What are the rules and restrictions related to the collection, storage and processing of...?

For this, you should refer to the Law of Ukraine "On Personal Data Protection".

Article 6 stipulates the requirements for the processing of personal data:

1. Processing of personal data is carried out openly and transparently using means and in a manner that correspond to the defined goals of such processing.

2. Personal data must be accurate, reliable and updated as necessary, determined by the purpose of their processing.

3. The composition and content of personal data must be relevant, adequate and not excessive in relation to the defined purpose of their processing.

4. The primary sources of information about a natural person are: documents issued in his name; documents signed by her; information that a person provides about himself.

5. Processing of personal data is carried out for specific and lawful purposes, determined with the consent of the subject of personal data, or in cases provided for by the laws of Ukraine, in the manner established by the legislation.

6. It is not allowed to process data about a natural person, which is confidential information, without his consent, except for cases specified by law, and only in the interests of national security, economic well-being and human rights.

7. If the processing of personal data is necessary to protect the vital interests of the subject of personal data, it is possible to process personal data without his consent until such time as consent becomes possible.

8. Personal data are processed in a form that allows the identification of the natural person to whom they relate, no longer than is necessary for the legitimate purposes for which they were collected or further processed.

9. Further processing of personal data for historical, statistical or scientific purposes may be carried out under the condition of ensuring their proper protection.

10. The standard procedure for processing personal data is approved by the Commissioner.

Article 7 establishes special requirements for the processing of personal data:

1. The processing of personal data on racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, criminal convictions, as well as data related to health, sexual life, biometric or genetic data is prohibited.

2. This provision does not apply if the processing of personal data:

is carried out on the condition that the subject of personal data provides unequivocal consent to the processing of such data;

necessary for the exercise of the owner's rights and obligations in the field of labor relations in accordance with the law with the provision of appropriate protection;

necessary to protect the vital interests of the subject of personal data or another person in case of incapacity or restriction of civil capacity of the subject of personal data;

is carried out with the provision of appropriate protection by a religious organization, public organization of worldview orientation, political party or professional union established in accordance with the law, provided that the processing concerns exclusively the personal data of members of these associations or persons who maintain constant contact with them in connection due to the nature of their activity, and personal data are not transferred to a third party without the consent of the subjects of personal data;

necessary for the justification, satisfaction or defense of a legal claim;

necessary for health purposes for:

establishment of a medical diagnosis, to ensure care or treatment or the provision of medical services, monitoring of compliance with the established conditions for the provision of such services (including the conditions of contracts for medical care of the population and contracts for reimbursement under the medical guarantee program), functioning of the electronic health care system under the conditions , that such data are processed by a medical worker, a rehabilitation specialist or another person of a health care institution, a rehabilitation institution or a natural person - an entrepreneur who received a license to conduct economic activity from medical practice, and its employees, who are entrusted with the duties of ensuring the protection of personal data and the application of the legislation on medical secrecy, by employees of the central executive body implementing state policy in the field of state financial guarantees of medical care for the population, by employees of the institution that carries out state sanitary-epidemiological supervision and activities in the field of public health, who received a license to carry out business activities for medical practice, which are entrusted with the duties of ensuring the protection of personal data;

quality control of the provision of medical services, provided that such data are processed by employees of the central executive body implementing state policy in the field of quality control of the provision of medical services;

• exchange of information on the financing of medical services and services in the field of health care, provided that such data are processed by employees of the Social Insurance Fund of Ukraine, the Pension Fund of Ukraine, the Fund for the Social Protection of Persons with Disabilities, the central executive body that ensures the formation and implementation of the state financial and budgetary policy, which are entrusted with the duties of ensuring the protection of personal data.

necessary to ensure the maintenance of military records of conscripts, conscripts and reservists (in the amount of data specified in Article 7 of the Law of Ukraine "On the Unified State Register of Conscripts, Conscripts and Reservists");

relates to court verdicts, performance of tasks of operative-investigative or counter-intelligence activities, fight against terrorism and is carried out by a state body within the limits of its powers defined by law;

refers to data that has been explicitly disclosed by the subject of personal data.

Article 12 regulates the collection of personal data:

1. The collection of personal data is a component of the process of their processing, which involves the selection or arrangement of information about a natural person.

2. The subject of personal data is informed about the owner of personal data, the composition and content of collected personal data, his rights defined by this Law, the purpose of collecting personal data and the persons to whom his personal data is transferred:

at the time of collection of personal data, if personal data is collected from the subject of personal data;

in other cases, within thirty working days from the date of collection of personal data.