Last updated: 5.06.2023
Finevolution – Personal employee Nataliia Haikalova, incorporated under the laws of Ukraine, located at Ukraine, Kyiv, st. Shota Rustaveli, 16, office. 808 (“we”, “us”, “our”, “Company”) cares for your privacy and therefore provides you with information about your personal data. On this page, you can learn about what information about you we collect while you interact with our Company, what for and how it is used, stored, disclosed etc.
- disclosure by transmission,
- dissemination or otherwise making available,
- alignment or combination,
- erasure or destruction
The Company is a data controller in relation to your personal data.
When accessing this website, you can be our visitor or client (collectively “user”):
- You are a visitor when you merely surf this website;
- You are a client, prospective client or client’s representative (“client”) when you submit your contact details through our social media accounts, email, website’s Contact Us form or telephone call to leave an inquiry (so we could contact you back). We also may obtain some client’ personal data during business meetings with our clients or clients’ representatives;
When you submit your personal data as a client or an applicant through our Site, you may be asked to consent to some kind of processing of your personal data as explained in this Policy to enable us to provide you with the information or service requested, if no other legal ground can be used.
- “data controller” means the natural or legal person who determines the purposes for which and the manner in which any personal data is processed
- “data processor” means the natural or legal person who processes personal data on behalf of the data controller
- “data subject” is any living individual who is using our Site.
- “personal data” means any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc.
- “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We collect the information through the Site and our social media and process it as a data controller.
We use your personal data we collected through the Site only for the purposes listed in this Policy. We may share your personal data with third parties solely for purposes listed herein.
We do not sell your data.
We do NOT use automated decision-making and profiling that produces legal or similarly significant effects.
Personal Data We Collect
Type of personal data
Third Parties recipients
To provide answers to the requests submitted through the “HAVE QUESTIONS?? WRITE TO US!” form on the website or our accounts in the social networks or messengers
Contact Information: name, email address, message information or other information you may provide to us.
Consent (if you allow us to send you marketing emails)
Site, email, telephone call, social media accounts, messenger accounts, etc. at the discretion of the user
To send you newsletters and other marketing materials
Contact information: email (through the webform placed in the footer side of the website)
(can be withdrawn by clicking “unsubscribe” link in the email)
Mailchimp or direct emails from firstname.lastname@example.org
Website, offline events, other sources at the discretion of the user
To help the Company develop and improve our services and functionality of the website
IP address, Unique Session ID, operating system, browser ID and other information about your device and connection;
usage data: time spent on the site, location, language, gender, age, preferneces, pages visited, links clicked and the pages that led or referred the users to Site, date and time, and other diagnostic data..
Your consent (Article 6(1)(a))
Legitimate interest (necessary cookies)
- to recognize your device and settings;
- to define you as a unique user;
- to analyze your usage of the Site to improve our services;
- to ensure the functionality of the Site;
- to prevent fraud;
- for marketing purposes.
We use four types of cookies:
- Necessary cookies
- Preferential cookies
- Statistical cookies
- Marketing cookies.
You may advise yourself with the detailed information on the categories of cookies we use here.
Grounds for processing
We collect and process your personal data in accordance with the provisions of the GDPR.
GDPR provides an exclusive list of lawful bases allowing us to process your personal data. During personal data processing we rely only on four of them, namely:
- Article 6.1(a): consent
We collect the information you choose to give us, and we process it under your consent. We require the minimum amount of your personal data that is necessary to notify you about our services and products (for example, send you a newsletter or offer).
You may withdraw your consent to the processing of your personal data at any time by clicking the “unsubscribe” link in the email you receive from us or by writing to us with a data subject request. You may withdraw the consent to processing of your personal data by sending us an email at email@example.com or by contacting us in any other way convenient for you.
- Article 6.1(f): legitimate interests
We process your personal data to prevent any fraudulent actions and to provide you with the desired services. Also, we need some data to enable our Site to run smoothly and give you pleasant user experience. We use only strictly necessary data under this legal ground.
- Article 6.1(b): performance of a contract
When you use the «HAVE QUESTIONS?? WRITE TO US!» form to get in contact with us to discuss our services you are interested in, this can be deemed the request of you to form a contract. However, we may ask you to give us a clear consent in case of doubt.
- Article 6.1(c): legal obligation
We may process some of your personal data to fulfil the applicable legal obligations arising mainly from the GDPR. In the event of you sending us the request to fulfil the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.
Data Security, Integrity and Retention
We store the data you have provided us via the «HAVE QUESTIONS?? WRITE TO US!» form, email, telephone call for 365 days.
Your messages left within the social media platforms will be kept visible as long as the privacy policies of these platforms promise you.
We store and process your personal data until we do not need it for any of the purposes defined in this policy, unless longer storage is required or expressly permitted by law.
You may send us a data subject request via email at firstname.lastname@example.org. We may not delete or anonymize your data if we are compelled to keep it under Article 30 of the GDPR and other applicable law, including national laws.
We have implemented appropriate organisational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods. We do not share your personal data with third parties unless we have a joint controllers or controller-processor relationship established or a direct instruction from you or a data controller.
Data Sharing and Disclosure
Sharing personal data with other data controllers
We may share and disclose your personal data to other data controllers if we have a joint controllership over your data or we act as a processor while processing your data. There are a few controllers we work with (please note that the social network companies become joint controllers when you decide to share your data with us using their products or share our materials using their buttons): Instagram, Facebook, LinkedIn, Telegram, Viber, Youtube
Sharing personal data with data processors
There are many features necessary to provide you with our services that we can not complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services. We have established supplier assessment procedures to ensure we choose trusted partners who provide appropriate security measures and safeguards.
Therefore, we may share and disclose your personal data to other data processors:
- Analytics provider: Google Analytics, Hotjar.
- Consent management: Cookiebot.
- GTM – Google Tag Manager
- Google Adwords
- Subcontractors engaged by you or us to provide a particular service (e.g., tech experts, forensics specialists, etc.).
- Information security service providers and tools.
- Auditors, legal professionals, accountants, other professionals.
- CRM services (including KeyCRM).
Transferring your personal data outside of the European Economic Area
For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA under Article 46 of the GDPR with the appropriate safeguards, including the standard contractual clauses (SCC) adopted by the Commission.
We disclose your personal data to the countries outside the EU and the EEA, in compliance with the standard contractual clauses (SCC) approved by the European Commission in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons. We put supplementary measures in place when transferring data outside the EU and the EEA, where appropriate.
You may exercise the following rights by submitting your request at email@example.com.
Rights under the GDPR
- right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
- right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data.
- right to erasure (to be “forgotten”) means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws.
- right to restriction of processing means that you may ask us to restrict processing where:
- your personal data is not correct or is outdated;
- the processing is unlawful.
- right to object to the processing means that you may raise objections on grounds relating to your particular situation;
- right to data portability means that you may ask us to transfer a copy of your personal data to another organisation or to you;
- right to withdraw the consent when your personal data processed upon in (see section Grounds for processing).
- right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data.
You may submit the complaint to the supervisory authority of your place of residence within the EU or to the data protection authority stated in this Policy.
This Policy may be changed from time to time due to the implementation of new technologies, laws’ requirements or for other purposes. We will send notice to you if these changes are dramatic and where required by applicable laws, we will obtain your consent. Also, we encourage you to regularly review this Policy to check for any changes.
Such notification may be provided via your email address, post in our social media accounts or announcement on the Site and/or by other means, consistent with applicable law.
If you have any issues concerning the usage of our Site, please do not hesitate to contact us through the channels listed on the Contacts page.
Subject to your consent, we may record our conversations via the phone to ensure that we are able to register your request and fulfill your request in full. We won’t use this personal data for any other purpose except compliance with the obligations imposed by the GDPR and will delete them as soon as your request is fulfilled.