Cases Ukraine Limited Liability Company (“CASES” or “We”) has created this Privacy Notice to ensure that individuals (“You” and “User”) using the Site understand how we process personal data.
This Privacy Notice consists of the following sections:
- Who We Are — In this section, you can find information about our company and our hosting provider.
- Terminology We Use — Here, you can learn about the terms used in this Privacy Notice.
- What Personal Data We Process — In this section, You can read about how personal data is processed, the goals of processing, etc.
- Which processors handle personal data on Our behalf — This section provides information about Our Processors.
- Our processing of personal data in specific situations — in this section, You can read information about processing via marketing, changes in Our corporate structure and how We want to sell it.
- How and with whom do We share personal data — This section explains the recipients of personal data, including our processors, co-controllers, and third parties.
- Your rights — Learn about your rights as a data subject in this section.
- Protecting personal data — This section details the measures applied to safeguard Your personal data.
- Our response to a data breach — This section outlines the actions We will take in the event of a data breach.
- Inquiries and complaints — This section provides information on how You can ask Us or the ICO questions or make a complaint.
- Deleting personal data — This section provides information on quickly removing Your data.
- Miscellaneous — This section contains information about how We update this Privacy Notice, etc.
We will now provide detailed information about each section.
Who We Are
Our company “Cases Ukraine” LLC has the legal address 01133, Kyiv, Lesi Ukrainki Boulevard, building 19, apt. 37. Our Unified State Register code (USR) is 45332483. Our website: https://cases.media/. Our email: email@example.com.
Terminology We Use
- Business address: The address of the actual location of the office of the company.
- Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, signifies agreement to the processing of personal data relating to him or her.
- Controller: The individual or legal person (and others) who determines the purposes and means of processing. CASES is a Controller.
- Co-controller: An individual or legal person (and others) who, together with another Controller, determines the purposes and means of processing.
- Company number: Any alphanumeric code obtained by a legal person after registration.
- Data Protection Authority: A public organization or governmental body that protects data subjects from unlawful processing.
- Data Subject: The individual, whose personal data is processed.
- Hosting Provider: The individual or legal person, who provides services or resources for placing websites on a server that constantly has access to the network.
- ICO Registration Code: An alphanumeric identifier issued by the ICO upon registration of a company that automatically processes personal data.
- Legal Address: The address of registration of the legal person.
- Legal Ground for Processing: One of the legally defined grounds permitting the processing of personal data.
- Personal Data: Any information relating to an identified or identifiable individual.
- Personal Data Breach: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that is transmitted, stored, or otherwise processed.
- Processing: Any action or set of actions with personal data.
- Processor: An individual or legal person who processes personal data on behalf of the Controller.
- Profiling: Any form of automated processing of personal data that consists of the use of personal data to evaluate certain personal aspects relating to an individual to analyze or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
- Third-Party: Any person, excluding the data subject, Controller, Processor, Data Protection Authority, and Co-controllers, to whom the Controller or Processor transfers personal data.
What Personal Data We Process
CASES processes the data obtained from You, primarily based on the Terms & Conditions (Agreement) governing Your use of the account on Our Site. This processing occurs during Your use of the account and for 1 year after deletion, aiming to provide You with services, promote Us, and enhance Our Site and business.
The types of personal data we process include:
- Name and surname
- Contact information
- Account and interest settings
- Information from cases, news, and articles
- Information from curriculum vitae, job, and project announcements
- Payment information
- Learning information
- Data from your devices
- Data from activity on the website and our social network accounts.
- Data Processing: We process personal data obtained from you primarily based on the contract with you, the Terms & Conditions (in most cases) during your use of the account on our website, and for 1 year after You have deleted it. When you log in to our website, we process your personal data based on a legitimate interest to provide access to our site and improve it.
- Data Storage: We store Your personal data on servers worldwide.
- Other processing: CASES does not use profiling on all users and does not process the personal data of individuals under 13 years old.
|User logs in on the website||IP address, Login time, Browser and its version, Screen size, etc|
|Account Registration via Email||Name, Surname, Email|
|Account Registration via Facebook OAuth 2||Name, Surname, Email, Photos|
|Account Settings||Gender, Country, City, Internal name on the website, Description about yourself, Phone number, Links to messengers and social networks, User photo, Cases related to the company worked for|
|Interest Settings||Preferences for news feed, articles, cases, etc.|
|Business Account Registration||Name, Surname, Email, Company name, Field of activity, Website|
|Publication of Articles, News, and Cases||Content of the article, Publication date, Creation date of the draft, Update dates, Authors, Client associations, Awards|
|User Comments and Reactions||Publication date, Comment content, Author, Edited status, Type of reaction|
|Registration for the course||Includes the date of registration and information from the user account|
|Course evaluation||Involves the review date, a rating scale from 1 to 5 stars, an optional text review, and the reviewer's identity|
|Users online in the course||Provides a link to the user's platform profile, their avatar, and the name registered in the system.|
|Examination of educational works||Covers file content, links to external resources, submission dates, attempt numbers, and system reviewers' assessments. Reviewers evaluate the work based on performance criteria, add comments, award stars for excellent work, or reject submissions. After assessment, students receive scores on a 100-point scale.|
|Reviewing educational works||Similar to the examination process, reviewers assess work based on performance criteria, add comments, assign stars for excellent submissions, or reject work that doesn't meet standards.|
|Getting marks for passing the course||Recognition of performance in completing course requirements.|
|Obtaining a certificate||The certificate maintains a comprehensive academic record, including the total points earned by the student throughout the course and per module. Additionally, the student's submitted works (where applicable) are stored. Note: There are no student works in theoretical courses. Each certificate has its dedicated page for student reference.|
|Placement of employer vacancies in Telegram||Involves collecting name, surname, email, company name, field of activity, phone number, job description, contacts, etc., for job listings.|
|Application for receiving services from other users||Requires name, phone, email, company name, and brief material details.|
|Payment for services||Involves recording transaction details such as amount, date, currency, user's bank, card type, country of the card bank, potentially phone number, payer's name, product, action ID, and tracking the user's source (UTM-mark).|
|Subscribe to social networks||Includes profile (username, nickname), and associated public data.|
|Introduction to the Creative Practice community on Discord||Includes username, assigned channel, and profile avatar.|
|Technical support service operations||Encompasses all data from individual and business user profiles.|
|Contacting Support||Requires first name, last name, username, phone, email, and other necessary details.|
|Contact on personal data issues||Involves collecting all necessary data for subject identification.|
Which processors handle personal data on Our behalf
CASES has a wide range of processors for various purposes:
- Google LLC. Google Workspace and Google Analytics;
- Meta Platforms Inc. Meta Business Suite, Instagram, Facebook, and Facebook Oauth 2;
- Telegram Messenger Inc. Telegram;
- Discord Netherlands BV. Discord;
- Asana, Inc. Asana;
- Slack Technologies LLC. Slack;
- Digital Ocean LLC. Digital Ocean;
- JSC Privat Bank. LiqPay;
- Citrix Systems, Inc. Podio;
- Juscutum Attorneys Associations. Legal and accountant services;
- Also, We may share Your personal data with any Processors when it is necessary to provide services to You or for our business.
|Processor||Software||Goal of use||Privacy Notice|
|Google LLC||Google Workspace||Creating company domain email, managing document workflows, and creating forms||Link|
|Google Analytics||Analyzing user experience on the website||Link|
|Google Search Engine||Marketing efforts||Link|
|Meta Platforms, Inc.||Meta Business Suite||Analyzing user experience on the website||Link|
|Communication and marketing initiatives with users||Link|
|Communication with you and marketing||Link|
|Facebook Oauth 2||Facilitating user registrations on the website||Link|
|Telegram Messenger Inc.||Telegram||Communication, marketing, and service provision||Link|
|Discord Netherlands BV||Discord||Communication, marketing, and service provision||Link|
|Slack Technologies LLC||Slack||Internal communications||Link|
|Asana, Inc.||Asana||Task management||Link|
|Digital Ocean LLC||Digital Ocean||Hosting services for our website||Link|
|JSC Privat Bank||Liq Pay||Payment processing||Link|
|Citrix Systems, Inc.||Podio||Customer Relationship Management (CRM)||Link|
|Juscutum Attorneys Associations||-||Legal and accounting services||Link|
|We may share your personal data with any processors when it is necessary to provide services to you or for our business.|
Our processing of personal data in specific situations
CASES processes Your personal data in specific situations:
- Direct marketing: We'll send emails, SMS, push messages, and make phone calls only if You provide consent or request them.
- Advertisement on the Website: CASES displays ads on Our Site based on promoting Our services and business earnings legitimately. Additionally, this may occur with Your consent granted to external entities like Google AdSense or Facebook Network Audience.
- Targeting marketing: We use Co-controller services for targeted marketing based on Your consent. This includes platforms such as social networks, search engines, websites, and mobile apps.
- Data Used for Targeted Marketing: CASES may utilize the following personal data for targeting:
- Full name
- Gender, marital status, age
- Registration address and residential address
- Contact information linked to social networks and messengers
- Details about friends and contacts
- Physical and email addresses
- Work information
- Search history and preferences
- User reactions
- Account information
- Other relevant data
- Exercising Rights in Targeted Marketing: To exercise Your rights as a data subject, review platform settings or contact their support services.
- Selling Personal Data: Generally, We don’t sell personal data. However, with Your consent, we may consider doing so.
- Data Processing during Corporate Changes: During a corporate change in Our legal entity, Your personal data may be transferred to new Controllers, Co-controllers, or Processors.
How and with whom do We share personal data
CASES may transfer personal data to Processors, Co-controllers, and Third parties within Ukraine and/or abroad if it is necessary for Our business. When it comes to transferring personal data abroad, We may do so based on:
- A contract for the processing of personal data when it is necessary to transfer the personal data of Ukrainian citizens;
- A high level of personal data protection in the destination country, as defined by the European Commission, and/or through legal instruments.
In any case, We may be obliged to disclose personal data by a court decision or state authority.
The conditions for transferring personal data by Co-controllers are specified in their privacy documents.
Which rights do You have
You have the following rights:
- Right to access your personal data: You can request information about the data being processed or receive a list of this data in a format readable by humans and machines.
- Right to rectification: You can correct inaccurate data.
- Right to erasure: You can request the deletion of your personal data.
- Right to restrict processing: You can prevent the Controller from using your personal data, although the Controller may continue to store it.
- Right to data portability: You can receive your personal data from the Controller in a machine-readable format and transfer it to another Controller.
- Right to object: You can object to the processing of your personal data based on legitimate interests or for marketing purposes.
- Profiling: You have the right to be protected from decisions based solely on automated data processing, including profiling, that have certain legal implications for you.
- Right to legal protection: You can take legal action against the Controller and/or file a complaint with the ICO.
- Right to information about data processing: You can obtain information from this Privacy Notice.
- Right to withdraw consent: You can withdraw your consent for the processing of personal data at any time.
Protecting personal data
CASES protects Your personal data in several organizational and technical ways:
- We do not have direct access to most of your personal data collected through cookies.
- We do not combine personal data, to which we have access, with data from other sources that might make it easier to identify you.
- We provide cybersecurity and data privacy training for our employees.
- We enforce strong password requirements.
|Training employees in cybersecurity and data privacy||We educate employees about the basic approaches to information and cybersecurity, as well as ways that can make the use of the Internet, their work and personal devices, etc. safer. Also, we tell employees about the basics of personal data processing legislation so that they understand all the necessary requirements that must be met.|
|Own technological solutions||We use our own technological solutions to ensure the security of work devices, networks, and cloud storages from malicious software, unauthorized access, personal data leaks, and more.|
|Secure Data Center||We store personal data in secure data centers that are validated by multiple certificates.|
|HTTPS connection||You connect to our website through the HTTPS protocol, which is secured by SSL or TLS certificates.|
|Password Encryption||We encrypt your passwords using hash functions (MD5, SHA1, SHA256, SHA512, etc.) with the addition of "salts" (random components in hash codes).|
|Personal Data Access Distribution||Our employees have different levels of access to personal data depending on the functions they perform.|
|Strengthened Password Requirements||We require our employees to use strong passwords for accessing our information resources. These passwords must have specific lengths and consist of alphanumeric and special characters, and they should be changed periodically.|
Our response to a data breach
In the event of a data breach, Our Co-controllers typically notify the ICO, providing accompanying materials about the issue.
However, if the data breach significantly threatens Your rights and interests, Our Co-controllers will inform You about it. Additionally, we document information about every instance of personal data leakage in our internal register.
- When Our Co-controllers notify ICO about a data breach. Our Co-controllers shall notify ICO within 72 hours after they become aware of the data breach and report the following information:
- Describe the nature of the data breach;
- Contain the name and contact details of the responsible person who can provide additional information;
- Describe the possible consequences of the data breach;
- Describe the measures taken or proposed by us to address the data breach.
- When Our Co-controllers notify You about a data breach. If the data breach may lead to a violation of Your rights and freedoms or has a high risk of this, Our Co-controllers shall immediately inform You of the fact of the data breach and report the following information:
- Describe in clear and simple language the nature of the data breach;
- Contain the name and contact details of the responsible person who can provide additional information;
- Describe the possible consequences of breaching the security of personal data;
- Describe the measures taken or proposed by Us to address the data breach;
- Provide You with useful tips and know-how that can help You reduce the risks of a data breach.
Inquiries and complaints
- Contact CASES. You can reach out to us with any questions regarding your personal data through the following communication channels:
- Response from CASES. We will provide you with an answer as promptly as possible, aiming to respond within 30 calendar days at the latest.
- Referring to Data Protection Authorities. If you are a citizen of Ukraine, you should contact the Ukrainian Parliament Commissioner for Human Rights. More information can be found on the official website. If you are a citizen of an EU member state, you should contact the relevant state authority of your country, which you can find at the link provided.
- If you are a citizen of Ukraine, you should contact the Ukrainian Parliament Commissioner for Human Rights. More information can be found on the official website.
- If you are a citizen of an EU member state, you should contact the relevant state authority of your country, which you can find at the link provided.
- Response from Data Protection Authorities. The terms and procedures for responding depend on the internal policies of the Data Protection Authorities.
Deleting personal data
- Account Deletion: You can delete your personal data by accessing your account settings on our website and clicking the 'Delete Account' button.
- Contacting Us: Additionally, you can reach our Customer Support through the following communication channels:
- Our Response: We aim to provide you with a response as promptly as possible, within 30 calendar days at the latest.
- Effective date. This version of the Privacy Notice is valid from the Effective date.
- Changes in the Privacy Notice. We may make changes occasionally without your consent. The new version will be valid from the time of the changes noted at the beginning of this Privacy Notice.
- Governing Law: This Notice is governed and interpreted under the laws of Ukraine, with particular consideration to the General Data Protection Regulation (GDPR) of the EU.
- Dispute Resolution: All disputes arising from this Notice are resolved by the competent courts of Ukraine under the substantive and procedural laws of Ukraine.
- Languages: This Privacy Notice is available in English and Ukrainian. If there are any differences between the Ukrainian version and the English translation, the Ukrainian version will prevail.