Privacy Policy
1. General Provisions
This Privacy Policy governs the collection, processing, storage, and protection of your personal data when using our services. We adhere to the requirements of applicable Ukrainian legislation, including the Law "On Personal Data Protection," as well as international standards such as the GDPR (General Data Protection Regulation). Our commitment to transparency ensures you can trust the security of your information. We aim to build trust with users by safeguarding their privacy through lawful, fair, and ethical practices. This policy applies to all interactions with our platform, including websites, mobile applications, and third-party integrations.
2. Categories of Collected Data
We collect the following categories of personal data: identification details (e.g., name, surname, email, phone number), technical data (e.g., IP address, browser type, operating system, device identifiers), and usage data (e.g., pages visited, session duration, frequency of visits). Data collection is strictly limited to the purposes outlined in this policy and is necessary for service delivery. Aggregated or anonymized data, which cannot identify you personally, may also be collected for analytics, research, and service optimization. For example, we track user trends to improve interface design and functionality.
3. Purposes of Data Processing
Your personal data is processed to: deliver services, enhance user experience, ensure platform security, comply with legal obligations, conduct marketing campaigns (with your consent), and analyze service performance. We may also use your data to personalize content, such as tailoring recommendations based on your preferences. All processing activities align with principles of legality, fairness, and data minimization. For instance, payment data is processed solely to complete transactions, while cookies optimize website navigation.
4. Data Protection Measures
We implement advanced technical and organizational safeguards, including end-to-end encryption (e.g., TLS/SSL), multi-factor authentication, and regular security audits. Access to data is restricted to authorized personnel through role-based permissions. Our incident response protocols ensure swift action in case of breaches, such as notifying affected users within 72 hours where required. Servers are hosted in ISO-certified data centers with physical security controls like biometric access. Employees undergo mandatory GDPR and cybersecurity training to mitigate risks.
5. Disclosure to Third Parties
Personal data may be shared with third parties only under legal obligations or with your explicit consent. Examples include cloud providers (e.g., AWS), payment gateways (e.g., Stripe), or analytics tools (e.g., Google Analytics). Third-party contracts mandate GDPR compliance and prohibit unauthorized data use. For legal requests (e.g., court orders), we verify legitimacy before disclosure. We never sell your data to advertisers or third-party marketers without your permission.
6. Use of Cookies
Our services use cookies to enhance functionality, analyze traffic, and personalize content. Session cookies expire when you close your browser, while persistent cookies remain for predefined periods (e.g., 30 days). Examples include authentication cookies for login retention and tracking cookies for ad performance. You may disable cookies via browser settings, though this may limit features like saved preferences. We also employ web beacons and pixels to monitor campaign effectiveness, subject to your consent where required by law.
7. Data Subject Rights
Under GDPR and Ukrainian law, you have the right to access, correct, delete, restrict, or port your data. You may also object to processing or withdraw consent via our Data Protection Officer (DPO). Requests are fulfilled within 30 days, unless complexity requires an extension. To exercise rights, submit a verifiable request to [email protected]. If unsatisfied, you may lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights or your local EU supervisory authority.
8. Children’s Data Protection
We do not knowingly collect data from children under 13 without parental consent. Suspected underage data is promptly deleted. Parents/guardians may contact us to review or remove their child’s information. Age verification measures, such as requiring a birthdate for certain services, help prevent unintended collection. We comply with laws like the U.S. COPPA and EU GDPR’s age-consent requirements, adapting practices based on jurisdictional standards.
9. Policy Updates
We reserve the right to update this policy to reflect legal, technical, or operational changes. Revised versions will be posted on our website, with material changes communicated via email or in-app notifications. Continued use of services after updates constitutes acceptance. We recommend reviewing this policy biannually. Historical versions are archived and available upon request for transparency.
10. Contact Information
For privacy-related inquiries, contact our Data Protection Officer at [email protected] or +380 (XX) XXX-XX-XX. Postal requests may be sent to: [Company Name], [Street Address], Kyiv, Ukraine. We aim to respond within 5 business days. For complex requests, a detailed timeline will be provided. Our support team is available 24/7 for urgent matters, such as suspected data breaches.
11. International Data Transfers
Data may be transferred outside Ukraine or the EEA using GDPR-approved mechanisms like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs). For U.S. transfers, we partner with Privacy Shield-certified entities where applicable. Transfers to "inadequate" jurisdictions occur only with explicit consent or necessity (e.g., processing a cross-border payment). We conduct Transfer Impact Assessments (TIAs) to evaluate risks and ensure third-party compliance.
12. Liability
We are liable for damages caused by unlawful data processing under applicable laws. However, liability is excluded for incidents arising from user negligence (e.g., sharing passwords) or force majeure (e.g., natural disasters). Our maximum liability is limited to the amount paid for services in the preceding 12 months. Users are responsible for securing their accounts via strong passwords and two-factor authentication.
13. Acceptance of Terms
By using our services, you confirm acceptance of this policy. Non-acceptance requires discontinuing service use immediately. Withdrawing consent does not affect the legality of pre-withdrawal processing. For account deletion, submit a request via your profile settings or contact the DPO. Note that residual data may persist in backups for up to 60 days due to technical constraints.
14. Data Retention Periods
Data is retained only as long as necessary for its intended purpose (e.g., transaction records kept for 7 years per tax laws). Marketing data is deleted after 3 years of inactivity. Anonymized data may be retained indefinitely for analytics. Specific retention schedules are available upon request. Deletion protocols include secure wiping and physical destruction of deprecated storage media.
15. Third-Party Services
Our platform may integrate third-party services (e.g., social media plugins, embedded videos). We are not responsible for their privacy practices. Before interacting with third parties, review their policies independently. For example, YouTube’s embedded content falls under Google’s privacy terms. We disclaim liability for third-party actions, including data breaches or misuse occurring on external platforms.