Cookie Notice

Current edition: 25.03.2024
PDF version

Welcome! 👋

Cases Ukraine Limited Liability Company (“CASES” or “We”) has created this Cookie Notice to ensure that individuals (“You”) using the Site understand how we process personal data through cookie files.

Cookie Notice consists of the following sections:

  1. Who We Are — In this section, you can find information about our company and our hosting provider.
  2. Terminology We Use — Here, you can learn about the terms used in this Privacy Notice.
  3. What Personal Data We Process with Cookies — This section outlines the personal data we process using cookies, including duration, purposes, etc.
  4. Co-controllers Processing Personal Data with Cookies — In this section, you'll find information about how our co-controllers process your personal data with cookies.
  5. Transmission of Personal Data — This section explains how and to whom we transmit personal data, including our processors, co-controllers, and third parties.
  6. Your Rights — Learn about your rights as a data subject in this section.
  7. Protection of Personal Data — Discover the measures we apply to protect your personal data in this section.
  8. Data Breach Response — Find information about our response to a data breach in this section.
  9. Inquiries and Complaints — This section details how you can inquire or complain to us and our co-controllers.
  10. Disabling Cookies — Learn how to refuse the use of cookies through your browser settings in this section.
  11. Miscellaneous — in this section, You can read information about how We make changes in this Cookie Notice, etc.

We will now provide detailed information about each section.

Who We Are

Our company “Cases Ukraine” LLC has the legal address 01133, Kyiv, Lesi Ukrainki Boulevard, building 19, apt. 37. Our Unified State Register code (USR) is 45332483. Our website: https://cases.media/. Our email: team@cases.media.

Our hosting provider, Digital Ocean LLC, has a legal address at 101 Avenue of the Americas, 2nd Floor New York, NY 10013. Website: https://www.digitalocean.com/. Email: support@DigitalOcean.com.

Terminology We Use

  1. Business address: The address of the actual location of the office of the company.
  2. Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, signifies agreement to the processing of personal data relating to him or her.
  3. Controller: The individual or legal person (and others) who determines the purposes and means of processing. CASES is a Controller.
  4. Co-controller: An individual or legal person (and others) who, together with another Controller, determines the purposes and means of processing.
  5. Cookies: Small text files that store information as text or binary data are received from a website by a web server and saved in the browser. These files are then sent back to the same site during subsequent visits. On the website https://cases.media, we utilize various types of cookies:
    • Managing Site and Core Services. These cookies are crucial for the website to perform its main functions and associated services. The site can't fully function without them, so disabling them isn't an option.
    • Performance Analytics. With these cookies, we analyze user interaction with our platform to enhance its performance and make our product more user-friendly.
    • Marketing and Analytics. These cookies are instrumental in gaining insights into user preferences and requirements. They enable us to tailor content more closely to your interests and to promptly notify you of special deals and discounts.
  6. Cookie Banner: A special message (banner) used to grant permission to use cookies and block them at the request of the data subject. Enables consent and settings for cookies.
  7. Company number: Any alphanumeric code obtained by a legal person after registration.
  8. Data Protection Authority: A public organization or governmental body that protects data subjects from unlawful processing.
  9. Data Subject: The individual, whose personal data is processed.
  10. First-party cookies: Cookies created by the Site itself.
  11. ICO Registration Code: An alphanumeric identifier issued by the ICO upon registration of a company that automatically processes personal data.
  12. Legal Address: The address of registration of the legal person.
  13. Legal Ground for Processing: One of the legally defined grounds permitting the processing of personal data.
  14. Personal Data: Any information relating to an identified or identifiable individual.
  15. Personal Data Breach: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that is transmitted, stored, or otherwise processed.
  16. Processing: Any action or set of actions with personal data.
  17. Processor: An individual or legal person who processes personal data on behalf of the Controller.
  18. Third-Party: Any person, excluding the data subject, Controller, Processor, Data Protection Authority, and Co-controllers, to whom the Controller or Processor transfers personal data.
  19. Third-party cookies: Cookies created by domains other than the Site.
  20. Site: A group of web pages created with HTML, CSS, JavaScript, and other programming languages accessible via the Internet. In our case, https://CASES.media/

What personal data do We process with cookies

CASES processes the personal data you provide, based on your consent given by clicking on the Cookie Banner. This processing continues during the lifespan of cookies or until you delete them, enabling us to operate our Site and remember your user preferences.

We process the following types of personal data:

  • Date and time of the request.
  • Masked IP address.
  • Location: country, region, city, approximate latitude, and longitude (Geolocation).
  • Browser version, browser plugins, operating system version, and device identifier (User-Agent header).
  • Title and URL of the viewed page.
  • Any additional information collected through special software (tags, pixels, webhooks, etc.) placed on the Site to track user activities.
  • Other types of personal data.
  1. Data processing by cookies. CASES processes Your personal data through cookies based on Your consent given to us via the Cookie Banner. We may use mandatory, analytical, targeted, functional first-party and third-party cookies.
  2. Data storage. CASES stores Your personal data on servers around the world.
  3. Personal data processed by cookies may include:
    • Date and time of the request
    • Masked IP address
    • Location: country, region, city, approximate latitude, and longitude (Geolocation)
    • Browser version, browser plugins, operating system version, and device identifier (User-Agent header)
    • Title and URL of the viewed page
    • Screen resolution of the user's device
    • Main language of the browser being used
    • URL of the page viewed before the current one
    • Time in the local visitor's time zone
    • Clicked and downloaded files
    • Clicked links to an outside domain
    • Pages generation time
    • Language of the visited page
    • Campaigns and Site Search data
    • Any other information collected by special software (tags, pixels, webhooks, etc.) placed on the Site to track user activities
  4. Cookies by CASES. CASES uses a wide range of first-party cookies, which We place on the Site.
Goal Cookie Timeframe
Determines the theme of the user’s interface design theme 1 year
Determines which language the user should be directed to automatically, based on browser settings i18n_redirected 1 year
Determines whether the user closed the tutorial for using the training maps. coursesMapsTipClosed 1 year
Determines whether the user closed the explanation of what training maps are. mapHelpClosed 1 year
Determines whether the user closed the banner about the subscription. closeSubscription 1 year
Determines whether the user closed the banner about the trial period. closeTrial 1 year
Determines the priority of the language of content that the user is using. contentLocale 1 year
Determines whether the user closed the subscription banner. closeSubscription2 1 year
Used to differentiate between users. sails.sid 1 year
Stores the user's consent for cookies usage. cookieConsent 1 year
  1. Cookies from Google. CASES uses various Google Analytics cookies, which are third-party cookies placed on the Site by Google.
Goal Cookie Timeframe
Used to differentiate between users _ga 2 years
Allows for user recognition _gid 24 hours
Helps differentiate between users _ga_[id] 2 years
Controls or restricts the number of requests _gat_[id] 1 minute
Controls or restricts the number of requests _gat 1 minute
Used for tracking Google AdSense conversions. _gcl_au 90 days
  1. Cookies by Hot Jar. CASES uses a wide range of first-party Hot Jar cookies, which We place on the Site.
Goal Cookie Timeframe
Used to differentiate between users _hjSessionUser_[id] 1 year
Enables user recognition _hjSession_[id] 30 minutes
Helps distinguish between users _hjAbsoluteSessionInProgress 30 minutes
Limits the number of requests _hjIncludedInSessionSample_[id] 30 minutes
  1. Cookies by Meta. CASES uses cookies by Meta, that we place on the Site.
Goal Cookie Timeframe
Facebook Pixel ID, used for tracking page views _fbp 3 months
  1. Cookies in the description on the Cookie banner. In the case of disagreement between this Cookie Notice and the Cookie Banner regarding the classification, number, description, and properties of cookies, the Cookie Banner takes precedence.

Co-controllers Processing Personal Data with Cookies

CASES has a wide range of Co-controllers for various purposes. For example, our Co-controllers are Google and Hotjar with Google Analytics and Hotjar software.

Table 4.1 Co-controllers
Software Co-controller Goal of use Privacy Notice
Google Analytics Google LLC We use Google Analytics as its platform for analyzing users’ behavior and traffic across Our Site. Link
Hotjar Hotjar Ltd. We use Hotjar as its platform for analyzing users’ behavior and traffic across Our Site. Link
Meta The Meta Companies We use Meta cookies to collect data for marketing purposes. Link

Transmission of Personal Data

CASES may transfer personal data to Processors, Co-controllers, and Third Parties within Ukraine and/or abroad if it is necessary for Our business. When it comes to transferring personal data abroad, we may do so based on:

  • A personal data processing agreement when it's necessary to transfer the personal data of Ukrainian citizens.
  • A high level of personal data protection in the destination country as defined by the European Commission and/or through legal instruments.

In any case, we may be required to disclose personal data by court order or at the request of a state authority.

Conditions for the transfer of personal data by Co-controllers are specified in their privacy documents.

  1. General conditions for the transfer of personal data. CASES may transfer personal data to Processors, Co-controllers, and Third Parties within Ukraine and/or abroad if necessary for Our business.
  2. Transfer of personal data of Ukrainian citizens. To transfer personal data within Ukraine and abroad, we use agreements for personal data processing.
  3. Transfer of personal data of citizens of EU Member States. To transfer personal data within Ukraine, we use personal data processing agreements along with Standard Contractual Clauses. Abroad, data is transferred based on a high level of personal data protection in the destination country, as defined by the European Commission, and/or through various legal instruments such as Standard Contractual Clauses, certifications, international agreements, etc.
  4. Other cases of personal data transfer. We may be required to disclose personal data to Ukrainian and EU state authorities by court order or at the request of a state authority.
  5. Transfer of personal data by Co-controllers. Conditions for the transfer of personal data by Co-controllers are specified in their privacy documents.

Your Rights

  1. Right to access your personal data: You can request information about the data being processed or receive a list of this data in a format readable by humans and machines.
  2. Right to rectification: You can correct inaccurate data.
  3. Right to erasure: You can request the deletion of your personal data.
  4. Right to restrict processing: You can prevent the Controller from using your personal data, although the Controller may continue to store it.
  5. Right to data portability: You can receive your personal data from the Controller in a machine-readable format and transfer it to another Controller.
  6. Right to object: You can object to the processing of your personal data based on legitimate interests or for marketing purposes.
  7. Profiling: You have the right to be protected from decisions based solely on automated data processing, including profiling, that have certain legal implications for you.
  8. Right to legal protection: You can take legal action against the Controller and/or file a complaint with the ICO.
  9. Right to information about data processing: You can obtain information from this Privacy Notice.
  10. Right to withdraw consent: You can withdraw your consent for the processing of personal data at any time.

Protection of Personal Data

CASES protects Your personal data in several organizational and technical ways:

  • We do not have direct access to most of your personal data collected through cookies.
  • We do not combine personal data, to which we have access, with data from other sources that might make it easier to identify you.
  • We provide cybersecurity and data privacy training for our employees.
  • We enforce strong password requirements.
Table 7.1 Technical ways
Name Meaning
We do not directly access most of your personal data collected through cookies. Software such as Google Analytics doesn’t directly grant access to most of your personal data; instead, we derive aggregate information based on your personal data concerning our Site.
We do not combine the personal data to which we have access with information from other sources, which could potentially make it easier to identify you. If we acquire personal data through cookies, we refrain from combining it with other datasets for any purpose, thereby reducing the likelihood of identifying you.
Regarding strong password requirements. We enforce strict password policies for our employees, mandating passwords of specific length and complexity—comprising alphabetic, numeric, and special characters—and require regular password changes when accessing our information resources.
Table 7.2 Organizational ways
Name Meaning
Cybersecurity and data privacy training for employees. We provide education to employees on fundamental approaches to information and cybersecurity, emphasizing practices that enhance safety while using the Internet, their work-related tools, personal devices, and more. Additionally, we ensure that employees are informed about the foundational aspects of legislation related to personal data processing, enabling them to comprehend and adhere to all necessary requirements.

What will We do in case of a data breach

In the event of a data breach, Our Co-controllers typically notify the ICO, providing accompanying materials about the issue.

However, if the data breach significantly threatens Your rights and interests, Our Co-controllers will inform You about it. Additionally, we document information about every instance of personal data leakage in our internal register.

  1. When Our Co-controllers notify ICO about a data breach. Our Co-controllers shall notify ICO within 72 hours after they become aware of the data breach and report the following information:
    • Describe the nature of the data breach;
    • Contain the name and contact details of the responsible person who can provide additional information;
    • Describe the possible consequences of the data breach;
    • Describe the measures taken or proposed by us to address the data breach.
  2. When Our Co-controllers notify You about a data breach. If the data breach may lead to a violation of Your rights and freedoms or has a high risk of this, Our Co-controllers shall immediately inform You of the fact of the data breach and report the following information:
    • Describe in clear and simple language the nature of the data breach;
    • Contain the name and contact details of the responsible person who can provide additional information;
    • Describe the possible consequences of breaching the security of personal data;
    • Describe the measures taken or proposed by Us to address the data breach;
    • Provide You with useful tips and know-how that can help You reduce the risks of a data breach.

Inquiries and Complaints

  1. Contact CASES. You can reach out to us with any questions regarding your personal data through the following communication channels:
  2. Response from CASES. We will provide you with an answer as promptly as possible, aiming to respond within 30 calendar days at the latest.
  3. Contacting Co-controllers. You can inquire about your personal data from our Co-controllers through the following communication channels:
    • Google. Support Service portal or physical mail at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
    • Hotjar. support@hotjar.com or physical mail at Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville, St Julian's STJ 3141, Malta, Europe.
  4. Response from Co-controllers. The time and procedure for their response depend on the internal policies of each respective Co-controller.

How to disable cookies

  1. Disabling in general: To delete cookies from your computer and phone, you can adjust your settings in our Cookie Banner, your browser, or our Co-controller's software.
  2. Settings in Our Cookie Banner: You can refuse all non-essential cookies by clicking the "Accept necessary" button or customize the list of cookies you allow to be stored by yourself.
  3. Settings in Co-controllers software. You can opt out of Our Co-controllers software with:
  4. Settings in a browser: Below are links to instructions for deleting cookies in commonly used browsers:

Miscellaneous

  1. Effective date. This version of the Privacy Notice is valid from the Effective date.
  2. Changes in the Privacy Notice. We may make changes occasionally without your consent. The new version will be valid from the time of the changes noted at the beginning of this Privacy Notice.
  3. Governing Law: This Notice is governed and interpreted under the laws of Ukraine, with particular consideration to the General Data Protection Regulation (GDPR) of the EU.
  4. Dispute Resolution: All disputes arising from this Notice are resolved by the competent courts of Ukraine under the substantive and procedural laws of Ukraine.
  5. Languages: This Cookie Notice is available in English and Ukrainian. If there are any differences between the Ukrainian version and the English translation, the Ukrainian version will prevail.
Effective date: March 25, 2024