CONFIDENTIALITY AND PERSONAL DATA PROTECTION POLICY

This Confidentiality and Personal Data Protection Policy (hereinafter referred to as the “Confidentiality Policy”) has been developed by BALBEK LIMITED LIABILITY COMPANY (identification code in the Unified State Register of Legal Entities, Individual Entrepreneurs, and Public Organizations – 41861200, located at: 86 “П”, Kazymyra Malevycha St., Office 107, Kyiv, 03150, Ukraine, hereinafter referred to as the “Company”).

The Confidentiality Policy shall establish the procedure for obtaining, collecting, accumulating, storing, processing, using, ensuring the protection of, and disclosing personal data through the Company’s website https://www.balbek.com (hereinafter referred to as the “Website”) and shall apply to all information that the Company may receive about you as a user (hereinafter referred to as the “User”) during the use of the Website.

Please carefully review the Confidentiality Policy and its provisions if you wish to use the features and technical capabilities of the Website.

By using the Website, the User shall confirm their explicit and unconditional agreement with this Confidentiality Policy and the terms of processing the User’s personal data. In case of disagreement with the terms of the Confidentiality Policy, the User shall immediately cease using the Website.

1. Terms and Definitions

In this Confidentiality Policy, the following terms shall have the following meanings:

Authorized Persons – contractors of the Website Administration who are granted access to personal data.

Cookies – a small piece of data (text file) that the Website stores on the User’s electronic device (computer, phone, tablet, etc.) when they visit the Website. 

Data Subject – an individual whose personal data are processed. 

Mailing – electronic, text, and/or multimedia messages sent to an email address with a commercial and/or non-commercial offer from the Website Administration and/or third parties. 

Personal Data – information or a set of information about an individual who is identified or can be specifically identified. 

Personal Data Controller – an individual or legal entity that defines the purpose of processing personal data, establishes the scope of such data and the procedures for its processing, unless otherwise specified by law.

Personal Data Processor – an individual or legal entity authorized by the Personal Data Owner or by law to process these data on behalf of the Owner.

User – any individual who has access to the Website and uses it via the Internet.

Website – a set of software, informational, and other tools logically interconnected and available on the Internet at: https://www.balbek.com. 

The specified terms shall have the same meaning when used in both singular and plural forms, as well as when written in uppercase or lowercase letters. Other terms used in this Confidentiality Policy shall be defined in accordance with the norms of the applicable legislation of Ukraine, and in the absence of a legislative definition, they shall have their generally accepted meaning or be defined by the rules of business practice.

2. General Provisions

2.1. This Confidentiality Policy has been developed in accordance with the Law of Ukraine On the Protection of Personal Data dated June 1, 2010, No. 2297-VI, and further aligned with the principles and provisions set forth in Regulation (EU) 2016/679 of the European Parliament and Council, dated April 27, 2016, regarding the protection of natural persons with respect to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR). 

2.2. The management of the Website shall be carried out by the Company (hereinafter referred to as the “Website Administration” or “Administration”). Management functions may also be delegated to other authorized persons. The Website Administration shall serve as both the processor and controller of personal data, as defined under the GDPR.

2.3. The provisions of this Confidentiality Policy shall apply exclusively to the Website.

2.4. The Website Administration shall not oversee or bear responsibility for personal data operations conducted through services that enable the full functionality of the Website, including messengers and other communication tools facilitating interaction between the Administration and Website users. Furthermore, the Website Administration shall neither control nor bear responsibility for any third-party websites that the User may access via links provided on the Website.

2.5. The Website Administration shall reserve the right to modify or amend this Confidentiality Policy as necessary, including, but not limited to, any alterations to the methods, procedures, and/or purposes related to the collection, processing, use, or storage of personal data obtained by the Administration

2.6. The Confidentiality Policy shall be deemed valid in the version and under the terms in effect at the time the User accepts its provisions.

3. Subject of the Confidentiality Policy and Composition of Personal Data

3.1. This Confidentiality Policy imposes an obligation upon the Website Administration and Authorized Persons to maintain confidentiality and ensure the protection of Users’ personal data.

3.2. The Confidentiality Policy establishes the purpose(s) and legal grounds for processing personal data, the categories of personal data subjects, the composition of personal data, the procedures for processing personal data and cookies (for which the User of the Website has provided consent), as well as the procedure for distributing communications to Users.

3.3. The personal data permitted for processing under this Confidentiality Policy shall be provided by the User through the following means:

  • registration forms – by completing forms provided by the User to receive feedback and subscribe to newsletters;

  • email – by receiving/sending electronic messages in interactions with the Administration or Authorized Persons;

  • other sources – including, but not limited to, social networks (e.g., Telegram, Instagram, Facebook), marketing research, and publicly accessible sources, through which the Website Administration or Authorized Persons may gain access to personal data.

3.4. The Administration shall collect only those personal data that the User knowingly and voluntarily provides for the purpose of utilizing the resources and functionalities of the Website and/or for communication with the Administration or Authorized Persons.

3.5. When the User utilizes any of the sources specified in this Policy, the processing of their personal data shall include, but may not be limited to, the following:

  • the User’s last name and first name;

  • the User’s contact phone number; 

  • the User’s email address;

  • other confidential information about the User or User’s contacts, additionally provided by the User (including, but not limited to, information related to education, place of work, professional experience, place of residence, marital status, etc.).

3.6. The Website Administration shall refrain from collecting data whose collection is restricted and/or prohibited under the Law of Ukraine On the Protection of Personal Data, and shall not process personal data that pose a special risk to the rights and freedoms of data subjects.

3.7. The Website Administration shall not verify the accuracy of personal data provided by the User.

3.8. In addition to the data specified in Section 3.5 of this Confidentiality Policy, the Website Administration reserves the right to automatically collect cookies.

3.9. Any other personal or confidential information not specified above shall be securely stored and not disclosed, except in cases provided for in Sections 7.5 – 7.6 of this Confidentiality Policy.

4. Composition and Processing of Cookies

4.1. The Website Administration uses web analytics services (Google Console, Google Analytics, Hotjar, Meta Pixel, LinkedIn Pixel) and advertising services for the Website (Google Ads, Meta Business Manager, and LinkedIn Ads). The Administration also collects its own session Cookies exclusively for tracking Website visit statistics and optimizing and tailoring the Website to align with each User’s interests.

4.2. The web analytics and advertising services employed by the Website use Cookies, which are stored on the User’s electronic device to facilitate the analysis of Website usage and record information about the User’s online behavior. Cookies do not harm the User’s electronic device and do not contain viruses.

4.3. Cookies may collect the following information:

  • IP addresses of the User’s electronic device (computer, phone, tablet, etc.)

  • information on Cookies data stored in the User’s browser;

  • information about the User’s electronic devices (computers, phones, tablets, etc.);

  • information about the User’s browser, including name, version, etc.;

  • access time and duration of visits to the Website;

  • URLs of the Website pages viewed by the User;

  • URLs of previous pages from which the User accessed the Website;

  • language settings of the User’s browser.

4.4. This Confidentiality Policy provides for the processing of "session" and "persistent" Cookies:

  • “Session” Cookies are temporary and are stored only until the end of the browser session;

  • “Persistent” Cookies remain on the User’s electronic device or storage media until the User deletes them; 

4.5. Information about the User’s use of the Website, generated by Cookies from web analytics and advertising services, is transmitted to and stored on the servers of the specified services. These services shall use this information to evaluate the User’s engagement with the Website, compile reports on Website activity, and provide other services to the Website Administration related to Website operations and Internet usage. The IP address transmitted from the User’s browser in connection with these services shall not be combined with any other data held by such services.

4.6. The Website Administration may process:

  • essential Cookies, which are necessary to make the Website functional by enabling core functions such as page navigation and access to secure areas of the Website. The Website cannot operate properly without these Cookies;

  • statistical Cookies, which assist the Website Administration in understanding how visitors interact with the Website by collecting and anonymously reporting data;

  • marketing Cookies, which are used to track Website Users. The purpose of these Cookies is to display advertisements that are relevant and engaging to individual Users, thereby increasing their value to advertisers.

4.7. The User reserves the right to refuse the use of Cookies by adjusting the appropriate settings in their browser software or by sending a request via email to the Website Administration. In the event that the User refuses to allow the processing of Cookies, certain functions of the Website may not be fully accessible to the User.

5. Purpose of Personal Data Processing

5.1. The processing of personal data under this Confidentiality Policy shall be conducted for the purpose of providing the User with appropriate access to the resources and functionalities of the Website, specifically:

  • enabling access to information available on the Website; 

  • facilitating communication with the User through their preferred method (via phone, email, or messaging apps linked to a phone number), including processing requests and inquiries from the User;

  • delivering individualized proposals and information tailored to the User’s interests and needs;

  • providing the User with effective customer and technical support in connection with any issues arising from the use of the Website;

  • distributing newsletters to the User’s email address, subject to the additional consent of the data subject;

  • delivering technical support to the User in case of any issues related to Website functionality; 

  • monitoring Website performance and load;

  • analyzing the effectiveness of advertising campaigns directed at the Website; 

  • conducting statistical and other research based on anonymized data.

5.2. The User’s personal data may also be used for other purposes not specified in this Confidentiality Policy if necessary to fulfill the obligations of the Website Administration and Authorized Persons.

6. Grounds for Personal Data Processing

6.1. The legal basis for processing personal data is the explicit and unconditional consent of the User to the processing of their personal data.

6.2. Only individuals who have attained full civil capacity in accordance with the applicable legislation of their country of citizenship shall have the right to act as data subjects and provide consent for the processing of their personal data. In cases where an individual lacks the necessary capacity to provide such consent, consent for the processing of their personal data shall be given by their legal representatives (parents, guardians, custodians, or adoptive parents).

6.3. Consent to the processing of personal data is provided by the User through the submission of their personal data while communicating with the Administration and/or Authorized Persons via the Website, mobile communication means, or email.

6.4. Consent to the processing of Cookies shall be granted by the User through the selection of the appropriate permission checkbox in the pop-up window.

6.5. Consent to receive mailings shall be provided by the User through the selection of the informed consent checkbox in the designated window.

6.6. The Website does not permit the processing of the User’s personal data until such data has been submitted by the User.

6.7. By providing consent to the processing of personal data in the manner outlined in this section of the Confidentiality Policy, the User fully and unconditionally agrees to all provisions of this Confidentiality Policy. The User thereby consents to the Website Administration’s collection, organization, accumulation, storage, clarification (updating, correction), use, distribution, anonymization, blocking, and destruction of their personal data.

6.8. Should the User withhold consent to the processing of their personal data in accordance with Section 6.3 of this Confidentiality Policy, the User shall be unable to utilize the resources and technical features of the Website

7. Procedure for Personal Data Processing

7.1. The collected personal data shall be stored in the respective database, maintained in electronic form on the Internet through the technical capabilities of the CRM system Monday.

7.2. The processing of the User’s personal data shall be conducted without time limitations, by any lawful means, including within information systems for personal data with or without the use of automation tools.

7.3. Personal data shall be stored in the personal data database in electronic form within the jurisdiction of Ukraine.

7.4. The Website Administration shall use personal data for the purposes set forth in Section 5 of this Confidentiality Policy

7.5. The Website Administration shall process personal data through automated processing, either independently or with the engagement of third parties providing services or performing duties on behalf of the Website Administration, including business analytics, customer service, marketing, and survey conduction.

7.6. By continuing to use the Website, the User automatically consents to the Website Administration’s right to transfer personal data to third parties solely for the purposes specified above.

7.7. The Website Administration, utilizing an automated system, shall maintain records of transactions related to the processing of the data subject’s personal data and shall retain such records for a period of three (3) years from the date of the transaction.

8. Procedure for Processing Personal Data for Marketing Purposes

8.1. The Website Administration may send electronic, text, and/or multimedia messages to the data subject’s email address with commercial and/or non-commercial offers from the Administration and/or third parties.

8.2. The purpose of such mailings shall be to inform the data subject about the Website Administration’s products, projects, services, events, as well as those of its partners or third parties. Additionally, mailings may include anonymous surveys aimed at gathering opinions on products, services, events, etc.

8.3. The data subject shall provide additional consent for the Website Administration to conduct mailings by marking the relevant checkbox, thereby affirming their agreement with the terms for personal data processing as specified in this Confidentiality Policy and providing informed consent to receive mailings.

8.4. The data subject retains the right to unsubscribe from mailings at any time by adjusting their preferences via the link provided in each email or by submitting a free-form request to the Website Administration’s designated email to opt out the receiving mailings.

9. Protection of Personal Data

9.1. The Website Administration shall undertake necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, dissemination, and other unlawful actions by third parties.

9.2. In the event of a data breach or unlawful distribution of personal data caused by third parties, the Administration shall promptly, upon detecting such a breach and/or unlawful distribution, notify the data subjects by sending an email notification to the data subject’s designated email address.

9.3. CRM systems in which personal data is stored shall operate in accordance with internal regulations to ensure the security of personal data.

9.4. The User’s personal data may be disclosed to authorized state and judicial authorities only upon the existence of lawful grounds and a corresponding request.

9.5. The Website Administration, in cooperation with the User, shall take all necessary measures to prevent any damage or other adverse consequences resulting from the loss or unauthorized disclosure of the User’s personal data.

10. Rights and Obligations of the Data Subject

10.1. The data subject shall have the following rights:

  • to be informed of the sources of collection, the location of their personal data, the purpose of its processing, and the location or place of residence (stay) of the controller or processor of personal data, or to issue an appropriate authorization for obtaining such information to authorized representatives, except in cases provided by law;

  • to receive information about the conditions of access to personal data, including information about third parties to whom their personal data is transferred;

  • to access their personal data;

  • to receive a response within 30 (thirty) calendar days from the date of the request, except as otherwise provided by law, indicating whether their personal data is being processed and, if so to obtain the content of such personal data;

  • to submit a reasoned request to the personal data controller objecting to the processing of their personal data;

  • to submit a reasoned request for the alteration or destruction of their personal data by any controller or processor of personal data if such data is processed unlawfully or is inaccurate;

  • to protect their personal data from unlawful processing and accidental loss, destruction, damage, or concealment, delay, or non-provision, or provision in a delayed manner, as well as to protect against information that is inaccurate or that may harm the honor, dignity, or business reputation of an individual;

  • to file complaints regarding the processing of their personal data with the Ukrainian Parliament Commissioner for Human Rights or through judicial proceedings;

  • to apply legal remedies in cases of violations of personal data protection legislation;

  • to include reservations regarding restrictions on the right to process their personal data at the time of granting consent;

  • to withdraw consent for the processing of personal data; 

  • to be informed of the mechanisms for automated processing of personal data;

  • to be protected from automated decision-making that has legal consequences for them.

10.2. To exercise their rights, the User shall submit a scanned copy of a reasoned written request to the Website Administration’s email address from the email address specified by the User in the feedback form or when subscribing to the mailing list.

10.3. Users may appeal against actions or inactions of the Website Administration: 

  • under the legislation of Ukraine – to the Ukrainian Parliament Commissioner for Human Rights or through judicial proceedings; 

  • under the legislation of European Union member states – to the authorized data protection authority of the country of which the data subject is a citizen. 

10.4. The data subject is obligated to: 

10.4.1. Comply with the provisions of this Confidentiality Policy.

10.4.2. Notify the Website Administration in accordance with this Confidentiality Policy in the event of any changes to the personal data for which they have provided processing consent.

11. Rights and Obligations of the Website Administration

11.1. The Website Administration reserves the right to make changes to this Confidentiality Policy, publish the updated version on the Website with the date of its update, and is not obligated to inform the data subject of such changes, except as provided in this Confidentiality Policy.

11.2. The Website Administration shall be obligated to: 

  • use any received information solely for the purposes specified in Section 5 of this Confidentiality Policy;

  • ensure the confidentiality and security of the User’s personal data;

  • uphold the rights of the data subject;

  • implement necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, dissemination, and other unlawful actions by third parties;

  • refrain from disclosing, selling, exchanging, publishing, or otherwise revealing the User’s personal data without prior written consent from the User, except as specified in Sections 7.5-7.6 of this Confidentiality Policy;

  • fulfill all obligations imposed on the Website Administration by this Confidentiality Policy.

12. Conditions and Procedures for Changing, Deleting, or Destroying Personal Data

12.1. Amendments to Personal Data:

12.1.1. Grounds for amending personal data shall be a reasoned written request by the data subject, sent to the Website Administration’s email address from the email address specified by the User in the form or provided to Authorized Persons on the Website

12.1.2. The Website Administration shall review the content of the data subject’s request.

12.1.3. Amendments shall be promptly made to the personal data database once any discrepancies are confirmed in accordance with the stated requirements. 

12.2. Deletion and Destruction of Personal Data

12.3. Grounds for the deletion and destruction of personal data include: 

  • withdrawal of consent for the processing of personal data, meaning the data subject objects to the processing of their personal data by submitting a reasoned written request as specified in this Confidentiality Policy. 

  • expiration of the data processing period as specified in this Confidentiality Policy.

12.3.1. The Website Administration shall inform the data subject of the consequences of withdrawing consent.

12.3.2. The Website Administration shall delete or destroy personal data without undue delay.

12.4. In cases where personal data is deleted or destroyed as a result of the withdrawal of consent for data processing, the Administration reserves the right to deny the User access to the Website.

12.5. The Website Administration shall notify the data subject of any changes, deletion, or destruction of personal data within ten (10) business days

.

13. Liability of the Parties

13.1. The Website Administration shall be liable for damages incurred by the User due to the unlawful use of personal data, except in cases provided for in this section.

13.2. In the event of loss or disclosure of personal data, the Website Administration shall not be held liable if such personal data:

  • was public at the time of its loss or disclosure;

  • was obtained from a third party prior to its receipt by the Website Administration; 

  • was disclosed with the User’s consent.

14. Dispute Resolution

14.1. The User and the Website Administration shall resolve all disputes and disagreements arising from relationships covered by this Confidentiality Policy through negotiations. 

14.2. If an agreement cannot be reached, the dispute shall be submitted for consideration to the judicial authorities in accordance with applicable procedural law.

15. Final Provisions

15.1. The Website Administration reserves the right to amend this Confidentiality Policy without the consent or notification of the User, except in cases provided for in this Confidentiality Policy.

15.2. The new Confidentiality Policy shall take effect upon its posting on the Website unless otherwise provided by the new version of the Confidentiality Policy

15.3. This Confidentiality Policy is available on the Website at https://www.balbek.com.

15.4. All suggestions or questions regarding this Confidentiality Policy should be directed to the contact information provided on the Website.

15.5 The text of the Confidentiality Policy is presented in the Ukrainian language.





COMMUNICATION WITH THE ADMINISTRATION

BALBEK LLC 
EDRPOU Code 41861200
Address: 86 “П” Kazymyra Malevycha St., Office 107, Kyiv 03150, Ukraine 


To receive feedback from the Website Administration, the User may:

  • submit a request through the feedback form, or

  • send a request to the Website Administration’s email: hello@balbek.com