Privacy Policy
1. General Provisions
This Privacy Policy defines how we collect, process, store, and protect your personal data when using our services. We comply with the requirements of Ukrainian legislation, including the Law on Personal Data Protection, as well as international standards such as GDPR. Our goal is to ensure transparency regarding the security of your data. We strive for user trust by protecting their privacy through lawful and ethical practices. This policy applies to all interactions with our platform, including websites, mobile applications, and integrations with third parties. We continuously improve our practices to meet new legislative requirements and technological changes, and we inform users of significant changes to the policy.
2. Categories of Collected Data
We collect various categories of personal data: identification data (such as name, surname, email, phone number), technical data (e.g., IP address, browser type, operating system, device identifiers), and usage data (e.g., visited pages, session duration, visit frequency). Data collection is limited to the purposes described in this policy and is necessary for providing services. We may also collect aggregated or anonymized data for analytics and service optimization. For example, we analyze user trends to improve interface design and functionality. Additionally, we may obtain data from other sources, such as social networks, if you grant us access.
3. Purposes of Data Processing
Your personal data is processed to provide services, enhance user experience, ensure platform security, fulfill legal obligations, conduct marketing campaigns (with your consent), and analyze service effectiveness. We may also use your data to personalize content, such as tailoring recommendations according to your preferences. All processing actions comply with the principles of legality, fairness, and data minimization. For example, payment data is processed solely to complete transactions, while cookies enhance navigation on the website. We also use data to develop new features and services that may be beneficial to you.
4. Data Protection Measures
We implement modern technical and organizational security measures, such as end-to-end encryption (e.g., TLS/SSL), multi-factor authentication, and regular security audits. Access to data is restricted to authorized personnel based on roles and permissions. Our incident response protocols ensure prompt actions in case of breaches, such as notifying affected users within 72 hours if necessary. Servers are hosted in certified ISO data centers with physical security measures such as biometric access. Employees undergo mandatory training on GDPR and cybersecurity to reduce risks. We also regularly test our systems for vulnerabilities to ensure maximum protection of your data.
5. Disclosure to Third Parties
Personal data may be shared with third parties only under legal obligations or with your explicit consent. Examples include cloud service providers (e.g., AWS), payment gateways (e.g., Stripe), or analytics tools (e.g., Google Analytics). Contracts with third parties require compliance with GDPR and prohibit unauthorized use of data. For legal requests (e.g., court orders), we verify legitimacy before disclosure. We never sell your data to advertisers or third-party marketers without your consent. We also conduct regular audits of our partners to ensure they adhere to our privacy standards.
6. Use of Cookies
Our services use cookies to enhance functionality, analyze traffic, and personalize content. Session cookies expire when you close your browser, while persistent cookies remain for a specified period (e.g., 30 days). Examples include authentication cookies to maintain logins and cookies for tracking ad performance. You can disable cookies through your browser settings, although this may limit features such as saved preferences. We also use web beacons and pixels to monitor campaign performance, with your consent where required by law. We continuously update our cookie practices to comply with new privacy standards.
7. Data Subject Rights
Under GDPR and Ukrainian legislation, you have the right to access, rectify, delete, restrict, or transfer your data. You may also object to processing or withdraw consent through our Data Protection Officer (DPO). Requests are fulfilled within 30 days unless complexity requires an extension. To exercise your rights, send a verified request to [email protected]. If you are dissatisfied, you may file a complaint with the Ukrainian Parliament Commissioner for Human Rights or your local EU supervisory authority. We strive to ensure transparency in all our processes and provide support for exercising your rights.
8. Children's Data Protection
We do not collect data from children under 13 years old without parental consent. Suspected data of minors is immediately deleted. Parents/guardians may contact us to review or delete information about their child. Age verification measures, such as requiring a date of birth for certain services, help prevent unintentional collection. We comply with laws such as COPPA in the USA and age consent requirements of GDPR in the EU, adapting practices according to jurisdictional standards. We also provide educational resources for parents to help them understand how to protect their children's data online.
9. Policy Updates
We reserve the right to update this policy to reflect legal, technical, or operational changes. Revised versions will be published on our website, and material changes will be communicated via email or in-app notifications. Continued use of services after updates signifies acceptance. We recommend reviewing this policy twice a year. Historical versions are archived and available upon request for transparency. We also provide users with the opportunity to express their views on changes to ensure they meet your expectations.
10. Contact Information
For privacy-related inquiries, contact our Data Protection Officer at [email protected] or call +380 (XX) XXX-XX-XX. Postal requests can be sent to: [Company Name], [Street Address], Kyiv, Ukraine. We aim to respond within 5 business days. For complex requests, a detailed timeline will be provided. Our support team is available 24/7 for urgent issues such as suspected data breaches. We value your feedback and are always ready to assist with any privacy-related questions.
11. International Data Transfers
Data may be transferred outside of Ukraine or the EEA using mechanisms approved by GDPR, such as standard contractual clauses (SCC) or binding corporate rules (BCR). For transfers to the USA, we work with entities certified under the Privacy Shield program, where applicable. Transfers to "inadequate" jurisdictions occur only with explicit consent or necessity (e.g., for processing transactions across borders). We conduct transfer impact assessments (TIA) to evaluate risks and ensure third-party compliance. We also provide users with information on how their data may be used in other countries to ensure transparency.
12. Liability
We are liable for damages caused by unlawful data processing in accordance with applicable law. However, liability is excluded for incidents arising from user negligence (e.g., password disclosure) or force majeure (e.g., natural disasters). Our maximum liability is limited to the amount paid for services over the past 12 months. Users are responsible for securing their accounts with strong passwords and two-factor authentication. We also recommend users regularly update their passwords and use unique passwords for different accounts.
13. Acceptance of Terms
By using our services, you confirm acceptance of this policy. Non-acceptance requires immediate cessation of service use. Withdrawal of consent does not affect the legality of processing prior to withdrawal. To delete an account, send a request through profile settings or contact the DPO. Please note that residual data may be retained in backups for up to 60 days due to technical limitations. We also provide instructions for securely deleting accounts and data to ensure your privacy.
14. Data Retention Periods
Data is retained only as long as necessary for its purpose (e.g., transaction records are kept for 7 years in accordance with tax legislation). Marketing data is deleted after 3 years of inactivity. Anonymized data may be stored indefinitely for analytics. Specific retention schedules are available upon request. Deletion protocols include secure erasure and physical destruction of outdated information storage media. We also regularly review our data retention practices to ensure compliance with new privacy standards.
15. Third-Party Services
Our platform may integrate third-party services (e.g., social media plugins, embedded videos). We are not responsible for their privacy practices. Before interacting with third parties, familiarize yourself with their policies independently. For example, embedded YouTube content is subject to Google's privacy terms. We disclaim responsibility for actions of third parties, including data breaches or abuses occurring on external platforms. We also provide recommendations for safely using third-party services to protect your privacy.