Last update: 12.09.2025
Use of the Operator's services constitutes agreement with these Terms.
This policy defines the data retention procedure of the MIIT telecommunications provider. It explains which data we store, on what grounds, for how long, as well as security measures and deletion procedures.
What data is stored
MIIT stores various categories of subscriber data:
Personal data: information provided when concluding a contract (full name, passport data or other ID codes, address, contact phone numbers and email, etc.).
Technical data: network usage information (phone number or IP address, equipment MAC addresses, connection logs, equipment data, etc.).
Account and billing data: subscriber account information, call/traffic history, charges, payments, invoices, and service payment reports.
In accordance with the law, MIIT ensures the retention of all subscriber information obtained when concluding a contract, as well as data on provided services (fact of provision, volume, content of services, etc.).
Data retention period
Retention periods depend on the type of data and legal requirements:
Personal and contract data (subscriber information, contract): stored during the contract term and after its completion within the statute of limitations for provided services (according to the Civil Code of Ukraine, usually 3 years).
Billing and accounting documents (invoices, reports, receipts): stored for at least 5 years according to tax and accounting law (for possible audits), but in any case no longer than the statute of limitations.
Technical logs and network data: stored only for the time necessary to provide the service and issue invoices, and no longer than the statute of limitations. Logs are kept only as long as needed to maintain service quality and fulfill obligations.
These periods follow the principle of data minimization: “data may be stored… only for a limited time.” After expiration, data is deleted (see section “Data Deletion Policy”).
Legal basis for storage
MIIT stores data on the following legal grounds:
Contract performance. Storage and processing are necessary to provide telecom services, execute the contract, and fulfill obligations to the subscriber.
Legal requirements. The operator is required to retain subscriber and service data under Ukrainian law (e.g., Law “On Telecommunications,” NKRZI rules).
User consent. In cases specified by the contract or separate consent (e.g., publication in phone directories or marketing mailings), data is processed based on the subscriber’s voluntary consent.
Thus, storage of each data category has a clear basis: either contract execution, legal requirement, or voluntary subscriber consent.
Data access
Access to databases with confidential information is granted only to authorized MIIT personnel. Staff undergo appropriate verification and have individual accounts for access.
Technical support. Tech support employees access subscriber data only when strictly necessary (e.g., at subscriber request to resolve technical issues) and only after successful subscriber identification. Support does not have permanent access to all information – only to data necessary to handle the request.
Accounting and administrative staff. Billing, payment, and contract information is available only to accounting and managers as required for their duties.
Access control is organized on the principle of minimization – only authorized persons have access, and all actions are logged.
Data storage location
All information is stored on secure servers in data centers located in Ukraine. Physical server facilities are equipped with security, access control, and fire protection systems. Using Ukrainian data centers ensures compliance with provider obligations to state authorities and enhances storage reliability.
Technical and organizational security measures
MIIT applies comprehensive measures to protect data:
Data encryption. All critical data (e.g., database backups with personal or payment information) is stored encrypted. Data transmission channels are also protected (SSL/TLS).
Backup. Regular backups of databases and system configurations are performed, ensuring rapid recovery after failures or emergencies.
Access control. A multi-level authentication and authorization system is implemented. Each employee has a strictly defined set of access rights (role-based access), and access to personal/confidential data is allowed only to authorized personnel.
Monitoring and audit. Continuous network and server security monitoring is conducted, firewalls and intrusion detection systems are in place. All access attempts and data operations are logged and regularly reviewed.
Organizational measures. MIIT staff regularly undergo information security training. Internal instructions and regulations define rules for handling confidential data.
Thus, technical and organizational measures – encryption, backup, and minimized access – ensure an appropriate level of security.
Data deletion policy
After the established retention periods, data is securely deleted:
Expiration of retention periods. When the legal or subscriber-consent retention period expires (e.g., after contract completion and statute of limitations), data is destroyed.
Contract termination. After contract termination, personal data is deleted no later than the statute of limitations after last interaction (unless otherwise required by law).
Court decision. Upon receiving an official court decision to remove or block data, we immediately comply.
Deletion occurs from all storage systems and backups as soon as legal grounds for retention cease. This procedure complies with the Law of Ukraine “On Personal Data Protection” – data is destroyed when the processing period ends or legal relations with the subscriber terminate.
Conclusion
The MIIT data retention policy ensures a transparent and secure approach to subscriber information. It is based on Ukrainian law, European standards (GDPR approach), and MIIT’s commitment to protect personal and technical data. Access is strictly controlled, retention periods comply with legal requirements, and after all periods and purposes are fulfilled, data is permanently deleted.
Sources: Law of Ukraine “On Telecommunications” and Rules for Providing Telecommunications Services, as well as data protection summaries (GDPR data minimization principle, Ukrainian data protection laws)
© 2025 MIIT LLC All rights reserved.