Personal Data Processing Notice

Version updated as of: 14.06.24

On our website “Catalog” (hereinafter referred to as the Catalog, website), we prioritize your privacy and are committed to protecting your personal data. This Personal Data Processing Notice (hereinafter referred to as the Processing Notice) aims to help you understand how your personal data is processed when you use the Catalog.

The website was created and implemented, among other purposes, in accordance with Protocol No. 1 of the meeting of the Interagency Working Group on International Assistance for Cybersecurity and Cyber Resilience, dated March 22, 2024. Please see the Composition and Regulations on the Interagency Working Group on Attracting International Assistance to Ensure Cybersecurity and Cyber Resilience of the State here.

1. Who is responsible for processing personal data? 

The owner and manager of personal data is the Economic and Financial Department of the Secretariat of the Cabinet of Ministers of Ukraine (legal entity identification code in the Unified State Register of Legal Entities, Individual Entrepreneurs, and Public Organizations of Ukraine — 00019442, located at: 01008, Kyiv, 12/2 Hrushevsky Str.). In this document, we refer to the owner and manager of personal data as “we,” “EFD SCMU.”

If you have any questions regarding personal data, contact us at catalog@kmu.gov.ua and include “Personal Data Processing” in the subject line.

2. How do we collect and use personal data?

The following categories of data are processed when you browse and/or use the website:

2.1. Automatically collected data. We automatically collect certain data to operate, maintain, and improve our website. This includes:

• Device Information: We receive information about the device you use (type, model, online identifiers such as IP address, MAC address, etc.), as well as information about your browser (type, version, language, etc.)

• Usage Data: We collect information related to your use of the website or your actions on the website (if applicable).

• Cookies and similar technologies: We use cookies for analytical purposes and to provide you with the functionality of our website. You can disable cookies in your browser settings at any time. Learn more about our use of cookies in section 4 of this Processing Notice.

2.2. Information collected during registration as a Catalog user.
On our website, you have the opportunity to register as a Catalog user with your chosen user type: Recipient or Donor.

When registering a Recipient user account (profile), as a representative of the Recipient, you provide the following information about yourself and your organization by filling in the relevant fields or selecting from a list:

1. Full name;

2. Contact details: email and phone number;

3. Information about you as a representative of the Recipient: legal entity identification code (state institution) and your position.

When registering a Donor user account (profile), as a representative of the Donor, you provide the following information about yourself and your organization by filling in the relevant fields or selecting from a list:

1. Full name;

2. Contact details: email and phone number;

3. Information about you as a representative of the Donor: organization name and your position.

In the event that the institution/organization you have specified is not in the list, we may ask you to fill in the form about the relevant institution/organization yourself.

The information provided by users is subject to verification by our authorized personnel to check and confirm the validity of access rights to further functional capabilities of the Catalog and the right to represent the specified organization.

After confirmation of the authorization by the technical administrator of the website, the user gets further access to the advanced functionality of the Catalog.

3. Why do we use your personal data?

In this section, we describe the purposes for processing your personal data:

3.1. To provide you with access to the Catalog and facilitate communication. We process your personal data to grant you access to the advanced functionalities of our website, allowing you to view its pages and content. If you submit a request on our website, we use the data you provide to ensure we can respond to you.

3.2. To register a user account (profile) and use its functionalities. 

We process the personal data you provide to fulfill the primary tasks of the website as defined by legislation and the protocols of the Interagency Working Group on International Assistance for Cybersecurity and Cyber Resilience. This includes ensuring the functionality of a convenient service for attracting international assistance to support the state’s cybersecurity and cyber resilience.

3.3. To enhance your interaction with our website. We use certain automatically collected data to improve your experience with the Catalog, including for analysis and statistical purposes, as well as for developing new features for our website. This processing mainly involves anonymized data, thus posing no risk to your rights and freedoms.

3.4. Communication, updates, and news. We process your contact information to communicate effectively with you on issues related to the operation of the Catalog that require your attention. 

3.5. Meeting legal requirements. We may process personal data to comply with legal requirements, such as fulfilling our obligations under laws governing the Catalog.

4. Use of cookies.

A cookie is a file stored on the user’s hard drive containing information about the user. We use necessary cookies to ensure our website functions properly. Necessary cookies provide essential features such as security, network management, and accessibility. You can disable these cookies by changing your browser settings, but this may affect the website’s functionality and your access to its content. The links below provide information on cookie settings for various browsers:

● Internet Explorer

● Firefox

● Microsoft Edge

● Chrome

● Safari

We would also like to set additional cookies if you enable them. These cookies collect information in a way that does not directly identify anyone. They help us improve our website by collecting and reporting information on how you use it. You can reject analytical cookies in the pop-up window.

5. How do we share or disclose data?

We do not transfer or disclose your personal data to third parties except as outlined in this Processing Notice. This includes third parties with whom we have legally established agreements for information interaction, solely to fulfill the primary tasks of the website. Information about partners who may receive personal data to ensure the functionality of the convenient service for attracting international assistance for the state’s cybersecurity and cyber resilience is available on our website.

Additionally, we may provide your personal data for security purposes, when legally justified, and to comply with the law. Specifically, we disclose your personal data to third parties as necessary to:

• Comply with a government request, court order, or applicable law;
• Protect ourselves against claims from third parties;

• Assist in preventing or investigating fraud.

Access to and transfer of personal data may also be granted to other parties that request it from EFD SCMU, and who have the legal right to receive personal data based exclusively on legal grounds.

The website may contain links to third-party web services. We are not responsible for the content of such services or the processing of personal data on them. Users should review the data processing notice of each web service they visit.

6. How do we process your data? 

6.1. Security. We implement appropriate technical and organizational measures to protect the personal data we process. For instance, the data we receive is accessible only to authorized personnel. 

6.2. Storage of your personal data. 

We store your personal data for the period necessary to achieve the purpose of processing personal data in accordance with the law. We usually store your data for 24 months from the date of receipt. If you do not use our website and do not interact with us within 24 months, we will delete your personal data from our systems, as we do not aim to store personal data excessively. However, we may retain some data for backup purposes and to comply with our legal obligations.

Location of personal data: The appropriate data centers with which the data controller has legally binding agreements in place.

7. How can you manage your personal data?

If you wish to exercise any of your data protection rights, such as access, review, update, correction, deletion, objection to processing, restriction, or data portability, you can email us at catalog@kmu.gov.ua describing your request. If you have valid reasons to believe that the processing of your personal data is unlawful, you have the right to file a complaint with the supervisory authority, which in Ukraine is the Ukrainian Parliament Commissioner for Human Rights.

Additionally, regarding the deletion of personal data on our website, you can send a request to delete your user account (profile) to catalog@kmu.gov.ua. The EFD SCMU will then ensure that your request is reviewed and processed.

8. How do we update this Notice?

Ukrainian legislation and our practices may change over time. If we update our Processing Notice, we will post the updates on our website. If we make significant changes to the way we process your personal data, we will provide you with prior notice or, if required by law, seek your consent for the changes. We strongly recommend that you review our Processing Notice periodically to stay informed about our practices.