“WhiteDoc” privacy policy

Version dated 29 November 2023, effective date 29 November 2023

1. GENERAL PROVISIONS

ATS Limited Liability Company, registered location: 6 Mykhaylo Donets str., Kyiv 03061, Ukraine, EDRPOU code [Unified State Registration Number of Enterprises and Organizations of Ukraine] 37636185 (hereinafter referred to as “EDIN”, “we”, “us”, etc.) acts as the owner of personal data and provides protection and respect for confidentiality of your personal data. We have developed this Privacy Policy (the “Policy”) to inform you:

  • what is personal data;

  • what personal data we collect from you;

  • how and why we use data;

  • whom we transfer your personal data to;

  • how we protect the confidentiality of your personal data;

  • how to contact us if you have any questions regarding processing of your personal data.

We take the personal data security of our Service users very seriously, so we strive to protect the privacy of your personal data. EDIN undertakes to take all necessary measures to prevent the misuse of your personal data that becomes known to us. We will process your personal data in strict accordance with applicable law and only if there are legal grounds for such processing. You do not have to provide us with personal data, but without certain information about you, we will not be able to provide you with electronic document flow between you and other subjects of electronic document management (your customers, contractors and other recipients of electronic documents – Service users) or inform about the possibilities of electronic document management EDIN can offer you. EDIN controls the ways your personal data is being collected and sets purposes for which this personal data is used. EDIN acts as “data controller” for purposes of the EU General Data Protection Regulation 2016/679 (hereinafter “GDPR”) and other applicable European legislation on data protection, as well as the “personal data holder” within the meaning of the Law of Ukraine ‘On Personal Data Protection’ dd. 01.06.2010, No. 2297-VI. We process personal data only if one of the following conditions is met, but not exclusively:

  • You have consented to the personal data processing;

  • processing is necessary for the purpose of concluding or executing agreements under which EDIN provides its software products that ensure electronic document management between you and other subjects of electronic document management;

  • processing is necessary for the purpose of identification of participants in the electronic document flow in accordance with the legislation of Ukraine;

  • processing is necessary in order to use the website, the Service, in a manner specified in the Terms of Use of Service;

  • such processing is required by the legislation of the countries, the addressee or recipient of the electronic document of which is the subject of electronic document management, which uses the Service, etc.

We may update the Policy from time to time, including as required by applicable law. Therefore, we ask you to visit the EDIN website https://edin.ua to make sure you have up-to-date information. The updated Policy comes into force on the day it was posted on the website https://edin.ua.

2. KEY TERMS AND DEFINITIONS

Personal data is any information of a personal nature that allows a third party to identify an individual (data subject).

A personal data subject is an individual the personal data relate to and who can be identified or who has already been identified based on such personal data.

Personal data controller is a natural or legal entity who determines the purposes and means for the personal data processing and bears key responsibility for processing thereof. The personal data controller is the “personal data holder” according to the terminology of Ukrainian legislation.

Personal data processing is any operation or set of operations performed with personal data or arrays of personal data using the automatic procedures (or without) such as collection, recording, systematization, structuring, storage, modification, ordering, viewing, use, dissemination or any other form of granting access to third parties, including employees of the personal data controller or processor, as well as deletion.

Subjects of electronic document management is an author, signatory, addressee and intermediary, who acquire the rights and obligations in the process of electronic document circulation provided by the applicable law or contract.

Electronic document management is a set of processes for generating, signing, processing, sending, transferring, receiving, storing, using and destroying electronic documents, which are performed using integrity checks and, if necessary, with confirmation of such documents receipt.

Service – EDIN services and software products, components of software products that provide electronic document management, as well as support services.

Terms of Use of the Service are the rules, instructions, concluded agreements that define the procedure for entering personal data during registration, authorization with the Service and are mandatory for the user. Terms of Use of the Service, unless otherwise specified in the agreement, are available at https://wiki.edin.ua/en/latest/Legal_info/Rules.html.

3. LAWS GOVERNING THE PERSONAL DATA PROCESSING

Your personal data will be processed in accordance with the Law of Ukraine ‘On Personal Data Protection’. The personal data processing of our clients who stay in the territory of the EU or are EU citizens is regulated, in particular, by the General Data Protection Regulation of the EU 2016/679 (hereinafter – GDPR).

4. PURPOSE OF PERSONAL DATA PROCESSING

EDIN provides electronic document management for its software products users. We need your personal data in order to ensure proper electronic document management between you and the recipients of your electronic documents, namely:

  • providing an opportunity to sign an electronic document;

  • ensuring the delivery of electronic documents to the specified addressee;

  • ensuring that you receive an electronic document from the addressee;

  • providing other opportunities for electronic document management;

  • notifying you about new opportunities of the Service to improve the electronic document flow between you and your recipients;

  • notifying you about EDIN Electronic Document Management Services in order to get more opportunities in electronic document management;

  • delivering marketing and promotional materials, including information on our loyalty programs, special and promotional offers, which you can use;

  • conducting analytics;

  • ensuring security of our Services, website;

  • processing your complaints and suggestions;

  • improving our Services, software products, including by surveying the relevant level of satisfaction;

  • for internal administrative purposes, as well as to manage our relationship.

At the same time, in order to send you commercial (marketing) notices, we obtain a separate consent from you, which can be revoked at any time by following the link in the notice.

We ask you to provide only those personal data that are necessary to receive the Service, newsletters or response to your special request/claim. At the same time, if you decide to provide us with additional personal data, we will also be able to process it with the required level of protection.

5. WHAT PERSONAL DATA WE PROCESS

We may collect and process the following information about you as Services user:

  • user information:

    • E-mail address — required to communicate with the user to inform about the Services, to send notifications about changes in the Services (for example, notifications of new electronic documents that may be available to the user and/or changes in electronic documents made by EDIN), in order to send invitations to cooperate with other participants for electronic document management using the Services, to ensure exchange of electronic documents between users, as well as for Service login;

    • last name, first name, patronymic — necessary for business communication during the use of the Service and during the execution of contracts, as well as for automatic indication in electronic documents, for example, as a signatory, driver in electronic consignment note, responsible person, etc. , as well as the exchange of electronic documents between users;

    • phone number of the user — is processed for the purpose of operative communication with the user while performing contracts and during his use of Services; it is also necessary to ensure technical support of Services;

    • position and details of document confirming the authority of user — necessary to perform agreements with EDIN, as well as to ensure electronic document management with other users of Service — to generate electronic documents;

    • driver’s license — to identify drivers when generating electronic consignment notes and provide them with access to the Service to ensure electronic document management of consignment notes (driver’s account login, signing the electronic consignment note). This data is automatically entered into the electronic document;

    • taxpayer identification number — to identify the signatory and exclude cases of improper person signing an electronic document;

    • information about IP address of the user’s computer or device — to provide services based on user’s location (country), for example, to provide the appropriate level of service support and maintenance, to enable the user to determine the location of electronic document.

  • company information:

    • full name; e-mail addresses and telephone numbers of the company’s representatives in order to perform agreements under which EDIN provides access to the Services. Using such data, EDIN sends records, invoices, contracts, otherwise communicates with the users in order to fulfil properly its obligations;

    • GLN, EDRPOU code, EORI number (for persons importing or exporting goods to/from the European Union), registration number, taxpayer number, name and location of the company — to identify the company as a business entity, and/or accounting records, to generate proper electronic documents in order to ensure the Service user identification and electronic document management with other subjects of electronic document management. These data are processed in order to ensure the legitimate interests of the author, the addressee of the electronic document to be identified during the exchange of electronic documents via the Services, as well as performance of contracts.

  • information about qualified electronic signature of the user:

    • serial number, surname, name, patronymic, position and taxpayer identification number, name of the legal entity, EDRPOU code, validity period of the qualified public key certificate, information on the qualified provider of electronic trust services that provided electronic trust service on generating a qualified electronic signature — data necessary to identify the user-signatory, prevent forgery and/or signing of an electronic document by a person who does not have the right to sign or the appropriate authority. Qualified electronic signature can be used when registering in the Services.

  • information on the use of website (session duration, pages per session, bounce rates, etc.), the source of traffic, user activity, as well as the use of Services (recording screen and user sessions, fixing areas with the most attention, clicks, etc.) — data required to track user activity for website, Services, detecting ineffective pages, tracking analytics in real time, which allows EDIN viewing the list of website visitors in real time, conducting user surveys, collecting feedback from users.

7. PERSONAL DATA STORAGE AND TRANSFER TO THIRD PARTIES

We store personal data received from you in data centers located in the European Union. Your personal data is stored during the term of Service access agreement or during the term of use of Service, which is determined by the terms of such use, but in any case during the period required for data processing for accounting and tax purposes under Ukrainian law and during the time required to achieve the legitimate objectives of electronic document management between you and your counterparties/recipients of electronic documents.

In addition, if the law of any country where you use our Services stipulates provisions on the statute of limitations during which you have the right to file a claim or action against EDIN, and we need evidence of legal relationship between us, we may process Your personal data during this period.

EDIN does not transfer personal data to third parties, except for the information necessary for your identification while providing electronic document management between you and your contractors/recipients of electronic documents, as well as in cooperation with partners aimed at improving the functionality of Service. In any case, such data shall be transferred to such persons preventing the possibility of data leakage or other party access, with the commitment to protect personal data of users in accordance with privacy policies.

On our website and Services you can find links to third-party sites and software products. Please note that the Policy does not apply to the use of third-party sites and software products that do not belong to EDIN, and therefore we are not responsible for ensuring their privacy and recommend that you read their privacy policy (or other similar documents).

8. TECHNICAL, ORGANIZATIONAL AND OTHER MEANS OF DATA PROTECTION

To ensure safe storage of your personal data, we have implemented many technical and organizational tools that protect personal data against unauthorized or illegal processing and accidental loss, destruction or damage.

EDIN adheres to the personal data minimization principle. We process only the information about you that we need to ensure your paperwork and fulfil the agreements concluded with you.

9. YOUR RIGHTS AS A PERSONAL DATA SUBJECT

9.1. You have the following rights as a personal data subject in accordance with the legislation of Ukraine:

  • know the collection and location sources of personal data, purposes of their processing, location or place of residence (stay) of the holder or administrator of personal data or give a relevant order to obtain this information by authorized persons, except as provided by law;

  • receive information on the conditions for granting access to personal data, including information on third parties this personal data is provided to;

  • access to own personal data;

  • receive, no later than thirty calendar days from the date of receiving request, except as provided by law, an answer as to whether your personal data is processed, as well as receive the content of such personal data;

  • make a reasoned request to the personal data holder with an objection to processing of own personal data;

  • make a reasoned request to change or destroy personal data by any owner and controller of personal data, if this data is processed illegally or is inaccurate;

  • to protect personal data against unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision or untimely provision, as well as to protect against the provision of information that is inaccurate or disgraces the honour, dignity and business reputation of individuals;

  • file complaints about processing of their personal data to the Commissioner for Human Rights of the Verkhovna Rada of Ukraine or to the court;

  • apply legal remedies in case of violation of the legislation on personal data protection;

  • make reservations about restriction of the right to process their personal data when giving consent;

  • to withdraw consent to the processing of personal data in accordance with the procedure specified in clause 9.2.3 (it is also applicable if you are our client in the territory of Ukraine);

  • know the mechanism of automatic processing of personal data;

  • protect against an automated decision that has legal consequences.

9.2. Other rights of personal data subjects under GDPR

In addition to Ukrainian personal data protection legislation, EDIN pays close attention to ensuring your rights under GDPR, including:

9.2.1. The right to information

We are ready to provide data subjects with information about which of their personal data we process. If you wish to know what personal data we process, you may request this information at any time, including by contacting EDIN using the communication systems provided for in clause 10 of this Policy. You can find the list of data we have to provide to you in Articles 13 and 14 of the GDPR. At the same time, when applying, you shall inform us of your specific requirements so that we can legally consider your request and provide a response.

Please note that in the event that we are unable to identify you by e-mail, or when you contact EDIN, or in case of reasonable doubt about your identity, we may ask you to provide proof of identity. Only in this way will we be able to avoid the disclosure of your personal data to a person who may impersonate you. We will process inquiries as soon as possible, but at the same time please keep in mind that providing a complete and legal response to personal data is a complex process that can take up to a month.

9.2.2. The right to correct data about you

If you find that some of the personal data we process about you is incorrect or out of date, you have the opportunity to make changes to such personal data by yourself using the software of the Service, namely by logging into your Personal Account. Changes to personal data shall not be made in case of Service access agreement or if such data are contained in the tax document, which was drawn up in accordance with tax law.

10. CONTACT PERSON ON MATTERS OF PROTECTING YOUR PERSONAL DATA IN EDIN

If you have any questions, comments or suggestions regarding protection and processing of your personal data, you can contact EDIN:

Oleh Kliusa, General Director
ATS LLC
6 Mykhaylo Donets str., Kyiv 03061, Ukraine
e-mail: kliusao@edin.ua

In your application, be sure to include your name, surname, e-mail address, as well as detailed questions, comments, requests.