The version of Global Business Systems LLC Privacy Notice was published 04/01/2024.
Global Business Systems LLC refers to our company, Global Business Systems LLC established at Ivana Franka 17 street, Bibrka, Lviv region, Ukraine.
‘Client’ or ‘Clients’ refers to our clients: companies that are using products and services provided by Global Business Systems LLC.
‘GDPR’ refers to the EU General Data Protection Regulation 2016/679.
All other terms have the same meaning as set by GDPR.
Global Business Systems LLC processes personal data by playing either the role of controller or processor. As a controller, Global Business Systems LLC employs associates, maintains business contacts, welcomes visitors, and does other activities needed to operate a business. As a processor, Global Business Systems LLC operates its products and services provided to Global Business Systems LLC clients, in accordance with data processing contracts that Global Business Systems LLC makes with the clients.
This policy guides both kinds of processing, with provisions that are specific to the role of Global Business Systems LLC, controller or processor, provided in the corresponding snippets.
Global Business Systems LLC processes personal data of the following categories of individuals (also called ‘data subjects’):
Data subjects of controller activities are related to Global Business Systems LLC and include:
Other individuals (visitors, event attendees, requestees, etc.)
Data subjects of processor activities are associated with controllers (Global Business Systems LLC clients) and not directly related to Global Business Systems LLC:
All Global Business Systems LLC Associates are bound by this policy through the obligation to comply with Global Business Systems LLC policies contained in all employment contracts. Global Business Systems LLC Associates are made aware of this policy during onboarding, training, and regular review. Violation of provisions set in this policy may lead to sanctions according to applicable local laws, including dismissal for violation.
Global Business Systems LLC shall always comply with local data protection laws. Where local data protection laws require lower level of personal data protection than the level established by this Policy, then Global Business Systems LLC will commit to GDPR principles and provisions, with the maximal possible level of commitment allowed by local laws and regulations.
Global Business Systems LLC shall collect compliance evidence and demonstrate compliance with applicable law (principle of ‘accountability’). That includes various forms of evidence:
This evidence may be retained for certain periods, as required or implied by applicable law.
Global Business Systems LLC shall be transparent to individuals about their personal data processing.
Global Business Systems LLC shall communicate to the individuals about:
This communication shall be done at the moment when personal data is collected, or, if that is not possible, within the shortest reasonable period after the data was collected.
Global Business Systems LLC shall communicate in a clear and comprehensive way, using the language and terminology that is commonly understandable by the individuals. Global Business Systems LLC may not communicate to the individuals if the individuals already have the information or when there is a legal obligation to do so, imposed by local laws.
Global Business Systems LLC shall assist a controller in collecting the information that the controller needs to communicate to individuals.
Global Business Systems LLC shall process personal data for the agreed purposes and shall not reuse the data.
Global Business Systems LLC shall only process personal data for the purposes that were communicated to the individuals upon data collection and will not reuse the data for any other purpose
Global Business Systems LLC shall only process personal data for the purposes stated in the data processing agreements executed with the clients.
Global Business Systems LLC shall deny requests for any processing that contradicts these agreements.
Global Business Systems LLC may derogate from this principle only if there exists a legitimate reason to do so, such as compliance with a legal obligation. Any derogation is registered, documented, and made available to the individuals as required by applicable law.
Global Business Systems LLC shall only process personal data if there is a legal basis for doing so.
Global Business Systems LLC shall process personal data according to one of the following legal basis options:
Global Business Systems LLC shall only process personal data on behalf of a controller when guided by a data processing agreement executed between the controller and Global Business Systems LLC.
Global Business Systems LLC shall store personal data for the shortest period possible, necessary to fulfill the purposes of processing.
Global Business Systems LLC shall erase or reliably depersonalize all data elements when they reach their retention periods.
Global Business Systems LLC shall return personal data processed on behalf of a controller at the end of a processing engagement and erase all copies of that data stored at Global Business Systems LLC.
Global Business Systems LLC shall keep data profile minimal to the goals and purposes of the processing.
Global Business Systems LLC shall proactively limit the processing to minimal volumes of data that are necessary to achieve the purposes of processing.
Global Business Systems LLC shall proactively limit its exposure to data of a controller, such as assuming minimal permissions or receiving minimal data sets.
Global Business Systems LLC shall keep data profile minimal to the goals and purposes of the processing.
Global Business Systems LLC shall proactively take appropriate measures to ensure accuracy and quality of personal data, appropriate for the purposes of processing.
Global Business Systems LLC shall proactively assist a controller in ensuring the level of data quality that is appropriate for the purposes of processing.
Global Business Systems LLC implemented Information Security Management Systems (ISMS) and all technical and organizational personal data security measures foreseen by the ISMS:
When processing personal data as a controller, Global Business Systems LLC inevitably puts some risks on rights and freedoms of the data subjects. It shall implement technical and organizational security measures that are appropriate to these risks.
Global Business Systems LLC shall implement the technical and organizational security measures, as agreed with the controller
The security measures are further elaborated in Global Business Systems LLC security policies.
Global Business Systems LLC shall minimize processing of special categories of personal data that it performs.
Global Business Systems LLC shall only process special categories of personal data when legally required for performance of contract with Global Business Systems LLC associates.
Global Business Systems LLC shall not be processing special categories of data acting as a processor.
Global Business Systems LLC shall grant data subjects the following rights:
Global Business Systems LLC shall grant data subjects:
Global Business Systems LLC shall grant data subjects:
All rights requests should be made in writing by sending an email to [email protected]. When acting as a controller, Global Business Systems LLC shall handle each request within one month. When acting as a processor, Global Business Systems LLC Entity shall forward the request to the appropriate controller.
Any data subject may complain about any Global Business Systems LLC Entity, in writing, by sending an email to [email protected]. All complaints shall be taken in by the Legal Department, registered, and handled within one month, with their handling history being preserved and made accessible for inspections as required by applicable law or provisions of this policy. The departments and associates involved in complaint handling shall be provided with sufficient level of independence to ensure fair complaint handling.
Individuals have the right to lodge complaint to a supervisory authority or a competent court, in their country of residence or a country where Global Business Systems LLC is established.
Global Business Systems LLC may engage external vendors providing various specialized services.
Global Business Systems LLC shall inform data subjects about the processing performed by external vendors on a per-request basis.
The controller shall be informed about the engagement of other vendors (sub-processors), as specified in the appropriate data processing agreement.
The processing shall be guided by a data processing agreement made to comply with requirements of Article 28(3) of GDPR.
Global Business Systems LLC shall only transfer personal data to countries, that do not provide adequate level of personal data protection, when appropriate safeguards are established, such as Standard Contractual Clauses.
Global Business Systems LLC shall inform data subjects about the transfers, specific countries where the data is transferred to, and implemented safeguards.
The controller shall be informed about the transfers, as specified in the appropriate data processing agreement.
Global Business Systems LLC shall register and investigate any suspected personal data breach, document the investigation, and take all appropriate actions to assess the scope and severity of the breach, and to address it.
Depending on results of the breach investigation, Global Business Systems LLC shall inform the supervising authority within 72 hours after becoming aware of the breach, and the affected data subjects, as required by applicable law.
Global Business Systems LLC shall inform the controller about a personal data breach, without undue delay, and assist the controller in responding to the breach, as specified in the appropriate data processing agreement.