of advertising campaigns and to enhance the offers of the online store. Such anonymized information does not allow identification of a particular User.

5.5. The Data Controller may share Data with suppliers of goods/services when holding contests, promotions and other activities on the Website in order to ensure their proper organization and to determine winners. In case of winning, suppliers of goods/services may contact the User directly to arrange for delivery of the prize.

5.6. The Data Controller processes Data lawfully and fairly. Data are not disclosed or disseminated to third parties without the User’s consent, except where such disclosure is directly required by the legislation of Ukraine and only in the interests of national security, economic welfare and human rights, in particular:

  • in response to duly substantiated requests from public authorities that have the right to request and receive such Data;
  • for the purpose of preventing and combating fraud and other abuses on the Website.

5.7. In cases of transfer of personal data provided for in this section, informing the User of the fact of such transfer is carried out at the discretion of the Data Controller, unless otherwise required by law.

6. Protection of personal data

6.1. The information systems of the Data Controller are equipped with organizational and technical security measures that comply with applicable law and international standards and are intended to prevent unauthorized access to Data, accidental loss, destruction, alteration, blocking or other unlawful forms of processing.

6.2. Employees and authorized persons who directly process and/or have access to personal data must comply with the requirements of Ukrainian legislation in the field of personal data protection as well as with the internal documents of the Data Controller governing personal data processing and protection.

6.3. Such persons must not disclose in any way personal data entrusted to them or that became known to them in connection with the performance of their official duties. This obligation remains in force after they cease activities related to personal data, except where disclosure is required by law.

6.4. Personal data are not stored longer than necessary to achieve the purposes for which such Data were collected, unless a different storage period is required by law or provided for in a contract with the User.

7. User’s rights (data subject rights)

7.1. The data subject (User) has the rights provided by the legislation of Ukraine, including but not limited to the right to:

  • know about the location of the personal data database containing his/her personal data, its purpose and name, and the location of the Data Controller or personal data processor;
  • obtain information about the conditions of access to personal data, including information about third parties to whom his/her personal data are transferred;
  • have access to his/her personal data;
  • receive, within the time limits established by law, information on whether his/her personal data are stored and the content of such data;
  • submit a reasoned request for the rectification or destruction of his/her personal data if such data are processed unlawfully or are inaccurate;
  • object to the processing of his/her personal data by public authorities and local self-government bodies in cases provided for by law;
  • lodge complaints about the processing of his/her personal data with competent state authorities and courts;
  • withdraw consent to the processing of personal data and request the termination of their processing and/or their destruction, except in cases where such processing is mandatory under the law.

8. Procedure for handling data subject requests

8.1. The User has the right to obtain any information about himself/herself from any personal data controller/processor without specifying the purpose of the request, unless otherwise provided by law.

8.2. Access of the User to his/her personal data is provided free of charge in accordance with the procedure established by the legislation of Ukraine.

8.3. The User submits a request for access to personal data to the Data Controller. The request shall contain:

  • surname, first name, patronymic, place of residence (stay) and details of the User’s identity document;
  • other data that allow identification of the User;
  • information about the personal data in respect of which the request is made, or about the Data Controller/processor;
  • a list of personal data requested.

8.4. The period for considering a request to determine whether it can be granted shall not exceed ten business days from the date of receipt of the request.

8.5. Within the above period, the Data Controller informs the User whether the request will be granted or the respective personal data cannot be provided, indicating the reasons for refusal.

8.6. The request shall be granted within thirty calendar days from the date of receipt, unless another period is established by the legislation of Ukraine.

9. Deletion of the User’s personal data

9.1. The User’s personal data may be deleted at the User’s initiative by:

  • sending a written request to stop processing his/her personal data to the e-mail address: support@kuko.com.ua with the subject line “Personal data”;
  • deleting data independently via the User’s personal account on the Website.

9.2. Personal data may also be deleted or destroyed in cases provided for by the legislation of Ukraine, in particular on the basis of a court decision or an order of a competent state authority.

9.3. If the User independently deletes personal data from the personal account, such data are destroyed in the information systems of the Website automatically, within the limits of technical capabilities.

9.4. Personal data are destroyed in a way that makes it impossible to further restore them or identify the User.

10. Amendments to this Policy

10.1. The Data Controller may from time to time unilaterally amend this Policy without prior notice to the User. The new version of the Policy enters into force from the moment it is published on the Website, unless otherwise provided by such new version.

10.2. If the User does not agree with the terms of the current version of the Policy, he/she must stop using the online store. Continued use of the Website and the services of the online store after amendments have been made to the Policy constitutes the User’s acceptance of the relevant version of the Policy.

Last updated: 11.09.2024