Data protection (GDPR)

Last updated: 12.09.2025
Use of the Operator's services constitutes agreement with these Terms.

1. General Provisions

The company MIIT LLC, operating under the brand MIIT, pays special attention to the protection of its users' personal data. This Data Protection Policy has been developed in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and defines how we process users' personal data, especially those located in the territory of the European Union. The company acts as a data controller in relation to the personal data received from clients when providing our telecommunication services. We are committed to complying with the principles of the GDPR and ensuring the lawfulness, transparency, and confidentiality of personal data processing.

Scope: This Policy applies to all services we provide: Internet access, telephony (including IP telephony), television, VPS and hosting services, colocation, IP address leasing, data transmission channels, hosting, domain name registration, video surveillance services, and more. Although our services are primarily aimed at users in Ukraine, we acknowledge that residents of the EU may also use them. Therefore, we ensure that data processing complies with GDPR requirements to protect the rights and freedoms of all data subjects from the EU.

Definition of key terms: In this Policy, the term “personal data” means any information about an identified or identifiable natural person (data subject). “Processing” refers to any operation on personal data (collection, storage, use, transfer, etc.). A “Controller” is a person (e.g., a company) that determines the purposes and means of data processing; MIIT in the context of service provision acts as the controller of your data. An “Processor” is a person who processes data on behalf of the controller. In some cases, our company may act as a processor (e.g., when providing video surveillance services and processing data on behalf of the client), but within this Policy, we refer specifically to our functions as a data controller.

We process personal data only when there are lawful grounds and in accordance with applicable data protection laws. You are not required to provide us with personal data; however, refusal to provide it may make it impossible to deliver certain services to you. If we determine the purposes and means of processing your personal data, we are the “data controller” for GDPR purposes. We adhere to the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality in accordance with Article 5 of the GDPR.

2. Types of Data Collected

MIIT collects and processes only the personal data that is necessary for specific purposes. Categories of data that we may collect in the course of providing various services include:

  • Identification data: first name, last name, middle name; date of birth; identity document details (passport or ID card, taxpayer identification number) – if required for contract conclusion or in accordance with legal requirements.

  • Contact data: postal address (service connection address and/or user registration address), phone number, email address. These data are necessary for communication with you, service provision, and billing.

  • Account data: username (login), passwords, and other information for accessing our electronic services (e.g., personal account on the website).

  • Financial data: information about payment methods and billing details (bank card or account number, payment history), required for payment of our services and processing transactions. We do not store full payment card data in our systems (only tokens or partial data, if provided by payment gateways).

  • Service and traffic data: information about the services and tariffs you use; technical data related to service usage. This may include:

    a) For Internet access: MAC addresses of your equipment, allocated IP addresses, data traffic volume, connection times and durations, network activity information (e.g., connection logs). We do not monitor the content of Internet traffic (specific websites or content of transmitted data), except when necessary to ensure service operation (e.g., filtering malicious traffic) or required by law.

    b) For telephony: your phone number, numbers of called/received contacts, date, time, and duration of calls, traffic volume, information about used equipment (e.g., SIP login). The content of phone calls is not recorded or processed by us, except as required by law or when you explicitly consent (e.g., recording a support call for quality improvement).

    c) For television services: information about the TV packages you have access to, usage history (channel or program views, if such information is generated by the system), settings of your devices for signal reception.

    d) For hosting/VPS/colocation: client account registration data, information about rented servers or virtual machines (e.g., IP addresses, host names), resource usage, server logs (which may include records of access to your services, IP addresses, access times, etc.). Note: the content you place on our servers (website files, email correspondence, databases, etc.) is not analyzed or used by us for our own purposes – we only provide storage and transmission on your behalf.

    e) For video surveillance services: if you use our video monitoring service (e.g., cloud recording from your cameras), we process video recordings and images. Such materials may contain images of individuals captured by the cameras (visitors, employees, etc.). Important: we act as a processor regarding video content owned by you as the client; we provide storage and access to these video data but do not use them for our own purposes. Minimal information about such recordings (e.g., recording time, data volume) may be processed by us as a controller to ensure the service.

  • Support requests: when you contact us with questions or complaints (by phone, email, or other channels), we process the data provided in the inquiry. This may include your name, contact information, inquiry content, and other information you choose to provide. We may maintain a log of support requests to resolve issues and improve the service.

  • Website visitor data: when you visit our website miit.ua, we may collect certain technical data via cookies and similar technologies. This may include IP address, browser type, operating system, access time, pages you visited, and unique device identifiers. These data are usually collected in aggregate for analytics and not used for direct identification; however, IP addresses are considered personal data under GDPR. More details on cookies and analytics tools are provided in Section 8 of this Policy.

Sensitive personal data: As a rule, we do not collect special categories of personal data (so-called “sensitive” data: information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health status, biometric or genetic data, sexual life or orientation, etc.). We do not request such data in the provision of standard telecommunications services. Only if the provision of a specific service requires processing such data or if you voluntarily provide us with such information (e.g., documents confirming health-related benefits or video recordings containing biometric information), we will process it only with your explicit consent or on another legal basis provided under Art. 9 GDPR, and with enhanced security measures.

3. Purposes of Processing

We collect and use personal data solely for specific and lawful purposes. The main purposes for which your data is processed are as follows:

  • Provision of services and contract execution: primarily, we process data to enter into a contract with you and provide the requested telecommunication services. This includes connecting you to the Internet, providing telephone service, access to television, creating and maintaining accounts for VPS/hosting services, supporting rented servers, ensuring video surveillance functionality, etc. Data is used for technical service support (network authentication, traffic routing, signal transmission, data storage on servers) and for interacting with you as a client. Without this data, we cannot properly provide services.

  • Customer service and support: we process your contact information and the content of requests to respond to inquiries, provide consultation, and resolve technical issues or complaints. For example, information about your service and request history helps us effectively diagnose and fix problems. We may also inform you about the status of your request resolution.

  • Billing and payment: personal data is used for issuing invoices, processing payments, and monitoring service payments. We use your payment information to confirm receipt of funds, generate receipts, process refunds (if applicable), or carry out other financial transactions.

  • User communication: we may use email, phone, or other communication channels to send you important messages regarding services. This may include notifications of tariff or service condition changes, alerts about maintenance or outages, reminders about the end of the paid period, transaction confirmations, responses to your inquiries, etc. These messages are not marketing in nature and are part of our contractual service provision.

  • Service improvement and analytics: we analyze how users interact with our services to optimize them. For example, data on network load, channel and traffic usage statistics help balance network resources and improve infrastructure. Feedback and support history may be analyzed to enhance service quality and staff training. Analytical data is aggregated and anonymized whenever possible. We also track technical logs to detect and resolve system issues.

  • Marketing and notifications about new services: with your separate consent or if permitted by law, we may use contact data (e.g., email) to send promotional or informational communications. This may include announcements about new offers, promotions, tariffs, or services that may interest you as our client. You always have the right to opt-out of such communications: each email will include unsubscribe instructions, or you may contact us directly to stop marketing messages. We send marketing communications only legally and respect your right not to receive unwanted marketing.

  • Security and fraud prevention: to ensure network and information security, we may process technical data (access logs, IP addresses, device identifiers) to detect and mitigate threats. For example, to prevent unauthorized access to your accounts, we may analyze login attempts; to protect the network – block IP addresses from which attacks originate. We may also monitor abnormal service usage (unusually high traffic, multiple failed connection attempts, etc.) to prevent fraudulent activity or abuse. Documented cases potentially indicating violations (e.g., using our channels for cybercrime) may be reported to law enforcement as required by law.

  • Legal obligations: we process personal data when it is necessary to comply with our legal obligations. As a Ukrainian provider, we must adhere to Ukrainian law requirements, which may include retaining certain telecommunication data for a specified period, providing information upon lawful requests from government authorities (e.g., courts, law enforcement, regulatory agencies), maintaining accounting and tax records, etc. In particular, under the law, we may retain basic connection and subscriber data for a set period and provide it to authorized bodies when legally required. We always verify the legality of each request and provide data only with proper legal grounds.

  • Other legitimate interests: sometimes we may process data based on our legitimate interests (or those of third parties) if such interests do not infringe on the rights and freedoms of data subjects. For example, for protection of our rights in court – preserving evidence of contract execution, payment history, and client correspondence; or for business reorganization or sale – transferring data to a successor while ensuring confidentiality; or for internal audits and inspections – selectively analyzing contract data. In each case, we carefully weigh our interests against potential impacts on your privacy. If the interest can be achieved in a less intrusive way or you exercised your right to object, we will not process data on this basis.

We do not use automated decision-making that has legal or similarly significant effects on you without your explicit consent. Any user profiling (analysis of your characteristics or behavior, e.g., for service or advertising personalization) is carried out only within legally permitted limits and will not have a significant impact on you, or is conducted with your consent, which can be withdrawn.

4. Legal Bases for Processing (Art. 6 GDPR)

We process personal data only when we have one or more lawful bases provided by Article 6 of the GDPR. Depending on the situation, processing may be carried out on the following bases:

  • Performance of a contract with you or taking steps at your request prior to entering into a contract: processing is necessary to provide our services, fulfill contract terms, or respond to your request before entering into a contract. For example, we need to process your data to connect the Internet or provide hosting access according to the contract.

  • Compliance with a legal obligation. Processing is necessary to fulfill our legal obligations. This applies in cases where the law requires us to retain or provide certain data (e.g., tax legislation, telecommunications regulator requirements, court orders for disclosure, etc.).

  • Your explicit voluntary consent. We may process your personal data based on consent you have given us. Consent may be required, for example, for the use of certain cookies, sending marketing materials, or processing sensitive data (if such data is accidentally provided). When processing is based on consent, you have the right to withdraw your consent at any time, and we will stop the relevant data processing. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

  • Legitimate interests of our company or third parties. Processing is necessary to pursue our legitimate interests (or those of other companies) provided these interests do not override your fundamental rights and freedoms. Some examples of such interests were mentioned in section 3 (network security, rights protection, service improvement, etc.). In each case, we assess whether our processing infringes your rights. You have the right to object to processing on this basis (see section 5 for details). If your objection is justified, we will stop such processing.

  • Protection of vital interests. Rarely, processing may be necessary to protect your or another person's vital interests. For example, in an emergency, we may provide your location information to emergency services if it could save life or health (e.g., geolocation data from a 112 call). Such cases are unlikely but must be mentioned as a possible basis.

  • Performance of a task in the public interest or exercise of official authority: this basis applies if processing is necessary for performing a task in the public interest or exercising official powers granted to our company. Our company is a private enterprise and does not perform public authority functions, so this basis is practically not used in our activities. However, if we ever participate in projects of public importance (e.g., a government internet program) or are delegated certain powers, processing in that context may fall under this category.

Note: In each specific case of data processing, we may rely on multiple legal bases simultaneously. For example, when retaining your payment history, we are both performing a contract (confirming service payment) and fulfilling a legal obligation (financial reporting). If the processing basis changes (e.g., we want to use data for a new purpose incompatible with the original), we will notify you and, if necessary, request your consent. We always ensure that we have at least one of the listed lawful bases for any personal data operation.

5. Rights of EU Users

If you are a resident of the European Union (or another data subject to whom GDPR applies), you have a number of important rights regarding your personal data. We respect these rights and ensure the ability to exercise them. According to GDPR, Section III, you have the following rights:

  • Right of access to personal data. You have the right to know whether we process your personal data, and if so – to obtain a copy of all such data and information about how it is processed. This allows you to check which data we store, for what purpose, to whom it was disclosed, how long it is retained, and more. Upon your request, we will provide a report of your personal data in a structured format. The first request is free of charge. For repeated requests, we may charge a reasonable administrative fee or refuse in cases of abuse (e.g., if requests are clearly unfounded or excessive), but each case will be considered individually.

  • Right to rectification of inaccurate data. We strive to ensure the accuracy and currency of your data. If any information about you is outdated or incorrect (e.g., your contact number has changed or an error in your name is found), you have the right to request correction of such data. You may also supplement incomplete data (considering the purposes of its processing). We will make changes promptly and notify you.

  • Right to erasure (also known as the "right to be forgotten"). You may request that we delete your personal data, and we are obliged to do so if there are lawful grounds. This right applies, in particular, when the data is no longer needed for the purposes for which it was collected, or if you have withdrawn your consent and there is no other lawful basis for processing, or if you have reasonably objected to processing (see below). We must also erase your data if it was processed unlawfully or must be deleted to comply with a legal obligation. Note: the right to erasure is not absolute – in some cases, we may refuse deletion if processing is still necessary (e.g., for legal compliance or establishing, exercising, or defending legal claims). In response to an erasure request, we will always explain the reasons for deletion or refusal.

  • Right to restriction of processing. You have the right to request that we temporarily suspend the processing of your data (except for storage) in the following situations: when you contest the accuracy of the data – until we verify and correct it; when processing is unlawful, but you do not want deletion; when we no longer need the data, but you need it to establish or defend legal claims; or when you have objected to processing – while awaiting a decision on whether our lawful grounds override your interests. If processing is restricted, we will only store your data and not take other actions without your consent (except as necessary for legal requirements). We will notify you before lifting the restriction.

  • Right to object to processing. You have the right at any time to object to the processing of your personal data if such processing is based on our legitimate interests or performance of a task in the public interest / exercise of official authority (Art. 21 GDPR). If you submit such an objection, we must stop processing, except where we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if processing is necessary for establishing, exercising, or defending legal claims. In particular, you have an absolute right to object to processing for direct marketing purposes. If you do not want us to use your email or phone for marketing communications, simply inform us – and we will immediately stop.

  • Right to data portability. You have the right to receive your personal data from us in a structured, commonly used, and machine-readable format, as well as the right to transfer this data to another controller without hindrance from us. This applies only to data you provided to us and that is processed based on your consent or contract and by automated means. Where possible (technically), we may transfer the data directly to another provider at your request. The portability right is intended to make it easier for you to switch between service providers.

  • Right not to be subject to automated decisions with significant effects. We do not make decisions solely based on automated processing that would substantially affect you (e.g., automatic denial of a service without human involvement). Formally, you have the right not to be subject to a decision based solely on automated processing (including profiling) if it has legal effects or similarly significant impacts. You also have the right to human intervention, to express your point of view, and to challenge a decision if you believe the automated process made an incorrect decision regarding you.

  • Right to withdraw consent. If any of our processing operations is based on your consent, you have the right to withdraw your consent at any time. To do so, contact us via the details provided in this Policy, or, in the case of marketing emails – use the "Unsubscribe" link. Upon receipt of the withdrawal notice, we will immediately stop processing based on consent. Withdrawal does not affect the lawfulness of processing prior to the withdrawal. If we have another lawful basis for processing (e.g., legitimate interest or contract), we may continue processing on that basis, and we will inform you accordingly.

  • Right to information. You have the right to receive clear information about the processing of your personal data. We fulfill this right by providing this Policy and notices at the time of data collection (e.g., registration forms, cookie banners). All necessary information about who we are, which data we collect, for what purposes, on what grounds, to whom we disclose it, how long we store it, and your rights – we strive to make available from the beginning of the interaction, in an understandable form. If anything remains unclear, you can always request additional information.

  • Right to lodge a complaint with a supervisory authority. If you believe we are violating your data protection rights or not complying with GDPR provisions, you have the right to lodge a complaint with an independent data protection authority. Complaints can be submitted in the EU member state of your residence or work, or in the jurisdiction where the alleged violation occurred. We encourage you to first contact us – together we can quickly find a solution. But if our response is unsatisfactory, you may escalate to the supervisory authority. Contact information for national Data Protection Authorities is available on official EU resources. For example: in France – CNIL, in Germany – Federal Commissioner for Data Protection (BfDI) or relevant state authorities, in Poland – UODO, in Spain – AEPD, etc. You also have the right to effective judicial remedies – both against a supervisory authority’s decision and directly against us in court. We respect your right to complain and cooperate with any inspections by regulatory authorities.

How to exercise your rights. You can exercise your rights by sending us a relevant request (see Section 9 – Contacts). To protect your data from unauthorized access, we may ask you to verify your identity (e.g., reply from a registered email or provide minimal identification details). We will review your request and respond within 1 month of receipt. In case of complexity or a large number of requests, this period may be extended to 3 months, and we will notify you. Our response will include information on the fulfillment of the request or a justified refusal (if there are lawful grounds not to comply). Most requests are free of charge. Only if requests are clearly unfounded or excessive (e.g., repeated too often), we reserve the right to charge a reasonable fee or refuse, but will justify such decisions. Your rights are guaranteed by GDPR, and we treat them very seriously, ensuring their full exercise.

6. Transfer of Data Outside the EU

Our company is registered in Ukraine, and the main data processing and storage systems are located in Ukraine. If you are located in the EU and use our services, your personal data is transferred from the European Union to Ukraine, i.e., to a third country under GDPR. As of today, the European Commission has not recognized Ukraine as a country with an adequate level of data protection (Ukraine is not listed among approved countries). This means we must provide additional safeguards when transferring data from the EU to Ukraine to ensure that the rights of EU users remain protected.

We apply necessary legal mechanisms for cross-border data transfer. In particular, the transfer of personal data from EU users to us is carried out on the following grounds:

  • Standard Contractual Clauses (SCCs). We have incorporated standard data protection clauses approved by the European Commission into our agreements with European clients and partners. These clauses oblige us to ensure a level of personal data protection equivalent to GDPR requirements. In other words, we contractually guarantee that data received from an EU user will be processed in accordance with GDPR standards, even if stored in Ukraine.

  • Necessity for contract performance. GDPR (Art.49(1)(b)) allows the transfer of personal data to a third country if it is necessary for the performance of a contract between the data subject and the controller. When you, while in the EU, order a service from us, the very act of providing the service entails the transfer of your data to Ukraine (e.g., for user registration in our system, providing access to servers, etc.). In this case, the transfer is considered necessary for contract performance, and GDPR permits it even without a separate adequacy decision. We still apply maximum security measures to these data.

  • Your explicit consent. In some cases, we may ask for your explicit consent for cross-border data transfer (Art.49(1)(a) GDPR). For example, during registration or order placement, you may separately confirm that you understand and agree to store your data on our servers in Ukraine. We will explain the potential risks of such a transfer (as required by GDPR), and you will have the right to withdraw your consent at any time.

  • Other safeguards and exceptions. If necessary, and depending on the nature of the transfer, we may also apply other mechanisms under GDPR: approved corporate rules (if data is transferred within a corporate group), certification mechanisms, codes of conduct, or rely on exceptional cases (such as protecting the vital interests of the data subject, public interest, legal claims – according to Art.49 GDPR). These cases are rare but not excluded.

Security during transfer: We ensure that any service provider or partner outside the EEA who receives personal data of our EU clients provides adequate protection guarantees. For example, if we use a cloud service located outside the EU, we enter into a data protection agreement with standard clauses and review its security policies. We also encrypt data during transfer over the Internet (SSL/TLS) to prevent interception.

User information: Upon request, we will provide you with a copy or information about the safeguards used for transferring your data outside the EU (e.g., a copy of the standard contractual clauses). Our goal is to ensure that cross-border data transfer is transparent and controlled for you. If you have any questions regarding data transfers abroad, please contact us using the details in Section 9.

7. Storage and Protection of Personal Data

Retention periods: We store your personal data no longer than necessary to achieve the purposes for which the data was collected. Retention periods may vary depending on the category of data and purpose of processing. For example:

  • Account and contact information is stored for the entire duration of the contract (while you use our services). After termination of cooperation, some of these data may be retained additionally for a specified period (usually up to 3 years or longer if required by law) for possible dispute resolution, claims review, or service restoration upon your request.

  • Payment data and billing/invoice information are stored according to accounting and tax legislation (in Ukraine, financial documents usually must be kept for at least 3 years, often 5 years). We cannot delete these data earlier, even upon your request, as we have a legal obligation to retain them.

  • Traffic logs and technical network logs are retained as long as necessary for network operation and security. For example, connection logs may be kept for several months to investigate security incidents or resolve technical issues. In certain cases (to comply with the law or licensing requirements), some traffic metadata may be kept for 12 to 60 months. After the retention period, we either securely delete these logs or anonymize them.

  • Service usage data (e.g., TV viewing statistics) is stored in a personalized form for several months and may later be aggregated or anonymized for analytical purposes.

  • Correspondence and support tickets are retained at least for the duration of issue resolution, throughout the period of service use, and up to 1–2 years after service termination, to track interaction history in case of repeat requests.

  • Video recordings from surveillance services are retained according to client-agreed settings (e.g., 7 days, 30 days, etc.). After this period, recordings are automatically deleted or overwritten. If the client deletes a video manually earlier, it is removed from our servers without recovery (except for backup copies, which also have a short lifecycle).

After the retention period required for the purpose expires, we either securely delete personal data or anonymize it so that it can no longer identify you. Occasionally, instead of deletion, we may retain data in anonymized form for statistical purposes – such “non-personal” data no longer falls under GDPR.

Note: some data may be retained longer if required by law (e.g., financial transaction data may be retained up to 7 years for anti-money laundering compliance). Also, if you request deletion, we may retain minimal information to record the fact of your request and our response, as well as to ensure no further processing of your data.

Technical and organizational security measures: We have implemented appropriate operational and technical measures to protect your personal data, including:

  • Organizational measures: We restrict the circle of employees with access to personal data to authorized personnel who need access to perform their duties. Internal policies and instructions for data protection are in place, and all staff must adhere to confidentiality rules. Security and GDPR training is provided. A Data Protection Officer (DPO) is appointed to oversee compliance. All contractors and partners with potential access to data sign non-disclosure and data processing agreements.

  • Physical security: Our servers and network equipment are housed in secure data centers with strictly controlled access (access control systems, CCTV, security personnel). Paper records (if used) are stored in locked rooms or safes with restricted access.

  • Network and system protection: We employ modern IT infrastructure security methods. Personal data is stored on secure servers with multi-layer protection (firewalls, intrusion detection systems, antivirus). Sensitive data (e.g., passwords, authentication tokens) is stored encrypted. Transmission of confidential information between systems is also encrypted (HTTPS, SSL/TLS for web traffic, VPN for internal connections).

  • Access control: We follow the principle of least privilege – each employee or system is granted minimal access required. Database and server administration access is protected by multi-factor authentication. All actions with personal data are logged. Access lists are regularly reviewed and updated.

  • Monitoring and auditing: We continuously monitor our systems for vulnerabilities and suspicious activity. Network traffic monitoring tools are in place. Planned penetration testing and security audits are conducted to ensure the effectiveness of measures. Identified issues are promptly addressed.

  • Incident response plan: We have a security incident response plan and data breach notification procedure. If a security breach occurs that risks your rights (e.g., compromise of personal data), we will notify you and, if necessary, the relevant supervisory authority within 72 hours of detection, as required by GDPR. We will also take steps to minimize potential negative impact.

We continuously improve our protection measures considering technological developments and potential new threats. The confidentiality and integrity of your data is our priority.

8. Use of Third-Party Services (Google Analytics, Facebook Pixel)

On our website and in providing services, we may use third-party services that assist us – in particular, Google Analytics and Facebook Pixel. These services may collect certain data about your interaction with our website or services, and we want to explain transparently how this happens and what protections are applied.

Google Analytics: We use Google Analytics – a web analytics service by Google (Google Ireland Limited for users in Europe) – to understand how visitors find and use our website. Google Analytics tracks data such as pages viewed, duration of visits, page transitions, geographic location (country/city), browser language, device and browser used, and other technical information. Important: Google Analytics focuses on aggregated statistics and, according to our settings, does not provide us with information that could directly identify you. We have enabled IP anonymization in Google Analytics, so your IP address is truncated (masked) before being sent to Google servers, reducing identification possibilities. Google Analytics uses cookies (__ga, __gid, etc.) to recognize you on subsequent visits; these cookies are stored on your device with your consent (our site provides a cookie banner for EU users where you can accept or decline analytical and/or marketing cookies). Data collected by Google Analytics is transmitted and stored on Google servers, which may be located outside the EU (e.g., in the USA). Google participates in the EU-US Data Privacy Framework (Privacy Shield equivalent) as of 2023, and we have also concluded Standard Contractual Clauses with Google to ensure data protection during such transfer. The information obtained via Google Analytics is used exclusively for statistical purposes: we analyze overall trends (e.g., proportion of new vs. returning visitors, most popular pages, referral sources). This helps us optimize site content, improve navigation, and enhance marketing efforts. We do not share any other personal data with Google and do not combine analytics data with other information (e.g., your account data if you become our client – site statistics remain separate). If you do not want Google Analytics to track your activity, you can opt out of analytical cookies on our site or install the Google Analytics Opt-out browser extension. Google acts as our data processor in the context of Google Analytics and processes data only on our behalf. More about privacy in Google Analytics can be found in Google’s Privacy Policy.

Facebook Pixel (Meta Pixel): Our site may also have Facebook Pixel – an analytics and conversion tracking tool provided by Meta Platforms Ireland Ltd. Facebook Pixel allows us to measure the effectiveness of advertising on Facebook/Instagram, understand visitor actions on our site after interacting with ads, and create audiences for remarketing. Pixel collects information about your actions on the site (e.g., viewing a pricing page or submitting a form) and sends hashed identifiers to the network. We do not send Facebook any sensitive or directly identifying data (such as name or email) via Pixel; it is used only for anonymized event tracking. However, Facebook may match events to your account, if you have one, and use them according to its policy (e.g., show you ads if you visited our site). All data is anonymized for us – we see only summary reports (e.g., number of conversions). Using Facebook Pixel also occurs only with your consent (via cookie banner or site settings). If you do not want data transmitted via Pixel, you can opt out of marketing cookies on our site. Meta Platforms Ireland Ltd. processes data according to its terms (Data Processing Terms) and may store it on servers in the USA. Meta is certified under the EU-US Data Privacy Framework, and we rely on this, along with standard contractual clauses in our agreement with Meta, as safeguards when transferring your data outside the EU.

Other third-party services: In addition to the above, we may occasionally use other providers – e.g., email delivery systems, online support chats, payment gateways, monitoring services, etc. Whenever a third-party service has access to user personal data, we:
a) ensure there is a lawful basis (e.g., contract performance – payments, or legitimate interest – service improvement);
b) conclude a Data Processing Agreement with the provider obliging them to protect your data;
c) minimize the data shared – only necessary information is transmitted;
d) assess risks and implement additional safeguards if needed (e.g., encrypt data before transfer). We also provide the option to opt out of certain integrations if practically possible without affecting service use.

Links to third-party resources: Our site may contain links to other websites or applications (e.g., partner pages, social networks). When clicking these links, be aware that these resources have their own privacy policies, and we are not responsible for their practices. We recommend reviewing their policies before providing your data.

In summary: we use third-party services to improve your experience and our operations responsibly. No third-party service receives your personal data without necessity and protection. Your data remains under our control, and we ensure partners comply with GDPR standards in their processing.

9. Contact Information

If you have questions about this Policy or wish to exercise your rights, please contact us. We have appointed a responsible person for data protection (Data Protection Officer, DPO) whom you can reach regarding personal data protection and processing.

Data Controller:
MIIT LLC (ТОВ «ЕМ АЙ АЙ ТІ»)

Address: 72 Velyka Vasylkivska St., Kyiv, Ukraine, 03150

Website: miit.ua

DPO Email for Data Protection Inquiries: [email protected]

Support phone: +38 (044) 300-1-300 (or other current number) – 09:00–17:00 (GMT+2) on business days

Please indicate in the subject or text that your inquiry concerns personal data protection or GDPR, so we can forward it to the appropriate specialist. For example: “Personal Data Access Request” or “Consent Withdrawal for Mailing”. This helps us process your request faster.

Handling Requests: Our DPO or authorized specialist will review your request and provide a response or clarification within 30 calendar days (usually sooner). If the request is complex or requires more time, we will notify you. Communication can be in Ukrainian or English (we may also use your request’s language if possible).

Supervisory Authority in Ukraine: Oversight of data protection compliance in Ukraine is exercised by the Ukrainian Parliament Commissioner for Human Rights (Ombudsman). If you are an EU resident, for GDPR matters you may contact the relevant authority in your country (see section 5). We are open to cooperation with European data protection authorities.

Thank you for reviewing our Data Protection Policy. We regularly update it to ensure compliance with current legislation and our data processing practices. In case of significant changes, we will notify you via our website or other appropriate means. Your privacy is important to us, and we make every effort to protect it.

© 2025 MIIT LLC All rights reserved.