Privacy Policy

This Privacy Policy describes the actions of Lviv IT Cluster (a non-profit organisation Association “Lviv Information Technology and Business Services Cluster”) regarding your personal data provided for the registration of an account on the website at: www.codeua.com (hereinafter referred to as the “Platform”).

We take the security of all Platform users’ personal data very seriously. Therefore, Lviv IT Cluster will take all necessary measures to prevent the misuse of your personal data that we will soon learn. We will process your personal data in strict accordance with the requirements of Ukraine’s current legislation, taking into account the provisions of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”), and only when there are legal grounds for such processing.

This Privacy Policy, processing, and protection of personal data (hereinafter referred to as the “Policy”) is developed based on the Law of Ukraine “On the Protection of Personal Data” and taking into account the provisions of the GDPR and applies to all information that Lviv IT Cluster may receive about the User during the latter’s use of the Platform.

This Policy explains in detail the procedure for collecting and processing personal data and is a public document developed by Lviv IT Cluster and made available in open access on the Platform. When any changes are made to the Privacy Policy, the User is considered duly notified of such changes by publishing the document in its new version on the Platform.

If Lviv IT Cluster changes the Privacy Policy that the User does not agree with, the User must cease using the Platform. Continued use of the Platform confirms the User’s agreement and acceptance of the current version of the Privacy Policy.

By using the registration form on the Platform and entering personal data, the User confirms their consent to the processing of their personal data under the proposed terms of this Privacy Policy and in accordance with Articles 6, 8, 10, and 11 of the Law of Ukraine “On the Protection of Personal Data.”

You are not obligated to provide us with personal data, but without the necessary information, we cannot register you on the Platform.

In cases where we control the ways your personal data is collected and determine the purposes for which these personal data are used, Lviv IT Cluster acts as the “data controller” in the sense of applicable European data protection legislation and the “owner of personal data” in the sense of the Law of Ukraine “On the Protection of Personal Data.”

We process your personal data if:

  • You have given consent to the processing of personal data;
  • Processing is necessary for registering you as a User of the Platform;
  • Processing is necessary for identification (verification, establishing data).

We only process the information about you that is necessary to allow you to use the Platform or the information that you voluntarily provide beyond the necessary processing.

/01

TERMS USED

1.1. Platform – a set of the CodeUA website and its elements through which Companies, via Users, gain the ability to use the means of CodeUA.

1.2. Owner and Processor of Personal Data – Lviv IT Cluster (a non-profit organization Association “Lviv Information Technology and Business Services Cluster”), which determines the purpose of personal data processing, establishes the composition of this data, and the procedure for its processing.

1.3. User – a company representative, to whom Lviv IT Cluster has granted the right to create an account and use the Platform.

1.4. Consent of the Data Subject – a voluntary declaration of will by an individual (provided they are informed) regarding the granting of permission for the processing of their personal data under the defined purpose of their processing, expressed in a form that allows for the conclusion that consent has been given.

1.5. Processing of Personal Data – any action or set of actions such as collection, registration, accumulation, storage, adaptation, alteration, updating, use, and dissemination (distribution, implementation, transfer), anonymization, destruction of personal data, including the use of information (automated) systems.

1.6. Lviv IT Cluster (a non-profit organisation Association “Lviv Information Technology and Business Services Cluster”) – the administration of the Platform, the legal entity – rights holder.

Other terms in the Policy are used in the meaning provided by the current legislation of Ukraine.

/02

MAIN PRINCIPLES OF THE PRIVACY POLICY

2.1. This Privacy Policy establishes the general requirements for processing and protecting Users’ personal data collected by the Lviv IT Cluster.

2.2. The owner and processor of the obtained personal data is the Lviv IT Cluster.

2.3. Familiarization and acceptance of the Policy terms are mandatory conditions for registration on the Platform and use of its resources.

2.4. The User’s consent to processing their data is automatically provided during registration on the Platform.

2.5. Any person who does not accept the terms of the Policy and/or disagrees with them should refrain from using the Platform.

2.6. Lviv IT Cluster stores users’ personal data for the period necessary to achieve the purposes of processing such data as specified in this Policy. Personal data may be destroyed in cases provided for by Ukraine’s current legislation and/or other applicable European legislation.

2.7. Lviv IT Cluster takes all necessary measures to protect the obtained data from unauthorised access or accidental loss, alteration, disclosure, or destruction

/03

COLLECTION AND USE OF PERSONAL DATA

3.1. The data about the User collected by Lviv IT Cluster includes:

3.1.1. Information obtained from the User during registration, including:

  • last name, first name, patronymic (if applicable);
  • phone number;
  • email address;
  • access password.

3.2. Lviv IT Cluster collects the User’s personal data for the purpose of identifying the individual, creating, and managing the account.

3.3. Lviv IT Cluster collects only the user’s personal data that is consciously and voluntarily provided to use the Platform, and that is necessary within the scope of the purpose of their processing as formulated in this Policy.

3.4. All information processed by Lviv IT Cluster is protected by special organisational and technical measures to prevent accidental loss or destruction of illegal processing, including illegal destruction or access to Users’ personal data.

3.5. Platform administrators have access only to personal data necessary for them to perform their official duties. They are prohibited from disclosing this data even after the termination of employment with Lviv IT Cluster.

3.5.1. The administration of the platform reserves the right to monitor correspondence and data exchange on the platform, including chats and private message

3.6. Deletion and destruction of personal data are carried out to exclude the possibility of further recovery of such personal data. Personal data is subject to deletion or destruction in the following cases:

  • expiration of the data storage period;
  • termination of the legal relationship between the data subject and the owner or processor (if such deletion and/or destruction does not contradict the current legislation of Ukraine);
  • issuance of the relevant order by the Commissioner of the Verkhovna Rada of Ukraine on Human Rights or the designated officials of the Secretariat;
  • a final court decision on the deletion or destruction of personal data.

/04

USER RIGHTS

4.1. The personal non-property rights to the User’s personal data are inherent and inviolable.

4.1.1. If the User is located in Ukraine, according to the Law of Ukraine “On Personal Data Protection,” they have the right to:

  • know about the sources of collection, location of their personal data, the purpose of their processing, the location or place of residence (stay) of the owner or processor of personal data, or give the relevant authorisation to obtain this information by authorised persons, except as provided by law;
  • receive information about the terms of access to personal data, including information about third parties to whom their personal data are transferred;
  • access their personal data;
  • receive, no later than thirty calendar days from the date of receipt of the request, except as provided by law, information about whether their personal data is being processed, as well as receive the content of such personal data;
  • present a reasoned demand to the Owner of personal data with a refusal to process their personal data;
  • present a reasoned demand for the modification or destruction of their personal data by any Owner or Processor of personal data if such data is processed illegally or is inaccurate;
  • protect their personal data from illegal processing and accidental loss, destruction, or damage due to deliberate concealment, non-provision or untimely provision thereof, as well as protection from providing information that is inaccurate or discredits the honour, dignity, and business reputation of an individual;
  • lodge complaints about the processing of their personal data to the Commissioner of the Verkhovna Rada of Ukraine on Human Rights or to court;
  • apply legal remedies in case of violation of legislation on personal data protection;
  • make reservations regarding the limitation of the right to process their personal data when giving consent;
  • withdraw consent to the processing of personal data;
  • know the mechanism of automatic processing of personal data;
  • protect against automated decision-making that has legal consequences for them.

4.1.2. In the case of the User being located in the European Union, under the requirements of GDPR, the User has the right to:

  • withdraw their consent to the processing of personal data if it has been given earlier;
  • demand access to their personal data and their correction or deletion (right to be forgotten);
  • restrict the processing of their personal data or object to their processing;
  • receive information about the storage period of their personal data or the criteria by which this period may be determined;
  • if personal data is transferred to a third country or to an international organisation, have the right to be informed about the appropriate guarantees for the transfer of such data;
  • receive information about the source from which their personal data originate and, in appropriate cases, whether they were obtained from publicly available sources (if personal data were not obtained from you);
  • receive personal data provided to the controller in a structured, commonly used, and machine-readable format and have the right to transmit such data to another controller without hindrance from the controller to whom the personal data was provided (right to data portability);
  • lodge a complaint with the competent supervisory authority responsible for the processing of personal data;
  • not be subject to a decision based solely on automated processing, including profiling, except in cases where it is necessary for the conclusion or performance of a contract to which you are a party.

4.2. The User has the right to withdraw consent for future processing of personal data without specifying the reason by sending a written request to the Lviv IT Cluster with the appropriate requirement if this does not contradict the current legislation of Ukraine. Such a request must contain a specific list of personal data for which consent to the processing by the Lviv IT Cluster is revoked.

4.3. The User also has the right to demand from the owner of personal data a ban on the processing of their personal data (part thereof) and/or changes to their composition/content. The owner considers such a requirement within 30 calendar days from the date of its receipt. If, as a result of the consideration, it is found that the User’s personal data (or part thereof) is processed unlawfully, Lviv IT Cluster undertakes to cease processing the User’s personal data (or part thereof), take appropriate measures to delete/destroy such personal data, and duly inform the User of the results of the consideration of the submitted requirement.

4.4. The User’s request may be sent:

  • in writing to the address: 3 Ulasa Samchuka str., Lviv, Lviv region, 79011, Ukraine.
  • or electronically by sending a letter to the email address: [email protected].

 

/05

PROVIDING ACCESS TO INFORMATION

5.1. Lviv IT Cluster does not disclose Users’ personal data to third parties except as provided by applicable Ukrainian law and the terms of this Policy.

5.2. Lviv IT Cluster has the right to transfer User’s personal data to third parties (service providers and/or partners who carry out business operations for Lviv IT Cluster (including, but not limited to, the United States Agency for International Development (USAID) and the Ministry of Digital Transformation of Ukraine), on our behalf and in accordance with our instructions (hereinafter referred to as Partners) and/or to assign their processing for the purpose of:

  • creating, operating, and managing the User’s account;
  • using the Lviv IT Cluster Platform and/or Partner services by the User;
  • responding to a request from a competent government authority if Lviv IT Cluster believes that such disclosure corresponds to the purpose of the request and the applicable law;
  • periodically sending Users informational messages, including, but not limited to: about important changes to the Platform or new opportunities, technical updates, as well as to notify about marketing events;
  • investigating suspicious, illegal, fraudulent, or other unlawful activity related to the use of the Platform;
  • statistics and analysis, which allows us to improve the quality of the Platform. At the same time, any data transmitted for statistical purposes is subject to depersonalisation to prevent the identification of specific individuals;
  • reporting a crime.

5.3. The dissemination of personal data without the User’s consent is permitted in cases provided for by applicable Ukrainian law and only in the interests of national and economic security, as well as the rights and legitimate interests of individuals.

5.4. The Platform may contain links to other websites unrelated to the Lviv IT Cluster. If the User follows a link, they will be directed to a third-party site. In such cases, Lviv IT Cluster strongly recommends that Users review the privacy policy of each third-party website they visit. Lviv IT Cluster does not control and does not assume any responsibility for the content, privacy policy, and/or actions of third-party websites or services

/06

APPLICATION OF COOKIE FILES

6.1. We use cookies to improve the functioning of the Platform and to provide certain settings for each user.

6.2. Cookies are small blocks of data temporarily stored on your computer’s hard drive or a mobile device to help you use our Platform more efficiently. Cookies do not contain any personal information about you and can be used to identify individual users. Often, a cookie contains a unique identifier, which is an anonymous number (generated randomly) and is stored on your computer. Some cookies are deleted after the end of the session with the Platform, while others remain on your computer or mobile device for a longer period.

6.3. By using our Platform, you consent to using and storing cookies on your device. You can browse our Platform without using cookies, but access to some services may be limited for you.

6.4. You can disable the storage of cookies on your device by selecting the “do not accept cookies” option in your browser settings. However, most browsers automatically accept cookies.

6.5. Additionally, you can delete cookies stored on your device anytime. Instructions for deleting cookies can be found in the browser or device manual.

/07

INTERNET TRACKING

7.1. This Platform collects and stores data for marketing and optimisation purposes using Google Analytics technology.

7.2. Our analytics system considers information from cookies, user identifiers (such as User ID), and advertising identifiers (such as DoubleClick cookies, Android advertising identifier, and IDFA for iOS). The data storage period in our Google Analytics account is 26 months. After the storage period expires, the data is automatically deleted.

7.3. DoubleClick by Google is used on our Platform. DoubleClick by Google uses cookies to provide visitors with relevant advertisements. A cookie ID is assigned to the user’s browser to record advertisements already delivered to the respective browser. The DoubleClick cookie allows Google websites and the company’s partners to display advertisements based on visitors who have visited this or other websites.

7.4. Additionally, Google Remarketing technology is used on our Platform to display targeted ads to users when they visit other websites based on their past use of our Platform. This enables us to tailor advertising messages to users based on their interactions with our Platform.

/08

SOCIAL MEDIA PLUGINS USAGE

8.1. The technical setup of the pages on our Platform includes social media plugins, which are managed from the servers of these networks.

8.2. These plugins may be “Like” or similar buttons. When you visit one of the web pages of the Platform equipped with such a plugin, your Internet browser will directly connect you to the servers of the respective social network, and the plugin registered through your browser will be displayed on the screen. The plugin will transmit to the respective social network data server about which specific web pages of the Platform you visited. If you have an account with the corresponding social network and you are logged in under your account while visiting our web page, this social network will link this information to your account.

8.3. If you use any of the plugin’s functions (such as clicking the “Like” button or commenting), this information will also be synchronized with your account on the respective social network.

8.4. For more detailed information about the collection and use of data by social networks, as well as about the rights and options for protecting personal data in this context, you can find in the section on personal data protection on the website of the respective social network.

8.5. Before visiting our Platform, you need to log out of your account on the respective social network to avoid linking social networks to our Platform and further linking this information to your account.

/09

USAGE OF EMBEDDED MODULES IN SOCIAL NETWORKS

9.1. Our Platform allows for the embedding of modules (“embedded modules”) for social networks. Social network providers provide the relevant services.

9.2. The respective providers manage social networks. Follow the relevant links on the providers’ websites to view screen buttons and their appearance.

9.3. To increase the protection level of your data when visiting the Platform, these embedded modules function as buttons activated by double-clicking the mouse. This form of embedding implies that when you visit any page of the Platform containing such embedded modules, you will not be automatically connected to the providers’ servers. Only if you activate the embedded module and allow data transmission will the browser establish a direct connection to the providers’ servers. The content of various embedded modules is transmitted directly to your browser by the respective provider and displayed on your computer screen.

9.4. The embedded module informs the provider which page of the Platform you have accessed. If, while viewing the Platform, you are logged into a social network under your account, the respective provider may select information according to your interests, i.e., information you view under your account. If you use any function of the embedded module (such as the “Like” button or posting a comment), this information will also be transmitted by the browser directly to the provider for storage.

9.5. Additional information regarding the collection and use of data by social networks, as well as rights and options for protecting your confidentiality in these circumstances, can be found in the data protection/privacy recommendations issued by social network providers. To avoid connecting to social network accounts when visiting the Platform, you should disconnect from the relevant account before visiting the Platform.

If you have any questions about the terms of the Privacy Policy, please contact us by email at: [email protected].